11

I am looking for different ways to pause and resume programmatically a particular process via its process ID under Windows XP.

Process suspend/resume tool does it with SuspendThread / ResumeThread but warns about multi-threaded programs and deadlock problems.

PsSuspend looks okay, but I wonder if it does anything special about deadlocks or uses another method?

Prefered languages : C++ / Python

Chilledrat
  • 2,593
  • 3
  • 28
  • 38
MechanTOurS
  • 1,485
  • 2
  • 15
  • 18
  • 3
    A SEO comment follows: PsSuspend looks like a windows equivalent of Linux/UNIX's `kill -SIGSTOP` or `kill -SIGCONT` (and even `killall`). – Ilia K. Oct 21 '10 at 21:30

6 Answers6

5

If you "debug the debugger" (for instance, using logger.exe to trace all API calls made by windbg.exe), it appears that the debugger uses SuspendThread()/ResumeThread() to suspend all of the threads in the process being debugged.

PsSuspend may use a different way of suspending processes (I'm not sure), but it is still possible to hang other processes: if the process you're suspending is holding a shared synchronization object that is needed by another process, you may block that other process from making any progress. If both programs are well-written, they should recover when you resume the one that you suspended, but not all programs are well-written. And if this causes your program that is doing the suspending to hang, then you have a deadlock.

bk1e
  • 23,871
  • 6
  • 54
  • 65
4

I'm not sure if this does the job, but with ProcessExplorer from MS Systernals you can suspend a process.

It's been said here: https://superuser.com/a/155263 and I found it there too.

Community
  • 1
  • 1
Highmastdon
  • 6,960
  • 7
  • 40
  • 68
3

read here and you also have psutil for python that you can use it like that:

>>> import psutil
>>> pid = 7012
>>> p = psutil.Process(pid)
>>> p.suspend()
>>> p.resume()
Community
  • 1
  • 1
Hanan
  • 1,169
  • 3
  • 23
  • 40
1

I tested http://www.codeproject.com/KB/threads/pausep.aspx on few softwares:

it works fine.

PsSuspend and Pausep are two valid options.

MechanTOurS
  • 1,485
  • 2
  • 15
  • 18
1

So, after I found about UniversalPauseButton, Googling for this ("windows SIGSTOP"), getting this question as the first search result (thanks Ilia K. your comment did its job), and reading the answers, I went back to checkout the code.

Apparently, it uses undocumented NT kernel and Win32 APIs _NtSuspendProcess, _NtResumeProcess and _HungWindowFromGhostWindow.

PsSuspend, the utility you mentioned and linked to probably uses these APIs, I couldn't verify this, the source code isn't supplied, only executables and a EULA, you can probably figure that out by disassembling the binary but it's against the EULA.

so, to answer your specific question, checkout UniversalPauseButton's main.cpp, basically you call _NtSuspendProcess(ProcessHandle) and _NtResumeProcess(ProcessHandle), ProcessHandle being the handle of the process you want to pause or resume.

Wis
  • 484
  • 7
  • 22
0

I think there is a good reason why there is no SuspendProcess() function in Windows. Having such a function opens the door for an unstable system. You shall not suspend a process unless you created that process yourself. If you wrote that process yourself, you could use an event (see ::SetEvent() etc. in MSDN) or another kind of messaging to trigger a pause command in the process.

Andre
  • 1,577
  • 1
  • 13
  • 25