/[RomCheater]/trunk/RomCheater.Interfaces/ThreadControl.cs
ViewVC logotype

Annotation of /trunk/RomCheater.Interfaces/ThreadControl.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 887 - (hide annotations) (download)
Wed Sep 17 04:17:44 2014 UTC (6 years, 5 months ago) by william
File size: 3135 byte(s)


1 william 686 using System;
2     using System.Collections.Generic;
3     using System.Linq;
4     using System.Text;
5     using System.Diagnostics;
6     using System.Security.Principal;
7     using System.Runtime.InteropServices;
8    
9 william 887 namespace RomCheater.Interfaces
10 william 686 {
11     public class ThreadControl
12     {
13     [DllImport("kernel32.dll")]
14     static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
15     [DllImport("kernel32.dll")]
16     static extern uint SuspendThread(IntPtr hThread);
17     [DllImport("kernel32.dll")]
18     static extern int ResumeThread(IntPtr hThread);
19    
20     [DllImport("kernel32.dll")]
21     public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
22     [DllImport("advapi32.dll", SetLastError = true)]
23     public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
24     [DllImport("kernel32.dll", SetLastError = true)]
25     [return: MarshalAs(UnmanagedType.Bool)]
26     public static extern bool CloseHandle(IntPtr hObject);
27    
28    
29     public static void SuspendProcess(int PID)
30     {
31     try
32     {
33     Process proc = Process.GetProcessById(PID);
34    
35     if (proc.ProcessName == string.Empty) return;
36     foreach (ProcessThread pT in proc.Threads)
37     {
38     IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
39     if (pOpenThread == IntPtr.Zero) { break; }
40     SuspendThread(pOpenThread);
41     }
42     }
43     catch { }
44     }
45    
46     public static void ResumeProcess(int PID)
47     {
48     try
49     {
50     Process proc = Process.GetProcessById(PID);
51     if (proc.ProcessName == string.Empty) return;
52     foreach (ProcessThread pT in proc.Threads)
53     {
54     IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
55     if (pOpenThread == IntPtr.Zero) { break; }
56     ResumeThread(pOpenThread);
57     }
58     }
59     catch { }
60     }
61    
62     public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
63     {
64     IntPtr ph = IntPtr.Zero;
65     IsSystem = false;
66     try
67     {
68     ThreadControl.OpenProcessToken(handle, (uint)ProcessTokenFlags.TOKEN_QUERY, out ph);
69     WindowsIdentity wi = new WindowsIdentity(ph);
70     IsSystem = wi.IsSystem;
71     string name = wi.Name;
72     int slash_index = name.IndexOf("\\") + 1;
73     name = name.Remove(0, slash_index);
74     return name;
75     }
76     catch
77     {
78     // ignore
79     }
80     finally
81     {
82     if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
83     }
84     return "";
85     }
86     }
87     }

  ViewVC Help
Powered by ViewVC 1.1.22