Freeze process
in [Win32 Kernel]
|
From: Peter Vrenken on 21 Oct 2006 06:57 Hello, i know it sounds spooky, but i am in need of a set of Win32 API calls that can be used to completely freeze (and later unfreeze) a process. Does such functionality exist, and if not: how can this be done? Thanks in advance, Peter Vrenken
From: Daniel Terhell on 21 Oct 2006 07:05 Check out NtSuspendProcess, NtResumeProcess. They are new to Windows XP and I believe undocumented. Regards, Daniel Terhell Resplendence Software Projects Sp daniel(a)resplendence.com http://www.resplendence.com "Peter Vrenken" <PeterVrenken(a)discussions.microsoft.com> wrote in message news:94AFC633-302E-450B-8EDD-C5855C5AC6D3(a)microsoft.com... > Hello, > > i know it sounds spooky, but i am in need of a set of Win32 API calls that > can be used to completely freeze (and later unfreeze) a process. Does such > functionality exist, and if not: how can this be done? > > Thanks in advance, > > Peter Vrenken
From: Le Chaud Lapin on 22 Oct 2006 10:37 Daniel Terhell wrote: > Check out NtSuspendProcess, NtResumeProcess. They are new to Windows XP and > I believe undocumented. > You can also try the Win32 Debugger API, but some versions of Windows do not allow you to restart the process using this interface: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndebug/html/msdn_debugEH.asp -Le Chaud Lapin-
From: Le Chaud Lapin on 22 Oct 2006 10:39 Le Chaud Lapin wrote: > Daniel Terhell wrote: > > Check out NtSuspendProcess, NtResumeProcess. They are new to Windows XP and > > I believe undocumented. > > > > You can also try the Win32 Debugger API, but some versions of Windows > do not allow you to restart the process using this interface: > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndebug/html/msdn_debugEH.asp More correctly, some versions of Windows do not allow the debugger to detach to the debuggee after attachment. -Le Chaud Lapin-
|
Pages: 1 Prev: ZwQueryFileInformation/ZwQueryObject Next: intercept a specific exception |