trunk/RomCheater.Core/ThreadControl.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Security.Principal;
using System.Runtime.InteropServices;

namespace RomCheater.Core
{
    public class ThreadControl
    {
        [DllImport("kernel32.dll")]
        static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
        [DllImport("kernel32.dll")]
        static extern uint SuspendThread(IntPtr hThread);
        [DllImport("kernel32.dll")]
        static extern int ResumeThread(IntPtr hThread);

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool CloseHandle(IntPtr hObject);


        public static void SuspendProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);

                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    SuspendThread(pOpenThread);
                }
            }
            catch { }
        }

        public static void ResumeProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);
                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    ResumeThread(pOpenThread);
                }
            }
            catch { }
        }

        public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
        {
            IntPtr ph = IntPtr.Zero;
            IsSystem = false;
            try
            {
                ThreadControl.OpenProcessToken(handle, (uint)ProcessTokenFlags.TOKEN_QUERY, out ph);
                WindowsIdentity wi = new WindowsIdentity(ph);
                IsSystem = wi.IsSystem;
                string name = wi.Name;
                int slash_index = name.IndexOf("\\") + 1;
                name = name.Remove(0, slash_index);
                return name;
            }
            catch
            {
                // ignore
            }
            finally
            {
                if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
            }
            return "";
        }
    }
}
1	using System;
2	using System.Collections.Generic;
3	using System.Linq;
4	using System.Text;
5	using System.Diagnostics;
6	using System.Security.Principal;
7	using System.Runtime.InteropServices;
8
9	namespace RomCheater.Core
10	{
11	public class ThreadControl
12	{
13	[DllImport("kernel32.dll")]
14	static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
15	[DllImport("kernel32.dll")]
16	static extern uint SuspendThread(IntPtr hThread);
17	[DllImport("kernel32.dll")]
18	static extern int ResumeThread(IntPtr hThread);
19
20	[DllImport("kernel32.dll")]
21	public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
22	[DllImport("advapi32.dll", SetLastError = true)]
23	public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
24	[DllImport("kernel32.dll", SetLastError = true)]
25	[return: MarshalAs(UnmanagedType.Bool)]
26	public static extern bool CloseHandle(IntPtr hObject);
27
28
29	public static void SuspendProcess(int PID)
30	{
31	try
32	{
33	Process proc = Process.GetProcessById(PID);
34
35	if (proc.ProcessName == string.Empty) return;
36	foreach (ProcessThread pT in proc.Threads)
37	{
38	IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
39	if (pOpenThread == IntPtr.Zero) { break; }
40	SuspendThread(pOpenThread);
41	}
42	}
43	catch { }
44	}
45
46	public static void ResumeProcess(int PID)
47	{
48	try
49	{
50	Process proc = Process.GetProcessById(PID);
51	if (proc.ProcessName == string.Empty) return;
52	foreach (ProcessThread pT in proc.Threads)
53	{
54	IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
55	if (pOpenThread == IntPtr.Zero) { break; }
56	ResumeThread(pOpenThread);
57	}
58	}
59	catch { }
60	}
61
62	public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
63	{
64	IntPtr ph = IntPtr.Zero;
65	IsSystem = false;
66	try
67	{
68	ThreadControl.OpenProcessToken(handle, (uint)ProcessTokenFlags.TOKEN_QUERY, out ph);
69	WindowsIdentity wi = new WindowsIdentity(ph);
70	IsSystem = wi.IsSystem;
71	string name = wi.Name;
72	int slash_index = name.IndexOf("\\") + 1;
73	name = name.Remove(0, slash_index);
74	return name;
75	}
76	catch
77	{
78	// ignore
79	}
80	finally
81	{
82	if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
83	}
84	return "";
85	}
86	}
87	}