Failed to suspend process in c++ program

Question

Failed to suspend process in c++ program

147 views Asked by Roman Soroka At 22 October 2023 at 09:59

private:
DWORD SuspendProcess(HANDLE hProcess) {
    DWORD result = SuspendThread(hProcess);

    if (result == (DWORD)-1) {
        // SuspendThread failed
        return false;
    }

    return true;
    /*HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,
    0); DWORD suspendCount = 0;

    if (hThreadSnapshot != INVALID_HANDLE_VALUE) {
        THREADENTRY32 te32 = {};
        te32.dwSize = sizeof(THREADENTRY32);

        if (Thread32First(hThreadSnapshot, &te32)) {
            do {
                if (te32.th32OwnerProcessID == GetProcessId(hProcess)) {
                    DWORD threadId = te32.th32ThreadID;
                    HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME,
    FALSE, threadId); if (hThread != NULL) { suspendCount +=
    SuspendThread(hThread); CloseHandle(hThread);
                    }
                }
            } while (Thread32Next(hThreadSnapshot, &te32));
        }

        CloseHandle(hThreadSnapshot);
    }*/

    // return suspendCount;
}

private:
VOID ResumeProcess(HANDLE hProcess) {
    HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);

    if (hThreadSnapshot != INVALID_HANDLE_VALUE) {
        THREADENTRY32 te32 = {};
        te32.dwSize = sizeof(THREADENTRY32);

        if (Thread32First(hThreadSnapshot, &te32)) {
            do {
                if (te32.th32OwnerProcessID == GetProcessId(hProcess)) {
                    DWORD threadId = te32.th32ThreadID;
                    HANDLE hThread =
                        OpenThread(THREAD_SUSPEND_RESUME, FALSE, threadId);
                    if (hThread != NULL) {
                        ResumeThread(hThread);
                        CloseHandle(hThread);
                    }
                }
            } while (Thread32Next(hThreadSnapshot, &te32));
        }

        CloseHandle(hThreadSnapshot);
    }
}

I've written these functions to suspend and resume process, that i create in my project. But when i try to suspend process, i have an error: Failed to suspend the process. i've tried to run visual studio as an administrator, but it didn't change anything. Hope you will find an error :)

Original Q&A

There are 1 answers

**jakehvh** · Answer 1 · 2023-10-22T11:44:46+00:00

Make sure your process handle has all access; if it doesn't, just open a separate handle using OpenProcess and passing PROCESS_ALL_ACCESS.

For suspending and resuming, I recommend using NtSuspendProcess and NtResumeProcess.

Here's an example on how you can call these:

static auto nt_suspend_process = reinterpret_cast< LONG( __stdcall* )( HANDLE ) >( GetProcAddress( GetModuleHandleA( "ntdll.dll" ), "NtSuspendProcess" ) );

static auto nt_resume_process = reinterpret_cast< void( __stdcall* )( HANDLE ) >( GetProcAddress( GetModuleHandleA( "ntdll.dll" ), "NtResumeProcess" ) );

TechQA.

Failed to suspend process in c++ program

There are 1 answers

Related Questions in C++

Related Questions in WINAPI

Related Questions in PROCESS

Related Questions in RESUME

Related Questions in SUSPEND

Popular Questions

Popular Tags

Trending Questions