To suspend a program is what usually a debugger does, to do it you can use the DebugActiveProcess function. GetModuleHandle("ntdll"), "NtSuspendProcess") NtSuspendProcess pfnNtSuspendProcess = (NtSuspendProcess)GetProcAddress( HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId)) typedef LONG (NTAPI *NtSuspendProcess)(IN HANDLE ProcessHandle)
Sysinternals process explorer code#
Read this post (or this article) for a code example (reference for undocumented functions: news://comp.os.32). Starting from Windows XP there is the NtSuspendProcess but it's undocumented. For single threaded applications it's prolix but it works. Please note that this function is even too much naive, to resume threads you should skip threads that was suspended and it's easy to cause a dead-lock because of suspend/resume order. } while (Thread32Next(hThreadSnapshot, &threadEntry)) HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, If (threadEntry.th32OwnerProcessID = processId) Thread32First(hThreadSnapshot, &threadEntry) ThreadEntry.dwSize = sizeof(THREADENTRY32)
HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0) For a single threaded application this may not be an issue. It works but some applications may crash or hung because a thread may be stopped in any point and the order of suspend/resume is unpredictable (for example this may cause a dead lock).
Hard Wayįirst get all the threads of a given process then call the SuspendThread function to stop each one (and ResumeThread to resume). I also assume your application has all the required permissions to do it (examples are without any error checking). You can't do it from the command line, you have to write some code (I assume you're not just looking for an utility otherwise Super User may be a better place to ask).
0 kommentar(er)
