3

Using Win32 API it is only possible to suspend a single thread using SuspendThread() but not a complete process in one call.
Iterating over a process threads and suspending them one at a time is not a good option since it may cause dead-locks and unexpected behavior.

This is supposed to be something that is possible in kernel using a function from the DDK (which I don't remember its name).
How is it possible to expose this function to user mode?

Is there any other way to achieve this without going to the kernel?

SysInternals process explorer has an option to suspend process. How does it do it?

shoosh
  • 76,898
  • 55
  • 205
  • 325

1 Answers1

2

Actually thats exactly what MiniDumpWriteDump appears to do - it individually suspends all threads in the process (except for the calling thread) before it creates a dump.

This alone shouldn't cause a deadlock or unexpected behaviour, although obviously its probably best to do this from a separate process.

Justin
  • 84,773
  • 49
  • 224
  • 367