Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


pause/resume a process under Windows 98
Goto page 1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sat Jul 14, 2018 3:31 pm    Post subject: pause/resume a process under Windows 98 Reply with quote

Hi!!
I need an application win32 console able in suspending and resuming an application from the command line.
Somethingh like pssuspend by Sysinternals.
I need it under Windows 98, this is the reason why I may not utilize the excellent tool by Sysinternals.
If a similiar program just exist, please let me know.
Maybe does exist a gentle soul who may help me?
Many thanks to all.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sat Jul 14, 2018 3:43 pm    Post subject: Reply with quote

you mean "press hotkey to pause process main thread execution and resume it when needed" right?

if so AND win98 libraries have the required api functions to do this, then i can make one. ( i already have win95 and 98 )

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sat Jul 14, 2018 4:21 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
you mean "press hotkey to pause process main thread execution and resume it when needed" right?

Not exactelly what I need, but it will be ok... Wink

I have found this source, a very good source, but it does not run under win 98.
https://www.codeproject.com/Articles/2964/Win-process-suspend-resume-tool

also it's very simple use
kernel32.dll ----->win nt and later:
DebugActiveProcess
DebugActiveProcessStop

but
kernel32.dll ----->win 95 and 98
Does NOT have DebugActiveProcessStop, only DebugActiveProcess

So we have to do all the works:
take control of every threads in a process
suspend all these therads
then restore (in the right order) all threads....

I had a source "all those years ago", but I'm unable in retrieve it... Smile
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sat Jul 14, 2018 4:38 pm    Post subject: Reply with quote

so you are looking for a debugger for win98

if its 32bit program runs under win98 then any debugger will work for it.

if its 16bit then there is many dos debuggers out there. (one of them is ida 3.7 dos version)


edit:
DebugActiveProcess -> supported in win98

DebugActiveProcessStop -> requires windows xp sp1 - sp3

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sat Jul 14, 2018 4:44 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
so you are looking for a debugger for win98

if its 32bit program runs under win98 then any debugger will work for it.

if its 16bit then there is many dos debuggers out there. (one of them is ida 3.7 dos version)

No,
I don't need a debugger, I need suspend a program from the command line, then later restore it.
But seems to me that for this purpose I have to utilize some winapi debugger orientated......
I need somethingh like pssuspend by Sysinternals, I would like utilize it, but it does NOT work in win98...
https://docs.microsoft.com/en-us/sysinternals/downloads/pssuspend
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sat Jul 14, 2018 4:52 pm    Post subject: Reply with quote

i looked into pssuspend both version 32 and 64 (import tables), none of them use
debug active process nor suspendthread or resumethread functions

so not really sure what they are using or doing.

btw suspendthread & resumethread supported in win98

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sat Jul 14, 2018 5:15 pm    Post subject: Reply with quote

OldCheatEngineUser wrote:
i looked into pssuspend both version 32 and 64 (import tables), none of them use
debug active process nor suspendthread or resumethread functions

so not really sure what they are using or doing.

btw suspendthread & resumethread supported in win98

Yes I know pssuspend does use other functions, but what I suppose is that for getting the same result of pssuspend under win98 I have to figure a totally different work, and I don't know how... Sad((
I also know win98 does support suspendthread & resumethread, but I need to suspend ALL thread to pause a process, and then I need to resume all thread I paused but in inverse order, and I don't have any idea to perform this difficult job...
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sat Jul 14, 2018 5:25 pm    Post subject: Reply with quote

CreateToolhelp32Snapshot
Process32First
Process32Next
used to get process id

then call openprocess and pass process id

after that, dont close snapshot handle .. pass it to:

Thread32First
Thread32Next

then you can close the snapshot handle by close handle

and suspend every thread returned by thread 32 next.

(im not sure if pausing process main thread will pause all other threads, but if this is true then getting process main thread shouldnt be difficult and wont dont require extra work like enum process threads and suspending them one after the other)



EDIT:
(tagTHREADENTRY32 STRUCTURE)

th32OwnerProcessID -> make sure this member is equal to proess ID of the target executable, otherwise you will be pausing other threads.

EDIT EDIT:
then call openprocess and pass process id
it seems not important to get an open handle to the process, just getting processid itself enough.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sun Jul 15, 2018 2:05 am    Post subject: Reply with quote

I really thank for your help, btw I have found this source, with works 100% on an nt OS, but not under 98.
Do you think is it adaptable?


Code:
// pausep.cpp : Defines the entry point for the console application.
//

#include "stdafx.h"
#include "pausep.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif

using namespace std;

BOOL PauseResumeThreadList(DWORD dwOwnerPID, bool bResumeThread)
{
    HANDLE        hThreadSnap = NULL;
    BOOL          bRet        = FALSE;
    THREADENTRY32 te32        = {0};
 
    // Take a snapshot of all threads currently in the system.

    hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
    if (hThreadSnap == INVALID_HANDLE_VALUE)
        return (FALSE);
 
    // Fill in the size of the structure before using it.

    te32.dwSize = sizeof(THREADENTRY32);
 
    // Walk the thread snapshot to find all threads of the process.
    // If the thread belongs to the process, add its information
    // to the display list.
 
    if (Thread32First(hThreadSnap, &te32))
    {
        do
        {
            if (te32.th32OwnerProcessID == dwOwnerPID)
            {
            HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
            if (bResumeThread)
            {
               cout << _T("Resuming Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n';
               ResumeThread(hThread);
            }
            else
            {
               cout << _T("Suspending Thread 0x") << cout.setf( ios_base::hex ) << te32.th32ThreadID << '\n';
               SuspendThread(hThread);
            }
            CloseHandle(hThread);
            }
        }
        while (Thread32Next(hThreadSnap, &te32));
        bRet = TRUE;
    }
    else
        bRet = FALSE;          // could not walk the list of threads
 
    // Do not forget to clean up the snapshot object.
    CloseHandle (hThreadSnap);
 
    return (bRet);
}

BOOL ProcessList()
{
    HANDLE         hProcessSnap = NULL;
    BOOL           bRet      = FALSE;
    PROCESSENTRY32 pe32      = {0};
 
    //  Take a snapshot of all processes in the system.
    hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if (hProcessSnap == INVALID_HANDLE_VALUE)
        return (FALSE);
 
    //  Fill in the size of the structure before using it.
    pe32.dwSize = sizeof(PROCESSENTRY32);
 
    //  Walk the snapshot of the processes, and for each process,
    //  display information.

    if (Process32First(hProcessSnap, &pe32))
    {
        do
        {
         cout << _T("PID\t") << pe32.th32ProcessID << '\t' << pe32.szExeFile << '\n';
        }
        while (Process32Next(hProcessSnap, &pe32));
        bRet = TRUE;
    }
    else
        bRet = FALSE;    // could not walk the list of processes
 
    // Do not forget to clean up the snapshot object.

    CloseHandle (hProcessSnap);
    return (bRet);
}



int _tmain(int argc, TCHAR* argv[], TCHAR* /* envp[] */)
{
   if (argc <= 1)
   {
      cerr << _T("Usage: pausep PID /r\n");
      cerr << _T("/r: resumes the execution of PID\n");
      ProcessList();
      return 1;
   }
   else
   {
      DWORD pid = _ttoi(argv[1]);
      if (pid == 0)
      {
         cerr << _T("Invalid PID number: ") << pid << '\n';
         return 1;
      }
      else
         PauseResumeThreadList(pid, (argc > 2) && (!_tcsicmp(argv[2], _T("/r"))));
   }

   return 0;
}
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sun Jul 15, 2018 2:14 am    Post subject: Reply with quote

danrevella wrote:
with works 100% on an nt OS, but not under 98.

win98 = nt kernel. (mixed with dos)

i cant see why its not working, you sure the executable compiled for 32-bit?

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sun Jul 15, 2018 2:22 am    Post subject: Reply with quote

OldCheatEngineUser wrote:
danrevella wrote:
with works 100% on an nt OS, but not under 98.

win98 = nt kernel.

i cant see why its not working, you sure the executable compiled for 32-bit?

kernel32.dll 98 may NOT export this:
--->HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sun Jul 15, 2018 2:27 am    Post subject: Reply with quote

oh yes, "OpenThread" requires windows me. (WinMe came after win98)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.


Last edited by OldCheatEngineUser on Sun Jul 15, 2018 2:49 am; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website
danrevella
Master Cheater
Reputation: 2

Joined: 11 Jun 2008
Posts: 290

PostPosted: Sun Jul 15, 2018 2:45 am    Post subject: Reply with quote

OldCheatEngineUser wrote:
oh yes, "OpenThread" requires windows me. (WinMe came after win98)

So, in other words..... I have to restart from ZERO, right? Sad Sad Sad
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Sun Jul 15, 2018 2:49 am    Post subject: Reply with quote

sorry forgot to mention openthread previously.
anyhow seems its not possible to get thread handle by its identifier.
(i know there is a way, because (OpenThread / OpenProcess) does not return a random OPENED handle value)

so probably they are ORing or ANDing or shifting bits to right (shr) because process / thread handles usually within 1 byte range and process / thread id can exceed 1 byte range.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Jul 15, 2018 3:03 am    Post subject: Reply with quote

you will have to go with debugactiveprocess and then enter the waitfordebugevent loop and NEVER quit until the target closes

that way you have access to the thread handles

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites