Jump to content

StartAddress Thread/ suspend

eracross

By eracross,
in AutoIt General Help and Support

 Share

Recommended Posts

eracross Wayfarer

eracross

Posted
Posted

Hi i jst want to ask if its possible to supend a thread by his StratAddress, Im not good at DllCall so i asked you :graduated:

Like this but not by TID.( MostafaGamal)

Func _ThreadSuspend($TID)
    $Handle = DllCall("kernel32.dll","ptr", "OpenThread","dword", "0x0002","int", "0","dword",$TID)
    $i_sucess = DllCall("kernel32.dll","dword","SuspendThread","ptr",$Handle[0])
    DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $Handle)
EndFunc
Link to comment
Share on other sites
Ascend4nt Universalist

Ascend4nt

Posted
Posted

Suspending a thread 'parks' the thread inside the ntdll.dll module. You can't change that behavior. Redirecting code execution flow, on the other hand, is another story (and would be hacking).

My contributions:

Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFsProcess CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen)Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery

Wrappers/Modifications of others' contributions:

_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)

UDF's added support/programming to:

_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)

(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code)

Link to comment
Share on other sites
eracross Wayfarer

eracross

Posted
  • Author
Posted

Suspending a thread 'parks' the thread inside the ntdll.dll module. You can't change that behavior. Redirecting code execution flow, on the other hand, is another story (and would be hacking).

Thanks but i didnt get it. :graduated:

if im wrong the Tid is always change thats why i want to know if its possible to suspend it by startaddress.

I think i need to know more about Dllcalls..

Link to comment
Share on other sites
Ascend4nt Universalist

Ascend4nt

Posted
Posted

Process ID #'s and Thread ID #'s don't change. They remain consistent until termination of the thread or process.

If you need to actually get Thread ID #'s for a process, then you'll need to use other API calls to achieve that.

My Processes, Threads & DLL's UDFs contain all kinds of API calls to get all the information you could possibly want from a process or thread.

My contributions:

Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFsProcess CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen)Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery

Wrappers/Modifications of others' contributions:

_DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity)

UDF's added support/programming to:

_ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne)

(All personal code/wrappers centrally located at Ascend4nt's AutoIT Code)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...