This repository has been archived by the owner on Nov 20, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathProcessMgr.cs
72 lines (66 loc) · 2.15 KB
/
ProcessMgr.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
using System;
using System.Runtime.InteropServices;
namespace GTAVCSMM.Helpers
{
public static class ProcessMgr
{
[Flags]
public enum ProcessAccess : uint
{
Terminate = 0x1,
CreateThread = 0x2,
SetSessionId = 0x4,
VmOperation = 0x8,
VmRead = 0x10,
VmWrite = 0x20,
DupHandle = 0x40,
CreateProcess = 0x80,
SetQuota = 0x100,
SetInformation = 0x200,
QueryInformation = 0x400,
SetPort = 0x800,
SuspendResume = 0x800,
QueryLimitedInformation = 0x1000,
Synchronize = 0x100000
}
[DllImport("ntdll.dll")]
private static extern uint NtResumeProcess([In] IntPtr processHandle);
[DllImport("ntdll.dll")]
private static extern uint NtSuspendProcess([In] IntPtr processHandle);
[DllImport("kernel32.dll", SetLastError = true)]
private static extern IntPtr OpenProcess(ProcessAccess desiredAccess, bool inheritHandle, int processId);
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool CloseHandle([In] IntPtr handle);
public static void SuspendProcess(int processId)
{
IntPtr hProc = IntPtr.Zero;
try
{
hProc = OpenProcess(ProcessAccess.SuspendResume, false, processId);
if (hProc != IntPtr.Zero)
NtSuspendProcess(hProc);
}
finally
{
if (hProc != IntPtr.Zero)
CloseHandle(hProc);
}
}
public static void ResumeProcess(int processId)
{
IntPtr hProc = IntPtr.Zero;
try
{
hProc = OpenProcess(ProcessAccess.SuspendResume, false, processId);
if (hProc != IntPtr.Zero)
NtResumeProcess(hProc);
}
finally
{
if (hProc != IntPtr.Zero)
CloseHandle(hProc);
}
}
}
}