Solved

Recovering a frozen process

Posted on 2006-07-08
24
354 Views
Last Modified: 2012-08-14
In a previous question I learned how to detect a frozen process:
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_21910881.html

Now the question is can I do something about it... is there any way to unfreeze the process or do I have to terminate it?
0
Comment
Question by:justchat_1
  • 11
  • 7
  • 3
  • +1
24 Comments
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17065581

depends,

if it is your process,
and you know the cause of the hanging,
maybey you can do somthing about it,

else you are out of luck
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17065674
there are no windows messages I can send to break execution?  How would something like norton crashguard work?
0
 
LVL 10

Expert Comment

by:sakuya_su
ID: 17066064
if its already crashed I dont think the messages will do anything, it is also up to the programmer of that application hwo these messages are handled
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17066117
Thats not the case-the program is stuck in an infinite loop and is freezing up (but still running)... Norton crash guard has a way to kick the program out of the loop-does anyone know how?
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17066164

i think it requires some real low-level coding

you can't do that in one day in vb
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17066404
Are there any dll's that could do this or links with more information?
0
 
LVL 13

Accepted Solution

by:
Mark_FreeSoftware earned 500 total points
ID: 17066581

i couldnt find any information about it, sorry,

however i have some idea: (no code, sorry)


attach your app to the program,
and detect the infinite loop

if found, then pause the process (suspend)

get the instruction pointer (at which address the next code is going to be executed, i really shouldnt know how)

save the next byte,
replace it with a ret (i think it was &HC3)
let the program execute a little piece of code (just let it jump from the ret)
then replace the ret back with the original byte
and resume the application


this is how i think it can be done, i can't help you further with the code, apart from these declarations:

Private Declare Function ResumeThread Lib "kernel32" (ByVal hThread As Long) As Long
Private Declare Function SuspendThread Lib "kernel32" (ByVal hThread As Integer) As Integer
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, ByVal lpNumberOfBytesWritten As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17066608
Thats a big help...ill look into that!!

If any other experts have opinions or code feel free to post...
0
 
LVL 10

Expert Comment

by:sakuya_su
ID: 17066626
the above can only work if the Process is started by your own program, just by attaching you still cannot write to the problem program' memory (can you?)
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17066632
good question... I know that most program memory is read/execute only and I remember something about a way to change memory permissions but I dont remember if thats only for your own memory space or for other programs as well?
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17066659

the above can only work if the Process is started by your own program, just by attaching you still cannot write to the problem program' memory (can you?)

it is possible,
i did it even without pausing the code!
but this is VERY dangerous, because the program can crash

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 9

Author Comment

by:justchat_1
ID: 17066674
Dangerous until figured out or always dangerous?
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17066682

dangerous if the code is executing near that point

imagine this:

the program is executing some long instruction (say6 bytes)
at the same time you change one (or more) of those bytes

weird things can happen,
bluescreen,
total lockup,
nothing,
program just crashes,
etc
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17066717
So it really depends on what code I break out of?
0
 
LVL 10

Expert Comment

by:sakuya_su
ID: 17066732
well yeah unofficially you can have ASM code injections but those are like really dodgy practices
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
ID: 17066757
I know there is something like this but only for Windows Vista (http://msdn.microsoft.com/library/en-us/recovery/recovery/registerapplicationrestart.asp)
I don't know of anything for 2000 or XP, The typical idea is if the application is hung you should check again a couple more times to make sure. if its hung you should first try to send WM_CLOSE, if this does not respond then you must terminate the process. This is what windows XP does when an application is hung. You might recall the dialog (send) (dont send) error. However since you know what application is hung the best you could probrably do is allow the user to restart the process since you know the path this wouldn't be a problem.
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17066858
good link...its a shame thats not around yet

the restart idea isnt a bad one but what about applications that are working with unsaved data?
Also, how do I know if they were started with parameters (cause I would probably need to include them again)?
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17067693

>>the restart idea isnt a bad one but what about applications that are working with unsaved data?

they lose it, except if they have some emergency save built in (like ms word)


as far as i know, there are 2 different ways,
by code injection (that is what process explorer of sysinternals does)
and there seems to be an undocumented api way

too bad i cannot find the article that described this,
(still looking)
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17085487
What would sending a system hibernating message do to a process?? (just to the process, not global)
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17352548
Not what I was looking for but definitely valuable info..
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
ID: 17352582

thanks for the points, and happy coding!



too bad you could find what you were looking for...
0
 
LVL 9

Author Comment

by:justchat_1
ID: 17354420
what im looking for is probably not possible :)
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

The debugging module of the VB 6 IDE can be accessed by way of the Debug menu item. That menu item can normally be found in the IDE's main menu line as shown in this picture.   There is also a companion Debug Toolbar that looks like the followin…
Background What I'm presenting in this article is the result of 2 conditions in my work area: We have a SQL Server production environment but no development or test environment; andWe have an MS Access front end using tables in SQL Server but we a…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now