Win32/Threading/ThreadControl.cs

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Security.Principal;

namespace libWin32.Win32.Threading
{
    public class ThreadControl
    {
        [DllImport("kernel32.dll")]
        static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
        [DllImport("kernel32.dll")]
        static extern uint SuspendThread(IntPtr hThread);
        [DllImport("kernel32.dll")]
        static extern int ResumeThread(IntPtr hThread);

        [DllImport("kernel32.dll")]
        public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool CloseHandle(IntPtr hObject);


        public static void SuspendProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);

                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    SuspendThread(pOpenThread);
                }
            }
            catch { }
        }

        public static void ResumeProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);
                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    ResumeThread(pOpenThread);
                }
            }
            catch { }
        }

        public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
        {
            IntPtr ph = IntPtr.Zero;
            IsSystem = false;
            try
            {
                ThreadControl.OpenProcessToken(handle, (uint)ProcessTokenFlags.TOKEN_QUERY, out ph);
                WindowsIdentity wi = new WindowsIdentity(ph);
                IsSystem = wi.IsSystem;
                string name = wi.Name;
                int slash_index = name.IndexOf("\\") + 1;
                name = name.Remove(0, slash_index);
                return name;
            }
            catch
            {
                // ignore
            }
            finally
            {
                if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
            }
            return "";
        }
    }
}
Revision:	101
Committed:	Thu May 10 09:53:16 2012 UTC (11 years, 4 months ago) by william
File size:	3118 byte(s)
Log Message:
#	Content
1	using System;
2	using System.Collections.Generic;
3	using System.Text;
4	using System.Runtime.InteropServices;
5	using System.Diagnostics;
6	using System.Security.Principal;
7
8	namespace libWin32.Win32.Threading
9	{
10	public class ThreadControl
11	{
12	[DllImport("kernel32.dll")]
13	static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
14	[DllImport("kernel32.dll")]
15	static extern uint SuspendThread(IntPtr hThread);
16	[DllImport("kernel32.dll")]
17	static extern int ResumeThread(IntPtr hThread);
18
19	[DllImport("kernel32.dll")]
20	public static extern IntPtr OpenProcess(ProcessAccessFlags dwDesiredAccess, bool bInheritHandle, uint dwProcessId);
21	[DllImport("advapi32.dll", SetLastError = true)]
22	public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
23	[DllImport("kernel32.dll", SetLastError = true)]
24	[return: MarshalAs(UnmanagedType.Bool)]
25	public static extern bool CloseHandle(IntPtr hObject);
26
27
28	public static void SuspendProcess(int PID)
29	{
30	try
31	{
32	Process proc = Process.GetProcessById(PID);
33
34	if (proc.ProcessName == string.Empty) return;
35	foreach (ProcessThread pT in proc.Threads)
36	{
37	IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
38	if (pOpenThread == IntPtr.Zero) { break; }
39	SuspendThread(pOpenThread);
40	}
41	}
42	catch { }
43	}
44
45	public static void ResumeProcess(int PID)
46	{
47	try
48	{
49	Process proc = Process.GetProcessById(PID);
50	if (proc.ProcessName == string.Empty) return;
51	foreach (ProcessThread pT in proc.Threads)
52	{
53	IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
54	if (pOpenThread == IntPtr.Zero) { break; }
55	ResumeThread(pOpenThread);
56	}
57	}
58	catch { }
59	}
60
61	public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
62	{
63	IntPtr ph = IntPtr.Zero;
64	IsSystem = false;
65	try
66	{
67	ThreadControl.OpenProcessToken(handle, (uint)ProcessTokenFlags.TOKEN_QUERY, out ph);
68	WindowsIdentity wi = new WindowsIdentity(ph);
69	IsSystem = wi.IsSystem;
70	string name = wi.Name;
71	int slash_index = name.IndexOf("\\") + 1;
72	name = name.Remove(0, slash_index);
73	return name;
74	}
75	catch
76	{
77	// ignore
78	}
79	finally
80	{
81	if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
82	}
83	return "";
84	}
85	}
86	}