Windows:以原子方式暂停整个进程? [英] Windows: Atomically suspend an entire process?

问题描述

使用 Win32 API 只能使用 SuspendThread() 挂起单个线程，但不能在一次调用中挂起完整进程.
迭代进程线程并一次挂起一个线程并不是一个好的选择，因为这可能会导致死锁和意外行为.

Using Win32 API it is only possible to suspend a single thread using SuspendThread() but not a complete process in one call.
Iterating over a process threads and suspending them one at a time is not a good option since it may cause dead-locks and unexpected behavior.

这应该是在内核中使用 DDK 中的函数(我不记得它的名字)可以实现的.
怎么可能把这个函数暴露给用户模式?

This is supposed to be something that is possible in kernel using a function from the DDK (which I don't remember its name).
How is it possible to expose this function to user mode?

有没有其他方法可以在不进入内核的情况下实现这一点?

Is there any other way to achieve this without going to the kernel?

SysInternals 进程浏览器有一个暂停进程的选项.它是如何做到的?

SysInternals process explorer has an option to suspend process. How does it do it?

推荐答案

其实就是这样 MiniDumpWriteDump 似乎是这样做的 - 它在创建转储之前单独挂起进程中的所有线程(调用线程除外).

Actually thats exactly what MiniDumpWriteDump appears to do - it individually suspends all threads in the process (except for the calling thread) before it creates a dump.

仅此一项不应导致死锁或意外行为，尽管显然最好从单独的进程中执行此操作.

This alone shouldn't cause a deadlock or unexpected behaviour, although obviously its probably best to do this from a separate process.

这篇关于Windows:以原子方式暂停整个进程?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！