Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Which winapi function does the Process Explorer use to suspend process?

Tags:

c++

winapi

systems-programming

I am attempting to write a hook which will catch "SomeFunction" of Process Explorer that suspends process. I already have a solution which hooks functions such as SuspendThread and NtSuspendThread. But the Process Explorer use something different and I don't know what. Please can anyone tell me the name of the function used by PE to suspend process?

like image 272
Anton23 Avatar asked Aug 06 '14 13:08

Anton23

1 Answers

Attach it to an API Monitor; It calls NtOpenProcess -> NtSuspendProcess()

SShot

like image 122
Alex K. Avatar answered Sep 30 '22 07:09

Alex K.
Sign in to Comment

Related questions

How to automatically fill a std::array base on sizeof a variadic template?
How to tell c++ compiler that the object is not changed elsewhere to reach better optimization
Qt : Find object in list by property
Big memory leak in SDL_Init
STD library iterator that never ends?
friend function in global namespace with custom return type
Include mouse cursor in screen capture
Are objects inside rvalue referenced object, also rvalue referenced?
XORing two double variables
C++11 nested std::conditional
linking 3rd party static libs in cgo library
Read data from memory in Vowpal Wabbit?
Hide label text for Qt tabs without setting text to empty string
Are Vertex Array Objects supported in Android OpenGL ES 2.0 using extensions?
Memory mapped file storage in stl vector
why does boost::any forbid the forwarding of const&&?
C++ for loop and range-based loop performance
Trying to pass contents of a vector to a thread
Assign char array to another char array
OK, either I'm crazy or there is a bug in IBM's compiler

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!