search for: resumethread

...emed to go nowhere after this [...] 0009:Call ntdll.NtQueryInformationProcess(00000054,00000000,77a9b81c,00000018,00000000) ret=77b79a11 0009:Ret ntdll.NtQueryInformationProcess() retval=00000000 ret=77b79a11 0009:Ret kernel32.GetExitCodeProcess() retval=00000001 ret=008f3a59 0009:Call kernel32.ResumeThread(00000058) ret=008f9f78 0009:Call ntdll.NtResumeThread(00000058,77a9b84c) ret=77b91fb6 0009:Ret ntdll.NtResumeThread() retval=00000000 ret=77b91fb6 0009:Ret kernel32.ResumeThread() retval=00000001 ret=008f9f78 0009:Call kernel32.Sleep(00000064) ret=008f9f80 0009:Call ntdll.NtDelayExecution(0000000...

...e, and create a loader program that runs the original (unpatched) executable. The loader uses CreateProcess to invoke the executable as a suspended process, and then WriteProcessMemory to patch the new process in memory, causing the memory image to be identical to the disk-patched version. Then I ResumeThread to kick off the program. This sounds like a lot of work for little gain. It does one important thing however, which is to bypass integrity checks on the executable. The modified version is running in memory, but usually virus/hack checks are being made versus the executable on disk. The question...

...Eax = (DWORD)v + exe->peXH->addressOfEntryPoint; } printf("********> EIP = %X\n", (uint)ctx.Eip); printf("********> EAX = %X\n", (uint)ctx.Eax); SetThreadContext(pi.hThread, &ctx); ResumeThread(pi.hThread); printf("Process resumed (PID = %d).\n", (uint)pi.dwProcessId); } else { ErrorExit("WriteProcessMemory failed\n"); TerminateProcess(pi.hProcess, 0); }...

...ping between samplers and texture units. wined3d: Store the texture in a local variable in sampler_texmatrix(). d3d9: Use color_match() in vshader_version_varying_test(). d3d9: Replace color_near() with color_match(). d3d9: Correct some shader comments. server: Calling ResumeThread() on a terminated thread is valid. d3d9: Use color_match() in test_vshader_input(). Hans Leidekker (10): dnsapi: Fix a number of memory leaks. snmpapi: Fix a memory leak in the test. cabinet: Fix a memory leak. setupapi: Fix two memory leaks in the test. wininet...

...names. kernel32: Added implementation for UnregisterWaitEx. jscript: Add necessary dependencies for the bison file. kernel32/tests: Fix the async I/O test to handle errors properly. kernel32/tests: Fix the BindIoCompletionCallback test on Vista. kernel32/tests: Fix the ResumeThread on win9x. ntdll/tests: Fix the async I/O test on Vista. rpcrt4/tests: Fix a couple of test failures on Windows. winex11: Remove debug hack that slipped into commit a4a5a2ec121eeb2a7cd4ffbb5ba7b298f2a050b1. winex11: Fixed mapping of the move/resize starting point to X11 root...