View previous topic :: View next topic |
Author |
Message |
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sat Jul 14, 2018 3:31 pm Post subject: pause/resume a process under Windows 98 |
|
|
Hi!!
I need an application win32 console able in suspending and resuming an application from the command line.
Somethingh like pssuspend by Sysinternals.
I need it under Windows 98, this is the reason why I may not utilize the excellent tool by Sysinternals.
If a similiar program just exist, please let me know.
Maybe does exist a gentle soul who may help me?
Many thanks to all.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sat Jul 14, 2018 3:43 pm Post subject: |
|
|
you mean "press hotkey to pause process main thread execution and resume it when needed" right?
if so AND win98 libraries have the required api functions to do this, then i can make one. ( i already have win95 and 98 )
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sat Jul 14, 2018 4:21 pm Post subject: |
|
|
OldCheatEngineUser wrote: | you mean "press hotkey to pause process main thread execution and resume it when needed" right? |
Not exactelly what I need, but it will be ok...
I have found this source, a very good source, but it does not run under win 98.
https://www.codeproject.com/Articles/2964/Win-process-suspend-resume-tool
also it's very simple use
kernel32.dll ----->win nt and later:
DebugActiveProcess
DebugActiveProcessStop
but
kernel32.dll ----->win 95 and 98
Does NOT have DebugActiveProcessStop, only DebugActiveProcess
So we have to do all the works:
take control of every threads in a process
suspend all these therads
then restore (in the right order) all threads....
I had a source "all those years ago", but I'm unable in retrieve it...
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sat Jul 14, 2018 4:38 pm Post subject: |
|
|
so you are looking for a debugger for win98
if its 32bit program runs under win98 then any debugger will work for it.
if its 16bit then there is many dos debuggers out there. (one of them is ida 3.7 dos version)
edit:
DebugActiveProcess -> supported in win98
DebugActiveProcessStop -> requires windows xp sp1 - sp3
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sat Jul 14, 2018 4:44 pm Post subject: |
|
|
OldCheatEngineUser wrote: | so you are looking for a debugger for win98
if its 32bit program runs under win98 then any debugger will work for it.
if its 16bit then there is many dos debuggers out there. (one of them is ida 3.7 dos version) |
No,
I don't need a debugger, I need suspend a program from the command line, then later restore it.
But seems to me that for this purpose I have to utilize some winapi debugger orientated......
I need somethingh like pssuspend by Sysinternals, I would like utilize it, but it does NOT work in win98...
https://docs.microsoft.com/en-us/sysinternals/downloads/pssuspend
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sat Jul 14, 2018 4:52 pm Post subject: |
|
|
i looked into pssuspend both version 32 and 64 (import tables), none of them use
debug active process nor suspendthread or resumethread functions
so not really sure what they are using or doing.
btw suspendthread & resumethread supported in win98
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sat Jul 14, 2018 5:15 pm Post subject: |
|
|
OldCheatEngineUser wrote: | i looked into pssuspend both version 32 and 64 (import tables), none of them use
debug active process nor suspendthread or resumethread functions
so not really sure what they are using or doing.
btw suspendthread & resumethread supported in win98 |
Yes I know pssuspend does use other functions, but what I suppose is that for getting the same result of pssuspend under win98 I have to figure a totally different work, and I don't know how... ((
I also know win98 does support suspendthread & resumethread, but I need to suspend ALL thread to pause a process, and then I need to resume all thread I paused but in inverse order, and I don't have any idea to perform this difficult job...
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sat Jul 14, 2018 5:25 pm Post subject: |
|
|
CreateToolhelp32Snapshot
Process32First
Process32Next
used to get process id
then call openprocess and pass process id
after that, dont close snapshot handle .. pass it to:
Thread32First
Thread32Next
then you can close the snapshot handle by close handle
and suspend every thread returned by thread 32 next.
(im not sure if pausing process main thread will pause all other threads, but if this is true then getting process main thread shouldnt be difficult and wont dont require extra work like enum process threads and suspending them one after the other)
EDIT:
(tagTHREADENTRY32 STRUCTURE)
th32OwnerProcessID -> make sure this member is equal to proess ID of the target executable, otherwise you will be pausing other threads.
EDIT EDIT:
then call openprocess and pass process id
it seems not important to get an open handle to the process, just getting processid itself enough.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sun Jul 15, 2018 2:05 am Post subject: |
|
|
I really thank for your help, btw I have found this source, with works 100% on an nt OS, but not under 98.
Do you think is it adaptable?
Code: | // pausep.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
#include "pausep.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
using namespace std;
BOOL PauseResumeThreadList(DWORD dwOwnerPID, bool bResumeThread)
{
HANDLE hThreadSnap = NULL;
BOOL bRet = FALSE;
THREADENTRY32 te32 = {0};
// Take a snapshot of all threads currently in the system.
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it.
te32.dwSize = sizeof(THREADENTRY32);
// Walk the thread snapshot to find all threads of the process.
// If the thread belongs to the process, add its information
// to the display list.
if (Thread32First(hThreadSnap, &te32))
{
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if (bResumeThread)
{
cout << _T("Resuming Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n';
ResumeThread(hThread);
}
else
{
cout << _T("Suspending Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n';
SuspendThread(hThread);
}
CloseHandle(hThread);
}
}
while (Thread32Next(hThreadSnap, &te32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of threads
// Do not forget to clean up the snapshot object.
CloseHandle (hThreadSnap);
return (bRet);
}
BOOL ProcessList()
{
HANDLE hProcessSnap = NULL;
BOOL bRet = FALSE;
PROCESSENTRY32 pe32 = {0};
// Take a snapshot of all processes in the system.
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (hProcessSnap == INVALID_HANDLE_VALUE)
return (FALSE);
// Fill in the size of the structure before using it.
pe32.dwSize = sizeof(PROCESSENTRY32);
// Walk the snapshot of the processes, and for each process,
// display information.
if (Process32First(hProcessSnap, &pe32))
{
do
{
cout << _T("PID\t") << pe32.th32ProcessID << '\t' << pe32.szExeFile << '\n';
}
while (Process32Next(hProcessSnap, &pe32));
bRet = TRUE;
}
else
bRet = FALSE; // could not walk the list of processes
// Do not forget to clean up the snapshot object.
CloseHandle (hProcessSnap);
return (bRet);
}
int _tmain(int argc, TCHAR* argv[], TCHAR* /* envp[] */)
{
if (argc <= 1)
{
cerr << _T("Usage: pausep PID /r\n");
cerr << _T("/r: resumes the execution of PID\n");
ProcessList();
return 1;
}
else
{
DWORD pid = _ttoi(argv[1]);
if (pid == 0)
{
cerr << _T("Invalid PID number: ") << pid << '\n';
return 1;
}
else
PauseResumeThreadList(pid, (argc > 2) && (!_tcsicmp(argv[2], _T("/r"))));
}
return 0;
}
|
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sun Jul 15, 2018 2:14 am Post subject: |
|
|
danrevella wrote: | with works 100% on an nt OS, but not under 98. |
win98 = nt kernel. (mixed with dos)
i cant see why its not working, you sure the executable compiled for 32-bit?
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sun Jul 15, 2018 2:22 am Post subject: |
|
|
OldCheatEngineUser wrote: | danrevella wrote: | with works 100% on an nt OS, but not under 98. |
win98 = nt kernel.
i cant see why its not working, you sure the executable compiled for 32-bit? |
kernel32.dll 98 may NOT export this:
--->HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sun Jul 15, 2018 2:27 am Post subject: |
|
|
oh yes, "OpenThread" requires windows me. (WinMe came after win98)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
Last edited by OldCheatEngineUser on Sun Jul 15, 2018 2:49 am; edited 2 times in total |
|
Back to top |
|
|
danrevella Master Cheater Reputation: 2
Joined: 11 Jun 2008 Posts: 290
|
Posted: Sun Jul 15, 2018 2:45 am Post subject: |
|
|
OldCheatEngineUser wrote: | oh yes, "OpenThread" requires windows me. (WinMe came after win98) |
So, in other words..... I have to restart from ZERO, right?
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Sun Jul 15, 2018 2:49 am Post subject: |
|
|
sorry forgot to mention openthread previously.
anyhow seems its not possible to get thread handle by its identifier.
(i know there is a way, because (OpenThread / OpenProcess) does not return a random OPENED handle value)
so probably they are ORing or ANDing or shifting bits to right (shr) because process / thread handles usually within 1 byte range and process / thread id can exceed 1 byte range.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sun Jul 15, 2018 3:03 am Post subject: |
|
|
you will have to go with debugactiveprocess and then enter the waitfordebugevent loop and NEVER quit until the target closes
that way you have access to the thread handles
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|