http://hi.baidu.com/xbbsh/blog/item/b73d3125462201084c088db1.html
--------------------------------------------------
.h
pubilc:
typedef DWORD (WINAPI *NtSuspendProcess)(HANDLE ProcessHandle);
typedef DWORD (WINAPI *NtResumeProcess)(HANDLE hProcess);
NtSuspendProcess m_NtSuspendProcess;
NtResumeProcess m_NtResumeProcess;
.cpp:
void CPage2::OnBnClickedResume()
{
// TODO: 在此添加控件通知处理程序代码
int nIdx=m_list2.GetNextItem(-1,LVNI_SELECTED);
CString process=m_list2.GetItemText(nIdx,1);
DWORD processID= _ttol(process.GetBuffer(0));
HANDLE hProcess = OpenProcess( PROCESS_SUSPEND_RESUME ,//暂停时用这个(P.._S.._R..)标志
FALSE, (DWORD)processID );
if (hProcess)
{
HMODULE h_module=LoadLibrary(L"ntdll.dll");
m_NtResumeProcess=(NtResumeProcess)GetProcAddress(h_module,"NtResumeProcess");
m_NtResumeProcess(hProcess);
}
}
太晚了 睡觉睡觉。。。。。。。
--------------------------------------------------
.h
#pragma once
#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
#include <string>
#include <tchar.h>
//#include <ntifs.h>
#include <Psapi.h>
#pragma comment (lib,"Psapi.lib")
void ErrorExit(LPTSTR lpszFunction);
//--------------------------------------------------
// for cpu 暂停
//方法1 不可关闭本程序,否则进程会退出
long DbgUiConnectToDbg_ntdll();
//long (*DbgUiConnectToDbg)();//这样会报重复定义
long DbgUiDebugActiveProcess_ntdll(HANDLE ProcessHandle);//暂停
long DbgUiStopDebugging_ntdll(HANDLE ProcessHandle);//恢复
//方法2 可关闭本程序
DWORD NtSuspendProcess_ntdll(HANDLE hProcess);//暂停
DWORD NtResumeProcess_ntdll(HANDLE hProcess);//恢复
//要先调用这个
void LoadNtDllFun();
//--------------------------------------------------
class win_proc_public
{
public:
win_proc_public(void);
~win_proc_public(void);
public:
std::string GetExeFullName(HANDLE hProcess)
{
std::string r = "";
//HANDLE hProcess = 0;
char lpImageFileName[2049] = {0};
DWORD nSize = 2048;
//hProcess = getm
DWORD len = GetProcessImageFileName(hProcess, lpImageFileName, nSize);
if (len < 1)
{
//不能直接退出,因为有些权限是得不到的
//ErrorExit("GetExeFullName: ");
}
//len = GetModuleFileNameEx(hProcess, lpImageFileName, nSize);
r = lpImageFileName;
r = DosDevicePath2LogicalPath(r.c_str());
return r;
}//
//将 "DeviceHarddiskVolume2" 等转换为 "D:"
//DosDevicePath2LogicalPath代码摘自:ms-help://MS.MSDNQTR.v80.chs/MS.MSDN.v80/MS.WIN32COM.v10.en/fileio/fs/obtaining_a_file_name_from_a_file_handle.htm
std::string DosDevicePath2LogicalPath(LPCTSTR lpszDosPath)
{
std::string strResult = "";
// Translate path with device name to drive letters.
TCHAR szTemp[MAX_PATH];
szTemp[0] = '�';
if ( lpszDosPath==NULL || !GetLogicalDriveStrings(_countof(szTemp)-1, szTemp) )
{
return strResult;
}
TCHAR szName[MAX_PATH];
TCHAR szDrive[3] = TEXT(" :");
BOOL bFound = FALSE;
TCHAR* p = szTemp;
do{
// Copy the drive letter to the template string
*szDrive = *p;
// Look up each device name
if ( QueryDosDevice(szDrive, szName, _countof(szName)) )
{
UINT uNameLen = (UINT)_tcslen(szName);
if (uNameLen < MAX_PATH)
{
bFound = _tcsnicmp(lpszDosPath, szName, uNameLen) == 0;
if ( bFound )
{
// Reconstruct pszFilename using szTemp
// Replace device path with DOS path
TCHAR szTempFile[MAX_PATH];
_stprintf(szTempFile, TEXT("%s%s"), szDrive, lpszDosPath+uNameLen);
strResult = szTempFile;
}
}
}
// Go to the next NULL character.
while (*p++);
} while (!bFound && *p); // end of string
return strResult;
}//
void mainaaa()
{
GetProcessList( );
}
BOOL GetProcessList( )
{
HANDLE hProcessSnap;
HANDLE hProcess;
PROCESSENTRY32 pe32;
DWORD dwPriorityClass;
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE )
{
return( FALSE );
}
pe32.dwSize = sizeof( PROCESSENTRY32 );
if( !Process32First( hProcessSnap, &pe32 ) )
{
CloseHandle( hProcessSnap );
return( FALSE );
}
do
{
printf( "
"
"=====================================================" );
printf( "
PROCESS NAME: %5s", pe32.szExeFile);
printf( "
"
"-----------------------------------------------------" );
dwPriorityClass = 0;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID );
//hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pe32.th32ProcessID );
if( hProcess == NULL )
{
printf("erro");
}
else
{
dwPriorityClass = GetPriorityClass( hProcess );
if( !dwPriorityClass )
printf("erro");
//--------------------------------------------------
//clq add 程序全路径
//char szFilePath[256] = {0};
////HANDLE hProcess=OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,pe32.th32ProcessID);
//if ( GetProcessImageFileName(hProcess,szFilePath,MAX_PATH)!=0 )
//{
// //mystring strFilePath = CCommon::DosDevicePath2LogicalPath(szFilePath);
//}
std::string exename = GetExeFullName(hProcess);
printf( "
path = %s", exename.c_str() );
//--------------------------------------------------
// CloseHandle( hProcess );
}
printf( "
process ID = %d", pe32.th32ProcessID );
printf( "
thread count = %d", pe32.cntThreads );
printf( "
parent process ID = %d", pe32.th32ParentProcessID );
printf( "
Priority Base = %d", pe32.pcPriClassBase );
if( dwPriorityClass )
printf( "
Priority Class = %d", dwPriorityClass );
} while( Process32Next( hProcessSnap, &pe32 ) );
CloseHandle( hProcessSnap );
return( TRUE );
}//
public:
static void test1()
{
win_proc_public proc;
proc.mainaaa();
test2(4008);
}//
static void test2(DWORD pid)
{
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pid);
//if (!GetProcessTimes(hProcess, &creation_time, &exit_time, &kernel_time, &user_time))
//{
// return -1;
//}
if (hProcess == NULL) return;
LoadNtDllFun();
//DbgUiConnectToDbg_ntdll();
//long r = DbgUiDebugActiveProcess_ntdll(hProcess);//暂停//调用后不能停止程序否则被停止的程序会被强制退出(相当于调试器停止?)
//::Sleep(5*60*1000);
//r = DbgUiStopDebugging_ntdll(hProcess);//恢复运行
NtSuspendProcess_ntdll(hProcess);//暂停
NtResumeProcess_ntdll(hProcess);//恢复
}//
};
--------------------------------------------------
.cpp
#include "win_proc_public.h"
win_proc_public::win_proc_public(void)
{
}
win_proc_public::~win_proc_public(void)
{
}
//--------------------------------------------------
// for cpu 暂停
//方法1
long (__stdcall *DbgUiConnectToDbg_p)();//在 .h 这样会报重复定义
long (__stdcall *DbgUiDebugActiveProcess_p)(HANDLE ProcessHandle);//暂停
long (__stdcall *DbgUiStopDebugging_p)(HANDLE ProcessHandle);//恢复
//方法2
//NtResumeProcess
DWORD (WINAPI *NtResumeProcess_p)(HANDLE hProcess);//暂停
DWORD (WINAPI *NtSuspendProcess_p)(HANDLE hProcess);//恢复
void LoadNtDllFun()
{
HMODULE dllhandle;
//dwret:dword;
//ProcessHandle: dword;
//begin
dllhandle = LoadLibrary("ntdll.dll");
if (dllhandle != 0 )
{
DbgUiConnectToDbg_p = (long (__stdcall *)()) GetProcAddress(dllhandle, "DbgUiConnectToDbg");
DbgUiDebugActiveProcess_p = (long (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "DbgUiDebugActiveProcess");
DbgUiStopDebugging_p = (long (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "DbgUiStopDebugging");
//MyDbgUiConnectToDbg;
//ProcessHandle:=OpenProcess(process_all_access, False, findprocess("winlogon.exe"));
////messagebox(0,pchar(inttohex(ProcessHandle,8)),"aa",0);
//dwret:=MyDbgUiDebugActiveProcess(ProcessHandle);
//if dwret<>0 then messagebox(0,pchar("保护失败"),"提示",0) else
//messagebox(0,pchar("保护成功,来结束我吧!"),"提示",0)
NtResumeProcess_p = (DWORD (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "NtResumeProcess");
NtSuspendProcess_p = (DWORD (__stdcall *)(HANDLE))GetProcAddress(dllhandle, "NtSuspendProcess");
}
//CloseHandle(dllhandle);
}//
long DbgUiConnectToDbg_ntdll()
{
return DbgUiConnectToDbg_p();
}//
long DbgUiDebugActiveProcess_ntdll(HANDLE ProcessHandle)
{
return DbgUiDebugActiveProcess_p(ProcessHandle);
}//
long DbgUiStopDebugging_ntdll(HANDLE ProcessHandle)
{
return DbgUiStopDebugging_p(ProcessHandle);
}//
DWORD NtResumeProcess_ntdll(HANDLE hProcess)//暂停
{
return NtResumeProcess_p(hProcess);
}
DWORD NtSuspendProcess_ntdll(HANDLE hProcess)//恢复
{
return NtSuspendProcess_p(hProcess);
}
/*
这个据说也成
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processID );
if (hProcess)
{
HINSTANCE h_module = LoadLibrary(“ntdll.dll”);
NtProcess mProcess = (NtProcess)GetProcAddress(h_module, “NtResumeProcess”); //NtResumeProcess NtSuspendProcess
mProcess(hProcess);
}
其中processID为进程PID号码
休眠还是恢复,随你选择
*/
http://www.cnblogs.com/-clq/archive/2012/03/15/2397533.html