private:
DWORD SuspendProcess(HANDLE hProcess) {
DWORD result = SuspendThread(hProcess);
if (result == (DWORD)-1) {
// SuspendThread failed
return false;
}
return true;
/*HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
0); DWORD suspendCount = 0;
if (hThreadSnapshot != INVALID_HANDLE_VALUE) {
THREADENTRY32 te32 = {};
te32.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hThreadSnapshot, &te32)) {
do {
if (te32.th32OwnerProcessID == GetProcessId(hProcess)) {
DWORD threadId = te32.th32ThreadID;
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME,
FALSE, threadId); if (hThread != NULL) { suspendCount +=
SuspendThread(hThread); CloseHandle(hThread);
}
}
} while (Thread32Next(hThreadSnapshot, &te32));
}
CloseHandle(hThreadSnapshot);
}*/
// return suspendCount;
}
private:
VOID ResumeProcess(HANDLE hProcess) {
HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
if (hThreadSnapshot != INVALID_HANDLE_VALUE) {
THREADENTRY32 te32 = {};
te32.dwSize = sizeof(THREADENTRY32);
if (Thread32First(hThreadSnapshot, &te32)) {
do {
if (te32.th32OwnerProcessID == GetProcessId(hProcess)) {
DWORD threadId = te32.th32ThreadID;
HANDLE hThread =
OpenThread(THREAD_SUSPEND_RESUME, FALSE, threadId);
if (hThread != NULL) {
ResumeThread(hThread);
CloseHandle(hThread);
}
}
} while (Thread32Next(hThreadSnapshot, &te32));
}
CloseHandle(hThreadSnapshot);
}
}
我已经编写了这些函数来暂停和恢复我在项目中创建的进程。但是当我尝试暂停进程时,出现错误:无法暂停进程。我尝试以管理员身份运行 Visual Studio,但它没有改变任何内容。希望你会发现错误:)
确保您的进程句柄具有所有访问权限,如果没有,只需使用 OpenProcess 并传递 PROCESS_ALL_ACCESS 打开一个单独的句柄。
对于挂起和恢复,建议使用 NtSuspendProcess 和 NtResumeProcess
这里有一个关于如何调用它们的示例:
static auto nt_suspend_process = reinterpret_cast< LONG( __stdcall* )( HANDLE ) >( GetProcAddress( GetModuleHandleA( "ntdll.dll" ), "NtSuspendProcess" ) );
static auto nt_resume_process = reinterpret_cast< void( __stdcall* )( HANDLE ) >( GetProcAddress( GetModuleHandleA( "ntdll.dll" ), "NtResumeProcess" ) );