This is example usage of SetThreadContext function.
This program will kill a process using SetThreadContext function.
This program will kill a process using SetThreadContext function.
CODE C Language
#define _WIN32_WINNT 0x600
#include <iostream>
#include <Windows.h>
#include <tlhelp32.h>
using namespace std;
int main(){
CONTEXT ctx;
ctx.ContextFlags=CONTEXT_CONTROL;
DWORD PID;
HMODULE k32=GetModuleHandle("kernel32");
cout <<"Example usage of SetThreadContext\n\n";
cout <<"This tool kill a process by setting the eip register to the address \nof ExitProcess function using SetThreadContext function\n\n";
cout <<"Enter PID:";
cin >>PID;
cout <<"\n\n";
THREADENTRY32 te32;
te32.dwSize=sizeof(te32);
HANDLE hSnap=CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,0);
while(Thread32Next(hSnap,&te32)){
if(PID==te32.th32OwnerProcessID){
cout <<"Opening thread handle (Thread ID:"<<te32.th32ThreadID<<")\n\n";
HANDLE hThread=OpenThread(THREAD_ALL_ACCESS,false,te32.th32ThreadID);
if(hThread==NULL){
cout <<"Error: Unable to open thread handle\n\n";
}else
{
cout <<"Thread handle opened (Thread handle:"<<hThread<<")\n\n";
}
cout <<"Now setting thread context\n\n";
SuspendThread(hThread);
GetThreadContext(hThread,&ctx);
ctx.Eip=(DWORD)GetProcAddress(k32,"ExitProcess");
SetThreadContext(hThread,&ctx);
ResumeThread(hThread);
CloseHandle(hThread);
}
}
CloseHandle(hSnap);
return 0;
}
Attached Files
-
![Attached File]()
context.zip 206.86K
4 downloads
