Vlad Ioan Topan

My playground

Archive for April 2009

How to check if a thread/process is suspended (get thread state)

with 4 comments

The basic steps to get to a thread’s status information is the following (knowing of course both the process ID (hence forth PID) and the thread ID (TID)):

  1. call NtQuerySystemInformation with SystemInformation set to SystemProcessInformation (5)
  2. iterate over the array of SYSTEM_PROCESS_INFORMATION structures (the structure contents is (wrongfully) explained here; correct version here) to find your PID (ProcessId member) of interest
  3. iterate over the array of SYSTEM_THREAD structures (detailed below) to find the desired TID (UniqueThread member) and check the State and WaitReason members; both must be set to 5 if the thread is suspended, any other values otherwise

As it’s probably obvious to most people keen on system-level programming, a process is suspended when all it’s threads are suspended, so all of them must be checked for the suspended status.

Step one: calling NtQuerySystemInformation

The required structures are defined here (for Delphi). The function isn’t defined in any headers, so we must declare it’s prototype ourselves:

function NtQuerySystemInformation(SystemInformationClass:DWORD; SystemInformation:pointer; SystemInformationLength:DWORD; ReturnLength:PDWORD):cardinal; stdcall; external 'ntdll';

Example usage:

var 
   spi:PSYSTEM_PROCESS_INFORMATION;
   size:DWORD;
begin
if (NtQuerySystemInformation(5, nil, 0, @size) = STATUS_INFO_LENGTH_MISMATCH) // SystemProcessInformation
   and (size > 0)
   then begin
        GetMem(spi, size);
        if NtQuerySystemInformation(5, spi, size, @size) = 0
           then begin
                [...] // do something with spi
                end
           else HandleError; // failed listing processes!
        FreeMem(spi);
        end
    else HandleError; // failed listing processes!
end;

HandleError is a fictional function (which you’ll most likely skip, ’cause you’re in a hurry to get things done, right? 🙂 ).

Step two: iterating the process list

The structure only looks like a linked list item; the NextEntryOffset member is an actual offset from the beginning of the current structure to the beginning of the next one. This is needed because of the variable size of the structure (given by the variable number of threads for each process). We need an extra crt:PSYSTEM_PROCESS_INFORMATION variable to walk the pseudo-linked list because we must keep the original psi pointer to free it’s memory.
The outline of the code which iterates the processes looking for a PID (given the spi:PSYSTEM_PROCESS_INFORMATION pointer from above) would look like this:

var 
    crt:PSYSTEM_PROCESS_INFORMATION; 
[...]
    crt := spi;
    repeat
        if crt^.ProcessID = PID
           then begin
                [...] // do something with crt^
                break;
                end;
        crt := Pointer(DWORD(crt) + crt^.NextEntryOffset);
    until crt^.NextEntryOffset = 0;

Step three: find the appropriate thread

Given the ThreadInfo array in the structure located at the previous step, we iterate through it and test the State and WaitReason members for the item matching our TID:

var
    j:integer;
[...]
    for j := 0 to crt^.NumberOfThreads-1 do
        begin
        if crt^.ThreadInfo[j].UniqueThread = TID
           then begin
                if crt^.ThreadInfo[j].WaitReason = 5
                   then [...] // the thread is suspended
                   else [...]; // the thread is not suspended
                break; 
                end;
        end;

The State member must also be set to 5 (“waiting”), but if the WaitReason is non-null, the State must be 5 (and vice-versa), so there’s little point in checking it explicitly.

Additional info: thread starting address, priority etc.

If you’ve paid any attention while reading the structures, you might have noticed additional interesting information about threads and processes, such as the creation time, image path, priority, handle count and memory and I/O usage/history for processes (this is how Process Explorer gets, for example, the WorkingSet/PeakWorkingSet and ReadBytes/WriteBytes/OtherBytes information) and starting address, priority/base priority and various timing information for threads. The starting address is particularly interesting, because the NtQueryInformationThread API with ThreadInformationClass set to ThreadQuerySetWin32StartAddress (9) only works (on Windows pre-Vista) “before the thread starts running” (quoted from MSDN), which seems to me rather pointless in the first place.

The NtQuerySystemInformation API is also a useful replacement for the CreateToolhelp32Snapshot suite, yielding more information about processes and threads.

Advertisements

Written by vtopan

April 15, 2009 at 1:07 AM

Posted in Delphi, Snippets

Top ten striptease songs

leave a comment »

Some while ago, when the opportunity arose to put them to good use, I realised I had rather few striptease songs sorted out. The very next day (my memories are rather foggy given circumstances, but it most likely was the next day, so we’ll work with that assumption) I set on a quest for the web’s favorite striptease songs. The results, however, were somewhat disappointing; mostly redundant and not as insightful as I had hoped. But plowing through them I also found some good (enough) ones, and managed to collect sufficient songs to tire out even some of the most dedicated strippers out there (not that that would be the purpose of the whole thing).

Stumbling over the sorted-out-music folder and running into them again, I decided to share them with the world, if only to spare other don quixotesque music fans out there from the pain of having to go thorough endless pages of search results only to find (mostly) the folowing songs listed over and over.

Top ten strip songs

Note: the order is mostly a matter of personal taste & current state of mind. The purpose is to provide you with a list of good striptease songs, rather than to make statements about the songs’ quality when compared to one another, as I find judging taste to be pointless.

#10. Kylie Minogue – Chocolate [watch]
Not much surprise in Kylie showing up in this list, now is there?

#9. Tina Turner – Private Dancer [watch]
Striptease 101.

#8. Pussycat Dolls & Busta Rhymes – Don’t Cha [watch]
Excellent rythm; rap & hip hop fans will appreciate it.

#7. Def Leppard – Pour Some Sugar on Me [watch]
Rock.

#6. Right Said Fred – I’m Too Sexy [watch]
Funny rather than sexy, but still a good song to drop clothes to.

#5. Joe Cocker – You Can Leave Your Hat On [watch]
Synonymous with “striptease song”; would be higher in the top if it weren’t so damn everywhere.

#4. Alannah Myles – Black Velvet [watch]
Another classic, slower & more sensual than most in this top.

#3. Prince – Cream [watch]
I’m not that much into Prince, but this song is by far among the best strip songs I’ve heard so far.

#2. Patricia Kaas – Mademoiselle chante le blues [watch]
French strip song. ’nuff said.

#1. En Vogue – Beat of Love [listen]
The bass drum rythm on this song is simply amazing, earning it a #1.

Bonus song

Instrumental music is excellent for striptease, and one of the best ones at that is the theme song from A Shot in the Dark (1964; the second Pink Panther movie, featuring Peter Sellers – a “dark” comedy which you may also enjoy) by Henry Mancini. If you need further proof, check out Ursula Martinez’ Hanky Panky (strip) show. The sax, as on Mademoiselle chante le blues, is excellent. On the instrumental topic, half funny-half sexy is also The Stripper from Joe Loss.

Runners up

As with most tops, some runners up got left out. In alphabetical order:

  • Ella Fitzgerald – I Just Wanna Make Love to You
  • Firefox – Sex Shooter
  • Ginuwine – Pony
  • Lovage – Sex (I’m A)
  • Paula Cole – Feelin’ Love
  • Queen – Fat Bottomed Girls
  • Sam Brown – Stop
  • Santana & Rob Thomas – Smooth
  • Shaggy – Hey Sexy Lady
  • The Sugababes – Push the Button
  • Tom Jones – Sex Bomb
  • Tom Jones – You Don’t Have to Be Rich
  • Touch & Go – Tango in Harlem
  • Zuchero – Baila Sexy Thing

You can sample most of them on imeem.com [later edit: imeem is now defunct; changed links to point to Google video searches], on youtube or simply googling/yahoo(ing?) for them.

Written by vtopan

April 6, 2009 at 1:36 AM

Posted in Music, Tops