/[RomCheater]/trunk/Win32/libWin32/Win32/Threading/ThreadControl.cs
ViewVC logotype

Contents of /trunk/Win32/libWin32/Win32/Threading/ThreadControl.cs

Parent Directory Parent Directory | Revision Log Revision Log


Revision 100 - (show annotations) (download)
Thu May 10 09:03:13 2012 UTC (8 years, 8 months ago) by william
File size: 5166 byte(s)
+ add windows api to get module filename so there won't be errors with 32bit processes being unable to access 64bit process modules

1 using System;
2 using System.Collections.Generic;
3 using System.Text;
4 using System.Runtime.InteropServices;
5 using System.Diagnostics;
6 using System.Security.Principal;
7
8 namespace libWin32.Win32.Threading
9 {
10 public class ThreadControl
11 {
12 [DllImport("kernel32.dll")]
13 static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
14 [DllImport("kernel32.dll")]
15 static extern uint SuspendThread(IntPtr hThread);
16 [DllImport("kernel32.dll")]
17 static extern int ResumeThread(IntPtr hThread);
18
19
20 [DllImport("advapi32.dll", SetLastError = true)]
21 public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
22 [DllImport("kernel32.dll", SetLastError = true)]
23 [return: MarshalAs(UnmanagedType.Bool)]
24 public static extern bool CloseHandle(IntPtr hObject);
25 [DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
26 static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, uint nSize);
27
28 [DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, SetLastError = true)]
29 public static extern int EnumProcessModules(IntPtr hProcess, [Out] IntPtr lphModule, uint cb, out uint lpcbNeeded);
30
31 public static void SuspendProcess(int PID)
32 {
33 try
34 {
35 Process proc = Process.GetProcessById(PID);
36
37 if (proc.ProcessName == string.Empty) return;
38 foreach (ProcessThread pT in proc.Threads)
39 {
40 IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
41 if (pOpenThread == IntPtr.Zero) { break; }
42 SuspendThread(pOpenThread);
43 }
44 }
45 catch { }
46 }
47
48 public static void ResumeProcess(int PID)
49 {
50 try
51 {
52 Process proc = Process.GetProcessById(PID);
53 if (proc.ProcessName == string.Empty) return;
54 foreach (ProcessThread pT in proc.Threads)
55 {
56 IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
57 if (pOpenThread == IntPtr.Zero) { break; }
58 ResumeThread(pOpenThread);
59 }
60 }
61 catch { }
62 }
63
64 public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
65 {
66 IntPtr ph = IntPtr.Zero;
67 IsSystem = false;
68 try
69 {
70 ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
71 WindowsIdentity wi = new WindowsIdentity(ph);
72 IsSystem = wi.IsSystem;
73 string name = wi.Name;
74 int slash_index = name.IndexOf("\\") + 1;
75 name = name.Remove(0, slash_index);
76 return name;
77 }
78 catch
79 {
80 // ignore
81 }
82 finally
83 {
84 if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
85 }
86 return "";
87 }
88
89 public static string GetProcessFilename(Process proc)
90 {
91 string filename = "";
92 Process[] procs = new Process[] { proc };
93 int mainModuleIndex = 0;
94 foreach (Process p in procs)
95 {
96 // Setting up the variable for the second argument for EnumProcessModules
97 IntPtr[] hMods = new IntPtr[1024];
98
99 GCHandle gch = GCHandle.Alloc(hMods, GCHandleType.Pinned); // Don't forget to free this later
100 IntPtr pModules = gch.AddrOfPinnedObject();
101
102 // Setting up the rest of the parameters for EnumProcessModules
103 uint uiSize = (uint)(Marshal.SizeOf(typeof(IntPtr)) * (hMods.Length));
104 uint cbNeeded = 0;
105
106 if (EnumProcessModules(p.Handle, pModules, uiSize, out cbNeeded) == 1)
107 {
108 Int32 uiTotalNumberofModules = (Int32)(cbNeeded / (Marshal.SizeOf(typeof(IntPtr))));
109
110 for (int i = 0; i < (int)uiTotalNumberofModules; i++)
111 {
112 StringBuilder strbld = new StringBuilder(1024);
113
114 GetModuleFileNameEx(p.Handle, hMods[i], strbld, (uint)(strbld.Capacity));
115 filename = strbld.ToString();
116 if (i == mainModuleIndex)
117 break;
118 }
119 //Console.WriteLine("Number of Modules: " + uiTotalNumberofModules);
120 //Console.WriteLine();
121 }
122
123 // Must free the GCHandle object
124 gch.Free();
125 }
126 return filename;
127 }
128 }
129 }

  ViewVC Help
Powered by ViewVC 1.1.22