MostafaGamal Posted July 26, 2009 Share Posted July 26, 2009 Hi All ... I Tried to use this function to suspend an external thread but it didnt work with me Func _ThreadSuspend() $Handle = _WinAPI_GetModuleHandle("msvcr0.dll") $i_sucess = DllCall("ntdll.dll","int","NtSuspendThread","int",$Handle[0]) DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $Handle) If IsArray($i_sucess) Then Return 1 Else SetError(1) Return 0 Endif EndFuncPlease Help Me >_< Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me Link to comment Share on other sites More sharing options...
Ascend4nt Posted July 26, 2009 Share Posted July 26, 2009 MSDN is your #1 source >_<OpenThreadSuspendThreadResumeThreadThey all use the kernel32.dll.(remember to close the thread handle too) My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
MostafaGamal Posted July 26, 2009 Author Share Posted July 26, 2009 The same problem still exist I Cant Get The Thread ID so i used this code$Handle = _WinAPI_GetModuleHandle("msvcr0.dll") Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me Link to comment Share on other sites More sharing options...
monoceres Posted July 26, 2009 Share Posted July 26, 2009 Well that's wrong. That gets you the module handle (duh), not thread id. I have written some code to enumerate threads in a process here: http://www.autoitscript.com/forum/index.php?showtopic=85728&st=0&p=614963&fromsearch=1&#entry614963 Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
IchBistTod Posted July 27, 2009 Share Posted July 27, 2009 I would also like to see this work but even this code does not work(just crashes) $handle = DllCall('kernel32.dll','ptr', 'OpenProcess','int', BitOR(0x400,0x10),'int', 0,'int', $ID) $i_sucess = DllCall("ntdll.dll","int","NtSuspendThread","int",$handle[0]) DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $handle[0]) whats wrong? [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
monoceres Posted July 27, 2009 Share Posted July 27, 2009 Why are you using an undocumented & unsupported function (NtSuspendThread) when you can use a supported one (SuspendThread)? Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
trancexx Posted July 27, 2009 Share Posted July 27, 2009 SuspendThread is just a wrapper for NtSuspendThread. It holds no code except for calling NtSuspendThread and dealing with the result. But regardless of that monoceres is completely right, you should be calling SuspendThread function. That's the proper way. ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
IchBistTod Posted July 27, 2009 Share Posted July 27, 2009 well okay, how do I call that function, whats the proper dllcall to use? [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
trancexx Posted July 27, 2009 Share Posted July 27, 2009 well okay, how do I call that function, whats the proper dllcall to use?Call to SuspendThread function is extremely simple (it doesn't get easier than that). And there should be number of examples around. If all fails find GIFAnimation.au3 file, there would be that call inside among others - I know I wrote it >_< ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Ascend4nt Posted July 27, 2009 Share Posted July 27, 2009 I've already gave links to proper ways to make the DLLCalls, Monoceres gave a link to his post on how to enumerate Threads for a process - you have everything you need. However, I wouldn't know how to see if a certain dll is loaded - processes are one thing, what modules they may use is another thing completely. The DLL's can be loaded/unloaded as well, and you certainly cant get thread information for a DLL that isn't loaded.. I'm not even sure its possible unless a call is made to that DLL if it actually would have a Thread ID. But Monoceres, trancexx, Manko and a lot of other people who know alot about the internal workings of Windows would probably know. My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
trancexx Posted July 27, 2009 Share Posted July 27, 2009 I've already gave links to proper ways to make the DLLCalls, Monoceres gave a link to his post on how to enumerate Threads for a process - you have everything you need.However, I wouldn't know how to see if a certain dll is loaded - processes are one thing, what modules they may use is another thing completely. The DLL's can be loaded/unloaded as well, and you certainly cant get thread information for a DLL that isn't loaded.. I'm not even sure its possible unless a call is made to that DLL if it actually would have a Thread ID. But Monoceres, trancexx, Manko and a lot of other people who know alot about the internal workings of Windows would probably know.In my case that would be an overstatement. I'm just a pretender.Too real is this feeling of make-believe Too real when I feel what my heart can't conceeeaaaal... ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
Ascend4nt Posted July 27, 2009 Share Posted July 27, 2009 In my case that would be an overstatement. I'm just a pretender.Too real is this feeling of make-believe Too real when I feel what my heart can't conceeeaaaal...lol, you sure have a unique sense of humor. My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
IchBistTod Posted July 27, 2009 Share Posted July 27, 2009 still no go $handle = DllCall('kernel32.dll','ptr', 'OpenProcess','int', BitOR(0x400,0x10),'int', 0,'int', $ID) $i_sucess =DllCall("kernel32.dll", "dword", "SuspendThread", "ptr", $id) DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $handle[0]) it does not crash but it also does not suspend the process. [center][/center][center]=][u][/u][/center][center][/center] Link to comment Share on other sites More sharing options...
monoceres Posted July 27, 2009 Share Posted July 27, 2009 it does not crash but it also does not suspend the process.No fucking shit. Broken link? PM me and I'll send you the file! Link to comment Share on other sites More sharing options...
MostafaGamal Posted July 27, 2009 Author Share Posted July 27, 2009 Well that's wrong. That gets you the module handle (duh), not thread id.I have written some code to enumerate threads in a process here:http://www.autoitscript.com/forum/index.php?showtopic=85728&st=0&p=614963&fromsearch=1&#entry614963This Code Was Veryyyyyyyyyyyyyyyyyyyy Useful thx >_< it worked with me and now my life become easier Thanks again Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me Link to comment Share on other sites More sharing options...
MostafaGamal Posted July 28, 2009 Author Share Posted July 28, 2009 I would also like to see this work but even this code does not work(just crashes) $handle = DllCall('kernel32.dll','ptr', 'OpenProcess','int', BitOR(0x400,0x10),'int', 0,'int', $ID) $i_sucess = DllCall("ntdll.dll","int","NtSuspendThread","int",$handle[0]) DllCall('kernel32.dll', 'ptr', 'CloseHandle', 'ptr', $handle[0]) whats wrong? Make it easy and use this Func _ThreadResume($TID) $Handle = DllCall("kernel32.dll","ptr", "OpenThread","dword", "0x0002","int", "0","dword",$TID) $i_sucess = DllCall("kernel32.dll","dword","ResumeThread","ptr",$Handle[0]) DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $Handle) EndFunc Func _ThreadSuspend($TID) $Handle = DllCall("kernel32.dll","ptr", "OpenThread","dword", "0x0002","int", "0","dword",$TID) $i_sucess = DllCall("kernel32.dll","dword","SuspendThread","ptr",$Handle[0]) DllCall("kernel32.dll", "ptr", "CloseHandle", "ptr", $Handle) EndFunc Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me Link to comment Share on other sites More sharing options...
Ascend4nt Posted July 28, 2009 Share Posted July 28, 2009 This Code Was Veryyyyyyyyyyyyyyyyyyyy Useful thx >_< it worked with me and now my life become easier Thanks again Just out of curiosity, weren't you trying to close a Thread relating to the DLL "msvcr0.dll" ?How did you go about determining which Thread belonged to the DLL? Or did you just work with the process that you already knew was using the DLL? My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
MostafaGamal Posted July 28, 2009 Author Share Posted July 28, 2009 Just out of curiosity, weren't you trying to close a Thread relating to the DLL "msvcr0.dll" ? How did you go about determining which Thread belonged to the DLL? Or did you just work with the process that you already knew was using the DLL? I am already working on a process which i know it used this dll. and if i know how to determine the thread belongs to the dll it would be easier >_< there are some bugs in my code that dont suspend the thread belongs to dll in threads array there are 3 threads belongs to dll and they randomly come in [5,6,7] or [8,9,10] and this is a big problem because if they came in the first one my app suspend the main process threads Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me Link to comment Share on other sites More sharing options...
trancexx Posted July 28, 2009 Share Posted July 28, 2009 (edited) Thread belonging to a dll. What are you talking about? Or should I say - wtf?!? Edited July 28, 2009 by trancexx ♡♡♡ . eMyvnE Link to comment Share on other sites More sharing options...
MostafaGamal Posted July 28, 2009 Author Share Posted July 28, 2009 Thread belonging to a dll. What are you talking about?Or should I say - wtf?!?this is the new english shitlish >_< thread related with a dll Geeks Tries to prove their geekness by their geek stuff :Dif u understood anything tell me Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now