# Thread hijacking

Thread hijacking is a technique used by hackers and reverse engineers to manipulate the execution flow of a program. It involves intercepting and redirecting the execution of a program's threads to a different location, allowing the attacker to control the program's behavior.

By redirecting a program's execution flow, an attacker can bypass code that checks for tampering or enforces licensing restrictions, allowing them to use the software without purchasing a license or otherwise obtaining authorization.

Thread hijacking can also be used to bypass self-defense mechanisms.

## Hooking vs Thread hijacking

Hooking and thread hijacking are both techniques used to manipulate the execution flow of a program, but they are different methods with different characteristics.

Hooking is used to intercept and redirect the execution flow of a program by modifying its memory space or system calls, while thread hijacking is used to intercept and redirect the execution flow of a program by manipulating its threads.

## Preventing thread hijacking

Codeguard has the capability to detect and prevent thread hijacking.

It's important to note that Codeguard's thread hijacking detection capabilities may temporarily suspend the thread being analyzed, which can negatively affect performance.&#x20;

We recommend enabling this feature only if you have received or are currently experiencing tampering attacks on your software. This way, you can ensure that your software is protected without sacrificing performance.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cyphor.net/code-guard/preventing-modifications/thread-hijacking.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.