Getting suspendet Thread
-
hi,
I start another process with CreateProcess and the suspended flag. After that i inject a dll.
In that dll i want to call ResumeThread to resume it (because it was created with the suspended flag).
But how can i get the handle or the id of the main thread, which is suspended? If i just use GetCurrentThread or something like that
I get the thread handle from the thread of my dll injection and not the suspendet thread. I hope its clear what i need. Thank you
-
Well, the original process (the one that calls CreateProcess and injects the DLL) already has the main thread's ID, so I'd start looking for a way to pass that ID from the original process to the new process.
I've never used DLL injection/remote thread creation, but I think it shouldn't be that hard to pass some piece of information to the newly created thread.
Or you could simply use the original process to resume the main thread. If you have to wait for the newly create thread to finish some kind of initialization, you can use a named EVENT object to do that. You can use the ID of the newly create thread to create a unique name that both threads know. Signal the EVENT in the newly created thread after initialization is complete, and wait for the EVENT in the original process before you resume the thread.
-
first thank you for your answer.
I am using this to inject the dll http://wiki.hackerboard.de/index.php/DLL-Injection
but how can i pass parameters?
-
englishpls schrieb:
I am using this to inject the dll http://wiki.hackerboard.de/index.php/DLL-Injection
wieso willste hier englisches geschreibsel, wenn du offensichtlich doch deutsch kannst?
