/[RomCheater]/trunk/Win32/libWin32/Win32/Threading/ThreadControl.cs
ViewVC logotype

Annotation of /trunk/Win32/libWin32/Win32/Threading/ThreadControl.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 100 - (hide annotations) (download)
Thu May 10 09:03:13 2012 UTC (8 years, 8 months ago) by william
File size: 5166 byte(s)
+ add windows api to get module filename so there won't be errors with 32bit processes being unable to access 64bit process modules

1 william 88 using System;
2     using System.Collections.Generic;
3     using System.Text;
4     using System.Runtime.InteropServices;
5     using System.Diagnostics;
6     using System.Security.Principal;
7    
8     namespace libWin32.Win32.Threading
9     {
10     public class ThreadControl
11     {
12     [DllImport("kernel32.dll")]
13     static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
14     [DllImport("kernel32.dll")]
15     static extern uint SuspendThread(IntPtr hThread);
16     [DllImport("kernel32.dll")]
17     static extern int ResumeThread(IntPtr hThread);
18    
19    
20     [DllImport("advapi32.dll", SetLastError = true)]
21     public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
22     [DllImport("kernel32.dll", SetLastError = true)]
23     [return: MarshalAs(UnmanagedType.Bool)]
24 william 100 public static extern bool CloseHandle(IntPtr hObject);
25     [DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
26     static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, uint nSize);
27 william 88
28 william 100 [DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, SetLastError = true)]
29     public static extern int EnumProcessModules(IntPtr hProcess, [Out] IntPtr lphModule, uint cb, out uint lpcbNeeded);
30    
31 william 88 public static void SuspendProcess(int PID)
32     {
33     try
34     {
35     Process proc = Process.GetProcessById(PID);
36    
37     if (proc.ProcessName == string.Empty) return;
38     foreach (ProcessThread pT in proc.Threads)
39     {
40     IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
41     if (pOpenThread == IntPtr.Zero) { break; }
42     SuspendThread(pOpenThread);
43     }
44     }
45     catch { }
46     }
47    
48     public static void ResumeProcess(int PID)
49     {
50     try
51     {
52     Process proc = Process.GetProcessById(PID);
53     if (proc.ProcessName == string.Empty) return;
54     foreach (ProcessThread pT in proc.Threads)
55     {
56     IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
57     if (pOpenThread == IntPtr.Zero) { break; }
58     ResumeThread(pOpenThread);
59     }
60     }
61     catch { }
62     }
63    
64     public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
65     {
66     IntPtr ph = IntPtr.Zero;
67     IsSystem = false;
68     try
69     {
70     ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
71     WindowsIdentity wi = new WindowsIdentity(ph);
72     IsSystem = wi.IsSystem;
73     string name = wi.Name;
74     int slash_index = name.IndexOf("\\") + 1;
75     name = name.Remove(0, slash_index);
76     return name;
77     }
78     catch
79     {
80     // ignore
81     }
82     finally
83     {
84     if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
85     }
86     return "";
87     }
88 william 100
89     public static string GetProcessFilename(Process proc)
90     {
91     string filename = "";
92     Process[] procs = new Process[] { proc };
93     int mainModuleIndex = 0;
94     foreach (Process p in procs)
95     {
96     // Setting up the variable for the second argument for EnumProcessModules
97     IntPtr[] hMods = new IntPtr[1024];
98    
99     GCHandle gch = GCHandle.Alloc(hMods, GCHandleType.Pinned); // Don't forget to free this later
100     IntPtr pModules = gch.AddrOfPinnedObject();
101    
102     // Setting up the rest of the parameters for EnumProcessModules
103     uint uiSize = (uint)(Marshal.SizeOf(typeof(IntPtr)) * (hMods.Length));
104     uint cbNeeded = 0;
105    
106     if (EnumProcessModules(p.Handle, pModules, uiSize, out cbNeeded) == 1)
107     {
108     Int32 uiTotalNumberofModules = (Int32)(cbNeeded / (Marshal.SizeOf(typeof(IntPtr))));
109    
110     for (int i = 0; i < (int)uiTotalNumberofModules; i++)
111     {
112     StringBuilder strbld = new StringBuilder(1024);
113    
114     GetModuleFileNameEx(p.Handle, hMods[i], strbld, (uint)(strbld.Capacity));
115     filename = strbld.ToString();
116     if (i == mainModuleIndex)
117     break;
118     }
119     //Console.WriteLine("Number of Modules: " + uiTotalNumberofModules);
120     //Console.WriteLine();
121     }
122    
123     // Must free the GCHandle object
124     gch.Free();
125     }
126     return filename;
127     }
128 william 88 }
129     }

  ViewVC Help
Powered by ViewVC 1.1.22