|
You last visited: Today at 12:01
Advertisement
Thread Kill Example
Discussion on Thread Kill Example within the S4 League forum part of the Shooter category.
07/10/2020, 23:57
|
#1
|
elite*gold: 0 
Join Date: Oct 2014
Posts: 40
Received Thanks: 1
|
Thread Kill Example
Hey! I'm new about these hacks and bypass, can anybody give me a example for thread killing?
|
|
|
|
07/11/2020, 09:14
|
#2
|
elite*gold: 0
Join Date: Dec 2015
Posts: 23
Received Thanks: 30
|
process hacker a7a
|
|
|
|
|
07/11/2020, 14:14
|
#3
|
elite*gold: 0
Join Date: Nov 2014
Posts: 741
Received Thanks: 2,648
|
Quote:
Originally Posted by doqukanlas
Hey! I'm new about these hacks and bypass, can anybody give me a example for thread killing?
|
i wrote it 2017.. maybe it will help you
ThreadMng.h
Code:
#pragma once
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <string>
enum THREADINFOCLASS
{
ThreadQuerySetWin32StartAddress = 9,
};
typedef NTSTATUS(__stdcall * f_NtQueryInformationThread)(HANDLE, THREADINFOCLASS, void*, ULONG_PTR, ULONG_PTR*);
class ThreadMng
{
public:
ThreadMng();
~ThreadMng();
void Suspend();
void Resume();
HANDLE mHandle;
bool SearchForThreadByStartAddress(DWORD dwStartAddress, DWORD ModuleBaseOffset, DWORD dwOwnerPID = 0);
ULONG_PTR GetThreadStartAddress(HANDLE hThread);
private:
};
ThreadMng.cpp
Code:
#include "ThreadMng.h"
ThreadMng::ThreadMng()
{
}
void ThreadMng::Suspend()
{
SuspendThread(mHandle);
}
void ThreadMng::Resume()
{
ResumeThread(mHandle);
}
bool ThreadMng::SearchForThreadByStartAddress(DWORD dwStartAddress, DWORD ModuleBaseOffset, DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
HANDLE hTempThread;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return false;
te32.dwSize = sizeof(THREADENTRY32);
if (!Thread32First(hThreadSnap, &te32))
{
CloseHandle(hThreadSnap); // clean the snapshot object
return false;
}
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
HANDLE tHandle = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
if ((GetThreadStartAddress(tHandle) - ModuleBaseOffset) == dwStartAddress)
{
mHandle = tHandle;
break;
}
CloseHandle(tHandle);
}
} while (Thread32Next(hThreadSnap, &te32));
CloseHandle(hThreadSnap);
return true;
}
ULONG_PTR ThreadMng::GetThreadStartAddress(HANDLE hThread)
{
auto NtQueryInformationThread = reinterpret_cast<f_NtQueryInformationThread>(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationThread"));
if (!NtQueryInformationThread)
return 0;
ULONG_PTR ulStartAddress = 0;
NTSTATUS Ret = NtQueryInformationThread(hThread, ThreadQuerySetWin32StartAddress, &ulStartAddress, sizeof(ULONG_PTR), nullptr);
if (Ret)
return 0;
return ulStartAddress;
}
ThreadMng::~ThreadMng()
{
}
|
|
|
|
|
07/12/2020, 22:55
|
#4
|
elite*gold: 0
Join Date: Oct 2014
Posts: 40
Received Thanks: 1
|
Quote:
Originally Posted by harris1g
process hacker a7a
|
i know that ^^ but i need to automate that
Quote:
Originally Posted by RingleRangleRob
i wrote it 2017.. maybe it will help you
ThreadMng.h
Code:
#pragma once
#include <windows.h>
#include <tlhelp32.h>
#include <tchar.h>
#include <string>
enum THREADINFOCLASS
{
ThreadQuerySetWin32StartAddress = 9,
};
typedef NTSTATUS(__stdcall * f_NtQueryInformationThread)(HANDLE, THREADINFOCLASS, void*, ULONG_PTR, ULONG_PTR*);
class ThreadMng
{
public:
ThreadMng();
~ThreadMng();
void Suspend();
void Resume();
HANDLE mHandle;
bool SearchForThreadByStartAddress(DWORD dwStartAddress, DWORD ModuleBaseOffset, DWORD dwOwnerPID = 0);
ULONG_PTR GetThreadStartAddress(HANDLE hThread);
private:
};
ThreadMng.cpp
Code:
#include "ThreadMng.h"
ThreadMng::ThreadMng()
{
}
void ThreadMng::Suspend()
{
SuspendThread(mHandle);
}
void ThreadMng::Resume()
{
ResumeThread(mHandle);
}
bool ThreadMng::SearchForThreadByStartAddress(DWORD dwStartAddress, DWORD ModuleBaseOffset, DWORD dwOwnerPID)
{
HANDLE hThreadSnap = INVALID_HANDLE_VALUE;
THREADENTRY32 te32;
HANDLE hTempThread;
hThreadSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnap == INVALID_HANDLE_VALUE)
return false;
te32.dwSize = sizeof(THREADENTRY32);
if (!Thread32First(hThreadSnap, &te32))
{
CloseHandle(hThreadSnap); // clean the snapshot object
return false;
}
do
{
if (te32.th32OwnerProcessID == dwOwnerPID)
{
HANDLE tHandle = OpenThread(THREAD_ALL_ACCESS, FALSE, te32.th32ThreadID);
if ((GetThreadStartAddress(tHandle) - ModuleBaseOffset) == dwStartAddress)
{
mHandle = tHandle;
break;
}
CloseHandle(tHandle);
}
} while (Thread32Next(hThreadSnap, &te32));
CloseHandle(hThreadSnap);
return true;
}
ULONG_PTR ThreadMng::GetThreadStartAddress(HANDLE hThread)
{
auto NtQueryInformationThread = reinterpret_cast<f_NtQueryInformationThread>(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationThread"));
if (!NtQueryInformationThread)
return 0;
ULONG_PTR ulStartAddress = 0;
NTSTATUS Ret = NtQueryInformationThread(hThread, ThreadQuerySetWin32StartAddress, &ulStartAddress, sizeof(ULONG_PTR), nullptr);
if (Ret)
return 0;
return ulStartAddress;
}
ThreadMng::~ThreadMng()
{
}
|
thank you! it's absolutely will help
|
|
|
|
|
07/12/2020, 23:45
|
#5
|
elite*gold: 0
Join Date: Jul 2020
Posts: 23
Received Thanks: 0
|
Wrong section btw ^^
|
|
|
|
|
07/13/2020, 18:22
|
#6
|
elite*gold: 26
Join Date: Jan 2012
Posts: 3,474
Received Thanks: 18,844
|
closed, wrong section
|
|
|
|
Similar Threads
|
Looking for example code (all info in thread)
02/05/2019 - AutoIt - 4 Replies
Hello there everyone.
I hope there is someone who could help me a bit.
(Im not looking for full code , just for simple example how this could be done)
im working on a bot for Royal Quest.
I know a way to run multiple clients in one pc without VMWare etc
to do that i need to kill 2 "Event's" inside running process
I know how to do that manually using process exploler. But i would like to automate that , using build in script in to my bot. (
These two actually (Handle 0x120 and handle...
|
All times are GMT +1. The time now is 12:02.
|
|
