Hello everybody,

I'm trying to pause/halt/suspend another process which i didn't create. For example, the program should pause FLASHVIEWER.EXE and when needed, let it continue.

Please help me :grin:



See ya!
Posted on 2003-04-18 10:37:40 by LordHelmchen

    [*]Iterate processes through toolhelp32 API
    [*]find flashviewer.exe
    [*]iterate threads in flashview.exe (using toolhelp32 API)
    [*]pause all threads
    [*]resume all threads (when needed)
Posted on 2003-04-18 11:36:53 by comrade
LordHelmchen,

About comrade's point 3 and 4, under NT you have to use NtOpenThread
native api.
Im afraid that there is no documented way to suspend a foreign process under win9x :(
Posted on 2003-04-18 12:01:20 by Axial
I don't think there's some restriction on Win9x systems, CreateProcess/OpenProcess are present on all platforms.
Enum threads by Thread32First and Thread32Next, pause each by SuspendThread.
Posted on 2003-04-19 02:16:12 by _Servil_
_Servil_

I think Axial is right. The tollhelp thread enumeration functions return thread IDs, but to suspend a thread you need a thread handle.
Posted on 2003-04-19 03:10:17 by japheth
that's true, then Win9x OS process is probably able to control only own created threds, so I think then only you can pause it the dirty way :), attch for debugging:

.const


szMessage db 'Program frozen now.', 0
szMessageTitle db 'Process paused', 0
szProcName db 'Notepad.exe', 0

.code

main proc
local ProcessID: dword
local DebugEvent: DEBUG_EVENT
local hProcess: HANDLE

invoke GetProcessIdByName, offset szProcName
mov ProcessID, eax
test eax, eax
jz @done
invoke DebugActiveProcess, ProcessID
mov hProcess, eax
test eax, eax
jz @done
@waitforpause:
invoke WaitForDebugEvent, addr DebugEvent, INFINITE
test eax, eax
jz @done
cmp DebugEvent.dwDebugEventCode, CREATE_PROCESS_DEBUG_EVENT
jnz @continue
invoke MessageBox, NULL, offset szMessage, offset szMessageTitle, MB_ICONINFORMATION
@continue:
invoke ContinueDebugEvent, DebugEvent.dwProcessId, DebugEvent.dwThreadId, DBG_CONTINUE
test eax, eax
jz @done
cmp DebugEvent.dwDebugEventCode, EXIT_PROCESS_DEBUG_EVENT
jnz @waitforpause
@done:
cmp hProcess, 0
jz @F
invoke CloseHandle, hProcess
@@:
xor eax, eax
ret
main endp

GetProcessIdByName proc szName: LPCSTR
local Process32Info: PROCESSENTRY32
local hSnapshot: HANDLE

invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, NULL
mov hSnapshot, eax
test eax, eax
jz @done
mov Process32Info.dwSize, sizeof PROCESSENTRY32
invoke Process32First, hSnapshot, addr Process32Info
test eax, eax
jz @done ; failed
@searchforprocess:
invoke lstrcmpi, szName, addr Process32Info.szExeFile
test eax, eax
jnz @F
mov eax, Process32Info.th32ProcessID
jmp @done
@@:
invoke Process32Next, hSnapshot, addr Process32Info
test eax, eax
jnz @searchforprocess
@done:
cmp hSnapshot, 0
jz @F
push eax
invoke CloseHandle, hSnapshot
pop eax
@@:
ret
GetProcessIdByName endp

Posted on 2003-04-19 14:59:45 by _Servil_
Thank you all for your support !



:alright:
Posted on 2003-04-19 16:06:30 by LordHelmchen
Sorry, i have an additional question:

Now the program is paused, but it still gets windows messages! For example if you pause notepad.exe but blindy type something into it (even while its paused), the output appears as soon as you let the process resume.

Is there a good way to COMPLETELY bring it to sleep? i already tried installing a messagehook and not letting any msgs be passed to it. or using setwindowlong for altering its winproc, but without effort :-(



:eek:
Posted on 2003-04-20 09:48:09 by LordHelmchen