Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You can't do it from the command line, you have to write some code (I assume you're not just looking for an utility otherwise Super User may be a better place to ask). I also assume your application has all the required permissions to do it (examples are without any error checking).</p> <h2>Hard Way</h2> <p>First get all the threads of a given process then call the <code>SuspendThread</code> function to stop each one (and <code>ResumeThread</code> to resume). It works but some applications may crash or hung because a thread may be stopped in any point and the order of suspend/resume is unpredictable (for example this may cause a dead lock). For a single threaded application this may not be an issue.</p> <pre><code>void suspend(DWORD processId) { HANDLE hThreadSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0); THREADENTRY32 threadEntry; threadEntry.dwSize = sizeof(THREADENTRY32); Thread32First(hThreadSnapshot, &amp;threadEntry); do { if (threadEntry.th32OwnerProcessID == processId) { HANDLE hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, threadEntry.th32ThreadID); SuspendThread(hThread); CloseHandle(hThread); } } while (Thread32Next(hThreadSnapshot, &amp;threadEntry)); CloseHandle(hThreadSnapshot); } </code></pre> <p>Please note that this function is even too much naive, to resume threads you should skip threads that was suspended and it's easy to cause a dead-lock because of suspend/resume order. For single threaded applications it's prolix but it works. </p> <h2>Undocumented way</h2> <p>Starting from Windows XP there is the <code>NtSuspendProcess</code> but it's <em>undocumented</em>. Read <a href="http://forum.sysinternals.com/suspend-a-process_topic17442_page2.html" rel="noreferrer">this post</a> for a code example (reference for undocumented functions: news://comp.os.ms-windows.programmer.win32).</p> <pre><code>typedef LONG (NTAPI *NtSuspendProcess)(IN HANDLE ProcessHandle); void suspend(DWORD processId) { HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, processId)); NtSuspendProcess pfnNtSuspendProcess = (NtSuspendProcess)GetProcAddress( GetModuleHandle("ntdll"), "NtSuspendProcess"); pfnNtSuspendProcess(processHandle); CloseHandle(processHandle); } </code></pre> <h2>"Debugger" Way</h2> <p>To suspend a program is what usually a debugger does, to do it you can use the <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/ms679295%28v=vs.85%29.aspx" rel="noreferrer"><code>DebugActiveProcess</code></a> function. It'll suspend the process execution (with all threads all together). To resume you may use <code>DebugActiveProcessStop</code>.</p> <p>This function lets you stop a process (given its Process ID), syntax is very simple: just pass the ID of the process you want to stop et-voila. If you'll make a command line application you'll need to keep its instance running to keep the process suspended (or it'll be terminated). See the <em>Remarks</em> section on MSDN for details.</p> <pre><code>void suspend(DWORD processId) { DebugActiveProcess(processId); } </code></pre> <h2>From Command Line</h2> <p>As I said Windows command line has not any utility to do that but you can invoke a Windows API function from PowerShell. First install <a href="http://poshcode.org/2189" rel="noreferrer">Invoke-WindowsApi</a> script then you can write this:</p> <pre><code>Invoke-WindowsApi "kernel32" ([bool]) "DebugActiveProcess" @([int]) @(process_id_here) </code></pre> <p>Of course if you need it often you can make an <code>alias</code> for that.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload