using System; using System.Collections.Generic; using System.Text; using System.Runtime.InteropServices; using System.Diagnostics; using System.Security.Principal; namespace libWin32.Win32.Threading { public class ThreadControl { [DllImport("kernel32.dll")] static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess, bool bInheritHandle, uint dwThreadId); [DllImport("kernel32.dll")] static extern uint SuspendThread(IntPtr hThread); [DllImport("kernel32.dll")] static extern int ResumeThread(IntPtr hThread); [DllImport("advapi32.dll", SetLastError = true)] public static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle); [DllImport("kernel32.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool CloseHandle(IntPtr hObject); public static void SuspendProcess(int PID) { try { Process proc = Process.GetProcessById(PID); if (proc.ProcessName == string.Empty) return; foreach (ProcessThread pT in proc.Threads) { IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id); if (pOpenThread == IntPtr.Zero) { break; } SuspendThread(pOpenThread); } } catch { } } public static void ResumeProcess(int PID) { try { Process proc = Process.GetProcessById(PID); if (proc.ProcessName == string.Empty) return; foreach (ProcessThread pT in proc.Threads) { IntPtr pOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id); if (pOpenThread == IntPtr.Zero) { break; } ResumeThread(pOpenThread); } } catch { } } public static string GetProcessOwner(IntPtr handle, out bool IsSystem) { IntPtr ph = IntPtr.Zero; IsSystem = false; try { ThreadControl.OpenProcessToken(handle, (uint)ThreadAccess.PROCESS_TOKEN_QUERY, out ph); WindowsIdentity wi = new WindowsIdentity(ph); IsSystem = wi.IsSystem; string name = wi.Name; int slash_index = name.IndexOf("\\") + 1; name = name.Remove(0, slash_index); return name; } catch { // ignore } finally { if (ph != IntPtr.Zero) { ThreadControl.CloseHandle(ph); } } return ""; } } }