/// <summary>
/// Create a remote thread.
/// </summary>
/// <param name="process">The process to create the thread in.</param>
/// <param name="start_address">Start address for the thread.</param>
/// <param name="parameter">Parameter to pass to the thread.</param>
/// <param name="flags">The flags for the thread creation.</param>
/// <returns>The created thread.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static NtThread CreateRemoteThread(
NtProcess process,
long start_address,
long parameter,
CreateThreadFlags flags)
{
return(CreateRemoteThread(process, null, false, 0, start_address, parameter, flags));
}
public static IntPtr CreateRemoteThread(
Process p,
IntPtr address,
IntPtr param,
CreateThreadFlags flags)
{
return(Kernel32.CreateRemoteThread(p.Id, address, param, flags));
}
internal static extern SafeKernelObjectHandle CreateRemoteThreadEx(
SafeKernelObjectHandle hProcess,
[In] SECURITY_ATTRIBUTES lpThreadAttributes,
IntPtr dwStackSize,
IntPtr lpStartAddress,
IntPtr lpParameter,
CreateThreadFlags dwCreationFlags,
SafeBuffer lpAttributeList,
OptionalInt32 lpThreadId
);
/// <summary>
/// Create a remote thread.
/// </summary>
/// <param name="process">The process to create the thread in.</param>
/// <param name="security_descriptor">The thread security descriptor.</param>
/// <param name="inherit_handle">Whether the handle should be inherited.</param>
/// <param name="stack_size">The size of the stack. 0 for default.</param>
/// <param name="start_address">Start address for the thread.</param>
/// <param name="parameter">Parameter to pass to the thread.</param>
/// <param name="flags">The flags for the thread creation.</param>
/// <returns>The created thread.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static NtThread CreateRemoteThread(
NtProcess process,
SecurityDescriptor security_descriptor,
bool inherit_handle,
long stack_size,
long start_address,
long parameter,
CreateThreadFlags flags)
{
return(CreateRemoteThread(process, security_descriptor, inherit_handle,
stack_size, start_address, parameter, flags, true).Result);
}
private static IntPtr CreateRemoteThread(IntPtr address, IntPtr param, CreateThreadFlags flags, IntPtr handle)
{
IntPtr thread = CreateRemoteThread(handle, IntPtr.Zero, (uint)0, address, param, (uint)flags, IntPtr.Zero);
if (thread == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
else
{
return(thread);
}
}
public static IntPtr CreateRemoteThread(
int pid,
IntPtr address,
IntPtr param,
CreateThreadFlags flags)
{
IntPtr processHandle = Kernel32.GetProcessHandle(new IntPtr(pid), ProcessAccessFlags.CreateThread | ProcessAccessFlags.VMOperation | ProcessAccessFlags.VMRead | ProcessAccessFlags.VMWrite | ProcessAccessFlags.QueryInformation);
IntPtr remoteThread = Kernel32.CreateRemoteThread(processHandle, IntPtr.Zero, 0U, address, param, (uint)flags, IntPtr.Zero);
if (remoteThread == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
Kernel32.CloseProcessHandle(processHandle);
return(remoteThread);
}
/// <summary>
/// Create a remote thread.
/// </summary>
/// <param name="process">The process to create the thread in.</param>
/// <param name="security_descriptor">The thread security descriptor.</param>
/// <param name="inherit_handle">Whether the handle should be inherited.</param>
/// <param name="stack_size">The size of the stack. 0 for default.</param>
/// <param name="start_address">Start address for the thread.</param>
/// <param name="parameter">Parameter to pass to the thread.</param>
/// <param name="flags">The flags for the thread creation.</param>
/// <param name="throw_on_error">True to throw on error.</param>
/// <returns>The created thread.</returns>
/// <exception cref="NtException">Thrown on error.</exception>
public static NtResult <NtThread> CreateRemoteThread(
NtProcess process,
SecurityDescriptor security_descriptor,
bool inherit_handle,
long stack_size,
long start_address,
long parameter,
CreateThreadFlags flags,
bool throw_on_error)
{
if (process == null)
{
throw new ArgumentNullException(nameof(process));
}
using (var resources = new DisposableList()) {
SECURITY_ATTRIBUTES sec_attr = null;
if (security_descriptor != null || inherit_handle)
{
sec_attr = new SECURITY_ATTRIBUTES {
bInheritHandle = inherit_handle,
lpSecurityDescriptor = security_descriptor == null ? SafeHGlobalBuffer.Null :
resources.AddResource(security_descriptor.ToSafeBuffer())
};
}
var handle = Win32NativeMethods.CreateRemoteThreadEx(process.GetHandle(),
sec_attr, new IntPtr(stack_size), new IntPtr(start_address),
new IntPtr(parameter), flags, SafeHGlobalBuffer.Null, null);
if (handle.IsInvalid)
{
return(NtObjectUtils.CreateResultFromDosError <NtThread>(throw_on_error));
}
return(new NtThread(handle).CreateResult());
}
}
public static IntPtr CreateRemoteThread(Process p, IntPtr address, IntPtr param, CreateThreadFlags flags)
{
IntPtr handle = GetProcessHandle(p, ProcessAccessFlags.CreateThread | ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VMOperation | ProcessAccessFlags.VMRead | ProcessAccessFlags.VMWrite);
IntPtr thread = CreateRemoteThread(handle, IntPtr.Zero, (uint)0, address, param, (uint)flags, IntPtr.Zero);
if (thread == IntPtr.Zero)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
CloseProcessHandle(handle);
return(thread);
}
public static IntPtr CreateRemoteThread(Process p, IntPtr address, IntPtr param, CreateThreadFlags flags)
{
IntPtr handle = GetProcessHandle(p, ProcessAccessFlags.CreateThread | ProcessAccessFlags.QueryInformation | ProcessAccessFlags.VMOperation | ProcessAccessFlags.VMRead | ProcessAccessFlags.VMWrite);
try {
if (Environment.OSVersion.Version.Major >= 6)
{
return(NTDll.CreateRemoteThread(address, param, handle));
}
else
{
return(CreateRemoteThread(address, param, flags, handle));
}
} finally { CloseProcessHandle(handle); }
}
