All geek questions in one place

Process threads (or the entire process) are suspended

I want to check if process threads are paused (the whole process). I get every process thread with this code:

var threads = Proc.Threads; for (int x = 0; x < threads.Count; x++) { var thread = threads[x];

However, System.Diagnostics.ThreadState does not contain Suspended , but System.Threading.ThreadState does. How to convert System.Diagnostics.ThreadState to System.Threading.ThreadState , or is it some other way to test it? I am not trying to pause / resume them, I just want to know how Process hacker / Process explorer does it.

+4
source share
3 answers

Microsoft made a big mistake in .NET version 1.0, added the Thread.Suspend () and Resume () methods. These methods were widespread; programmers used them to implement thread synchronization. Why are they completely inappropriate. The problem was that it usually worked. But call Suspend () at the wrong time, and you will close the stream while it is buried inside the Windows call, holding the global lock. And forcing the entire program to a standstill.

This was not the only design mistake they made, the Synchronized method in collection classes also became a disaster. Widely misinterpreted as "returning a thread-safe collection."

Live and learn, all this is fixed in .NET 2.0. One major overhaul was that Thread may not necessarily be an operating system thread that has never been implemented. But it explains why there are two ThreadState enumerations, one for Thread (the .NET version) and the other for ProcessThread (the operating system version). And they closed a loophole for programmers abusing Suspend / Resume, methods were deprecated. And they also closed the backdoor, you cannot find out from ProcessThread that the thread has been suspended.

Function, not error. Do not make the same mistake, knowing that the thread is suspended, this is useless knowledge, it can not be suspended anymore after a microsecond later.

+7
source

The operating system stream does not match the .Net stream. Process.Threads returns OS threads, each of which may or may not correspond to a .Net thread.

You can look at ProcessThread.WaitReason, but it does not correspond to the Net wait states.

+2
source

You may incorrectly use SuspendThread or Wow64SuspendThread to find out if it is paused, then use ResumeThread to recover the situation.

Return SuspendThread: "If the function succeeds, the return value is the previous number of threads suspended;"

Ads:

  [Flags] public enum ThreadAccess : int { TERMINATE = (0x0001), SUSPEND_RESUME = (0x0002), GET_CONTEXT = (0x0008), SET_CONTEXT = (0x0010), SET_INFORMATION = (0x0020), QUERY_INFORMATION = (0x0040), SET_THREAD_TOKEN = (0x0080), IMPERSONATE = (0x0100), DIRECT_IMPERSONATION = (0x0200)} [DllImport("kernel32.dll")] static extern IntPtr OpenThread( ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId); [DllImport("kernel32.dll")] static extern uint SuspendThread(IntPtr hThread); [DllImport("kernel32.dll")] static extern int ResumeThread(IntPtr hThread); [DllImport("kernel32", CharSet = CharSet.Auto, SetLastError = true)] static extern bool CloseHandle(IntPtr handle);

(the Wow64SuspendThread link is hidden because I need 10 rep to put 2 links = ht.tps: //msdn.microsoft.com/it-it/library/windows/desktop/ms687400 (v = vs .85) .aspx)

0
source

Source: https://habr.com/ru/post/1497383/

More articles:


All Articles