本文整理汇总了C++中SuspendThread函数的典型用法代码示例。如果您正苦于以下问题:C++ SuspendThread函数的具体用法?C++ SuspendThread怎么用?C++ SuspendThread使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了SuspendThread函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: thread_rec
/* Find a thread record given a thread id. If GET_CONTEXT is set then
also retrieve the context for this thread. */
static thread_info *
thread_rec (DWORD id, int get_context)
{
struct thread_info *thread;
thread_info *th;
thread = (struct thread_info *) find_inferior_id (&all_threads, id);
if (thread == NULL)
return NULL;
th = inferior_target_data (thread);
if (!th->suspend_count && get_context)
{
if (get_context > 0 && id != current_event.dwThreadId)
th->suspend_count = SuspendThread (th->h) + 1;
else if (get_context < 0)
th->suspend_count = -1;
th->context.ContextFlags = CONTEXT_DEBUGGER_DR;
GetThreadContext (th->h, &th->context);
if (id == current_event.dwThreadId)
{
/* Copy dr values from that thread. */
dr[0] = th->context.Dr0;
dr[1] = th->context.Dr1;
dr[2] = th->context.Dr2;
dr[3] = th->context.Dr3;
dr[6] = th->context.Dr6;
dr[7] = th->context.Dr7;
}
}
return th;
}示例2: profiler_thread_entry
static DWORD WINAPI profiler_thread_entry(LPVOID lpParameter)
{
HANDLE mainThread = (HANDLE)lpParameter;
CONTEXT context;
/* loop until done */
memset(&context, 0, sizeof(context));
while (!profiler_thread_exit)
{
/* pause the main thread and get its context */
SuspendThread(mainThread);
context.ContextFlags = CONTEXT_FULL;
GetThreadContext(mainThread, &context);
ResumeThread(mainThread);
/* add to the bucket */
increment_bucket(context.Eip);
/* sleep */
Sleep(1);
}
return 0;
}示例3: gst_directsound_ring_buffer_pause
static gboolean
gst_directsound_ring_buffer_pause (GstRingBuffer * buf)
{
HRESULT hr = S_OK;
GstDirectSoundRingBuffer * dsoundbuffer;
dsoundbuffer = GST_DIRECTSOUND_RING_BUFFER (buf);
GST_DEBUG ("Pausing RingBuffer");
GST_DSOUND_LOCK (dsoundbuffer);
if (dsoundbuffer->pDSB8) {
hr = IDirectSoundBuffer8_Stop (dsoundbuffer->pDSB8);
}
if (G_LIKELY (!dsoundbuffer->suspended)) {
if (G_UNLIKELY(SuspendThread (dsoundbuffer->hThread) == -1))
GST_WARNING ("gst_directsound_ring_buffer_pause: SuspendThread failed.");
else
dsoundbuffer->suspended = TRUE;
}
GST_DSOUND_UNLOCK (dsoundbuffer);
/* in the unlikely event that a device was reconfigured, we can consider
* ourselves stopped even though the stop call failed */
if (G_UNLIKELY (FAILED(hr)) &&
G_UNLIKELY(hr != DIRECTSOUND_ERROR_DEVICE_RECONFIGURED) &&
G_UNLIKELY(hr != DIRECTSOUND_ERROR_DEVICE_NO_DRIVER)) {
GST_WARNING ("gst_directsound_ring_buffer_pause: IDirectSoundBuffer8_Stop, hr = %X", (unsigned int) hr);
return FALSE;
}
return TRUE;
}示例4: stream_run
DWORD WINAPI stream_run(void * data)
{
SoundThread * me = (SoundThread *) data;
while(me->running) {
if(me->sound) {
Sound * sound = me->sound;
ALuint uiSource;
ALint iState = AL_PLAYING;
ALuint uiBuffers[1];
alGenBuffers(1, uiBuffers);
alGenSources(1, &uiSource);
alBufferData(uiBuffers[0], sound->format, sound->data, sound->size, sound->freq);
assert(AL_NO_ERROR == alGetError());
alSourceQueueBuffers(uiSource, 1, &uiBuffers[0]);
alSourcef(uiSource, AL_GAIN, sound->volume);
alSourcePlay(uiSource);
while(iState == AL_PLAYING) {
Sleep(16);
alGetSourcei(uiSource, AL_SOURCE_STATE, &iState);
}
alSourceStop(uiSource);
alSourcei(uiSource, AL_BUFFER, 0);
alDeleteSources(1, &uiSource);
alDeleteBuffers(1, uiBuffers);
me->occupied = false;
me->sound = 0;
}
if(me->running) SuspendThread(me->handle);
}
return 0;
}示例5: prvProcessSimulatedInterrupts
static void prvProcessSimulatedInterrupts( void )
{
unsigned long ulSwitchRequired, i;
xThreadState *pxThreadState;
void *pvObjectList[ 2 ];
/* Going to block on the mutex that ensured exclusive access to the simulated
interrupt objects, and the event that signals that a simulated interrupt
should be processed. */
pvObjectList[ 0 ] = pvInterruptEventMutex;
pvObjectList[ 1 ] = pvInterruptEvent;
for(;;)
{
WaitForMultipleObjects( sizeof( pvObjectList ) / sizeof( void * ), pvObjectList, TRUE, INFINITE );
/* Used to indicate whether the simulated interrupt processing has
necessitated a context switch to another task/thread. */
ulSwitchRequired = pdFALSE;
/* For each interrupt we are interested in processing, each of which is
represented by a bit in the 32bit ulPendingInterrupts variable. */
for( i = 0; i < portMAX_INTERRUPTS; i++ )
{
/* Is the simulated interrupt pending? */
if( ulPendingInterrupts & ( 1UL << i ) )
{
/* Is a handler installed? */
if( ulIsrHandler[ i ] != NULL )
{
/* Run the actual handler. */
if( ulIsrHandler[ i ]() != pdFALSE )
{
ulSwitchRequired |= ( 1 << i );
}
}
/* Clear the interrupt pending bit. */
ulPendingInterrupts &= ~( 1UL << i );
}
}
if( ulSwitchRequired != pdFALSE )
{
void *pvOldCurrentTCB;
pvOldCurrentTCB = pxCurrentTCB;
/* Select the next task to run. */
vTaskSwitchContext();
/* If the task selected to enter the running state is not the task
that is already in the running state. */
if( pvOldCurrentTCB != pxCurrentTCB )
{
/* Suspend the old thread. */
pxThreadState = ( xThreadState *) *( ( unsigned long * ) pvOldCurrentTCB );
if( ( ulSwitchRequired & ( 1 << portINTERRUPT_DELETE_THREAD ) ) != pdFALSE )
{
TerminateThread( pxThreadState->pvThread, 0 );
}
else
{
SuspendThread( pxThreadState->pvThread );
}
/* Obtain the state of the task now selected to enter the
Running state. */
pxThreadState = ( xThreadState * ) ( *( unsigned long *) pxCurrentTCB );
ResumeThread( pxThreadState->pvThread );
}
}
ReleaseMutex( pvInterruptEventMutex );
}
}示例6: SSQ_SetLogStatus
BOOL WINAPI SSQ_SetLogStatus(BOOL status,USHORT port)
{
static LPADDRINFO response;
static char hostname[64];
if(status==log_status||HIWORD(Callback)==0||ssq_is_initialized==FALSE)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,0,1,0);
return FALSE;
}
else if(GetExitCodeThread(handle_log_thread,&exit_code_log_thread)==FALSE)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,0,1,(DWORD)GetExitCodeThread);
return FALSE;
}
else if(exit_code_log_thread!=STILL_ACTIVE)
{
handle_log_thread = CreateThread(0,0,SSQ_LogThread,0,CREATE_SUSPENDED,&identifier_log_thread);
if(handle_log_thread==0)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,0,1,(DWORD)CreateThread);
return FALSE;
}
}
if(status==TRUE)
{
if(gethostname(hostname,sizeof(hostname))==SOCKET_ERROR)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,1,1,(DWORD)gethostname);
return FALSE;
}
else if(getaddrinfo(hostname,0,0,&response)!=0)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,1,1,(DWORD)getaddrinfo);
return FALSE;
}
else if(closesocket(ssq_socket[SSQ_UDP_LOG])==SOCKET_ERROR)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,1,1,(DWORD)closesocket);
return FALSE;
}
ssq_socket[SSQ_UDP_LOG] = socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
if(ssq_socket[SSQ_UDP_LOG]==INVALID_SOCKET)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,1,1,(DWORD)socket);
return FALSE;
}
((PSOCKADDR_IN)response->ai_addr)->sin_port = htons(port);
if(bind(ssq_socket[SSQ_UDP_LOG],response->ai_addr,sizeof(*response->ai_addr))==SOCKET_ERROR)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,1,1,(DWORD)bind);
return FALSE;
}
freeaddrinfo(response);
if(ResumeThread(handle_log_thread)==0xFFFFFFFF)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,0,1,(DWORD)ResumeThread);
return FALSE;
}
log_status = TRUE;
}
else if(status==FALSE)
{
if(SuspendThread(handle_log_thread)==0xFFFFFFFF)
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,0,1,(DWORD)SuspendThread);
return FALSE;
}
log_status = FALSE;
}
else
{
SSQ_OutputDebugString(EXTERNAL_SSQ_SET_LOG_STATUS,0,1,0);
return FALSE;
}
return TRUE;
}示例7: SuspendThread
void CThread::Suspend()
{
SuspendThread(m_hThread);
}示例8: Stacktrace
/** Print out a stacktrace. */
static void Stacktrace(const char *threadName, LPEXCEPTION_POINTERS e, HANDLE hThread = INVALID_HANDLE_VALUE)
{
PIMAGEHLP_SYMBOL pSym;
STACKFRAME sf;
HANDLE process, thread;
DWORD dwModBase, Disp, dwModAddrToPrint;
BOOL more = FALSE;
int count = 0;
char modname[MAX_PATH];
process = GetCurrentProcess();
if(threadName)
PRINT("Stacktrace (%s):", threadName);
else
PRINT("Stacktrace:");
bool suspended = false;
CONTEXT c;
if (e) {
c = *e->ContextRecord;
thread = GetCurrentThread();
} else {
SuspendThread(hThread);
suspended = true;
memset(&c, 0, sizeof(CONTEXT));
c.ContextFlags = CONTEXT_FULL;
// FIXME: This does not work if you want to dump the current thread's stack
if (!GetThreadContext(hThread, &c)) {
ResumeThread(hThread);
return;
}
thread = hThread;
}
ZeroMemory(&sf, sizeof(sf));
sf.AddrPC.Offset = c.Eip;
sf.AddrStack.Offset = c.Esp;
sf.AddrFrame.Offset = c.Ebp;
sf.AddrPC.Mode = AddrModeFlat;
sf.AddrStack.Mode = AddrModeFlat;
sf.AddrFrame.Mode = AddrModeFlat;
// use globalalloc to reduce risk for allocator related deadlock
pSym = (PIMAGEHLP_SYMBOL)GlobalAlloc(GMEM_FIXED, 16384);
char* printstrings = (char*)GlobalAlloc(GMEM_FIXED, 0);
bool containsOglDll = false;
while (true) {
more = StackWalk(
IMAGE_FILE_MACHINE_I386, // TODO: fix this for 64 bit windows?
process,
thread,
&sf,
&c,
NULL,
SymFunctionTableAccess,
SymGetModuleBase,
NULL
);
if (!more || sf.AddrFrame.Offset == 0 || count > MAX_STACK_DEPTH) {
break;
}
dwModBase = SymGetModuleBase(process, sf.AddrPC.Offset);
if (dwModBase) {
GetModuleFileName((HINSTANCE)dwModBase, modname, MAX_PATH);
} else {
strcpy(modname, "Unknown");
}
pSym->SizeOfStruct = sizeof(IMAGEHLP_SYMBOL);
pSym->MaxNameLength = MAX_PATH;
char* printstringsnew = (char*) GlobalAlloc(GMEM_FIXED, (count + 1) * BUFFER_SIZE);
memcpy(printstringsnew, printstrings, count * BUFFER_SIZE);
GlobalFree(printstrings);
printstrings = printstringsnew;
if (SymGetSymFromAddr(process, sf.AddrPC.Offset, &Disp, pSym)) {
// This is the code path taken on VC if debugging syms are found.
SNPRINTF(printstrings + count * BUFFER_SIZE, BUFFER_SIZE, "(%d) %s(%s+%#0lx) [0x%08lX]", count, modname, pSym->Name, Disp, sf.AddrPC.Offset);
} else {
// This is the code path taken on MinGW, and VC if no debugging syms are found.
if (strstr(modname, ".exe")) {
// for the .exe, we need the absolute address
dwModAddrToPrint = sf.AddrPC.Offset;
} else {
// for DLLs, we need the module-internal/relative address
dwModAddrToPrint = sf.AddrPC.Offset - dwModBase;
}
SNPRINTF(printstrings + count * BUFFER_SIZE, BUFFER_SIZE, "(%d) %s [0x%08lX]", count, modname, dwModAddrToPrint);
}
// OpenGL lib names (ATI): "atioglxx.dll" "atioglx2.dll"
containsOglDll = containsOglDll || strstr(modname, "atiogl");
// OpenGL lib names (Nvidia): "nvoglnt.dll" "nvoglv32.dll" "nvoglv64.dll" (last one is a guess)
containsOglDll = containsOglDll || strstr(modname, "nvogl");
// OpenGL lib names (Intel): "ig4dev32.dll" "ig4dev64.dll"
//.........这里部分代码省略.........
示例9: SuspenderThread
DWORD PALAPI SuspenderThread()
{
HANDLE targetThread;
DWORD ret;
int i,j,idx,jdx;
printf("[Suspender Thread] Starting\n");
while (!g_bDone)
{
jdx = rand()%2;
for (j=0; j<2; j++, jdx++)
{
switch(jdx % 2)
{
case 0:
{
idx = rand() % g_lCurrentExecutingThreadCount;
for (i=0; i < g_lCurrentExecutingThreadCount; i++)
{
targetThread = g_rghExecutingThread[idx];
if (NULL != targetThread)
{
ret = SuspendThread(targetThread);
if (-1 != ret)
{
g_lSuspCount += 1;
}
else
{
g_lSuspFailCount += 1;
}
}
idx = (idx+1) % g_lCurrentExecutingThreadCount;
}
break;
}
case 1:
default:
{
idx = rand() % g_lPostingThreadCount;
for (i=0; i < g_lPostingThreadCount; i++)
{
targetThread = g_rghPostingThread[idx];
if (NULL != targetThread)
{
ret = SuspendThread(targetThread);
if (-1 != ret)
{
g_lSuspCount += 1;
}
else
{
g_lSuspFailCount += 1;
}
}
idx = (idx+1) % g_lPostingThreadCount;
}
break;
}
}
}
Sleep(rand() % 100);
jdx = rand() % 2;
for (j=0; j<2; j++, jdx++)
{
switch(jdx % 2)
{
case 0:
{
idx = rand() % g_lCurrentExecutingThreadCount;
for (i=0; i < g_lCurrentExecutingThreadCount; i++)
{
targetThread = g_rghExecutingThread[idx];
if (NULL != targetThread)
{
ret = ResumeThread(targetThread);
if (-1 != ret)
{
g_lResumeCount += 1;
}
else
{
g_lResumeFailCount += 1;
}
}
idx = (idx+1) % g_lCurrentExecutingThreadCount;
}
break;
}
case 1:
default:
{
idx = rand() % g_lPostingThreadCount;
for (i=0; i < g_lPostingThreadCount; i++)
{
targetThread = g_rghPostingThread[idx];
if (NULL != targetThread)
//.........这里部分代码省略.........
示例10: SuspendThread
void cThreadWrapper::Suspend()
{
m_dwThreadSuspendCount = SuspendThread(m_hThreadHandle);
}示例11: prvProcessSimulatedInterrupts
static void prvProcessSimulatedInterrupts( void )
{
uint32_t ulSwitchRequired, i;
xThreadState *pxThreadState;
void *pvObjectList[ 2 ];
CONTEXT xContext;
/* Going to block on the mutex that ensured exclusive access to the simulated
interrupt objects, and the event that signals that a simulated interrupt
should be processed. */
pvObjectList[ 0 ] = pvInterruptEventMutex;
pvObjectList[ 1 ] = pvInterruptEvent;
/* Create a pending tick to ensure the first task is started as soon as
this thread pends. */
ulPendingInterrupts |= ( 1 << portINTERRUPT_TICK );
SetEvent( pvInterruptEvent );
xPortRunning = pdTRUE;
for(;;)
{
WaitForMultipleObjects( sizeof( pvObjectList ) / sizeof( void * ), pvObjectList, TRUE, INFINITE );
/* Used to indicate whether the simulated interrupt processing has
necessitated a context switch to another task/thread. */
ulSwitchRequired = pdFALSE;
/* For each interrupt we are interested in processing, each of which is
represented by a bit in the 32bit ulPendingInterrupts variable. */
for( i = 0; i < portMAX_INTERRUPTS; i++ )
{
/* Is the simulated interrupt pending? */
if( ulPendingInterrupts & ( 1UL << i ) )
{
/* Is a handler installed? */
if( ulIsrHandler[ i ] != NULL )
{
/* Run the actual handler. */
if( ulIsrHandler[ i ]() != pdFALSE )
{
ulSwitchRequired |= ( 1 << i );
}
}
/* Clear the interrupt pending bit. */
ulPendingInterrupts &= ~( 1UL << i );
}
}
if( ulSwitchRequired != pdFALSE )
{
void *pvOldCurrentTCB;
pvOldCurrentTCB = pxCurrentTCB;
/* Select the next task to run. */
vTaskSwitchContext();
/* If the task selected to enter the running state is not the task
that is already in the running state. */
if( pvOldCurrentTCB != pxCurrentTCB )
{
/* Suspend the old thread. */
pxThreadState = ( xThreadState *) *( ( size_t * ) pvOldCurrentTCB );
SuspendThread( pxThreadState->pvThread );
/* Ensure the thread is actually suspended by performing a
synchronous operation that can only complete when the thread is
actually suspended. The below code asks for dummy register
data. */
xContext.ContextFlags = CONTEXT_INTEGER;
( void ) GetThreadContext( pxThreadState->pvThread, &xContext );
/* Obtain the state of the task now selected to enter the
Running state. */
pxThreadState = ( xThreadState * ) ( *( size_t *) pxCurrentTCB );
ResumeThread( pxThreadState->pvThread );
}
}
ReleaseMutex( pvInterruptEventMutex );
}
}示例12: demoSuspendInjectResume
DWORD demoSuspendInjectResume(PCWSTR pszLibFile, DWORD dwProcessId)
{
void *stub;
unsigned long threadID, oldIP, oldprot;
HANDLE hThread;
CONTEXT ctx;
DWORD stubLen = sizeof(sc);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (hProcess == NULL)
{
wprintf(L"[-] Error: Could not open process for PID (%d).\n", dwProcessId);
return(1);
}
DWORD LoadLibraryAddress = (DWORD)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryW");
if (LoadLibraryAddress == NULL)
{
wprintf(L"[-] Error: Could not find LoadLibraryA function inside kernel32.dll library.\n");
exit(1);
}
SIZE_T dwSize = (wcslen(pszLibFile) + 1) * sizeof(wchar_t);
LPVOID lpDllAddr = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if (lpDllAddr == NULL)
{
wprintf(L"[-] Error: Could not allocate memory inside PID (%d).\n", dwProcessId);
exit(1);
}
stub = VirtualAllocEx(hProcess, NULL, stubLen, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (stub == NULL)
{
wprintf(L"[-] Error: Could not allocate memory for stub.\n");
exit(1);
}
BOOL bStatus = WriteProcessMemory(hProcess, lpDllAddr, pszLibFile, dwSize, NULL);
if (bStatus == 0)
{
wprintf(L"[-] Error: Could not write any bytes into the PID (%d) address space.\n", dwProcessId);
return(1);
}
threadID = getThreadID(dwProcessId);
hThread = OpenThread((THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_SUSPEND_RESUME), false, threadID);
if (hThread != NULL)
{
SuspendThread(hThread);
}
else
printf("could not open thread\n");
ctx.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &ctx);
oldIP = ctx.Eip;
ctx.Eip = (DWORD)stub;
ctx.ContextFlags = CONTEXT_CONTROL;
VirtualProtect(sc, stubLen, PAGE_EXECUTE_READWRITE, &oldprot);
memcpy((void *)((unsigned long)sc + 1), &oldIP, 4);
memcpy((void *)((unsigned long)sc + 8), &lpDllAddr, 4);
memcpy((void *)((unsigned long)sc + 13), &LoadLibraryAddress, 4);
WriteProcessMemory(hProcess, stub, sc, stubLen, NULL);
SetThreadContext(hThread, &ctx);
ResumeThread(hThread);
Sleep(8000);
VirtualFreeEx(hProcess, lpDllAddr, dwSize, MEM_DECOMMIT);
VirtualFreeEx(hProcess, stub, stubLen, MEM_DECOMMIT);
CloseHandle(hProcess);
CloseHandle(hThread);
return(0);
}示例13: demoSuspendInjectResume64
DWORD demoSuspendInjectResume64(PCWSTR pszLibFile, DWORD dwProcessId)
{
void *stub;
unsigned long threadID, oldprot;
HANDLE hThread;
CONTEXT ctx;
DWORD64 stubLen = sizeof(sc);
wprintf(TEXT("[+] Shellcode Length is: %d\n"), stubLen);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
if (hProcess == NULL)
{
wprintf(L"[-] Error: Could not open process for PID (%d).\n", dwProcessId);
return(1);
}
DWORD64 LoadLibraryAddress = (DWORD64)GetProcAddress(GetModuleHandle(L"kernel32.dll"), "LoadLibraryW");
if (LoadLibraryAddress == NULL)
{
wprintf(L"[-] Error: Could not find LoadLibraryA function inside kernel32.dll library.\n");
exit(1);
}
SIZE_T dwSize = (wcslen(pszLibFile) + 1) * sizeof(wchar_t);
LPVOID lpDllAddr = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (lpDllAddr == NULL)
{
wprintf(L"[-] Error: Could not allocate memory inside PID (%d).\n", dwProcessId);
exit(1);
}
stub = VirtualAllocEx(hProcess, NULL, stubLen, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (stub == NULL)
{
wprintf(L"[-] Error: Could not allocate memory for stub.\n");
exit(1);
}
SIZE_T nBytesWritten = 0;
BOOL bStatus = WriteProcessMemory(hProcess, lpDllAddr, pszLibFile, dwSize, &nBytesWritten);
if (bStatus == 0)
{
wprintf(L"[-] Error: Could not write any bytes into the PID (%d) address space.\n", dwProcessId);
return(1);
}
if (nBytesWritten != dwSize)
wprintf(TEXT("[-] Something is wrong!\n"));
threadID = getThreadID(dwProcessId);
hThread = OpenThread((THREAD_GET_CONTEXT | THREAD_SET_CONTEXT | THREAD_SUSPEND_RESUME), false, threadID);
if (hThread != NULL)
{
SuspendThread(hThread);
}
else
wprintf(L"[-] Could not open thread\n");
ctx.ContextFlags = CONTEXT_CONTROL;
GetThreadContext(hThread, &ctx);
DWORD64 oldIP = ctx.Rip;
ctx.Rip = (DWORD64)stub;
ctx.ContextFlags = CONTEXT_CONTROL;
memcpy(sc + 3, &oldIP, sizeof(oldIP));
memcpy(sc + 41, &lpDllAddr, sizeof(lpDllAddr));
memcpy(sc + 51, &LoadLibraryAddress, sizeof(LoadLibraryAddress));
#ifdef _DEBUG
wprintf(TEXT("[+] Shellcode Launcher Code:\n\t"));
for (int i = 0; i < stubLen; i++)
wprintf(TEXT("%02x "), sc[i]);
wprintf(TEXT("\n"));
#endif
WriteProcessMemory(hProcess, (void *)stub, &sc, stubLen, NULL);
SetThreadContext(hThread, &ctx);
ResumeThread(hThread);
Sleep(8000);
VirtualFreeEx(hProcess, lpDllAddr, dwSize, MEM_DECOMMIT);
VirtualFreeEx(hProcess, stub, stubLen, MEM_DECOMMIT);
CloseHandle(hProcess);
CloseHandle(hThread);
return(0);
}示例14: __declspec
__declspec (dllexport) DWORD
QueueUserAPCEx(PAPCFUNC pfnApc, HANDLE hThread, DWORD dwData)
/*
* ------------------------------------------------------
* DOCPUBLIC
* Adds a user-mode asynchronous procedure call (APC) object
* to the APC queue of the specified thread AND sets this
* thread in alertarte state.
*
* PARAMETERS
* Uses the same parameters as QueueUserAPC.
*
* DESCRIPTION
* Adds a user-mode asynchronous procedure call (APC) object
* to the APC queue of the specified thread AND sets this
* thread in alertarte state.
*
* RESULTS
* 1 Success
* 0 Failure
* ------------------------------------------------------
*/
{
DWORD cbReturned;
/* trivial case */
if (hThread == GetCurrentThread())
{
if (!QueueUserAPC(pfnApc, hThread, dwData))
{
return 0;
}
SleepEx(0, TRUE);
return 1;
}
if (INVALID_HANDLE_VALUE == hDevice
/* && !QueueUserAPCEx_Init() */
)
{
return 0;
}
/* probably not necessary */
if (SuspendThread(hThread) == -1)
{
return 0;
}
/* Send the APC */
if (!QueueUserAPC(pfnApc, hThread, dwData))
{
return 0;
}
/* Ensure the execution of the APC */
if (DeviceIoControl (hDevice, (DWORD)IOCTL_ALERTDRV_SET_ALERTABLE2, &hThread, sizeof(HANDLE),
NULL, 0, &cbReturned, 0))
{
}
else
{
return 0;
}
/* Here, we could even cancel suspended threads */
ResumeThread(hThread);
return 1;
}示例15: assert
void Thread::suspend()
{
assert(handle); // Thread object is null
int ret = SuspendThread(handle);
assert(ret >= 0); // Failed to suspend thread
}