Sign in to follow this  
Followers 0
MostafaGamal

Thread Suspend / Resume

27 posts in this topic

Hi All ... I Tried to use this function to suspend an external thread but it didnt work with me

Func _ThreadSuspend()     
$Handle = _WinAPI_GetModuleHandle("msvcr0.dll")     
$i_sucess = DllCall("ntdll.dll","int","NtSuspendThread","int",$Handle[0])     
DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $Handle)     
If IsArray($i_sucess) Then         
Return 1     
Else         
SetError(1)         
Return 0     
Endif 
EndFunc

Please Help Me >_<


Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me

Share this post


Link to post
Share on other sites



MSDN is your #1 source >_<

OpenThread

SuspendThread

ResumeThread

They all use the kernel32.dll.

(remember to close the thread handle too)

Share this post


Link to post
Share on other sites

The same problem still exist

I Cant Get The Thread ID

so i used this code

$Handle = _WinAPI_GetModuleHandle("msvcr0.dll")

Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me

Share this post


Link to post
Share on other sites

Well that's wrong. That gets you the module handle (duh), not thread id.

I have written some code to enumerate threads in a process here:

http://www.autoitscript.com/forum/index.php?showtopic=85728&st=0&p=614963&fromsearch=1&#entry614963


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

I would also like to see this work but even this code does not work(just crashes)

$handle = DllCall('kernel32.dll','ptr', 'OpenProcess','int', BitOR(0x400,0x10),'int', 0,'int', $ID)
$i_sucess = DllCall("ntdll.dll","int","NtSuspendThread","int",$handle[0])
DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $handle[0])

whats wrong?


[center][/center][center]=][u][/u][/center][center][/center]

Share this post


Link to post
Share on other sites

Why are you using an undocumented & unsupported function (NtSuspendThread) when you can use a supported one (SuspendThread)?


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

SuspendThread is just a wrapper for NtSuspendThread. It holds no code except for calling NtSuspendThread and dealing with the result.

But regardless of that monoceres is completely right, you should be calling SuspendThread function. That's the proper way.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

well okay, how do I call that function, whats the proper dllcall to use?


[center][/center][center]=][u][/u][/center][center][/center]

Share this post


Link to post
Share on other sites

well okay, how do I call that function, whats the proper dllcall to use?

Call to SuspendThread function is extremely simple (it doesn't get easier than that). And there should be number of examples around.

If all fails find GIFAnimation.au3 file, there would be that call inside among others - I know I wrote it >_<


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

I've already gave links to proper ways to make the DLLCalls, Monoceres gave a link to his post on how to enumerate Threads for a process - you have everything you need.

However, I wouldn't know how to see if a certain dll is loaded - processes are one thing, what modules they may use is another thing completely. The DLL's can be loaded/unloaded as well, and you certainly cant get thread information for a DLL that isn't loaded.. I'm not even sure its possible unless a call is made to that DLL if it actually would have a Thread ID. But Monoceres, trancexx, Manko and a lot of other people who know alot about the internal workings of Windows would probably know.

Share this post


Link to post
Share on other sites

I've already gave links to proper ways to make the DLLCalls, Monoceres gave a link to his post on how to enumerate Threads for a process - you have everything you need.

However, I wouldn't know how to see if a certain dll is loaded - processes are one thing, what modules they may use is another thing completely. The DLL's can be loaded/unloaded as well, and you certainly cant get thread information for a DLL that isn't loaded.. I'm not even sure its possible unless a call is made to that DLL if it actually would have a Thread ID. But Monoceres, trancexx, Manko and a lot of other people who know alot about the internal workings of Windows would probably know.

In my case that would be an overstatement. I'm just a pretender.

Too real is this feeling of make-believe

Too real when I feel what my heart can't conceeeaaaal...


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

In my case that would be an overstatement. I'm just a pretender.

Too real is this feeling of make-believe

Too real when I feel what my heart can't conceeeaaaal...

lol, you sure have a unique sense of humor.

Share this post


Link to post
Share on other sites

still no go

$handle = DllCall('kernel32.dll','ptr', 'OpenProcess','int', BitOR(0x400,0x10),'int', 0,'int', $ID)
$i_sucess =DllCall("kernel32.dll", "dword", "SuspendThread", "ptr", $id)
DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $handle[0])

it does not crash but it also does not suspend the process.


[center][/center][center]=][u][/u][/center][center][/center]

Share this post


Link to post
Share on other sites

it does not crash but it also does not suspend the process.

No fucking shit.


Broken link? PM me and I'll send you the file!

Share this post


Link to post
Share on other sites

Well that's wrong. That gets you the module handle (duh), not thread id.

I have written some code to enumerate threads in a process here:

http://www.autoitscript.com/forum/index.php?showtopic=85728&st=0&p=614963&fromsearch=1&#entry614963

This Code Was Veryyyyyyyyyyyyyyyyyyyy Useful thx >_<

it worked with me and now my life become easier :(

Thanks again


Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me

Share this post


Link to post
Share on other sites

I would also like to see this work but even this code does not work(just crashes)

$handle = DllCall('kernel32.dll','ptr', 'OpenProcess','int', BitOR(0x400,0x10),'int', 0,'int', $ID)
$i_sucess = DllCall("ntdll.dll","int","NtSuspendThread","int",$handle[0])
DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $handle[0])

whats wrong?

Make it easy and use this

Func _ThreadResume($TID)
$Handle = DllCall("kernel32.dll","ptr", "OpenThread","dword", "0x0002","int", "0","dword",$TID)    
$i_sucess = DllCall("kernel32.dll","dword","ResumeThread","ptr",$Handle[0])    
DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $Handle)
EndFunc

Func _ThreadSuspend($TID)
    $Handle = DllCall("kernel32.dll","ptr", "OpenThread","dword", "0x0002","int", "0","dword",$TID)
    $i_sucess = DllCall("kernel32.dll","dword","SuspendThread","ptr",$Handle[0])
    DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $Handle)
EndFunc

Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me

Share this post


Link to post
Share on other sites

This Code Was Veryyyyyyyyyyyyyyyyyyyy Useful thx >_<

it worked with me and now my life become easier :(

Thanks again

Just out of curiosity, weren't you trying to close a Thread relating to the DLL "msvcr0.dll" ?

How did you go about determining which Thread belonged to the DLL? Or did you just work with the process that you already knew was using the DLL?

Share this post


Link to post
Share on other sites

Just out of curiosity, weren't you trying to close a Thread relating to the DLL "msvcr0.dll" ?

How did you go about determining which Thread belonged to the DLL? Or did you just work with the process that you already knew was using the DLL?

I am already working on a process which i know it used this dll.

and if i know how to determine the thread belongs to the dll it would be easier >_<

there are some bugs in my code that dont suspend the thread belongs to dll

in threads array there are 3 threads belongs to dll and they randomly come in [5,6,7] or [8,9,10] and this is a big problem because if they came in the first one my app suspend the main process threads


Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me

Share this post


Link to post
Share on other sites

#19 ·  Posted (edited)

Thread belonging to a dll. What are you talking about?

Or should I say - wtf?!?

Edited by trancexx

♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

Thread belonging to a dll. What are you talking about?

Or should I say - wtf?!?

this is the new english

shitlish >_<

thread related with a dll :(


Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0