• 欢迎访问开心洋葱网站,在线教程,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站,欢迎加入开心洋葱 QQ群
  • 为方便开心洋葱网用户,开心洋葱官网已经开启复制功能!
  • 欢迎访问开心洋葱网站,手机也能访问哦~欢迎加入开心洋葱多维思维学习平台 QQ群
  • 如果您觉得本站非常有看点,那么赶紧使用Ctrl+D 收藏开心洋葱吧~~~~~~~~~~~~~!
  • 由于近期流量激增,小站的ECS没能经的起亲们的访问,本站依然没有盈利,如果各位看如果觉着文字不错,还请看官给小站打个赏~~~~~~~~~~~~~!

c++中进程的挂起

OC/C/C++ 水墨上仙 2989次浏览

NtTerminateProcess 、NtResumeProcess 、NtSuspendProcess
这三个函数是微软内核api
可以在线查询

*++
Module Name:
NtSuspendProcess.cpp
Abstract:
This utility [Suspend|Resume] processes.
Author:
Michael Wookey 6-Jun-2003 ([email]ntutils@wookey.org[/email])
Notes:
NtSuspendProcess.exe [Suspend|Resume] pid
Compiler:
VC7
Build:
cl NtSuspendProcess.cpp
// Add Unicode Suppert, [2/23/2010 dnybz([email]cnfreebsd@163.com[/email])]
--*/
#define STRICT
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <tchar.h>
//
// The native functions exported from ntdll.
//
typedef LONG ( NTAPI *_NtSuspendProcess )( IN HANDLE ProcessHandle );
typedef LONG ( NTAPI *_NtResumeProcess )( IN HANDLE ProcessHandle );
bool EnableDebugPrivilege()   
{   
HANDLE hToken;   
LUID sedebugnameValue;   
TOKEN_PRIVILEGES tkp;   
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken))
{   
   return   FALSE;   
}   
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) 
{   
   CloseHandle(hToken);   
   return false;   
}   
tkp.PrivilegeCount = 1;   
tkp.Privileges[0].Luid = sedebugnameValue;   
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;   
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof(tkp), NULL, NULL)) 
{   
   CloseHandle(hToken);   
   return false;   
}   
return true;   
}
int _tmain( int argc, _TCHAR* argv[] )
{
HANDLE ProcessHandle = 0;
_NtSuspendProcess NtSuspendProcess = 0;
_NtResumeProcess NtResumeProcess = 0;
//
// Make sure we have enough arguments.
//
if( 3 > argc )
{
   printf( "usage [Suspend|Resume] pid\n" );
   return 0;
}
//
// Obtain our function imports.
//
NtSuspendProcess = (_NtSuspendProcess) 
   GetProcAddress( GetModuleHandle( _T("ntdll") ), "NtSuspendProcess" );
NtResumeProcess = (_NtResumeProcess) 
   GetProcAddress( GetModuleHandle( _T("ntdll") ), "NtResumeProcess" );
//
// Attempt to open the target process.
//
EnableDebugPrivilege();
ProcessHandle = OpenProcess( PROCESS_ALL_ACCESS, FALSE, _tstoi( argv[2] ));
//
// Suspend or Resume the process. Note that these alter the process'
// suspend count, so freezing the process twice will require thawing
// the process twice to restore.
//
if( ! ProcessHandle )
{
   printf( "Unable to open process id %d\n", _tstoi( argv[2] ));
}
else
{
   if( ! lstrcmpi( argv[1], _T("Suspend") ))
   {
    if( NtSuspendProcess )
    {
     NtSuspendProcess( ProcessHandle );
    }
   }
   else if( ! lstrcmpi( argv[1], _T("Resume") ))
   {
    if( NtResumeProcess )
    {
     NtResumeProcess( ProcessHandle );
    }
   }
   else
   {
    printf( "usage [Suspend|Resume] pid\n" );
   }
}
//
// Close our process handle.
//
if( ProcessHandle )
{
   CloseHandle( ProcessHandle );
}
return 0;
}
/* EOF */


开心洋葱 , 版权所有丨如未注明 , 均为原创丨未经授权请勿修改 , 转载请注明c++中进程的挂起
喜欢 (0)
加载中……