NtTerminateProcess 、NtResumeProcess 、NtSuspendProcess
这三个函数是微软内核api
可以在线查询
*++
Module Name:
NtSuspendProcess.cpp
Abstract:
This utility [Suspend|Resume] processes.
Author:
Michael Wookey 6-Jun-2003 ([email]ntutils@wookey.org[/email])
Notes:
NtSuspendProcess.exe [Suspend|Resume] pid
Compiler:
VC7
Build:
cl NtSuspendProcess.cpp
// Add Unicode Suppert, [2/23/2010 dnybz([email]cnfreebsd@163.com[/email])]
--*/
#define STRICT
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <tchar.h>
//
// The native functions exported from ntdll.
//
typedef LONG ( NTAPI *_NtSuspendProcess )( IN HANDLE ProcessHandle );
typedef LONG ( NTAPI *_NtResumeProcess )( IN HANDLE ProcessHandle );
bool EnableDebugPrivilege()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUE