NtSuspendProcess - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTPSAPI_H
//
// Processes
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Suspends the specified process.
 *
 * @param ProcessHandle A handle to the process to be suspended.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtSuspendProcess(
    _In_ HANDLE ProcessHandle
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwSuspendProcess(
    _In_ HANDLE ProcessHandle
    );

#endif
View code on GitHub

Suspends all threads in the process.

Parameters

ProcessHandle - a handle to a process granting PROCESS_SUSPEND_RESUME access.

Remarks

This function enumerates and suspends threads one-by-one and is, therefore, prone to race conditions.

The function ignores threads created with the THREAD_CREATE_FLAGS_BYPASS_PROCESS_FREEZE flag.

This functionality is not exposed in Win32 API.

See also

Edit description on GitHub