/[RomCheater]/trunk/Win32/libWin32/Win32/Threading/ThreadControl.cs
ViewVC logotype

Annotation of /trunk/Win32/libWin32/Win32/Threading/ThreadControl.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 88 - (hide annotations) (download)
Wed May 9 20:52:20 2012 UTC (8 years, 8 months ago) by william
File size: 2960 byte(s)

1 william 88 using System;
2     using System.Collections.Generic;
3     using System.Text;
4     using System.Runtime.InteropServices;
5     using System.Diagnostics;
6     using System.Security.Principal;
7    
8     namespace libWin32.Win32.Threading
9     {
10     public class ThreadControl
11     {
12     [DllImport("kernel32.dll")]
13     static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
14     [DllImport("kernel32.dll")]
15     static extern uint SuspendThread(IntPtr hThread);
16     [DllImport("kernel32.dll")]
17     static extern int ResumeThread(IntPtr hThread);
18    
19    
20     [DllImport("advapi32.dll", SetLastError = true)]
21     public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
22     [DllImport("kernel32.dll", SetLastError = true)]
23     [return: MarshalAs(UnmanagedType.Bool)]
24     public static extern bool CloseHandle(IntPtr hObject);
25    
26     public static void SuspendProcess(int PID)
27     {
28     try
29     {
30     Process proc = Process.GetProcessById(PID);
31    
32     if (proc.ProcessName == string.Empty) return;
33     foreach (ProcessThread pT in proc.Threads)
34     {
35     IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
36     if (pOpenThread == IntPtr.Zero) { break; }
37     SuspendThread(pOpenThread);
38     }
39     }
40     catch { }
41     }
42    
43     public static void ResumeProcess(int PID)
44     {
45     try
46     {
47     Process proc = Process.GetProcessById(PID);
48     if (proc.ProcessName == string.Empty) return;
49     foreach (ProcessThread pT in proc.Threads)
50     {
51     IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
52     if (pOpenThread == IntPtr.Zero) { break; }
53     ResumeThread(pOpenThread);
54     }
55     }
56     catch { }
57     }
58    
59     public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
60     {
61     IntPtr ph = IntPtr.Zero;
62     IsSystem = false;
63     try
64     {
65     ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
66     WindowsIdentity wi = new WindowsIdentity(ph);
67     IsSystem = wi.IsSystem;
68     string name = wi.Name;
69     int slash_index = name.IndexOf("\\") + 1;
70     name = name.Remove(0, slash_index);
71     return name;
72     }
73     catch
74     {
75     // ignore
76     }
77     finally
78     {
79     if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
80     }
81     return "";
82     }
83     }
84     }

  ViewVC Help
Powered by ViewVC 1.1.22