BlackBone
Windows memory hacking library
 All Classes Functions
Thread.h
1 #pragma once
2 
3 #include "../../Config.h"
4 #include "../../Include/Winheaders.h"
5 #include "../../Include/NativeStructures.h"
6 #include "../../Include/Types.h"
7 
8 #include <memory>
9 
10 namespace blackbone
11 {
12 
13 #define DEFAULT_ACCESS_T THREAD_SUSPEND_RESUME | \
14  THREAD_GET_CONTEXT | \
15  THREAD_SET_CONTEXT | \
16  THREAD_QUERY_INFORMATION | \
17  THREAD_TERMINATE | \
18  SYNCHRONIZE
19 
20 #define MAXULONG64_2 ((uint64_t)~((uint64_t)0))
21 #define MAXULONG32_2 ((uint32_t)~((uint32_t)0))
22 
23 
24 // Breakpoint type
25 enum HWBPType
26 {
27  hwbp_access = 3, // Read or write
28  hwbp_write = 1, // Write only
29  hwbp_execute = 0, // Execute only
30 };
31 
32 enum HWBPLength
33 {
34  hwbp_1 = 0, // 1 byte
35  hwbp_2 = 1, // 2 bytes
36  hwbp_4 = 3, // 4 bytes
37  hwbp_8 = 2, // 8 bytes
38 };
39 
40 
44 class Thread
45 {
46 public:
47  BLACKBONE_API Thread( DWORD id, class ProcessCore* hProcess, DWORD access = DEFAULT_ACCESS_T );
48  BLACKBONE_API Thread( HANDLE handle, class ProcessCore* hProcess );
49  BLACKBONE_API Thread( const Thread& other );
50  BLACKBONE_API ~Thread();
51 
56  BLACKBONE_API inline DWORD id() const { return _id; }
57 
62  BLACKBONE_API inline HANDLE handle() const { return _handle; }
63 
68  BLACKBONE_API inline bool valid() const { return (_handle != NULL && ExitCode() == STILL_ACTIVE); }
69 
75  BLACKBONE_API ptr_t teb( _TEB32* pteb = nullptr ) const;
76 
82  BLACKBONE_API ptr_t teb( _TEB64* pteb = nullptr ) const;
83 
88  BLACKBONE_API inline ptr_t teb() const { return teb( (TEB_T*)nullptr ); }
89 
94  BLACKBONE_API uint64_t startTime();
95 
100  BLACKBONE_API uint64_t execTime();
101 
106  BLACKBONE_API bool Suspend();
107 
112  BLACKBONE_API bool Resume();
113 
121  BLACKBONE_API bool GetContext( _CONTEXT32& ctx, DWORD flags = CONTEXT_ALL, bool dontSuspend = false );
122 
130  BLACKBONE_API bool GetContext( _CONTEXT64& ctx, DWORD flags = CONTEXT64_ALL, bool dontSuspend = false );
131 
138  BLACKBONE_API bool SetContext( _CONTEXT32& ctx, bool dontSuspend = false );
139 
146  BLACKBONE_API bool SetContext( _CONTEXT64& ctx, bool dontSuspend = false );
147 
153  BLACKBONE_API bool Terminate( DWORD code = 0 );
154 
160  BLACKBONE_API bool Join( int timeout = INFINITE );
161 
166  BLACKBONE_API DWORD ExitCode() const;
167 
175  int BLACKBONE_API AddHWBP( ptr_t addr, HWBPType type, HWBPLength length );
176 
182  BLACKBONE_API bool RemoveHWBP( int idx );
183 
189  BLACKBONE_API bool RemoveHWBP( ptr_t ptr );
190 
194  BLACKBONE_API void Close();
195 
196  BLACKBONE_API inline bool operator ==(const Thread& other) { return (_id == other._id); }
197 
198  BLACKBONE_API Thread& operator =(const Thread& other)
199  {
200  _id = other._id;
201  _core = other._core;
202  _handle = other._handle;
203 
204  // Transfer handle ownership
205  other.ReleaseHandle();
206 
207  return *this;
208  }
209 
210 private:
211 
215  inline void ReleaseHandle() const { _handle = NULL; }
216 
217 private:
218  class ProcessCore* _core; // Core routines
219 
220  DWORD _id = 0; // Thread ID
221  mutable HANDLE _handle = NULL; // Thread handle
222 };
223 
224 }
blackbone::Thread::execTime
BLACKBONE_API uint64_t execTime()
Get total execution time(user mode and kernel mode)
Definition: Thread.cpp:323
blackbone::Thread::GetContext
BLACKBONE_API bool GetContext(_CONTEXT32 &ctx, DWORD flags=CONTEXT_ALL, bool dontSuspend=false)
Get WOW64 thread context
Definition: Thread.cpp:91
blackbone::_TEB_T
Definition: NativeStructures.h:71
blackbone::Thread::handle
BLACKBONE_API HANDLE handle() const
Get thread handle
Definition: Thread.h:62
blackbone::Thread::teb
BLACKBONE_API ptr_t teb() const
Get TEB
Definition: Thread.h:88
blackbone::Thread::Join
BLACKBONE_API bool Join(int timeout=INFINITE)
Join thread
Definition: Thread.cpp:191
blackbone::Thread::Close
BLACKBONE_API void Close()
Close handle
Definition: Thread.cpp:337
blackbone::Thread::Terminate
BLACKBONE_API bool Terminate(DWORD code=0)
Terminate thread
Definition: Thread.cpp:181
blackbone::Thread::Resume
BLACKBONE_API bool Resume()
Resumes thread.
Definition: Thread.cpp:76
blackbone::Thread::ExitCode
BLACKBONE_API DWORD ExitCode() const
Get thread exit code
Definition: Thread.cpp:297
blackbone::Thread::AddHWBP
int BLACKBONE_API AddHWBP(ptr_t addr, HWBPType type, HWBPLength length)
Add hardware breakpoint to thread
Definition: Thread.cpp:203
blackbone::Thread::valid
BLACKBONE_API bool valid() const
Check if thread exists
Definition: Thread.h:68
blackbone::Thread::Suspend
BLACKBONE_API bool Suspend()
Suspend thread
Definition: Thread.cpp:60
blackbone::Thread::RemoveHWBP
BLACKBONE_API bool RemoveHWBP(int idx)
Remove existing hardware breakpoint
Definition: Thread.cpp:249
blackbone::ProcessCore
Definition: ProcessCore.h:14
blackbone::Thread::id
BLACKBONE_API DWORD id() const
Get thread ID
Definition: Thread.h:56
blackbone::Thread::startTime
BLACKBONE_API uint64_t startTime()
Get thread creation time
Definition: Thread.cpp:309
blackbone::Thread::SetContext
BLACKBONE_API bool SetContext(_CONTEXT32 &ctx, bool dontSuspend=false)
Set WOW64 thread context
Definition: Thread.cpp:140
blackbone::Thread
Thread management
Definition: Thread.h:44
blackbone::_CONTEXT_T< DWORD64 >
Definition: NativeStructures.h:442
blackbone
Definition: AsmHelper32.cpp:6
blackbone::_CONTEXT_T< DWORD >
Definition: NativeStructures.h:412