public static CreateRemoteThread ( |
||
processHandle | A handle to the process in which the thread is to be created. | |
startAddress | A pointer to the application-defined function to be executed by the thread and represents the starting address of the thread in the remote process. | |
parameter | A pointer to a variable to be passed to the thread function. | |
creationFlags | ThreadCreationFlags | The flags that control the creation of the thread. |
return |
/// <summary> /// Creates a thread that runs in the remote process. /// </summary> /// <param name="address"> /// A pointer to the application-defined function to be executed by the thread and represents /// the starting address of the thread in the remote process. /// </param> /// <param name="isStarted">Sets if the thread must be started just after being created.</param> /// <returns>A new instance of the <see cref="RemoteThread"/> class.</returns> public RemoteThread Create(IntPtr address, bool isStarted = true) { // Create the thread var ret = ThreadCore.NtQueryInformationThread( ThreadCore.CreateRemoteThread(MemorySharp.Handle, address, IntPtr.Zero, ThreadCreationFlags.Suspended)); // Get the native thread previously created // Loop until the native thread is retrieved ProcessThread nativeThread; do { nativeThread = MemorySharp.Threads.NativeThreads.FirstOrDefault(t => t.Id == ret.ThreadId); } while (nativeThread == null); // Wrap the native thread in an object of the library var result = new RemoteThread(MemorySharp, nativeThread); // If the thread must be started if (isStarted) { result.Resume(); } return(result); }
/// <summary> /// Creates a thread that runs in the remote process. /// </summary> /// <param name="address"> /// A pointer to the application-defined function to be executed by the thread and represents /// the starting address of the thread in the remote process. /// </param> /// <param name="parameter">A variable to be passed to the thread function.</param> /// <param name="isStarted">Sets if the thread must be started just after being created.</param> /// <returns>A new instance of the <see cref="RemoteThread"/> class.</returns> public RemoteThread Create(IntPtr address, dynamic parameter, bool isStarted = true) { // Marshal the parameter var marshalledParameter = MarshalValue.Marshal(MemorySharp, parameter); //Create the thread var ret = ThreadCore.NtQueryInformationThread( ThreadCore.CreateRemoteThread(MemorySharp.Handle, address, marshalledParameter.Reference, ThreadCreationFlags.Suspended)); // Get the native thread previously created // Loop until the native thread is retrieved ProcessThread nativeThread; do { nativeThread = MemorySharp.Threads.NativeThreads.FirstOrDefault(t => t.Id == ret.ThreadId); } while (nativeThread == null); // Find the managed object corresponding to this thread var result = new RemoteThread(MemorySharp, nativeThread, marshalledParameter); // If the thread must be started if (isStarted) { result.Resume(); } return(result); }
/// <summary> /// Creates a thread that runs in the remote process. /// </summary> /// <param name="address"> /// A pointer to the application-defined function to be executed by the thread and represents /// the starting address of the thread in the remote process. /// </param> /// <param name="isStarted">Sets if the thread must be started just after being created.</param> /// <returns>A new instance of the <see cref="RemoteThread"/> class.</returns> public RemoteThread Create(IntPtr address, bool isStarted = true) { //Create the thread var ret = ThreadCore.NtQueryInformationThread( ThreadCore.CreateRemoteThread(MemorySharp.Handle, address, IntPtr.Zero, ThreadCreationFlags.Suspended)); // Find the managed object corresponding to this thread var result = new RemoteThread(MemorySharp, MemorySharp.Threads.NativeThreads.First(t => t.Id == ret.ThreadId)); // If the thread must be started if (isStarted) { result.Resume(); } return(result); }
/// <summary> /// Creates a thread that runs in the remote process. /// </summary> /// <param name="address"> /// A pointer to the application-defined function to be executed by the thread and represents /// the starting address of the thread in the remote process. /// </param> /// <param name="parameter">A variable to be passed to the thread function.</param> /// <param name="isStarted">Sets if the thread must be started just after being created.</param> /// <returns>A new instance of the <see cref="RemoteThread"/> class.</returns> public RemoteThread Create(IntPtr address, dynamic parameter, bool isStarted = true) { // Marshal the parameter var marshalledParameter = MarshalValue.Marshal(MemorySharp, parameter); //Create the thread var ret = ThreadCore.NtQueryInformationThread( ThreadCore.CreateRemoteThread(MemorySharp.Handle, address, marshalledParameter.Reference, ThreadCreationFlags.Suspended)); // Find the managed object corresponding to this thread var result = new RemoteThread(MemorySharp, MemorySharp.Threads.NativeThreads.First(t => t.Id == ret.ThreadId), marshalledParameter); // If the thread must be started if (isStarted) { result.Resume(); } return(result); }