#ifndef _NTPSAPI_H
//
// Processes
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Suspends the specified process.
 *
 * \param ProcessHandle A handle to the process to be suspended.
 * \return NTSTATUS Successful or errant status.
 * \remarks Use NtCreateProcessStateChange instead.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSuspendProcess(
    _In_ HANDLE ProcessHandle
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwSuspendProcess(
    _In_ HANDLE ProcessHandle
    );

#endif
View code on GitHub

NtDoc

Suspends all threads in the process.

Parameters

ProcessHandle - a handle to a process granting PROCESS_SUSPEND_RESUME access.

Remarks

This function enumerates and suspends threads one-by-one and is, therefore, prone to race conditions.

The function ignores threads created with the THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE flag.

This functionality is not exposed in Win32 API.

NtSuspendProcess - NtDoc

NtDoc

Parameters

Remarks

See also

NtDoc

Parameters

Remarks

Related Win32 API

See also