MFC Task Manager Tasks manager----Process suspend and resume--ntsuspendprocess&&ntresumeprocess

Http://hi.baidu.com/xbbsh/blog/item/b73d3125462201084c088db1.html

--------------------------------------------------

----suspend and resume of the MFC Task Manager Task Manager Process--ntsuspendprocess&&ntresumeprocess2009-08-11 1:13

. h

PUBILC:

typedef DWORD (WINAPI *ntsuspendprocess) (HANDLE processhandle);
typedef DWORD (WINAPI *ntresumeprocess) (HANDLE hprocess);

Ntsuspendprocess m_ntsuspendprocess;
Ntresumeprocess m_ntresumeprocess;

. CPP:

void Cpage2::onbnclickedresume ()
{
TODO: Add control notification Handler code here
int Nidx=m_list2. GetNextItem ( -1,lvni_selected);
CString Process=m_list2. GetItemText (nidx,1);

DWORD processid= _ttol (process. GetBuffer (0));

HANDLE hprocess = OpenProcess (Process_suspend_resume,//Pause with this (P.). _s. _r. ) flag
FALSE, (DWORD) ProcessID);
if (hprocess)
{
Hmodule h_module=loadlibrary (L "Ntdll.dll");
M_ntresumeprocess= (ntresumeprocess) GetProcAddress (H_module, "ntresumeprocess");
M_ntresumeprocess (hprocess);
}
}

It's too late to go to bed ....

--------------------------------------------------

. h

#pragma once

#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>

#include <string>
#include <tchar.h>


#include <ntifs.h>
#include <Psapi.h>
#pragma comment (lib, "Psapi.lib")

void Errorexit (LPTSTR lpszfunction);

//--------------------------------------------------
For CPU Pause

Method 1 Do not close this program, otherwise the process will exit
Long Dbguiconnecttodbg_ntdll ();

Long (*dbguiconnecttodbg) ();//This will report a duplicate definition
Long Dbguidebugactiveprocess_ntdll (HANDLE processhandle);//Pause
Long Dbguistopdebugging_ntdll (HANDLE processhandle);//Recovery

Method 2 to close the program
DWORD Ntsuspendprocess_ntdll (HANDLE hprocess);//Pause
DWORD Ntresumeprocess_ntdll (HANDLE hprocess);//Recovery


To call this first
void Loadntdllfun ();

//--------------------------------------------------

Class Win_proc_public
{
Public
Win_proc_public (void);
~win_proc_public (void);
Public

std::string getexefullname (HANDLE hprocess)
{
std::string r = "";

HANDLE hprocess = 0;
Char lpimagefilename[2049] = {0};
DWORD nSize = 2048;

hprocess = Getm
DWORD len = Getprocessimagefilename (hprocess, Lpimagefilename, nSize);

if (Len < 1)
{
Cannot exit directly because some permissions are not possible
Errorexit ("Getexefullname:");
}

Len = Getmodulefilenameex (hprocess, Lpimagefilename, nSize);


R = lpimagefilename;
R = Dosdevicepath2logicalpath (R.c_str ());

return R;
}//


Convert "\device\harddiskvolume2" to "D:\"
Dosdevicepath2logicalpath code excerpt from: Ms-help://ms. Msdnqtr.v80.chs/ms. Msdn.v80/ms. Win32com.v10.en/fileio/fs/obtaining_a_file_name_from_a_file_handle.htm
std::string Dosdevicepath2logicalpath (LPCTSTR lpszdospath)
{
std::string strresult = "";

Translate path with device name to drive letters.
TCHAR Sztemp[max_path];
Sztemp[0] = ' + ';

if (Lpszdospath==null | |!) GetLogicalDriveStrings (_countof (sztemp)-1, sztemp))
{
return strresult;
}

TCHAR Szname[max_path];
TCHAR szdrive[3] = TEXT (":");
BOOL bfound = FALSE;
tchar* p = sztemp;

bo=
Copy the drive letter to the template string
*szdrive = *p;

Look up each device name
if (Querydosdevice (szdrive, SzName, _countof (szName)))
{
UINT Unamelen = (UINT) _tcslen (szName);

if (Unamelen < MAX_PATH)
{
Bfound = _tcsnicmp (Lpszdospath, szName, unamelen) = = 0;

if (bfound)
{
Reconstruct pszFileName using sztemp
Replace device path with DOS path
TCHAR Sztempfile[max_path];
_stprintf (Sztempfile, TEXT ("%s%s"), szdrive, Lpszdospath+unamelen);
strresult = Sztempfile;
}
}
}
Go to the next NULL character.
while (*p++);
} while (!bfound && *p); End of string

return strresult;
}//

void Mainaaa ()
{
Getprocesslist ();
}

BOOL getprocesslist ()
{
HANDLE Hprocesssnap;
HANDLE hprocess;
PROCESSENTRY32 pe32;
DWORD Dwpriorityclass;

Hprocesssnap = CreateToolhelp32Snapshot (th32cs_snapprocess, 0);
if (Hprocesssnap = = INVALID_HANDLE_VALUE)
{
return (FALSE);
}

pe32.dwsize = sizeof (PROCESSENTRY32);

if (! Process32First (Hprocesssnap, &pe32))
{
CloseHandle (HPROCESSSNAP);
return (FALSE);
}

Do
{
printf ("\ n")
"=====================================================" );
printf ("\nprocess NAME:%5s", pe32.szexefile);
printf ("\ n"
"-----------------------------------------------------" );

Dwpriorityclass = 0;
hprocess = OpenProcess (process_all_access, FALSE, Pe32.th32processid);
hprocess = OpenProcess (process_query_information, FALSE, Pe32.th32processid);
if (hprocess = = NULL)
{
printf ("Erro");
}
Else
{
Dwpriorityclass = Getpriorityclass (hprocess);
if (!dwpriorityclass)
printf ("Erro");

//--------------------------------------------------
CLQ Add Program full path

Char szfilepath[256] = {0};
HANDLE hprocess=openprocess (PROCESS_QUERY_INFORMATION,FALSE,PE32.TH32PROCESSID);
if (Getprocessimagefilename (Hprocess,szfilepath,max_path)!=0)
//{
MyString strFilePath = Ccommon::D osdevicepath2logicalpath (Szfilepath);
//}

std::string exename = Getexefullname (hprocess);
printf ("\ n Path =%s", exename.c_str ());
//--------------------------------------------------


CloseHandle (hprocess);
}

printf ("\ n Process ID =%d", pe32.th32processid);
printf ("\ n Thread count =%d", pe32.cntthreads);
printf ("\ n Parent Process ID =%d", pe32.th32parentprocessid);
printf ("\ n Priority Base =%d", pe32.pcpriclassbase);
if (Dwpriorityclass)
printf ("\ n Priority Class =%d", dwpriorityclass);

} while (Process32Next (Hprocesssnap, &pe32));

CloseHandle (HPROCESSSNAP);
return (TRUE);

}//

Public
static void Test1 ()
{
win_proc_public proc;
PROC.MAINAAA ();

Test2 (4008);
}//

static void Test2 (DWORD pid)
{

HANDLE hprocess = OpenProcess (Process_all_access, FALSE, PID);
if (! Getprocesstimes (hprocess, &creation_time, &exit_time, &kernel_time, &user_time))
//{
return-1;
//}

if (hprocess = = NULL) return;

Loadntdllfun ();
Dbguiconnecttodbg_ntdll ();
Long R = Dbguidebugactiveprocess_ntdll (hprocess);//pause//Call cannot stop the program or the program is stopped will be forced to quit (equivalent to the debugger stopped?)

:: Sleep (5*60*1000);

R = Dbguistopdebugging_ntdll (hprocess);//Resume operation

Ntsuspendprocess_ntdll (hprocess);//Pause
Ntresumeprocess_ntdll (hprocess);//Recovery

}//
};
--------------------------------------------------

. cpp

#include "win_proc_public.h"

Win_proc_public::win_proc_public (void)
{
}

Win_proc_public::~win_proc_public (void)
{
}


//--------------------------------------------------
For CPU Pause

Method 1
Long (__stdcall *dbguiconnecttodbg_p) ();//In. h This will report duplicate definitions
Long (__stdcall *dbguidebugactiveprocess_p) (HANDLE processhandle);//Pause
Long (__stdcall *dbguistopdebugging_p) (HANDLE processhandle);//Recovery
Method 2
Ntresumeprocess
DWORD (WINAPI *ntresumeprocess_p) (HANDLE hprocess);//Pause
DWORD (WINAPI *ntsuspendprocess_p) (HANDLE hprocess);//Recovery

void Loadntdllfun ()
{
Hmodule Dllhandle;
Dwret:dword;
Processhandle:dword;
Begin
Dllhandle = LoadLibrary ("Ntdll.dll");
if (Dllhandle! = 0)
{
Dbguiconnecttodbg_p = (Long (__stdcall *) ()) GetProcAddress (Dllhandle, "dbguiconnecttodbg");
Dbguidebugactiveprocess_p = (Long (__stdcall *) (HANDLE)) GetProcAddress (Dllhandle, "dbguidebugactiveprocess");
Dbguistopdebugging_p = (Long (__stdcall *) (HANDLE)) GetProcAddress (Dllhandle, "dbguistopdebugging");

mydbguiconnecttodbg;
Processhandle:=openprocess (Process_all_access, False, findprocess ("Winlogon.exe"));
MessageBox (0,pchar (Inttohex (processhandle,8)), "AA", 0);
Dwret:=mydbguidebugactiveprocess (ProcessHandle);
If Dwret<>0 then MessageBox (0,pchar ("Protection failed"), "hint", 0) Else
MessageBox (0,pchar ("protect success, come to end me!" ")," hint ", 0)

ntresumeprocess_p = (DWORD (__stdcall *) (HANDLE)) GetProcAddress (Dllhandle, "ntresumeprocess");
ntsuspendprocess_p = (DWORD (__stdcall *) (HANDLE)) GetProcAddress (Dllhandle, "ntsuspendprocess");

}

CloseHandle (Dllhandle);
}//

Long Dbguiconnecttodbg_ntdll ()
{
return dbguiconnecttodbg_p ();
}//

Long Dbguidebugactiveprocess_ntdll (HANDLE processhandle)
{
Return dbguidebugactiveprocess_p (ProcessHandle);
}//

Long Dbguistopdebugging_ntdll (HANDLE processhandle)
{
Return dbguistopdebugging_p (ProcessHandle);
}//

DWORD Ntresumeprocess_ntdll (HANDLE hprocess)//Pause
{
Return ntresumeprocess_p (hprocess);
}

DWORD Ntsuspendprocess_ntdll (HANDLE hprocess)//Recovery
{
Return ntsuspendprocess_p (hprocess);
}

/*
This is also said to be
HANDLE hprocess = OpenProcess (process_all_access, FALSE, ProcessID);
if (hprocess)
{
HInstance H_module = LoadLibrary ("Ntdll.dll");
NTProcess mprocess = (ntprocess) GetProcAddress (H_module, "ntresumeprocess"); Ntresumeprocess ntsuspendprocess
Mprocess (hprocess);
}
Where ProcessID is the process PID number
Sleep or resume, as you choose
*/

Http://www.cnblogs.com/-clq/archive/2012/03/15/2397533.html

Task Manager----The suspend and resume--ntsuspendprocess&&ntresumeprocess of a process