0

Ok, so after a lot of google-ing, and searching and testing, i have comeup with nothing. I want to make a check if my thread is suspended, can that be achived? Here is my current thread example:

void Thread_EXAMPLE()
{
        again:
        SystemProcessesScan();
        Sleep(2000);
        goto again;
}

void Thread_EXAMPLE_Start(){

    write_log("Thread EXAMPLE started!");
    CreateThread(NULL,NULL,(LPTHREAD_START_ROUTINE)Thread_EXAMPLE,NULL,0,0);
}

I have tried a lot of methods found here, but non worked for me. I must note that this thread is inside a dll, and that dll is attached to a executable.

Mr.Mecanik
  • 15
  • 6
  • possible duplicate of [getting a thread state in c++/windows](http://stackoverflow.com/questions/4608838/getting-a-thread-state-in-c-windows) – Scott Chamberlain Jan 13 '15 at 14:32

1 Answers1

0

If CheckIfIAmSuspeneded() returns, then your thread isn't suspended. That's fairly obvious. Suspended threads don't return from functions.

Seriously, the problem here is that your thread by definition cannot act on a negative result. And if you're checking a worker thread from the thread that controls it, you should just keep track of what your control thread does.

MSalters
  • 173,980
  • 10
  • 155
  • 350
  • Well that doesn`t help me :| – Mr.Mecanik Jan 13 '15 at 14:35
  • Do you have any idea who is calling `SuspendThread` on your threads? Because threads aren't randomly suspended. – MSalters Jan 13 '15 at 14:39
  • Yes of course, Process Hacker 2 :) you see, i have build an antihack system... suspending it, well you know from here what`s next :( – Mr.Mecanik Jan 13 '15 at 14:40
  • Sorry, your original question did not state that you were trying to defend against malicious attempts to suspend your thread, and that is a much harder topic. Note that if I did have a technique and would tell you here (in public), that technique would also be known to the same hackers you are trying to avoid. – MSalters Jan 13 '15 at 14:57
  • Even if they could know that, what can they do about it? If the dll is protected well, there is nothing they can do... – Mr.Mecanik Jan 13 '15 at 15:00
  • Well, for starters, one obvious technique is to prevent loading your DLL, so whatever it would have done is not happening. The science of truly safe systems is called cryptography, and it turns out that it is very hard if not impossible to retrofit safety. – MSalters Jan 13 '15 at 15:03
  • @MSalters- ok so i get your point. Can you give me a example how should i start my thread properly? Because you said it`s not ok – Mr.Mecanik Jan 13 '15 at 15:04
  • I don't think you can rephrase your problem (build an anti-hack system) without it becoming too broad for StackOverflow. More broadly, if you aim to build an anti-hack system, you should be much more familiar with basic operating concepts on your OS. You're in a battle of wits with hackers, and they are much more familiar with the matter than you apparently are. – MSalters Jan 13 '15 at 15:08