Win32/Threading/ThreadControl.cs

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Security.Principal;

namespace libWin32.Win32.Threading
{
    public class ThreadControl
    {
        [DllImport("kernel32.dll")]
        static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
        [DllImport("kernel32.dll")]
        static extern uint SuspendThread(IntPtr hThread);
        [DllImport("kernel32.dll")]
        static extern int ResumeThread(IntPtr hThread);


        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool CloseHandle(IntPtr hObject); 

        public static void SuspendProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);

                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    SuspendThread(pOpenThread);
                }
            }
            catch { }
        }

        public static void ResumeProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);
                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    ResumeThread(pOpenThread);
                }
            }
            catch { }
        }

        public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
        {
            IntPtr ph = IntPtr.Zero;
            IsSystem = false;
            try
            {
                ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
                WindowsIdentity wi = new WindowsIdentity(ph);
                IsSystem = wi.IsSystem;
                string name = wi.Name;
                int slash_index = name.IndexOf("\\") + 1;
                name = name.Remove(0, slash_index);
                return name;
            }
            catch
            {
                // ignore
            }
            finally
            {
                if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
            }
            return "";
        }
    }
}
Revision:	88
Committed:	Wed May 9 20:52:20 2012 UTC (11 years ago) by william
File size:	2960 byte(s)
Log Message:
#	User	Rev	Content
1	william	88	using System;
2			using System.Collections.Generic;
3			using System.Text;
4			using System.Runtime.InteropServices;
5			using System.Diagnostics;
6			using System.Security.Principal;
7
8			namespace libWin32.Win32.Threading
9			{
10			public class ThreadControl
11			{
12			[DllImport("kernel32.dll")]
13			static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
14			[DllImport("kernel32.dll")]
15			static extern uint SuspendThread(IntPtr hThread);
16			[DllImport("kernel32.dll")]
17			static extern int ResumeThread(IntPtr hThread);
18
19
20			[DllImport("advapi32.dll", SetLastError = true)]
21			public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
22			[DllImport("kernel32.dll", SetLastError = true)]
23			[return: MarshalAs(UnmanagedType.Bool)]
24			public static extern bool CloseHandle(IntPtr hObject);
25
26			public static void SuspendProcess(int PID)
27			{
28			try
29			{
30			Process proc = Process.GetProcessById(PID);
31
32			if (proc.ProcessName == string.Empty) return;
33			foreach (ProcessThread pT in proc.Threads)
34			{
35			IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
36			if (pOpenThread == IntPtr.Zero) { break; }
37			SuspendThread(pOpenThread);
38			}
39			}
40			catch { }
41			}
42
43			public static void ResumeProcess(int PID)
44			{
45			try
46			{
47			Process proc = Process.GetProcessById(PID);
48			if (proc.ProcessName == string.Empty) return;
49			foreach (ProcessThread pT in proc.Threads)
50			{
51			IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
52			if (pOpenThread == IntPtr.Zero) { break; }
53			ResumeThread(pOpenThread);
54			}
55			}
56			catch { }
57			}
58
59			public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
60			{
61			IntPtr ph = IntPtr.Zero;
62			IsSystem = false;
63			try
64			{
65			ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
66			WindowsIdentity wi = new WindowsIdentity(ph);
67			IsSystem = wi.IsSystem;
68			string name = wi.Name;
69			int slash_index = name.IndexOf("\\") + 1;
70			name = name.Remove(0, slash_index);
71			return name;
72			}
73			catch
74			{
75			// ignore
76			}
77			finally
78			{
79			if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
80			}
81			return "";
82			}
83			}
84			}