Win32/Threading/ThreadControl.cs

using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
using System.Security.Principal;

namespace libWin32.Win32.Threading
{
    public class ThreadControl
    {
        [DllImport("kernel32.dll")]
        static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
        [DllImport("kernel32.dll")]
        static extern uint SuspendThread(IntPtr hThread);
        [DllImport("kernel32.dll")]
        static extern int ResumeThread(IntPtr hThread);


        [DllImport("advapi32.dll", SetLastError = true)]
        public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
        [DllImport("kernel32.dll", SetLastError = true)]
        [return: MarshalAs(UnmanagedType.Bool)]
        public static extern bool CloseHandle(IntPtr hObject);
        [DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
        static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, uint nSize);

        [DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, SetLastError = true)]
        public static extern int EnumProcessModules(IntPtr hProcess, [Out] IntPtr lphModule, uint cb, out uint lpcbNeeded);

        public static void SuspendProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);

                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    SuspendThread(pOpenThread);
                }
            }
            catch { }
        }

        public static void ResumeProcess(int PID)
        {
            try
            {
                Process proc = Process.GetProcessById(PID);
                if (proc.ProcessName == string.Empty) return;
                foreach (ProcessThread pT in proc.Threads)
                {
                    IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                    if (pOpenThread == IntPtr.Zero) { break; }
                    ResumeThread(pOpenThread);
                }
            }
            catch { }
        }

        public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
        {
            IntPtr ph = IntPtr.Zero;
            IsSystem = false;
            try
            {
                ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
                WindowsIdentity wi = new WindowsIdentity(ph);
                IsSystem = wi.IsSystem;
                string name = wi.Name;
                int slash_index = name.IndexOf("\\") + 1;
                name = name.Remove(0, slash_index);
                return name;
            }
            catch
            {
                // ignore
            }
            finally
            {
                if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
            }
            return "";
        }

        public static string GetProcessFilename(Process proc)
        {
            string filename = "";
            Process[] procs = new Process[] { proc };
            int mainModuleIndex = 0;
            foreach (Process p in procs)
            {
                // Setting up the variable for the second argument for EnumProcessModules
                IntPtr[] hMods = new IntPtr[1024];

                GCHandle gch = GCHandle.Alloc(hMods, GCHandleType.Pinned); // Don't forget to free this later
                IntPtr pModules = gch.AddrOfPinnedObject();

                // Setting up the rest of the parameters for EnumProcessModules
                uint uiSize = (uint)(Marshal.SizeOf(typeof(IntPtr)) * (hMods.Length));
                uint cbNeeded = 0;

                if (EnumProcessModules(p.Handle, pModules, uiSize, out cbNeeded) == 1)
                {
                    Int32 uiTotalNumberofModules = (Int32)(cbNeeded / (Marshal.SizeOf(typeof(IntPtr))));

                    for (int i = 0; i < (int)uiTotalNumberofModules; i++)
                    {
                        StringBuilder strbld = new StringBuilder(1024);

                        GetModuleFileNameEx(p.Handle, hMods[i], strbld, (uint)(strbld.Capacity));
                        filename = strbld.ToString();
                        if (i == mainModuleIndex)
                            break;
                    }
                    //Console.WriteLine("Number of Modules: " + uiTotalNumberofModules);
                    //Console.WriteLine();
                }

                // Must free the GCHandle object
                gch.Free();               
            }
            return filename;
        }
    }
}
1	using System;
2	using System.Collections.Generic;
3	using System.Text;
4	using System.Runtime.InteropServices;
5	using System.Diagnostics;
6	using System.Security.Principal;
7
8	namespace libWin32.Win32.Threading
9	{
10	public class ThreadControl
11	{
12	[DllImport("kernel32.dll")]
13	static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
14	[DllImport("kernel32.dll")]
15	static extern uint SuspendThread(IntPtr hThread);
16	[DllImport("kernel32.dll")]
17	static extern int ResumeThread(IntPtr hThread);
18
19
20	[DllImport("advapi32.dll", SetLastError = true)]
21	public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
22	[DllImport("kernel32.dll", SetLastError = true)]
23	[return: MarshalAs(UnmanagedType.Bool)]
24	public static extern bool CloseHandle(IntPtr hObject);
25	[DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
26	static extern uint GetModuleFileNameEx(IntPtr hProcess, IntPtr hModule, [Out] StringBuilder lpBaseName, uint nSize);
27
28	[DllImport("psapi.dll", CallingConvention = CallingConvention.StdCall, SetLastError = true)]
29	public static extern int EnumProcessModules(IntPtr hProcess, [Out] IntPtr lphModule, uint cb, out uint lpcbNeeded);
30
31	public static void SuspendProcess(int PID)
32	{
33	try
34	{
35	Process proc = Process.GetProcessById(PID);
36
37	if (proc.ProcessName == string.Empty) return;
38	foreach (ProcessThread pT in proc.Threads)
39	{
40	IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
41	if (pOpenThread == IntPtr.Zero) { break; }
42	SuspendThread(pOpenThread);
43	}
44	}
45	catch { }
46	}
47
48	public static void ResumeProcess(int PID)
49	{
50	try
51	{
52	Process proc = Process.GetProcessById(PID);
53	if (proc.ProcessName == string.Empty) return;
54	foreach (ProcessThread pT in proc.Threads)
55	{
56	IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
57	if (pOpenThread == IntPtr.Zero) { break; }
58	ResumeThread(pOpenThread);
59	}
60	}
61	catch { }
62	}
63
64	public static string GetProcessOwner(IntPtr handle, out bool IsSystem)
65	{
66	IntPtr ph = IntPtr.Zero;
67	IsSystem = false;
68	try
69	{
70	ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph);
71	WindowsIdentity wi = new WindowsIdentity(ph);
72	IsSystem = wi.IsSystem;
73	string name = wi.Name;
74	int slash_index = name.IndexOf("\\") + 1;
75	name = name.Remove(0, slash_index);
76	return name;
77	}
78	catch
79	{
80	// ignore
81	}
82	finally
83	{
84	if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); }
85	}
86	return "";
87	}
88
89	public static string GetProcessFilename(Process proc)
90	{
91	string filename = "";
92	Process[] procs = new Process[] { proc };
93	int mainModuleIndex = 0;
94	foreach (Process p in procs)
95	{
96	// Setting up the variable for the second argument for EnumProcessModules
97	IntPtr[] hMods = new IntPtr[1024];
98
99	GCHandle gch = GCHandle.Alloc(hMods, GCHandleType.Pinned); // Don't forget to free this later
100	IntPtr pModules = gch.AddrOfPinnedObject();
101
102	// Setting up the rest of the parameters for EnumProcessModules
103	uint uiSize = (uint)(Marshal.SizeOf(typeof(IntPtr)) * (hMods.Length));
104	uint cbNeeded = 0;
105
106	if (EnumProcessModules(p.Handle, pModules, uiSize, out cbNeeded) == 1)
107	{
108	Int32 uiTotalNumberofModules = (Int32)(cbNeeded / (Marshal.SizeOf(typeof(IntPtr))));
109
110	for (int i = 0; i < (int)uiTotalNumberofModules; i++)
111	{
112	StringBuilder strbld = new StringBuilder(1024);
113
114	GetModuleFileNameEx(p.Handle, hMods[i], strbld, (uint)(strbld.Capacity));
115	filename = strbld.ToString();
116	if (i == mainModuleIndex)
117	break;
118	}
119	//Console.WriteLine("Number of Modules: " + uiTotalNumberofModules);
120	//Console.WriteLine();
121	}
122
123	// Must free the GCHandle object
124	gch.Free();
125	}
126	return filename;
127	}
128	}
129	}