public static void SuspendMainWowThread() { ProcessThread wowMainThread = SThread.GetMainThread((int)MyHook._processId); IntPtr hThread = SThread.OpenThread(wowMainThread.Id); SThread.SuspendThread(hThread); }
public static void ResumeMainWowThread() { ProcessThread wowMainThread = SThread.GetMainThread(process.Id); IntPtr hThread = SThread.OpenThread(wowMainThread.Id); SThread.ResumeThread(hThread); }
public static void resumeMainThread(int dwProcessId) { ProcessId = dwProcessId; ProcessThread wowMainThread = SThread.GetMainThread(ProcessId); IntPtr hThread = SThread.OpenThread(wowMainThread.Id); SThread.ResumeThread(hThread); }
public static void suspendMainThread(int dwProcessId) { ProcessId = dwProcessId; ProcessThread wowMainThread = SThread.GetMainThread(ProcessId); IntPtr hThread = SThread.OpenThread(wowMainThread.Id); SThread.SuspendThread(hThread); }
public static void ResumeMainWowThread() { if (MyHook == null) { MyHook = new Hook((uint)ObjectManager.WowProcess.Id, (uint)ObjectManager.WowProcess.MainModule.BaseAddress); } ProcessThread wowMainThread = SThread.GetMainThread((int)MyHook._processId); IntPtr hThread = SThread.OpenThread(wowMainThread.Id); SThread.ResumeThread(hThread); }
public void Stop() //bool requeue) { _stopped = true; //Cant lock both _Threads and _workItems //That might cause a deadlock lock (_Threads) foreach (System.Threading.Thread SThread in _Threads.Keys) { SThread.Abort(); } }
protected override void WndProc(ref Message m) { base.WndProc(ref m); if (m.Msg == 0xBEEF) { Console.WriteLine("0xBEEF message recieved, resuming main thread!"); ProcessThread wowMainThread = SThread.GetMainThread(ProcessId); IntPtr hThread = SThread.OpenThread(wowMainThread.Id); SThread.ResumeThread(hThread); } }
private static bool InjectDll(IntPtr processHandle, string dllPath) { IntPtr parameterAddress = IntPtr.Zero; try { parameterAddress = SMemory.AllocateMemory(processHandle, dllPath.Length, Win32.MemoryAllocationType.MEM_COMMIT, Win32.MemoryProtectionType.PAGE_READWRITE); byte[] buffer = UTF8Encoding.UTF8.GetBytes(dllPath); bool isMemoryWritten = SMemory.WriteProcessMemory(processHandle, parameterAddress, buffer, buffer.Length + 1); if (!isMemoryWritten) { throw new Exception("WriteProcessMemory failed."); } IntPtr kernel32dllHandle = Imports.GetModuleHandle("kernel32.dll"); IntPtr loadLibraryAddress = SProcess.GetProcAddress(kernel32dllHandle, "LoadLibraryA"); IntPtr remoteThreadHandle = SThread.CreateRemoteThread(processHandle, (uint)loadLibraryAddress, (uint)parameterAddress); if (remoteThreadHandle != IntPtr.Zero) { Imports.WaitForSingleObject(remoteThreadHandle, (uint)WaitValues.INFINITE); Imports.CloseHandle(remoteThreadHandle); return(true); } return(false); } finally { if (parameterAddress != IntPtr.Zero) { SMemory.FreeMemory(processHandle, (uint)parameterAddress); } } }
/// <summary> /// Resumes WoW's main thread /// </summary> private static void ResumeMainthread() => SThread.ResumeThread( SThread.OpenThread( SThread.GetMainThread(BlackMagic.ProcessId).Id));
/// <summary> /// Hold WoW's main thread, be careful things get dangerous here /// </summary> private static void PauseMainThread() => SThread.SuspendThread( SThread.OpenThread( SThread.GetMainThread(BlackMagic.ProcessId).Id));
public static int GetWowMainThread() { ProcessThread wowMainThread = SThread.GetMainThread(process.Id); return(wowMainThread.Id); }
public void LoadAssembly(string path, string entryNamespace, string entryClass, string entryFunction) { uint num = this.AllocRemoteString(path); uint num2 = this.AllocRemoteString(entryNamespace); uint num3 = this.AllocRemoteString(entryClass); uint num4 = this.AllocRemoteString(entryFunction); byte[] array = new byte[] { 232, 0, 0, 0, 0, 80, 232, 0, 0, 0, 0, 184, 0, 0, 0, 0, 106, 0, 80, 232, 0, 0, 0, 0, 80, 232, 0, 0, 0, 0, 186, 0, 0, 0, 0, 82, 185, 0, 0, 0, 0, 81, 80, 232, 0, 0, 0, 0, 106, 0, 185, 0, 0, 0, 0, 81, 80, 232, 0, 0, 0, 0, 106, 0, 106, 0, 106, 0, 80, 232, 0, 0, 0, 0, 131, 196, 56, 195 }; uint num5 = this.memory.AllocateMemory(array.Length); this.memory.WriteBytes(num5, array); this.memory.WriteUInt(num5 + 1u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_get_root_domain"), num5 + 1u)); this.memory.WriteUInt(num5 + 7u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_thread_attach"), num5 + 7u)); this.memory.WriteUInt(num5 + 12u, num); this.memory.WriteUInt(num5 + 20u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_assembly_open"), num5 + 20u)); this.memory.WriteUInt(num5 + 26u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_assembly_get_image"), num5 + 26u)); this.memory.WriteUInt(num5 + 31u, num3); this.memory.WriteUInt(num5 + 37u, num2); this.memory.WriteUInt(num5 + 44u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_class_from_name"), num5 + 44u)); this.memory.WriteUInt(num5 + 51u, num4); this.memory.WriteUInt(num5 + 58u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_class_get_method_from_name"), num5 + 58u)); this.memory.WriteUInt(num5 + 70u, this.GetRelativeAddress(this.FindFuncAdress("mono.dll", "mono_runtime_invoke"), num5 + 70u)); IntPtr hObject = this.memory.CreateRemoteThread(num5, 0u); bool flag = false; if (SThread.WaitForSingleObject(hObject, 3000u) != 0u) { flag = true; } this.memory.FreeMemory(num); this.memory.FreeMemory(num3); this.memory.FreeMemory(num2); this.memory.FreeMemory(num4); this.memory.FreeMemory(num5); if (flag) { throw new Exception("Timeout in mono loader"); } }