Hooking Project

Github Page

Hooking Project

Functions for  thread manipulation

License
Boost License 1.0.
Authors
Denis Shelomovskij

struct  Thread;

This struct encapsulates thread manipulation functionality.

this(DWORD threadId, DWORD desiredAccess, bool tryUsePseudoHandle);

Construct a Thread from a threadId. If tryUsePseudoHandle is true and threadId is current thread id then pseudo handle with THREAD_ALL_ACCESS access will be used. Otherwise if desiredAccess is non-zero then a thread handle will be opened with requested access. Otherwise no handle is opened. In the latter case for each member function with "Required handle access" paragraph in documentation call a temporary handle with required access is opened.

this(HANDLE threadHandle, DWORD handleAccess, bool remainPseudoHandle);

Construct a Thread from a threadHandle. threadHandle access obtained when it was opened should be passed as handleAccess parameter. If remainPseudoHandle is false and threadHandle is pseudo handle of current thread then "real" handle with access from handleAccess will be opened instead. If remainPseudoHandle is true and threadHandle is pseudo handle then handleAccess will be set to THREAD_ALL_ACCESS.

threadId will not be set iff resulting handleAccess doesn't include THREAD_QUERY_INFORMATION or THREAD_QUERY_LIMITED_INFORMATION. In this case calling closeHandle will result in unassociation of this struct.

const pure nothrow @property @safe bool  associated();

Returns whether this is associated with a thread. It is asserted that no member functions are called for an unassociated Thread struct.

Example:
	assert(!Thread.init.associated);
	auto h = Thread.init.handle; // assert violation

@property HANDLE  handle();

Gets the native handle.

const @property DWORD  handleAccess();

Gets access to the handle.

const @property DWORD  threadId();

Gets the thread identifier.

@property DWORD  ownerProcessId();

Gets the process identifier of the owner process.

Required handle access: THREAD_QUERY_LIMITED_INFORMATION

void  suspend();

Suspends thread.

Calls SuspendThread.

Required handle access: THREAD_SUSPEND_RESUME

void  resume();

Resumes thread.

Calls ResumeThread.

Required handle access: THREAD_SUSPEND_RESUME

void  executeUntil(size_t address);

Waits for thread's EIP to be fixed on address (e.g. because of a `JMP $-2;` loop).

It will resume the thread if it is suspended and then increase suspended count with the same value.

Required handle access: THREAD_SUSPEND_RESUME | THREAD_GET_CONTEXT, on WOW64 THREAD_QUERY_INFORMATION is also required.

CONTEXT  getContext(DWORD flags);

Gets thread context.

Calls GetThreadContext.

Required handle access: THREAD_GET_CONTEXT, on WOW64 THREAD_QUERY_INFORMATION is also required.

void  setContext(CONTEXT context);

Sets thread context.

Calls SetThreadContext.

Required handle access: THREAD_SET_CONTEXT

void  changeContext(DWORD getFlags, scope void delegate(ref CONTEXT) del);

Convenient function for changing thread context.

Required handle access: THREAD_GET_CONTEXT | THREAD_SET_CONTEXT, on WOW64 THREAD_QUERY_INFORMATION is also required.

void  closeHandle();

Closes native handle if any.