uSuspendResumeProcess

1. unit uSuspendResumeProcess;
2.  
3. interface
4.  
5. uses
6.   Windows, SysUtils, Classes, Controls, Forms, StdCtrls;
7.  
8. type
9.   TForm1 = class(TForm)
10.     Suspend: TButton;
11.     Resume: TButton;
12.     PID: TEdit;
13.     procedure SuspendClick(Sender: TObject);
14.     procedure ResumeClick(Sender: TObject);
15.   end;
16.  
17. var
18.   Form1: TForm1;
19.  
20. implementation
21.  
22. {$R *.dfm}
23.  
24. const
25.   NTDLL = 'ntdll.dll';
26.   PROCESS_SUSPEND_RESUME = $0800;
27.   SE_DEBUG_PRIVILEGE = 20;
28.  
29. function NtSuspendProcess(pid: THandle): HRESULT; stdcall; external NTDLL;
30. function NtResumeProcess(pid: THandle): HRESULT; stdcall; external NTDLL;
31. function RtlAdjustPrivilege(Privilege: ULONG; Enable: BOOL; CurrentThread: BOOL;
32.   out OldPrivilege: BOOL): ULONG; stdcall; external NTDLL;
33.  
34. procedure Pause(Flag: Boolean; PID: Cardinal);
35. var
36.   hProcess: THandle;
37. begin
38.   hProcess := OpenProcess(PROCESS_SUSPEND_RESUME, False, PID);
39.   try
40.     if Flag then
41.       NtSuspendProcess(hProcess)
42.     else
43.       NtResumeProcess(hProcess);
44.   finally
45.     CloseHandle(hProcess);
46.   end;
47. end;
48.  
49. procedure TForm1.SuspendClick(Sender: TObject);
50. begin
51.   Pause(True, StrToIntDef(pid.Text, 0));
52. end;
53.  
54. procedure TForm1.ResumeClick(Sender: TObject);
55. begin
56.   Pause(False, StrToIntDef(pid.Text, 0));
57. end;
58.  
59. var
60.   OldPrivilege: BOOL;
61. initialization
62.   RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, True, False, OldPrivilege);
63. end.