Solved Visual Basic - Process Suspender

[Nickruig]

Im making a Process Suspender. You need to type the Process Name in a TextBox without typing the file extension so the extension is standard an .EXE, but I dont want to suspend an .EXE Process. How can i do that I can use another File Extension?


Code I Use:

Public Class Form1
    Private Sub SuspendProcess(ByVal process As System.Diagnostics.Process)
        For Each t As ProcessThread In process.Threads
            Dim th As IntPtr
            th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id)
            If th <> IntPtr.Zero Then
                SuspendThread(th)
                CloseHandle(th)
            End If
        Next
    End Sub


    Private Sub ResumeProcess(ByVal process As System.Diagnostics.Process)
        For Each t As ProcessThread In process.Threads
            Dim th As IntPtr
            th = OpenThread(ThreadAccess.SUSPEND_RESUME, False, t.Id)
            If th <> IntPtr.Zero Then
                ResumeThread(th)
                CloseHandle(th)
            End If
        Next
    End Sub

    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        Dim game As Process() = Process.GetProcessesByName(TextBox1.Text)
        If Button1.Text = "Suspend" Then
            SuspendProcess(game(0))
            Button1.Text = "Resume"
        Else
            ResumeProcess(game(0))
            Button1.Text = "Suspend"
        End If
    End Sub

And I use a Module:

Module Module1
    Public Enum ThreadAccess As Integer
        TERMINATE = (&H1)
        SUSPEND_RESUME = (&H2)
        GET_CONTEXT = (&H8)
        SET_CONTEXT = (&H10)
        SET_INFORMATION = (&H20)
        QUERY_INFORMATION = (&H40)
        SET_THREAD_TOKEN = (&H80)
        IMPERSONATE = (&H100)
        DIRECT_IMPERSONATION = (&H200)
    End Enum

    Public Declare Function OpenThread Lib "kernel32.dll" (ByVal dwDesiredAccess As ThreadAccess, ByVal bInheritHandle As Boolean, ByVal dwThreadId As UInteger) As IntPtr
    Public Declare Function SuspendThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger
    Public Declare Function ResumeThread Lib "kernel32.dll" (ByVal hThread As IntPtr) As UInteger
    Public Declare Function CloseHandle Lib "kernel32.dll" (ByVal hHandle As IntPtr) As Boolean
End Module

I hope someone can help me!

#Nickruig

 

[Helios]

I have never seen that extension, anyway, it still shouldn't matter what extension the process has. You should be able to simply type in the process name and suspend the process.

Either way, I quickly threw something together for you that uses a Listbox instead of a Textbox. Download and have a look at the project attached.

https://guidedhacking.com/threads/anticheat-xtrap-bypass-source-codes.8156/

 

[Rake]

Use the code tags please. Makes it more readable.

 

[till0sch]

Don't pass a process but the process name or ID then and in your Suspend/Resume -Process function you'll get the System.Diagnostics.Process.. You can loop through processes.

 

[Nickruig]

Don't pass a process but the process name or ID then and in your Suspend/Resume -Process function you'll get the System.Diagnostics.Process.. You can loop through processes.

What? I dont understand

 

[Szaka]

I guess you need to pass handle to process, so the .exe or other extension doesnt make any difference

 

[Nickruig]

I guess you need to pass handle to process, so the .exe or other extension doesnt make any difference

That doesnt work!

 

[till0sch]

I guess you need to pass handle to process, so the .exe or other extension doesnt make any difference

He's basically already doing that........................

 

[till0sch]

Some time ago I coded C#, but as I remember you just need to pass the process name without any extension to get the handle - if you're process name is e.g. "game.tmp" then you could call Process.GetProcessesByName("game") and then pass the process you get into your function..

Process p = Process.GetProcessesByName("game")(0);
SuspendProcess(p);
ResumeProcess(p);

Should work well.

 

[Nickruig]

Some time ago I coded C#, but as I remember you just need to pass the process name without any extension to get the handle - if you're process name is e.g. "game.tmp" then you could call Process.GetProcessesByName("game") and then pass the process you get into your function..

Process p = Process.GetProcessesByName("game")(0);
SuspendProcess(p);
ResumeProcess(p);

Should work well.

Thx, But im making it in Visual Basic.

 

[Helios]

but I dont want to suspend an .EXE Process. How can i do that I can use another File Extension?

What do you mean? That doesn't make sense.

Dude (OP), you obviously do not know this language well enough to create something like a process suspender. I mean, a quick Google search and you find a Youtube video and a forum thread with the exact same code, meaning you simply copied the code and now want help to change it.

I suggest you start with something that is easier (simple) to create.

 

[Nickruig]

What do you mean? That doesn't make sense.

Dude (OP), you obviously do not know this language well enough to create something like a process suspender. I mean, a quick Google search and you find a Youtube video and a forum thread with the exact same code, meaning you simply copied the code and now want help to change it.

I suggest you start with something that is easier (simple) to create.

I think it make sense cuz when I will suspend a process with another extension it doesnt work!

 

[NTvalk]

I think it make sense cuz when I will suspend a process with another extension it doesnt work!

What process do you want to suspend? All the processes in my task manager end with .exe...

 

[Nickruig]

What process do you want to suspend? All the processes in my task manager end with .exe...

I want to suspend a process with .xt extension.

 

[Helios]

What process do you want to suspend? All the processes in my task manager end with .exe...

Exactly.

I want to suspend a process with .xt extension.

Could you take a screenshot of the process with it's '.xt' extension, I'd really like to see that.

 

[till0sch]

Don't have a screenshot but e.g. if you are installing something there's often a "setup.tmp" in the taskmanager.

 

[Nickruig]

Exactly.


Could you take a screenshot of the process with it's '.xt' extension, I'd really like to see that.

Heres the screenshot:

 

[Nickruig]

Thx Im gonna have a look!

 

[Rake]

You will probably close the entire game if xtrap.xt stops running. Probably heartbeats.

 

[Nickruig]

You will probably close the entire game if xtrap.xt stops running. Probably heartbeats.

Thats true, But when I suspend the game and XTrap.xt I can change the adresses with Cheat Engine(without closing the entire game) and then resume the game and XTrap.xt!

 

[Rake]

I don't think it's that easy. It's worth a shot though.