Guys How would i terminate this specific thread by start address like : ntdll.dll!RtlReleaseSRWLockExclusive+0x1370 ??
#include <iostream>
#include <windows.h>
#include <TlHelp32.h>
enum THREADINFOCLASS
{
ThreadQuerySetWin32StartAddress = 9,
};
typedef NTSTATUS(__stdcall * f_NtQueryInformationThread)(HANDLE, THREADINFOCLASS, void*, ULONG_PTR, ULONG_PTR*);
ULONG_PTR GetThreadStartAddress(HANDLE hThread)
{
auto NtQueryInformationThread = reinterpret_cast<f_NtQueryInformationThread>(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtQueryInformationThread"));
if (!NtQueryInformationThread)
return 0;
ULONG_PTR ulStartAddress = 0;
NTSTATUS Ret = NtQueryInformationThread(hThread, ThreadQuerySetWin32StartAddress, &ulStartAddress, sizeof(ULONG_PTR), nullptr);
if (Ret)
return 0;
return ulStartAddress;
}
bool TerminateThreadByStartaddress(ULONG_PTR StartAddress, DWORD dwProcId)
{
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (!hSnap)
return false;
THREADENTRY32 TE32 = { 0 };
TE32.dwSize = sizeof(THREADENTRY32);
BOOL Ret = Thread32First(hSnap, &TE32);
while (Ret)
{
if (TE32.th32OwnerProcessID == dwProcId)
{
HANDLE hTempThread = OpenThread(THREAD_ALL_ACCESS, FALSE, TE32.th32ThreadID);
if (!hTempThread)
continue;
if (StartAddress == GetThreadStartAddress(hTempThread))
{
TerminateThread(hTempThread, 0);
CloseHandle(hTempThread);
CloseHandle(hSnap);
return true;
}
}
Ret = Thread32Next(hSnap, &TE32);
}
CloseHandle(hSnap);
return false;
}
int main(){
TerminateThreadByStartaddress(notepad.exe+0x187d0,7280);
system("pause");
return 0;
}
Guys How would i terminate this specific thread by start address like : ntdll.dll!RtlReleaseSRWLockExclusive+0x1370 ??
i don't know how to do it, what is wrong?? if someone can help me saying what should i learn, im new at programming!
Aucun commentaire:
Enregistrer un commentaire