|
|
Comments and Discussions
|
|
 |
|
You can also use the undocumented functions NtSuspendProcess and NtResumeProcess in ntdll.dll. The process handle must have been opened with the PROCESS_SUSPEND_RESUME access right.
The function prototypes are (according to ReactOS):
NTSTATUS NTAPI NtResumeProcess(IN HANDLE ProcessHandle)
NTSTATUS NTAPI NtSuspendProcess(IN HANDLE ProcessHandle)
|
|
|
|
|
|
You can use NtSuspendProcess and NtResumeProcess APIs too.(in ntdll.dll)
They're undocumented but useful. : )
|
|
|
|
|
Very elegant.
You saved me 
|
|
|
|
|
This tool is cool.
But let's say that I want to just query if a process is suspended, how can do that without calling SuspendThread/ResumeThread?
|
|
|
|
|
Just wanted to say you're a genius! I've been trying forever to do this in VB6 and it seems to be impossible. I used the code to hack an irritating program that resists having it's process ended (it auto-restatrs) but can't detect a suspend! I used this code with a VB app that calls your app with the processes PID as an argument and the program suspends! Thought I'd post the code in case anyone wants it! Thanx again!
Make sure you add a .RES file with pausep.exe in it in a 'folder' called EXES and make it resource number 101
[Put in a module]
Option Explicit
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal Handle As Long) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function EnumProcesses Lib "PSAPI.DLL" (ByRef lpidProcess As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "PSAPI.DLL" (ByVal hProcess As Long, ByVal hModule As Long, ByVal ModuleName As String, ByVal nSize As Long) As Long
Private Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Long, ByVal lpBuffer As Long, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (ByVal lpDst As Long, ByVal lpSrc As Long, ByVal ByteLen As Long)
Private Declare Function SetThreadAffinityMask Lib "kernel32.dll" (ByVal hThread As Long, ByVal dwThreadAffinityMask As Long) As Long
Private Declare Function GetProcessAffinityMask Lib "kernel32.dll" (ByVal hProcess As Long, ByRef lpProcessAffinityMask As Long, ByRef SystemAffinityMask As Long) As Boolean
Private Declare Function GetCurrentProcess Lib "kernel32.dll" () As Long
Private Declare Function SetProcessAffinityMask Lib "kernel32.dll" (ByVal hProcess As Long, ByRef dwProcessAffinityMask As Long) As Long
Private Const PROCESS_QUERY_INFORMATION As Long = 1024
Private Const PROCESS_VM_READ As Long = 16
Private Const MAX_PATH As Long = 260
Public Function GetProcessByName(ByVal EXEName As String) As Long
Dim cb As Long
Dim cbNeeded As Long
Dim NumElements As Long
Dim ProcessIDs() As Long
Dim cbNeeded2 As Long
Dim NumElements2 As Long
Dim Modules(1 To 200) As Long
Dim ModuleName As String
Dim hProcess As Long
Dim i As Long
Dim PIDs() As Long
ReDim PIDs(0)
cb = 8
cbNeeded = 192 '96
Do While cb <= cbNeeded
cb = cb * 2
ReDim ProcessIDs(cb / 4) As Long
EnumProcesses ProcessIDs(1), cb, cbNeeded
Loop 'While ProcessIDs(1) <> 0
NumElements = cbNeeded / 4
For i = 1 To NumElements
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, ProcessIDs(i))
If hProcess <> 0 Then
If EnumProcessModules(hProcess, Modules(1), 200, cbNeeded2) <> 0 Then
ModuleName = Space(MAX_PATH)
'Debug.Print Left$(ModuleName, GetModuleFileNameExA(hProcess, Modules(1), ModuleName, 500))
If (InStr(1, Left$(ModuleName, GetModuleFileNameExA(hProcess, Modules(1), ModuleName, 500)), EXEName, vbTextCompare) > 0) Then
ReDim Preserve PIDs(UBound(PIDs) + 1)
PIDs(UBound(PIDs)) = hProcess 'ProcessIDs(i)
GetProcessByName = ProcessIDs(i) 'hProcess
Exit Function
End If
End If
End If
CloseHandle hProcess
Next
GetProcessByName = PIDs(UBound(PIDs))
End Function
Private Sub Main()
Dim PID As Long
PID = GetProcessByName("xxxxxxxxxx.exe")
If Len(Dir(App.Path & "\pausep.exe")) <= 0 Then
Dim k As Long, e() As Byte
e = LoadResData(101, "EXES")
k = FreeFile
Open App.Path & "\pausep.exe" For Binary Access Write Lock Read As k
Put k, , e
Close k
End If
Shell App.Path & "\pausep.exe " & PID
Do
On Error Resume Next
Kill App.Path & "\pausep.exe"
DoEvents
Loop Until Len(Dir(App.Path & "\pausep.exe")) <= 0
MsgBox "Done!"
End Sub
I have not failed 1000 times, I have successfully identified 1000 ways that will not work! 
-- modified at 20:35 Monday 19th November, 2007
|
|
|
|
|
CloseHandle causes memoryleak according to MSDN:
The snapshot returned is a copy of the current state of the system.
To close a snapshot, call the CloseToolhelp32Snapshot function.
Do not call the CloseHandle function to close the snapshot call. That generates a memory leak.
|
|
|
|
|
I'm looking for a program that can make a memory-dump of a process and is able to reload the dumpfile later so basically the process resumes from the save point
Kinda like when you put the PC in hibernation mode
But on a single process scale.
Anyone know of such programs existence?
Thanks
|
|
|
|
|
This is what I´ve been looking for!
I am working with a program called SaTScan which sometimes takes ages to complete a certain calculation. Plus it slows down the computer a lot. Now this little tool of yours suspends and resumes it without problems.
Thanks a lot. Johannes
|
|
|
|
|
Very simple clear and nicely written example.
But I still can't find out how to suspend a thread without ToolHelp since WinNT4 doesn't support it. Psapi has no thread enumeration so Im pretty stuck here .
|
|
|
|
|
|
What does this have to do with this topic?
---
maximum 500 characters
|
|
|
|
|
I want to suspend/resume process on Win95, how to do?
|
|
|
|
|
Sorry, I can't help you, as I don't code on Win95 since, erm, mmm... 95. Wow, it has been 9 years already!
At least MSDN says that you can do OpenProcess, SuspendThread and ResumeThread on Win95, so I suspect that the problem is happening with my process listing code. Try to pass a known PID and see if it works...
Perl combines all the worst aspects of C and Lisp: a billion different sublanguages in one monolithic executable. It combines the power of C with the readability of PostScript. -- Jamie Zawinski
|
|
|
|
|
OpenThread API unsupported on Win95
|
|
|
|
|
There is a piece of software that, unlike Windows Taskmaster, does allow you to both see and suspend/resume processes. At least I think it has the same functionality you describe - I am myself no programmer.
It is called Process Explorer, copyright Mark Russinovich, from Sysinternals.com
It's been a great help to me in tracking down and suspending virus activitiy.
|
|
|
|
|
It is not possible at all since this feature is included in Windows NT, only.
|
|
|
|
|
While I want to suspend a thread in VC++,but return error code 0x00000005(Access denide),who know why?? thanks!
|
|
|
|
|
You need a simple app wizard gui.
Its like watching TV in black and white otherwise...
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
If you want to quote people be respectfull and quote them right. Niels Bohr never mentioned "her" he wrote about "a man" ... You don't like it as he said it - don't quote him  .
|
|
|
|
|
|
This sample is just a "Start".
All it does is produce a list of the various Processes currently running on your machine, which you could obtain anyway by using Task Manager.
It lacks an interface (e.g. checkboxes) by which the user could select which Processes he/she may want to suspend or resume.
I tried running it several times from Start->Run to see if I could cause it to suspend or resume Processes, and all I got, was a very quick flicker of the program indicating it had completed execution. IOW, I didn't have a chance to test for those other options.
If you are running VC++ 6.0, you will have to create your own Console Application project for this sample, because it was written for VC++ .NET, and the sample didn't come with a ".dsp" file.
If you were thinking of borrowing features from this sample to import into your own application, I cannot attest for its ability to do anything else, because I didn't get to see those features. The ONLY thing I know it does, is list Processes. That's it!
I did see code in there for it to suspend and resume Processes, (though I couldn't test them) but for everything else, meaning, any user interface, and the assigning of priorities to Processes (if that's something you might want to do after you've suspended one or several of them, etc.), you're on your own.
Lastly, if your Process name has more than two parts (e.g. System Idle Process), it will only report two (e.g. System Process).
William
|
|
|
|
|
It's a command line tool.
As such, you must run it from the command prompt.
Type cmd.exe at Start->Run and open a command prompt. Then use it from there.
But even if you use it PASSING THE PID from Start->Run it should pause a process.
It's a pitty people are so used to GUI applications that don't know how to use command line utilities anymore... 
I'll provide a soon .dsp for VC 6.0 users. I didn't because I thought most VC6.0 users would use the Project Converter Tool[^]
"In an organization, each person rises to the level of his own incompetence." Peter's Principle
|
|
|
|
|
|
I did recognize it was a Command Line tool, which is why I went to Start->Run and entered the full path of where the executable module was located, and ran it from there. That is how I got to see the flash of the list of Processes it displayed.
I was more fortunate in seeing the entire list without it disappearing on me when I ran it from the VC++ IDE.
But just to be fair and as thorough as possible, I did go back to Start->Run and following the pathname of where the executable module was located, I did append the PID of a utility that was currently running on my system, and received an error message from the system about not being able to locate the component.
When I removed the PID and ran just the pathname again, I could see the quick display of the list before it vanished. So I did try that effort as well.
Typing 'cmd.exe' to run a command line tool doesn't buy me anything more that what I am able to accomplish from Start->Run. AAMOF, it's preferable to run an application from Start->Run if that's all you want to do (which in this case was all I wanted to do).
Yes, I'll admit I am one of those people who prefer having a GUI with which to interface than having to revert back to the method we all had to deal with back there in the dark ages BEFORE GUI came along. GUI showed us there was a nicer and more convenient way of interfacing with the computer. (Pity those who refuse to come out of the darkness into the light.) For the extra effort going GUI requires, I don't mind it at all; I'll do it any day. It's either the lazy or the ignorant ones who continually bash GUI.
"Accept nothing short of perfection." The C++ Programming Language: 3rd Edition. Bjarne Stroustrup.
William
|
|
|
|
|
|
|
 General  News  Suggestion  Question  Bug  Answer  Joke  Rant  Admin
|
A small handy command line tool for suspending/resuming the running of entire processes on Windows
| Type | Article |
| Licence | CPOL |
| First Posted | 28 Sep 2002 |
| Views | 246,884 |
| Downloads | 8,410 |
| Bookmarked | 53 times |
|
|
Submit an article or tip
Post your Blog
.
