用到了NTDLL中的函数
typedef DWORD(WINAPI *PFSuspendProcess)(HANDLE hProcess);typedef DWORD(WINAPI *PFResumeProcess)(HANDLE hProcess);
int main(int argc, char* argv[]){ PFSuspendProcess SuspendProcess; PFResumeProcess ResumeProcess; if(argc != 2) { printf("/nParameter not enough !!!/nusage: %s process-id /n", argv[0]); return 0; }
HMODULE hNtDllLib = LoadLibrary("ntdll.dll");
SuspendProcess = (PFSuspendProcess)GetProcAddress(hNtDllLib, "ZwSuspendProcess"); ResumeProcess = (PFResumeProcess )GetProcAddress(hNtDllLib, "ZwResumeProcess" );
if(SuspendProcess) { HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, atoi(argv[1]));
SuspendProcess(hProcess); printf("Press any key to resume process ..."); getc(stdin);
ResumeProcess(hProcess);
CloseHandle(hProcess); } FreeLibrary(hNtDllLib);
getc(stdin); return 0;}
