NtSuspendProcess - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTPSAPI_H
// Processes
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtSuspendProcess(
    _In_ HANDLE ProcessHandle
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwSuspendProcess(
    _In_ HANDLE ProcessHandle
    );

#endif
View code on GitHub

Suspends all threads in the process.

Parameters

ProcessHandle - a handle to a process granting PROCESS_SUSPEND_RESUME access.

Remarks

This function enumerates and suspends threads one-by-one and is, therefore, prone to race conditions.

The function ignores threads created with the THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE flag.

This functionality is not exposed in Win32 API.

See also

Edit description on GitHub