Which winapi function does the Process Explorer use to suspend process?

About

Asked 6/8, 2014 at 13:3 Answered 6/8, 2014 at 17:37

I am attempting to write a hook which will catch "SomeFunction" of Process Explorer that suspends process. I already have a solution which hooks functions such as SuspendThread and NtSuspendThread. But the Process Explorer use something different and I don't know what. Please can anyone tell me the name of the function used by PE to suspend process?

Sulfide answered 6/8, 2014 at 13:3 Comment(1)

Have you checked the import table? Have you done anything at all to help yourself before asking here? – Thermit 6/8, 2014 at 14:33

Attach it to an API Monitor; It calls NtOpenProcess -> NtSuspendProcess()

SShot

Welcher answered 6/8, 2014 at 17:37 Comment(3)

What API monitor did you use here? – Nimesh 6/8, 2014 at 19:20

Thanks, that looks very nice. I'll dig into it some more, always in the market for good tools. – Nimesh 6/8, 2014 at 19:48

Thanks, that's it! I tried to hook NtSuspendThread in procexp.exe but without results. I hooked this function in procexp64.exe and it works!!! Thanks a lot!!! – Sulfide 7/8, 2014 at 6:55

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags