-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsuspend-process.ps1
98 lines (66 loc) · 2.46 KB
/
suspend-process.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
Param(
[Parameter(Mandatory=$false)]
[string]$p,
[Parameter(Mandatory=$false)]
[string]$t
)
Add-Type -TypeDefinition @'
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
public static class ThreadUtilities {
[DllImport("kernel32.dll")]
public static extern IntPtr OpenThread(int dwDesiredAccess, bool bInheritHandle, uint dwThreadId);
[DllImport("kernel32.dll")]
public static extern uint SuspendThread(IntPtr hThread);
[DllImport("kernel32.dll")]
public static extern int ResumeThread(IntPtr hThread);
[DllImport("kernel32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool CloseHandle(IntPtr hObject);
const int THREAD_SUSPEND_RESUME = 0x0002;
public static void SuspendProcess(int pid) {
Process proc = Process.GetProcessById(pid);
if (proc.ProcessName == string.Empty)
return;
foreach (ProcessThread pT in proc.Threads) {
IntPtr pOpenThread = OpenThread(THREAD_SUSPEND_RESUME, false, (uint)pT.Id);
if (pOpenThread == IntPtr.Zero)
continue;
SuspendThread(pOpenThread);
CloseHandle(pOpenThread);
}
}
public static void ResumeProcess(int pid) {
Process proc = Process.GetProcessById(pid);
if (proc.ProcessName == string.Empty)
return;
foreach (ProcessThread pT in proc.Threads) {
IntPtr pOpenThread = OpenThread(THREAD_SUSPEND_RESUME, false, (uint)pT.Id);
if (pOpenThread == IntPtr.Zero)
continue;
int suspendCount = 0;
do{
suspendCount = ResumeThread(pOpenThread);
} while (suspendCount > 0);
CloseHandle(pOpenThread);
}
}
}
'@
If ($p) {
$susProcess = $p
} Else {
$susProcess = Read-Host "Name of process to suspend"
}
If ($t) {
$susTime = $t
} Else {
$susTime = Read-Host "Amount of time in seconds to suspend process"
}
$process = Start-Process $susProcess -PassThru
[ThreadUtilities]::SuspendProcess($process.Id)
Write-Host -F Yellow "Process started and suspended with pid:" $process.Id
Start-Sleep -Seconds $susTime
[ThreadUtilities]::ResumeProcess($process.Id)
Write-Host -F Green "Process resumed"