堆栈内存溢出
  简体   繁体   English

Process Explorer使用哪个winapi函数来暂停进程?

[英]Which winapi function does the Process Explorer use to suspend process?

 原文  2014-08-06 13:03:05       c++/ winapi/ systems-programming

问题描述

I am attempting to write a hook which will catch " SomeFunction " of Process Explorer that suspends process. 我正在尝试编写一个钩子,它将捕获暂停进程的Process Explorer的SomeFunction ”。 I already have a solution which hooks functions such as SuspendThread and NtSuspendThread . 我已经有了一个挂钩SuspendThreadNtSuspendThread等函数的解决方案。 But the Process Explorer use something different and I don't know what. 但是Process Explorer使用了不同的东西,我不知道是什么。 Please can anyone tell me the name of the function used by PE to suspend process? 请问有人可以告诉我PE暂停进程所使用的函数名称吗?

1 个解决方案

解决方案1
 7 已采纳  2014-08-06 17:37:26

Attach it to an API Monitor; 将其附加到API监视器; It calls NtOpenProcess -> NtSuspendProcess() 它调用NtOpenProcess -> NtSuspendProcess()

SShot

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 是否有 C++ function 暂停恢复子进程? - Is there a C++ function to suspend of resume a child process? 创建进程挂起和UAC - Create process suspend and UAC 在启动特定的子进程后挂起进程 - Suspend process after a specific child process is started 如何使用带有向量的 winapi ReadProcessMemory 从另一个进程读取缓冲区? - How to use winapi ReadProcessMemory with vector to read buffer from another process? Process Explorer中可拖动的十字准线如何工作? - How does the draggable crosshair in Process Explorer work? 我可以暂停一个线程以外的进程吗? - Can I suspend a process except one thread? 从不同进程中的另一个线程暂停/恢复一个线程或进程 - Suspend/Resume a thread or process from another Thread in different process 如何等待Winapi的非子进程? - how to wait for a non-child process with winapi? 使用 winapi 查找进程 ID 和基地址 - Finding process ID and base address using winapi 在winapi中运行具有最低权限的进程 - Running a process with lowest possible privileges in winapi
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM