Morthawt Posted September 17, 2013 Share Posted September 17, 2013 I am wondering, to kill an entire process is easy but with autoit is it possible to kill a process' thread? I ran into an issue a while back where a piece of malware would do bad things if its main process was terminated but when I killed a specific thread which had the same name/address or what ever then it would halt it's actions and allow me to do damage control. The issue is I had to manually do that on each machine I was cleaning. If I could some how detect the thread by its hex address and make it terminate / suspend that thread I would have been able to make a script that would just do the job for me and speed up the cleaning process. Is this even possible? Free and easy Autoit scripting video tutorials (plus more videos always coming!) General video tutorials, especially correct and safe TeamSpeak permissions tutorials. Link to comment Share on other sites More sharing options...
BrewManNH Posted September 17, 2013 Share Posted September 17, 2013 If you can find out the PID of the process, processclose should be able to do it. But, how do you determine which is the right one to kill if the names are the same? Have you tried just using Safe Mode instead of trying to do it while Windows is running natively? Or even using a bootable USB drive or CD/DVD instead of booting from the infected drive? Seems it would be much easier to delete a virus/malware if it's not running in the first place. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Morthawt Posted September 17, 2013 Author Share Posted September 17, 2013 I think you have it mixed up what I am trying to do. I am not trying to close a process, as I have said that is easy and I know how to do that in many ways. What I want to do is be able to terminate a thread that is running in a process. The malware I was dealing with at the time knew when its main process was terminated and took actions. However if I suspended or killed just the main thread of the process the exe was still running but the malware was essentially halted. That allowed me to terminate all the other processes that were watching the system and then kill the main malware process so that it wouldn't come back. I am just trying to kill a thread inside of a process. For example if you run a continuous ping and check the threads with process explorer you will see things like "PING.EXE+0x3410". This is the kind of thing I am looking to see if it is possible to terminate via autoit. It sure would be nice to automate that to deal with malware in the future because otherwise you have to download process explorer, get it on to the system and hope the malware doesn't detect it and cripple it, then run it and locate the malware exe and then open the details up and check through threads etc. Long time consuming thing. Automating the thread termination with a little autoit script would be such a time saver. Free and easy Autoit scripting video tutorials (plus more videos always coming!) General video tutorials, especially correct and safe TeamSpeak permissions tutorials. Link to comment Share on other sites More sharing options...
BrewManNH Posted September 17, 2013 Share Posted September 17, 2013 Safe mode or a boot disk, don't run the infected machine's software, bypass it. Then delete what you need to delete. Anything else is just doing it wrong. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
Morthawt Posted September 17, 2013 Author Share Posted September 17, 2013 Please, I am not asking for advice on how to clean systems. I cannot go into safe mode and cut all network for safety when I am 4,000 miles away remoting into the machine. I am asking how do I terminate a thread inside of a process using autoit. Free and easy Autoit scripting video tutorials (plus more videos always coming!) General video tutorials, especially correct and safe TeamSpeak permissions tutorials. Link to comment Share on other sites More sharing options...
Gianni Posted September 17, 2013 Share Posted September 17, 2013 (edited) Hi Morthawt I think that >this link will interest you there are a lot of functions on Processes and Threads. for example: ; _ProcessListThreads() ; Get a List of Threads for one or *all* processes ; _ThreadTerminate() ; Terminates a Thread. *** NOT RECOMMENDED *** bye Edited September 17, 2013 by PincoPanco Chimp small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt.... Link to comment Share on other sites More sharing options...
trancexx Posted September 17, 2013 Share Posted September 17, 2013 To kill thread in another process you need to run your own thread in that process. Then from your thread you can close/terminate other thread(s). To do this from AutoIt script you would really need to know assembly. Not even assembly but machine code. Do you know it? ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now