Volatile/Stop-Thread.ps1
function Stop-Thread { <# .SYNOPSIS Terminates a specified Thread. .DESCRIPTION The Stop-Thread function can stop an individual thread in a process. This is quite useful in situations where code injection (dll injection) techniques have been used by attackers. If an attacker runs their malicious code in a thread within a critical process, then Stop-Thread can kill the malicious thread without hurting the critical process. .NOTES Author - Jared Atkinson (@jaredcatkinson) .EXAMPLE PS > Stop-Thread -ThreadId 1776 #> [CmdletBinding()] param ( [Parameter(Mandatory = $true, Position = 0)] [UInt32] $ThreadId ) $hThread = OpenThread -ThreadId $ThreadId -DesiredAccess $THREAD_TERMINATE TerminateThread -ThreadHandle $hThread CloseHandle -Handle $hThread } |