ring0
January 18th, 2009, 04:10
Hi,
Earlier i had raised a question on NtSuspendProcess.
I wanted to use this function in one of my projects to suspend a process.
But, as this function is not documented, i decided not to use it.
This is because MS may decide to remove this function(undocumented) in future OS version or even service packs.
Jeffrey Ritcher has written a function, using ToolHelp API's, that iterates through the threads of a process and suspend them individually.
He makes use of the documented functions SuspendThread and ResumeThread for the same. I am making use of this function now.
function defn:
int SuspendProcess(DWORD dwProcessID, BOOL bSuspend)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, dwProcessID);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
THREADENTRY32 te32;
te32.dwSize = sizeof(THREADENTRY32);
BOOL bThread = Thread32First(hSnapshot, &te32);
do
{
if (te32.th32OwnerProcessID == dwProcessID)
{
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if (hThread != NULL)
{
if (bSuspend)
SuspendThread(hThread);
else
ResumeThread(hThread);
}
CloseHandle(hThread);
}
} while(Thread32Next(hSnapshot, &te32));
CloseHandle(hSnapshot);
}
return 0;
}
My question:
Is it safe to use SuspendThread/ResumeThread? I've read some blogs that says SuspendThread may lead to deadlocks. A deadlock might occur if SuspendThread is used for synchronizing threads within the same process.
But in my case, i am not using SuspendThread function for synchronization.
Instead, i am suspending all threads of another process. Should i be worrying of a dead lock scenario?
Also, what do you feel should be the order of thread resumption?
Is it necessary to resume the threads in the reverse order of suspension or does it not matter at all.
Thanks,
Ring0
Earlier i had raised a question on NtSuspendProcess.
I wanted to use this function in one of my projects to suspend a process.
But, as this function is not documented, i decided not to use it.
This is because MS may decide to remove this function(undocumented) in future OS version or even service packs.
Jeffrey Ritcher has written a function, using ToolHelp API's, that iterates through the threads of a process and suspend them individually.
He makes use of the documented functions SuspendThread and ResumeThread for the same. I am making use of this function now.
function defn:
int SuspendProcess(DWORD dwProcessID, BOOL bSuspend)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, dwProcessID);
if (hSnapshot != INVALID_HANDLE_VALUE)
{
THREADENTRY32 te32;
te32.dwSize = sizeof(THREADENTRY32);
BOOL bThread = Thread32First(hSnapshot, &te32);
do
{
if (te32.th32OwnerProcessID == dwProcessID)
{
HANDLE hThread = OpenThread(THREAD_SUSPEND_RESUME, FALSE, te32.th32ThreadID);
if (hThread != NULL)
{
if (bSuspend)
SuspendThread(hThread);
else
ResumeThread(hThread);
}
CloseHandle(hThread);
}
} while(Thread32Next(hSnapshot, &te32));
CloseHandle(hSnapshot);
}
return 0;
}
My question:
Is it safe to use SuspendThread/ResumeThread? I've read some blogs that says SuspendThread may lead to deadlocks. A deadlock might occur if SuspendThread is used for synchronizing threads within the same process.
But in my case, i am not using SuspendThread function for synchronization.
Instead, i am suspending all threads of another process. Should i be worrying of a dead lock scenario?
Also, what do you feel should be the order of thread resumption?
Is it necessary to resume the threads in the reverse order of suspension or does it not matter at all.
Thanks,
Ring0