All geek questions in one place

Windows: Atomic suspend the whole process?

Using the Win32 API, you can only pause one thread using SuspendThread() , but not a complete process in one call.
Iterating over process threads and pausing them one at a time is not a good option, as this can lead to locks and unexpected behavior.

It is assumed that this is possible in the kernel using a function from DDK (I do not remember its name).
How can this function be brought into user mode?

Is there any other way to achieve this without resorting to the kernel?

SysInternals process researcher has the ability to pause a process. How it's done?

+3
source share
2 answers

The undocumented NtSuspendProcess function in the ntdll.dll file is similar to what you are looking for. Sysinternals pssuspend and the process handler use this.

The usual caveats for undocumented functions apply.

There are several details in this answer: How to freeze a program?

+2
source

Actually, this is exactly what MiniDumpWriteDump means - it individually suspends all threads of the process (except for the calling thread) before it creates a dump.

This alone should not cause deadlock or unexpected behavior, although obviously it is probably best made from a separate process.

+2
source

Source: https://habr.com/ru/post/1390534/

More articles:


All Articles