c++におけるプロセスの保留

NtTerminateProcess 、NtResumeProcess 、NtSuspendProcess
この3つの関数はマイクロソフトカーネルapiです
オンラインで検索可能

*++
Module Name:
NtSuspendProcess.cpp
Abstract:
This utility [Suspend|Resume] processes.
Author:
Michael Wookey 6-Jun-2003 ([email][email protected][/email])
Notes:
NtSuspendProcess.exe [Suspend|Resume] pid
Compiler:
VC7
Build:
cl NtSuspendProcess.cpp
// Add Unicode Suppert, [2/23/2010 dnybz([email][email protected][/email])]
--*/
#define STRICT
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <tchar.h>
//
// The native functions exported from ntdll.
//
typedef LONG ( NTAPI *_NtSuspendProcess )( IN HANDLE ProcessHandle );
typedef LONG ( NTAPI *_NtResumeProcess )( IN HANDLE ProcessHandle );
bool EnableDebugPrivilege()   
{   
HANDLE hToken;   
LUID sedebugnameValue;   
TOKEN_PRIVILEGES tkp;   
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{   
   return   FALSE;   
}   
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) 
{   
   CloseHandle(hToken);   
   return false;   
}   
tkp.PrivilegeCount = 1;   
tkp.Privileges[0].Luid = sedebugnameValue;   
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;   
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) 
{   
   CloseHandle(hToken);   
   return false;   
}   
return true;   
}
int _tmain( int argc, _TCHAR* argv[] )
{
HANDLE ProcessHandle = 0;
_NtSuspendProcess NtSuspendProcess = 0;
_NtResumeProcess NtResumeProcess = 0;
//
// Make sure we have enough arguments.
//
if( 3 > argc )
{
   printf( "usage [Suspend|Resume] pid
" );
   return 0;
}
//
// Obtain our function imports.
//
NtSuspendProcess = (_NtSuspendProcess) 
   GetProcAddress( GetModuleHandle( _T("ntdll") ), "NtSuspendProcess" );
NtResumeProcess = (_NtResumeProcess) 
   GetProcAddress( GetModuleHandle( _T("ntdll") ), "NtResumeProcess" );
//
// Attempt to open the target process.
//
EnableDebugPrivilege();
ProcessHandle = OpenProcess( PROCESS_ALL_ACCESS, FALSE, _tstoi( argv[2] ));
//
// Suspend or Resume the process. Note that these alter the process'
// suspend count, so freezing the process twice will require thawing
// the process twice to restore.
//
if( ! ProcessHandle )
{
   printf( "Unable to open process id %d
", _tstoi( argv[2] ));
}
else
{
   if( ! lstrcmpi( argv[1], _T("Suspend") ))
   {
    if( NtSuspendProcess )
    {
     NtSuspendProcess( ProcessHandle );
    }
   }
   else if( ! lstrcmpi( argv[1], _T("Resume") ))
   {
    if( NtResumeProcess )
    {
     NtResumeProcess( ProcessHandle );
    }
   }
   else
   {
    printf( "usage [Suspend|Resume] pid
" );
   }
}
//
// Close our process handle.
//
if( ProcessHandle )
{
   CloseHandle( ProcessHandle );
}
return 0;
}
/* EOF */