When we find some dlls or bad modules loaded by someprocess in other session or currentsession,can we remove it via Madshi' collection?
In Delphi's TThread, we can use TThread.suspended to judge the state
of Tthread,but it seem to has no such property or similer property in IThread.
Another small problem,there is a "ProcessHandleToid" function in "madRemote" package not "ProcessHandleToPid" . Sample of "http://help.madshi.net/ProcessHandleToId.htm" has
a clerical error
You can use madCodeHook's UninjectLibrary to unload a dll from another process. That works even for a different session (if you have enough privileges). The question is, though, whether just unloading the dll is good enough to get rid of the virus. But that's another question...
function IsThreadSuspended(threadHandle: dword) : boolean;
var i1 : integer;
begin
result := false;
i1 := integer(SuspendThread(threadHandle));
if i1 <> -1 then begin
ResumeThread(threadHandle);
result := i1 > 0;
end;
end;
You can call this like "IsThreadSuspended(IThread.Handle.Handle)".
About the documentation error: Thanks - I'll fix that.