How to resume a process created suspended? Topic is solved

[fabricio234]

What i already did:

Code: Select all

    sCommandLine := ""
    VarSetCapacity(pProcessInfo, 24, 0)
    sizeofStartupInfo := VarSetCapacity(pStartupInfo, 104, 0)
    NumPut(sizeofStartupInfo, pStartupInfo, 0, "UInt")
    NumPut(0x00000100, pStartupInfo, 60, "UInt")

    DllCall("CreateProcess"
   ,"UInt", 0                 ; ApplicationName
   ,"Ptr",  &sCommandLine     ; CommandLine
   ,"UInt", 0                 ; ProcessAttributes
   ,"UInt", 0                 ; ThreadAttributes
   ,"Int",  1                 ; InheritHandles
   ,"UInt", 0x00000004   ; CreationFlags 0x00000004 = CREATE_SUSPENDED                 
   ,"UInt", 0                 ; Environment
   ,"Ptr",  &A_ScriptDir      ; CurrentDirectory
   ,"Ptr",  &pStartupInfo     ; StartupInfo
   ,"Ptr",  &pProcessInfo)    ; ProcessInformation

   iProcessId := NumGet(pProcessInfo, 16, "UInt")
   Process, Wait, %iProcessId%
   DllCall("CloseHandle", "Ptr", NumGet(pProcessInfo, 0))
   DllCall("CloseHandle", "Ptr", NumGet(pProcessInfo, 8))

Im trying to reproduce this call:

Spoiler

2021-09-28_16-49-12.png (67.28 KiB) Viewed 502 times

It does create the process suspended, however I'm searching for how to "resume" it after some time.
And if possible someone could take a look if im calling the CreateProcess "correctly".

[swagfag]

pass it the CREATE_SUSPENDED flag, grab the threadid from lpProcessInformation, pass it to OpenThread, pass the thread handle to ResumeThread. in other words,...

read the frickin docs

[fabricio234]

I figured out how to resume the thread, however i dont understand how to get the threadid from lpProcessInformation in the script.


=solved=

[swagfag]

the same way u got the processid from it, u NumGet it from whatever offset is correct

and it looks like it also contains the threadhandle, so u can get that instead and skip the OpenThread call