OpenThread Visual C++ 6 definition ???

[CodeExplorer]

OpenThread Visual C++ 6 definition ???
I can't find OpenThread in "Visual C++ 6" defined except on
"Microsoft SDK\include\WinBase.h" but I don't how to use it,
I've noticed it contains:
#if _WIN32_WINNT >= 0x0501
 

[jackyjask]

HANDLE OpenThread(
  [in] DWORD dwDesiredAccess,
  [in] BOOL  bInheritHandle,
  [in] DWORD dwThreadId
);

https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthread

[CodeExplorer]

Not this. The actual definition in Visual C++ so the Api can be used; I had some samples on how to define any api using prototypes and GetModuleHandleA/GetProcessAddress but I lost it.

 

Edited September 5 by CodeExplorer

[atom0s]

This is how you can use GetModuleHandleA and GetProcAddress to do this. (Mind you, this is using more modern C++ syntax, VC6 is extremely outdated at this point and you really should upgrade. You will need to make some adjustments but the jist is the same. This can be further condensed as well, but I wrote it in a step-by-step manner to better explain whats going on.)

#include <Windows.h>
#include <string>

typedef HANDLE(__stdcall* OpenThread_f)(DWORD, BOOL, DWORD);

int32_t __cdecl main(int32_t /*argc*/, char** /*argv*/)
{
    // Obtain the module handle for 'kernel32.dll'..
    const auto kernel32 = ::GetModuleHandleA("kernel32.dll");
    if (kernel32 == NULL)
        return 0;

    // Obtain the function address for 'OpenThread'..
    const auto fproc = ::GetProcAddress(kernel32, "OpenThread");
    if (fproc == NULL)
        return 0;

    // Cast the function address to its prototype..
    const auto fn = reinterpret_cast<OpenThread_f>(fproc);

    // Call the function..
    const auto handle = fn(THREAD_ALL_ACCESS, FALSE, ::GetCurrentThreadId());

    // Cleanup the opened handle if valid..
    if (handle != INVALID_HANDLE_VALUE)
        ::CloseHandle(handle);

    return 0;
}

For the additional information that you will need for any API you wish to call like this, you can use the online MSDN documentation to lookup the various Win32 API calls.
That will show you the needed prototype (typedef) along with which module holds the given API you wish to call. For this example, it is using OpenThread which you can find here:

https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openthread

Near the top of the page you'll see the 'Syntax' section which shows the prototype of the function. Keep in mind, they do not show the calling convention for Win32 API, but they [almost] always use __stdcall unless otherwise noted on their page. Then, near the bottom of the page, you'll find which module holds the API and what library its contained within. The 'DLL' is the one you would want to use with GetModuleHandleA.

Edited September 5 by atom0s

[CodeExplorer]

Thank you. the idea was to suspend the process, something like:
 

typedef HANDLE(__stdcall* OpenThread_f)(DWORD, BOOL, DWORD);

void suspend(DWORD processId)
{

    // Obtain the module handle for 'kernel32.dll'
    HMODULE kernel32 = ::GetModuleHandleA("kernel32.dll");
    if (kernel32 == NULL)
    return;

     // Obtain the function address for 'OpenThread'..
    FARPROC fproc = ::GetProcAddress(kernel32, "OpenThread");
    if (fproc == NULL)
    return;

    // Cast the function address to its prototype..
    OpenThread_f fn_OpenThread = reinterpret_cast<OpenThread_f>(fproc);

    HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

    THREADENTRY32 threadEntry;
    threadEntry.dwSize = sizeof(THREADENTRY32);

    Thread32First(hThreadSnapshot, &threadEntry);

    do
    {
        if (threadEntry.th32OwnerProcessID == processId)
        {
            HANDLE hThread = fn_OpenThread(THREAD_ALL_ACCESS, FALSE,
              threadEntry.th32ThreadID);
//            HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE,
  //              threadEntry.th32ThreadID);
            
            SuspendThread(hThread);
            CloseHandle(hThread);
        }
    } while (Thread32Next(hThreadSnapshot, &threadEntry));

    CloseHandle(hThreadSnapshot);
}

In the end I've just chosen to use NtSuspendProcess/NtResumeProcess:

typedef LONG (NTAPI *NtSuspendProcess)(IN HANDLE ProcessHandle);

void MemoryHack::OnButton1()
{
    // TODO: Add your control notification handler code here
        HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processid);
     
        NtSuspendProcess pfnNtSuspendProcess = (NtSuspendProcess)GetProcAddress(GetModuleHandle("ntdll"), "NtSuspendProcess");
     
        pfnNtSuspendProcess(processHandle);
        CloseHandle(processHandle);
}

typedef LONG (NTAPI *NtResumeProcess)(IN HANDLE ProcessHandle);

void MemoryHack::OnButton2()
{
    // TODO: Add your control notification handler code here
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, false, processid);
NtResumeProcess nt_resume_process = reinterpret_cast<NtResumeProcess>(GetProcAddress(GetModuleHandle("ntdll"), "NtResumeProcess"));
nt_resume_process(handle);
CloseHandle(handle);

}

 Regards.