Hi everyone
This is my new topic. I wrote this program for suspending the game. When i want to connect the game with Game Title, the game title was Null. So i was changing the title and after connecting to the game. Then, the anticheat system is developped and it was closing the game when the game title is changed. I thought, if i suspend the program, all the system and anticheat will be disabled and i could use my titlechanger. It worked !
After that, i put a timer, and when an exe is started to run, the program is immediately suspending the game. I am using Cheat Engine and searching for where the anticheat system starts to run or opens the game. I use simply "Nop" and "Jump" for disabling anticheats some. So this program is really helpful for the game hackers. Because when the exe is loading, you can debug it step by step.
Here is a screenshot from my program. I used Vb6 to write it.
rac1 pro tools.PNG
To describe my program simply;
1- It can be used as taskmanager,
2- It can be used as suspender.
You can suspend a program in two ways;
- Use the listbox to choose the exe,
- Enter the exe name manually into textbox.
Here is a simplified photo
proc tools v2.png
The suspender Module, (not source, code inside)
Code:
Option Explicit
Private Type THREADENTRY32
dwSize As Long
cntUsage As Long
th32ThreadID As Long
th32OwnerProcessID As Long
tpBasePri As Long
tpDeltaPri As Long
dwFlags As Long
End Type
Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const SYNCHRONIZE = &H100000
Private Const THREAD_ALL_ACCESS = STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &H3FF
Private Const TH32CS_SNAPTHREAD = &H4
Private Declare Function SuspendThread Lib "kernel32" (ByVal hthread As Long) As Long
Private Declare Function ResumeThread Lib "kernel32" (ByVal hthread As Long) As Long
Private Declare Function OpenThread Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal dwProcessId As Long) As Long
Private Declare Function Thread32First Lib "kernel32" (ByVal hObject As Long, p As THREADENTRY32) As Boolean
Private Declare Function Thread32Next Lib "kernel32" (ByVal hObject As Long, p As THREADENTRY32) As Boolean
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Public Sub GetThreads(pID As Long)
Form1.lstThreads.ListItems.Clear
Dim hsnapshot As Long
Dim htthread As Long
Dim pthread As Boolean
Dim pt As THREADENTRY32
Dim mList As ListItem
hsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)
pt.dwSize = Len(pt)
pthread = Thread32First(hsnapshot, pt)
While pthread
htthread = OpenThread(THREAD_ALL_ACCESS, 0, pt.th32ThreadID)
If htthread <> 0 And pt.th32OwnerProcessID = pID Then
Set mList = Form1.lstThreads.ListItems.Add(, , htthread)
mList.SubItems(1) = pt.th32ThreadID
mList.SubItems(2) = pt.cntUsage
mList.SubItems(3) = pt.dwFlags
mList.SubItems(4) = pt.dwSize
mList.SubItems(5) = pt.tpBasePri
mList.SubItems(6) = pt.tpDeltaPri
mList.SubItems(7) = "Active"
End If
pthread = Thread32Next(hsnapshot, pt)
Wend
CloseHandle hsnapshot
End Sub
Public Function GetKOPID() As Long
Dim pID As Long, wHandle As Long
wHandle = FindWindow(vbNullString, Form1.Text1)
If wHandle > 0 Then
GetWindowThreadProcessId wHandle, pID
If pID > 0 Then GetKOPID = pID
End If
End Function
Public Function SuspendMe(ThreadID As Long) As Boolean
Dim ret As Long
ret = SuspendThread(ThreadID)
'MsgBox ThreadID
If ret <> -1 Then SuspendMe = True
End Function
Public Function ResumeMe(ThreadID As Long) As Boolean
Dim ret As Long
ret = ResumeThread(ThreadID)
If ret <> -1 Then ResumeMe = True
End Function
Function EnableTPT()
If Form1.lstThreads.ListItems.Count > 0 Then
Dim i As Integer
Dim tptID
For i = 1 To Form1.lstThreads.ListItems.Count
tptID = Form1.lstThreads.ListItems.Item(i).Text
Debug.Print tptID
If CLng(tptID) > 0 Then
Dim ret As Boolean
ret = ResumeMe(CLng(tptID))
If ret Then
'MsgBox "Thread Suspended.", vbInformation, "Succeed"
Else
If i = 1 Then MsgBox "Thread Suspending Failed (" & tptID & ")"
End If
End If
Next i
End If
End Function
Function DisableTPT()
If Form1.lstThreads.ListItems.Count > 0 Then
Dim i As Integer
Dim tptID
For i = 1 To Form1.lstThreads.ListItems.Count
tptID = Form1.lstThreads.ListItems.Item(i).Text
Debug.Print tptID
If CLng(tptID) > 0 Then
Dim ret As Boolean
ret = SuspendMe(CLng(tptID))
If ret Then
'MsgBox "Thread Suspended.", vbInformation, "Succeed"
Else
If i = 1 Then MsgBox "Thread Suspending Failed (" & tptID & ")"
End If
End If
Next i
End If
End Function
Public Sub GetThreadsSuspended(pID As Long)
Form1.lstThreads.ListItems.Clear
Dim hsnapshot As Long
Dim htthread As Long
Dim pthread As Boolean
Dim pt As THREADENTRY32
Dim mList As ListItem
hsnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)
pt.dwSize = Len(pt)
pthread = Thread32First(hsnapshot, pt)
While pthread
htthread = OpenThread(THREAD_ALL_ACCESS, 0, pt.th32ThreadID)
If htthread <> 0 And pt.th32OwnerProcessID = pID Then
Set mList = Form1.lstThreads.ListItems.Add(, , htthread)
mList.SubItems(1) = pt.th32ThreadID
mList.SubItems(2) = pt.cntUsage
mList.SubItems(3) = pt.dwFlags
mList.SubItems(4) = pt.dwSize
mList.SubItems(5) = pt.tpBasePri
mList.SubItems(6) = pt.tpDeltaPri
mList.SubItems(7) = "SUSPENDED"
End If
pthread = Thread32Next(hsnapshot, pt)
Wend
CloseHandle hsnapshot
End Sub
Function WindowToProcessId(ByVal hwnd As Long) As Long
Dim lpProc As Long
Call GetWindowThreadProcessId(hwnd, lpProc)
WindowToProcessId = lpProc
End Function
Function ControlMeForSuspend(ko_pid As Long) As Boolean
Dim mykohandle, mykopid As Long
mykohandle = FindWindow(vbNullString, App.Title)
mykopid = WindowToProcessId(mykohandle)
'MsgBox mykohandle
'MsgBox mykopid
If WindowToProcessId(FindWindow(vbNullString, App.Title)) = ko_pid Then
ControlMeForSuspend = 1
Else
ControlMeForSuspend = 0
End If
End Function
suspender_ProcessTools.rar