// TODO< how to get the processThread from a process or a task? > private static long getAbsoluteProcessTimeInMs(ProcessThread processThread) { TimeSpan totalProcessorTimeTimespan; totalProcessorTimeTimespan = processThread.TotalProcessorTime; return totalProcessorTimeTimespan.Milliseconds; }
public override void run() { while (true) { Socket newSock = serverSocket.Accept(); Session session = new Session(newSock); ProcessThread processor = new ProcessThread(JabberServer.packetQueue, session); processor.setDaemon(true); processor.start(); } }
public string GetThreadSummary() { int iCount = m_proc.Threads.Count; string sThreadSummary = string.Format("Thread Count {0}", iCount); for (int i = 0; i < iCount; i++) { try { ProcessThread pt = m_proc.Threads[i]; if (pt.ThreadState == ThreadState.Running) { sThreadSummary += ProcessThreadToString(pt) + "\r\n"; } } catch (Exception excp) { } } return(sThreadSummary); }
private void InitializeProcessThreads() { if (PlatformDetails.RunningOnMacOsx) { // Mac OSX threads API doesn't provide a way to set thread affinity // we can use thread_policy_set which will make sure that two threads will run // on different cpus, however we cannot choose which cpus will be used // from thread_policy.h about using THREAD_AFFINITY_POLICY: // This may be used to express affinity relationships between threads in // the task. Threads with the same affinity tag will be scheduled to // share an L2 cache if possible. That is, affinity tags are a hint to // the scheduler for thread placement. return; } _currentUnmanagedThreadId = NativeMemory.GetCurrentUnmanagedThreadId.Invoke(); _currentProcess = Process.GetCurrentProcess(); if (PlatformDetails.RunningOnPosix == false) { foreach (ProcessThread pt in _currentProcess.Threads) { if (pt.Id == (uint)_currentUnmanagedThreadId) { _currentProcessThread = pt; break; } } if (_currentProcessThread == null) { throw new InvalidOperationException("Unable to get the current process thread: " + _currentUnmanagedThreadId + ", this should not be possible"); } } SetThreadAffinityByPlatform(_currentProcess.ProcessorAffinity.ToInt64()); }
public void PriorityLevel_Roundtrips() { using (Barrier b = new Barrier(2)) using (Process currentProcess = Process.GetCurrentProcess()) { int targetThreadId = 0; // Launch a thread whose priority we'll manipulate. var t = new Thread(() => { targetThreadId = GetCurrentThreadId(); b.SignalAndWait(); b.SignalAndWait(); // wait until the main test is done targeting this thread }); t.IsBackground = true; t.Start(); b.SignalAndWait(); // wait until targetThreadId is valid try { // Find the relevant ProcessThread in this process ProcessThread targetThread = currentProcess.Threads.Cast <ProcessThread>().Single(pt => pt.Id == targetThreadId); // Try setting and getting its priority foreach (ThreadPriorityLevel level in new[] { ThreadPriorityLevel.AboveNormal, ThreadPriorityLevel.BelowNormal, ThreadPriorityLevel.Normal }) { targetThread.PriorityLevel = ThreadPriorityLevel.AboveNormal; Assert.Equal(ThreadPriorityLevel.AboveNormal, targetThread.PriorityLevel); } } finally { // Allow the thread to exit b.SignalAndWait(); } t.Join(); } }
//结束指定线程 private void StopThread() { if (lvwThread.SelectedItems.Count > 0) { try { int id = Convert.ToInt32(lvwThread.SelectedItems[0].Text); ProcessThread thread = curThreads[id]; thread.Dispose(); RefreshDisplay(); } catch (Exception e) { MessageBox.Show("无法关闭此线程!", "错误", MessageBoxButtons.OK, MessageBoxIcon.Error); } } else { MessageBox.Show("请选中一个线程!", "错误", MessageBoxButtons.OK, MessageBoxIcon.Error); } }
private void addStreams(ProcessThreadCollection threads) { lock (_streams) { for (int i = 0; i < threads.Count; i++) { Stream s = new Stream(); ProcessThread t = threads[i]; s.Id = t.Id; switch (t.ThreadState) { case System.Diagnostics.ThreadState.Initialized: s.State = "Initialized"; break; case System.Diagnostics.ThreadState.Ready: s.State = "Ready"; break; case System.Diagnostics.ThreadState.Running: s.State = "Running"; break; case System.Diagnostics.ThreadState.Standby: s.State = "Standby"; break; case System.Diagnostics.ThreadState.Terminated: s.State = "Terminated"; break; case System.Diagnostics.ThreadState.Transition: s.State = "Transition"; break; case System.Diagnostics.ThreadState.Unknown: s.State = "Unknown"; break; case System.Diagnostics.ThreadState.Wait: s.State = "Wait"; break; default: s.State = "---"; break; } s.StartTime = t.StartTime.ToString("G"); _streams.Add(s); } } OnPropertyChanged("Streams"); _streamCount = _streams.Count; OnPropertyChanged("StreamCount"); }
public MinesweeperPainter() { var proc = new Process(); proc.StartInfo.FileName = Environment.CurrentDirectory + "/winmine.exe"; proc.Start(); while (!proc.Responding) { } ProcessThread procThr = GetUIThread(proc); if (procThr != null) { procThr.PriorityLevel = ThreadPriorityLevel.Highest; } proc.PriorityClass = ProcessPriorityClass.High; winHandle = proc.MainWindowHandle; baseAddress = proc.MainModule.BaseAddress; buffHandle = Native.OpenProcess(Native.ProcessAccessFlags.All, false, proc.Id); MinesweeperProc = proc; }
// private private void Init() { lock (threadLock) { bool previouslyRunning = running.CompareExchange(false, true); if (previouslyRunning) { thread?.Abort(); } thread = new Thread(delegate() { ProcessThread currentThread = getCurrentThread(); int currentCore = core; if (currentCore > 0) { Thread.BeginThreadAffinity(); currentThread.ProcessorAffinity = new IntPtr(1 << currentCore - 1); } start.Invoke(); if (currentCore > 0) { Thread.EndThreadAffinity(); } running.Value = false; }, maxStackSize) { Priority = priority }; if (previouslyRunning) { running.Value = true; thread.Start(); } } }
// Token: 0x06000545 RID: 1349 RVA: 0x00032444 File Offset: 0x00030644 public static IntPtr FindWindowInProcess(Process process, Func <string, bool> compareTitle) { IntPtr intPtr = IntPtr.Zero; try { foreach (object obj in process.Threads) { ProcessThread processThread = (ProcessThread)obj; intPtr = sshcommand.FindWindowInThread(processThread.Id, compareTitle); bool flag = intPtr != IntPtr.Zero; if (flag) { break; } } } catch (Exception) { return(IntPtr.Zero); } return(intPtr); }
internal ThreadInfo(ProcessThread thread, ErcCore core, ProcessInfo process) { ThreadID = thread.Id; ThreadCurrent = thread; ThreadCore = core; ThreadProcess = process; if (process.ProcessMachineType == MachineType.x64) { X64 = MachineType.x64; } else if (process.ProcessMachineType == MachineType.I386) { X64 = MachineType.I386; } try { ThreadHandle = ErcCore.OpenThread(ThreadAccess.All_ACCESS, false, (uint)thread.Id); if (ThreadHandle == null) { ThreadFailed = true; throw new ERCException(new Win32Exception(Marshal.GetLastWin32Error()).Message); } } catch (ERCException e) { ErcResult <Exception> exceptionThrower = new ErcResult <Exception>(ThreadCore) { Error = e }; exceptionThrower.LogEvent(); } PopulateTEB(); }
public void TestPriorityLevelProperty() { CreateDefaultProcess(); ProcessThread thread = _process.Threads[0]; if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { Assert.Throws <PlatformNotSupportedException>(() => thread.PriorityLevel); Assert.Throws <PlatformNotSupportedException>(() => thread.PriorityLevel = ThreadPriorityLevel.AboveNormal); return; } ThreadPriorityLevel originalPriority = thread.PriorityLevel; if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { Assert.Throws <PlatformNotSupportedException>(() => thread.PriorityLevel = ThreadPriorityLevel.AboveNormal); return; } if (RuntimeInformation.IsOSPlatform(OSPlatform.Create("FREEBSD"))) { Assert.Throws <PlatformNotSupportedException>(() => thread.PriorityLevel = ThreadPriorityLevel.AboveNormal); return; } try { thread.PriorityLevel = ThreadPriorityLevel.AboveNormal; Assert.Equal(ThreadPriorityLevel.AboveNormal, thread.PriorityLevel); } finally { thread.PriorityLevel = originalPriority; Assert.Equal(originalPriority, thread.PriorityLevel); } }
private void Dispose(bool Disposing) { if (!isDisposed) { if (Disposing) { abort = true; if (mreSender != null) { mreSender.Set(); mreSender.Dispose(); } if (mreListener != null) { mreListener.Set(); mreListener.Dispose(); } if (ListeningThread != null && ListeningThread.ThreadState == ThreadState.Running) { ListeningThread.Abort(); } if (ProcessThread != null && ProcessThread.ThreadState == ThreadState.Running) { ProcessThread.Abort(); } if (SendingThread != null && SendingThread.ThreadState == ThreadState.Running) { SendingThread.Abort(); } if (ServerStream != null) { ServerStream.Dispose(); } isDisposed = true; } } }
public static void SuspendProcess(Process Proc, ProcessThread Except = null) { if (string.IsNullOrEmpty(Proc.ProcessName)) { return; } foreach (ProcessThread PThread in Proc.Threads) { if (PThread == Except) { continue; } IntPtr OpenThread = Kernel32.OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)PThread.Id); if (OpenThread == IntPtr.Zero) { continue; } Kernel32.SuspendThread(OpenThread); Kernel32.CloseHandle(OpenThread); } }
// Token: 0x060000C7 RID: 199 RVA: 0x00005F48 File Offset: 0x00004148 public static void SetupWrapper() { foreach (object obj in Process.GetCurrentProcess().Threads) { ProcessThread processThread = (ProcessThread)obj; Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("[GetOSThreads]: thread.Id {0:X}", processThread.Id); IntPtr intPtr = ProductPolicyWriter.OpenThread((ConfigItemResolver)32, false, (uint)processThread.Id); if (intPtr == IntPtr.Zero) { Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("[GetOSThreads]: skipped thread.Id {0:X}", processThread.Id); } else { if (ProductPolicyWriter.QueryWrapper(intPtr)) { Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("[GetOSThreads]: thread.Id {0:X} hidden from debbuger.", processThread.Id); } ProductPolicyWriter.CloseHandle(intPtr); } } }
public void TestCommonPriorityAndTimeProperties() { ProcessThreadCollection threadCollection = _process.Threads; Assert.True(threadCollection.Count > 0); ProcessThread thread = threadCollection[0]; try { if (ThreadState.Terminated != thread.ThreadState) { Assert.True(thread.Id >= 0); Assert.Equal(_process.BasePriority, thread.BasePriority); Assert.True(thread.CurrentPriority >= 0); Assert.True(thread.PrivilegedProcessorTime.TotalSeconds >= 0); Assert.True(thread.UserProcessorTime.TotalSeconds >= 0); Assert.True(thread.TotalProcessorTime.TotalSeconds >= 0); } } catch (Win32Exception) { // Win32Exception is thrown when getting threadinfo fails. } }
public void TestStartAddressProperty() { Process p = Process.GetCurrentProcess(); try { if (p.Threads.Count != 0) { ProcessThread thread = p.Threads[0]; if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Assert.True((long)thread.StartAddress >= 0); } else { Assert.Equal(RuntimeInformation.IsOSPlatform(OSPlatform.OSX), thread.StartAddress == IntPtr.Zero); } } } finally { p.Dispose(); } }
// Token: 0x060001C2 RID: 450 RVA: 0x0000D058 File Offset: 0x0000B258 public static void HideOSThreads() { foreach (object obj in Process.GetCurrentProcess().Threads) { ProcessThread processThread = (ProcessThread)obj; Console.ForegroundColor = ConsoleColor.White; Console.WriteLine("[Получение потоков]: thread.Id {0:X}", processThread.Id); IntPtr intPtr = NativeMethods.OpenThread(ThreadAccess.SET_INFORMATION, false, (uint)processThread.Id); if (intPtr == IntPtr.Zero) { Console.ForegroundColor = ConsoleColor.Yellow; Console.WriteLine("[Получение потоков]: порпуск thread.Id {0:X}", processThread.Id); } else { if (DebugProtect3.HideFromDebugger(intPtr)) { Console.ForegroundColor = ConsoleColor.Green; Console.WriteLine("[Получение потоков]: thread.Id {0:X} спрятан от дебаггера.", processThread.Id); } NativeMethods.CloseHandle(intPtr); } } }
public static void ResumeProcess(int pid) { Process processById = Process.GetProcessById(pid); bool flag = processById.ProcessName == string.Empty; if (!flag) { foreach (object obj in processById.Threads) { ProcessThread processThread = (ProcessThread)obj; IntPtr intPtr = ProcessExtension.OpenThread(ProcessExtension.ThreadAccess.SUSPEND_RESUME, false, (uint)processThread.Id); bool flag2 = intPtr == IntPtr.Zero; if (!flag2) { int num; do { num = ProcessExtension.ResumeThread(intPtr); }while (num > 0); ProcessExtension.CloseHandle(intPtr); } } } }
public String[] GetThreadInfo(int pid) { AppendLog("GetThreadInfo"); Process p = Process.GetProcessById(pid); if (p != null) { ProcessThreadCollection threads = p.Threads; String[] infoString = new String[threads.Count]; for (int i = 0; i < threads.Count; ++i) { ProcessThread thread = threads[i]; String tid = thread.Id.ToString(); String priority = thread.PriorityLevel.ToString(); String state = thread.ThreadState.ToString(); String cpuTime = thread.TotalProcessorTime.TotalSeconds.ToString(); infoString[i] = tid + "," + priority + "," + state + "," + cpuTime; } return(infoString); } return(null); }
public void Insert(int index, ProcessThread thread);
public int IndexOf(ProcessThread thread);
public void CopyTo(ProcessThread[] array, int index);
public bool Contains(ProcessThread thread);
public void TestThreadCollectionBehavior() { ProcessThread[] tArray = _process.Threads.Cast <ProcessThread>().ToArray(); int countOfTArray = tArray.Count(); // constructor ProcessThreadCollection threadCollection = new ProcessThreadCollection(tArray); // Count Assert.Equal(countOfTArray, threadCollection.Count); // get_item, Contains, IndexOf for (int i = 0; i < countOfTArray; i++) { Assert.Equal(tArray[i], threadCollection[i]); Assert.True(threadCollection.Contains(tArray[i])); Assert.Equal(i, threadCollection.IndexOf(tArray[i])); } // CopyTo ProcessThread[] threadArray = new ProcessThread[threadCollection.Count + 1]; threadCollection.CopyTo(threadArray, 1); for (int i = 0; i < countOfTArray; i++) { Assert.Equal(tArray[i], threadArray[i + 1]); } Assert.Throws <ArgumentOutOfRangeException>(() => threadCollection.CopyTo(threadArray, -1)); // Remove threadCollection.Remove(tArray[0]); Assert.Equal(-1, threadCollection.IndexOf(tArray[0])); Assert.False(threadCollection.Contains(tArray[0])); // Try remove non existent member threadCollection.Remove(tArray[0]); // Cleanup after remove threadCollection.Insert(0, tArray[0]); // Add threadCollection.Add(default(ProcessThread)); Assert.Equal(threadCollection.Count - 1, threadCollection.IndexOf(default(ProcessThread))); // Add same member again threadCollection.Add(default(ProcessThread)); Assert.Equal(threadCollection.Count - 2, threadCollection.IndexOf(default(ProcessThread))); Assert.Equal(default(ProcessThread), threadCollection[threadCollection.Count - 1]); // Cleanup after Add. threadCollection.Remove(default(ProcessThread)); threadCollection.Remove(default(ProcessThread)); Assert.False(threadCollection.Contains(default(ProcessThread))); // Insert int index = threadCollection.Count / 2; int initialCount = threadCollection.Count; threadCollection.Insert(index, null); Assert.Equal(index, threadCollection.IndexOf(null)); Assert.Equal(initialCount + 1, threadCollection.Count); // Insert at invalid index Assert.Throws <ArgumentOutOfRangeException>(() => threadCollection.Insert(-1, tArray[0])); // Explicit interface implementations Assert.False(((ICollection)threadCollection).IsSynchronized); Assert.NotNull(((ICollection)threadCollection).SyncRoot); threadArray = new ProcessThread[threadCollection.Count]; ((ICollection)threadCollection).CopyTo(threadArray, 0); Assert.Equal(threadCollection.Cast <ProcessThread>().ToArray(), threadArray); // GetEnumerator IEnumerator enumerator = threadCollection.GetEnumerator(); Assert.Throws <InvalidOperationException>(() => enumerator.Current); for (int i = 0; i < threadCollection.Count; i++) { enumerator.MoveNext(); Assert.Equal(threadCollection[i], enumerator.Current); } }
public override IntPtr[] InjectAll(string[] dllPaths, IntPtr hProcess) { Exception exception; this.ClearErrors(); try { if (hProcess.IsNull() || hProcess.Compare(-1L)) { throw new ArgumentException("Invalid process handle.", "hProcess"); } int processId = WinAPI.GetProcessId(hProcess); if (processId == 0) { throw new ArgumentException("Provided handle doesn't have sufficient permissions to inject", "hProcess"); } Process processById = Process.GetProcessById(processId); if (processById.Threads.Count == 0) { throw new Exception("Target process has no targetable threads to hijack."); } ProcessThread thread = SelectOptimalThread(processById); IntPtr ptr = WinAPI.OpenThread(0x1a, false, thread.Id); if (ptr.IsNull() || ptr.Compare(-1L)) { throw new Exception("Unable to obtain a handle for the remote thread."); } IntPtr zero = IntPtr.Zero; IntPtr lpAddress = IntPtr.Zero; IntPtr ptr4 = this.CreateMultiLoadStub(dllPaths, hProcess, out zero, 1); IntPtr[] ptrArray = null; if (!ptr4.IsNull()) { if (WinAPI.SuspendThread(ptr) == uint.MaxValue) { throw new Exception("Unable to suspend the remote thread"); } try { uint lpNumberOfBytesRead = 0; WinAPI.CONTEXT pContext = new WinAPI.CONTEXT { ContextFlags = 0x10001 }; if (!WinAPI.GetThreadContext(ptr, ref pContext)) { throw new InvalidOperationException("Cannot get the remote thread's context"); } byte[] array = REDIRECT_STUB; IntPtr ptr5 = WinAPI.VirtualAllocEx(hProcess, IntPtr.Zero, (uint)array.Length, 0x3000, 0x40); if (ptr5.IsNull()) { throw new InvalidOperationException("Unable to allocate memory in the remote process."); } BitConverter.GetBytes(ptr4.Subtract(ptr5.Add(((long)7L))).ToInt32()).CopyTo(array, 3); BitConverter.GetBytes((uint)(pContext.Eip - ((uint)ptr5.Add(((long)array.Length)).ToInt32()))).CopyTo(array, (int)(array.Length - 4)); if (!(WinAPI.WriteProcessMemory(hProcess, ptr5, array, array.Length, out lpNumberOfBytesRead) && (lpNumberOfBytesRead == array.Length))) { throw new InvalidOperationException("Unable to write stub to the remote process."); } pContext.Eip = (uint)ptr5.ToInt32(); WinAPI.SetThreadContext(ptr, ref pContext); } catch (Exception exception1) { exception = exception1; this.SetLastError(exception); ptrArray = null; WinAPI.VirtualFreeEx(hProcess, zero, 0, 0x8000); WinAPI.VirtualFreeEx(hProcess, ptr4, 0, 0x8000); WinAPI.VirtualFreeEx(hProcess, lpAddress, 0, 0x8000); } WinAPI.ResumeThread(ptr); if (this.GetLastError() == null) { Thread.Sleep(100); ptrArray = new IntPtr[dllPaths.Length]; byte[] buffer2 = WinAPI.ReadRemoteMemory(hProcess, zero, ((uint)dllPaths.Length) << 2); if (buffer2 != null) { for (int i = 0; i < ptrArray.Length; i++) { ptrArray[i] = Win32Ptr.Create((long)BitConverter.ToInt32(buffer2, i << 2)); } } } WinAPI.CloseHandle(ptr); } return(ptrArray); } catch (Exception exception2) { exception = exception2; this.SetLastError(exception); return(null); } }
public void TestThreadCollectionBehavior() { ProcessThread[] tArray = _process.Threads.Cast<ProcessThread>().ToArray(); int countOfTArray = tArray.Count(); // constructor ProcessThreadCollection threadCollection = new ProcessThreadCollection(tArray); // Count Assert.Equal(countOfTArray, threadCollection.Count); // get_item, Contains, IndexOf for (int i = 0; i < countOfTArray; i++) { Assert.Equal(tArray[i], threadCollection[i]); Assert.True(threadCollection.Contains(tArray[i])); Assert.Equal(i, threadCollection.IndexOf(tArray[i])); } // CopyTo ProcessThread[] threadArray = new ProcessThread[threadCollection.Count + 1]; threadCollection.CopyTo(threadArray, 1); for (int i = 0; i < countOfTArray; i++) { Assert.Equal(tArray[i], threadArray[i + 1]); } Assert.Throws<ArgumentOutOfRangeException>(() => threadCollection.CopyTo(threadArray, -1)); // Remove threadCollection.Remove(tArray[0]); Assert.Equal(-1, threadCollection.IndexOf(tArray[0])); Assert.False(threadCollection.Contains(tArray[0])); // Try remove non existent member threadCollection.Remove(tArray[0]); // Cleanup after remove threadCollection.Insert(0, tArray[0]); // Add threadCollection.Add(default(ProcessThread)); Assert.Equal(threadCollection.Count - 1, threadCollection.IndexOf(default(ProcessThread))); // Add same member again threadCollection.Add(default(ProcessThread)); Assert.Equal(threadCollection.Count - 2, threadCollection.IndexOf(default(ProcessThread))); Assert.Equal(default(ProcessThread), threadCollection[threadCollection.Count - 1]); // Cleanup after Add. threadCollection.Remove(default(ProcessThread)); threadCollection.Remove(default(ProcessThread)); Assert.False(threadCollection.Contains(default(ProcessThread))); // Insert int index = threadCollection.Count / 2; int initialCount = threadCollection.Count; threadCollection.Insert(index, null); Assert.Equal(index, threadCollection.IndexOf(null)); Assert.Equal(initialCount + 1, threadCollection.Count); // Insert at invalid index Assert.Throws<ArgumentOutOfRangeException>(() => threadCollection.Insert(-1, tArray[0])); // Explicit interface implementations Assert.False(((ICollection)threadCollection).IsSynchronized); Assert.NotNull(((ICollection)threadCollection).SyncRoot); threadArray = new ProcessThread[threadCollection.Count]; ((ICollection)threadCollection).CopyTo(threadArray, 0); Assert.Equal(threadCollection.Cast<ProcessThread>().ToArray(), threadArray); // GetEnumerator IEnumerator enumerator = threadCollection.GetEnumerator(); Assert.Throws<InvalidOperationException>(() => enumerator.Current); for (int i = 0; i < threadCollection.Count; i++) { enumerator.MoveNext(); Assert.Equal(threadCollection[i], enumerator.Current); } }
public void Remove(ProcessThread thread);
public static void addThreadToTreeView(TreeView treeView, ProcessThread thread) { var nodeText = thread.Id.ToString(); O2Forms.newTreeNode(treeView.Nodes, nodeText, 0, thread, true /*addDummyNode */); }
private ThreadCpuStopWatch() { currentProcessThread = GetCurrentProcessThread(); }
internal UiThread([NotNull] ProcessThread thread) { _thread = thread; }
public ProcessThreadCollection(ProcessThread[] processThreads);
private static IntPtr ThreadPointer(ProcessThread processThread) { return(ThreadAPI.OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)processThread.Id)); }
public int Add(ProcessThread thread);
public void Run(int pid) { Process targetProcess = Process.GetProcessById(pid); // Open and Suspend first thread ProcessThread pT = targetProcess.Threads[0]; Logger.WriteLine("ThreadId: " + targetProcess.Threads[0].Id); IntPtr pOpenThread = OpenThread(ThreadAccess.THREAD_HIJACK, false, (uint)pT.Id); SuspendThread(pOpenThread); // Get thread context CONTEXT64 tContext = new CONTEXT64(); tContext.ContextFlags = CONTEXT_FLAGS.CONTEXT_FULL; if (GetThreadContext(pOpenThread, ref tContext)) { Logger.WriteLine("CurrentEip :" + tContext.Rip); } byte[] payload = new byte[112] { 0x50, 0x51, 0x52, 0x53, 0x56, 0x57, 0x55, 0x54, 0x58, 0x66, 0x83, 0xe4, 0xf0, 0x50, 0x6a, 0x60, 0x5a, 0x68, 0x63, 0x61, 0x6c, 0x63, 0x54, 0x59, 0x48, 0x29, 0xd4, 0x65, 0x48, 0x8b, 0x32, 0x48, 0x8b, 0x76, 0x18, 0x48, 0x8b, 0x76, 0x10, 0x48, 0xad, 0x48, 0x8b, 0x30, 0x48, 0x8b, 0x7e, 0x30, 0x03, 0x57, 0x3c, 0x8b, 0x5c, 0x17, 0x28, 0x8b, 0x74, 0x1f, 0x20, 0x48, 0x01, 0xfe, 0x8b, 0x54, 0x1f, 0x24, 0x0f, 0xb7, 0x2c, 0x17, 0x8d, 0x52, 0x02, 0xad, 0x81, 0x3c, 0x07, 0x57, 0x69, 0x6e, 0x45, 0x75, 0xef, 0x8b, 0x74, 0x1f, 0x1c, 0x48, 0x01, 0xfe, 0x8b, 0x34, 0xae, 0x48, 0x01, 0xf7, 0x99, 0xff, 0xd7, 0x48, 0x83, 0xc4, 0x68, 0x5c, 0x5d, 0x5f, 0x5e, 0x5b, 0x5a, 0x59, 0x58, 0xc3 }; // Once shellcode has executed return to thread original EIP address (mov to rax then jmp to address) byte[] mov_rax = new byte[2] { 0x48, 0xb8 }; byte[] jmp_address = BitConverter.GetBytes(tContext.Rip); byte[] jmp_rax = new byte[2] { 0xff, 0xe0 }; // Build shellcode byte[] shellcode = new byte[payload.Length + mov_rax.Length + jmp_address.Length + jmp_rax.Length]; payload.CopyTo(shellcode, 0); mov_rax.CopyTo(shellcode, payload.Length); jmp_address.CopyTo(shellcode, payload.Length + mov_rax.Length); jmp_rax.CopyTo(shellcode, payload.Length + mov_rax.Length + jmp_address.Length); // OpenProcess to allocate memory IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id); // Allocate memory for shellcode within process IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)((shellcode.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // Write shellcode within process UIntPtr bytesWritten; bool resp1 = WriteProcessMemory(procHandle, allocMemAddress, shellcode, (uint)((shellcode.Length + 1) * Marshal.SizeOf(typeof(char))), out bytesWritten); // Read memory to view shellcode int bytesRead = 0; byte[] buffer = new byte[shellcode.Length]; ReadProcessMemory(procHandle, allocMemAddress, buffer, buffer.Length, ref bytesRead); Logger.WriteLine("Data in memory: " + System.Text.Encoding.UTF8.GetString(buffer)); // Set context EIP to location of shellcode tContext.Rip = (ulong)allocMemAddress.ToInt64(); // Apply new context to suspended thread if (!SetThreadContext(pOpenThread, ref tContext)) { Logger.WriteLine("Error setting context"); } if (GetThreadContext(pOpenThread, ref tContext)) { Logger.WriteLine("ShellcodeAddress: " + allocMemAddress); Logger.WriteLine("NewEip : " + tContext.Rip); } // Resume the thread, redirecting execution to shellcode, then back to original process Logger.WriteLine("Redirecting execution!"); ResumeThread(pOpenThread); }
public static ulong GetNativeHandle(this ProcessThread thread, NT.ThreadAccess accessRights) => NT.OpenThread(accessRights, false, thread.Id);
/// <summary>A thread worker function that processes items from the work queue</summary> private static void ProcessQueuedItems() { // Get the system/hardware thread index this thread is going to use. We hope that // the threads more or less start after each other, but there is no guarantee that // tasks will be handled by the CPU cores in the order the queue was filled with. // This could be added, though, by using a WaitHandle so the thread creator could // wait for each thread to take one entry out of the queue. int hardwareThreadIndex; lock (hardwareThreads) { hardwareThreadIndex = hardwareThreads.Dequeue(); } #if XBOX360 // On the XBox 360, the only way to get a thread to run on another core is to // explicitly move it to that core. MSDN states that SetProcessorAffinity() should // be called from the thread whose affinity is being changed. Thread.CurrentThread.SetProcessorAffinity(new int[] { hardwareThreadIndex }); #elif !WINDOWS_PHONE if (Environment.OSVersion.Platform == PlatformID.Win32NT) { // Prevent this managed thread from impersonating another system thread. // In .NET, managed threads can supposedly be moved to different system threads // and, more worryingly, even fibers. This should make sure we're sitting on // a normal system thread and stay with that thread during our lifetime. Thread.BeginThreadAffinity(); // Assign the ideal processor, but don't force it. It's not a good idea to // circumvent the thread scheduler of a desktop machine, so we try to play nice. int threadId = GetCurrentThreadId(); ProcessThread thread = GetProcessThread(threadId); if (thread != null) { thread.IdealProcessor = hardwareThreadIndex; } } #endif // Keep processing tasks indefinitely for (; ;) { UserWorkItem workItem = getNextWorkItem(); // Execute the work item we just picked up. Make sure to accurately // record how many callbacks are currently executing. try { Interlocked.Increment(ref inUseThreads); workItem.Callback(workItem.State); } catch (Exception exception) { // Make sure we don't throw here. ExceptionDelegate exceptionHandler = ExceptionHandler; if (exceptionHandler != null) { exceptionHandler(exception); } } finally { Interlocked.Decrement(ref inUseThreads); } } }
internal override void Update(TreeNodeData tnd, bool allowUnsafeChanges, MainForm mf) { currentThread = ((ThreadData)tnd).Thread; UpdateControls(); }
public static int Main2(string[] args) { // Get target process by name if (args.Length == 0) { Console.WriteLine("Please enter a process name"); System.Environment.Exit(1); } Process targetProcess = Process.GetProcessesByName(args[0])[0]; Console.WriteLine("ProcessId: " + targetProcess.Id); // Open and Suspend first thread ProcessThread pT = targetProcess.Threads[0]; for (int i = 0; i < targetProcess.Threads.Count; i++) { if (pT.TotalProcessorTime < targetProcess.Threads[i].TotalProcessorTime) { ; } } Console.WriteLine("ThreadId: " + pT.Id); IntPtr pOpenThread = OpenThread(ThreadAccess.THREAD_HIJACK, false, (uint)pT.Id); SuspendThread(pOpenThread); // Get thread context CONTEXT64 tContext = new CONTEXT64(); tContext.ContextFlags = CONTEXT_FLAGS.CONTEXT_FULL; if (GetThreadContext(pOpenThread, ref tContext)) { Console.WriteLine("CurrentEip : {0}", tContext.Rip.ToString("X12")); } // WinExec shellcode from: https://github.com/peterferrie/win-exec-calc-shellcode // Compiled with: // nasm w64-exec-calc-shellcode.asm -DSTACK_ALIGN=TRUE -DFUNC=TRUE -DCLEAN=TRUE -o w64-exec-calc-shellcode.bin //byte[] payload = new byte[112] { // 0x50,0x51,0x52,0x53,0x56,0x57,0x55,0x54,0x58,0x66,0x83,0xe4,0xf0,0x50,0x6a,0x60,0x5a,0x68,0x63,0x61,0x6c,0x63,0x54,0x59,0x48,0x29,0xd4,0x65,0x48,0x8b,0x32,0x48,0x8b,0x76,0x18,0x48,0x8b,0x76,0x10,0x48,0xad,0x48,0x8b,0x30,0x48,0x8b,0x7e,0x30,0x03,0x57,0x3c,0x8b,0x5c,0x17,0x28,0x8b,0x74,0x1f,0x20,0x48,0x01,0xfe,0x8b,0x54,0x1f,0x24,0x0f,0xb7,0x2c,0x17,0x8d,0x52,0x02,0xad,0x81,0x3c,0x07,0x57,0x69,0x6e,0x45,0x75,0xef,0x8b,0x74,0x1f,0x1c,0x48,0x01,0xfe,0x8b,0x34,0xae,0x48,0x01,0xf7,0x99,0xff,0xd7,0x48,0x83,0xc4,0x68,0x5c,0x5d,0x5f,0x5e,0x5b,0x5a,0x59,0x58,0xc3 //}; //0x18 //0x28 byte[] payload = { 0x50, //push rax 0x51, //push rcx 0x52, //push rdx 0x53, //push rbx 0x54, 0x55, 0x56, 0x57, 0x41, 0x50, //push r8 0x41, 0x51, //push r9 0x41, 0x52, //push r10 0x41, 0x53, //push r11 0x41, 0x54, //push r12 0x41, 0x55, //push r13 0x41, 0x56, //push r14 0x41, 0x57, //push r15 0x55, //push rbp 0x48, 0x8B, 0xEC, //mob rbp,rsp 0x48, 0xB9, 0xEF, 0xBE, 0xAD, 0xDE, 0x00, 0x00, 0x00, 0x00, //mov rcx, &lua_buffer 0x48, 0x8B, 0xD1, //mov rdx, rcx 0x4D, 0x31, 0xC0, //xor r8,r8 -- r8 is luaIsTainted 0x49, 0xBF, 0xEF, 0xBE, 0xAD, 0xDE, 0x00, 0x00, 0x00, 0x00, //mov r15, FrameScript_Execute 0x41, 0xFF, 0xD7, //call r15 0x48, 0x8B, 0xE5, //mov rsp, rbp 0x5D, //pop rbp 0x41, 0x5F, //pop r15 0x41, 0x5E, //pop r14 0x41, 0x5D, //pop r13 0x41, 0x5C, //pop r12 0x41, 0x5B, //pop r11 0x41, 0x5A, //pop r10 0x41, 0x59, //pop r9 0x41, 0x58, //pop r8 0x5F, //pop rdi 0x5E, //pop rsi 0x5D, //pop rbp 0x5C, //pop rsp 0x5B, //pop rbx 0x5A, //pop rdx 0x59, //pop rcx 0x58, //pop rax 0xFF, 0x25, 0x00, 0x00, 0x00, 0x00, 0xEF, 0xBE, 0xAD, 0xDE, 0x00, 0x00, 0x00, 0x00 //jmp RIP }; // OpenProcess to allocate memory IntPtr procHandle = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, targetProcess.Id); string luaScript = "print(\"ferib is awesome\")"; IntPtr allocMemAddress2 = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)(luaScript.Length), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); long luacall = (long)targetProcess.MainModule.BaseAddress + 0x522280; byte[] luacalls = BitConverter.GetBytes(luacall); byte[] luacodes = BitConverter.GetBytes((long)allocMemAddress2); byte[] rips = BitConverter.GetBytes(tContext.Rip); for (int i = 0; i < 8; i++) { payload[0x2E + i] = luacalls[i]; payload[0x1E + i] = luacodes[i]; payload[payload.Length - 0x08 + i] = rips[i]; } // Allocate memory for shellcode within process IntPtr allocMemAddress = VirtualAllocEx(procHandle, IntPtr.Zero, (uint)((payload.Length + 1) * Marshal.SizeOf(typeof(char))), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // Write shellcode within process UIntPtr bytesWritten; bool resp1 = WriteProcessMemory(procHandle, allocMemAddress, payload, (uint)((payload.Length + 1) * Marshal.SizeOf(typeof(char))), out bytesWritten); WriteProcessMemory(procHandle, allocMemAddress2, Encoding.UTF8.GetBytes(luaScript), (uint)(luaScript.Length), out bytesWritten); // Read memory to view shellcode int bytesRead = 0; byte[] buffer = new byte[payload.Length]; ReadProcessMemory(procHandle, allocMemAddress, buffer, buffer.Length, ref bytesRead); // Set context EIP to location of shellcode tContext.Rip = (ulong)allocMemAddress.ToInt64(); // Apply new context to suspended thread if (!SetThreadContext(pOpenThread, ref tContext)) { Console.WriteLine("Error setting context"); } if (GetThreadContext(pOpenThread, ref tContext)) { Console.WriteLine("ShellcodeAddress: " + allocMemAddress.ToString("X")); Console.WriteLine("NewEip : {0}", tContext.Rip.ToString("X")); } // Resume the thread, redirecting execution to shellcode, then back to original process Console.WriteLine("Redirecting execution!"); ResumeThread(pOpenThread); return(0); }
internal MyThread(ProcessThread thread) { _thread = thread; }