_TerminateProcess, "killt" ein Prozess, dafür wird seine PID = Process ID benutzt, diese bekommt man zb dürch Processexists("winword.exe")
_ResumeProcess, Ein Prozess der vorher suspendiert wurde, kann mit der Funktion wieder reaktiviert werden
_SuspendProcess, "friert" einen Prozess ein
_PauseResumeThread, das selbe wie (_ResumeProcess/_SuspendProcess), nur in einer Funktion geschrieben und ist nicht von der ntdll.dll abhängig.
Ist jedoch langsamer als die anderen beiden Funktionen, aber schön um mal zu sehen was genau passiert (die ntdll.dll macht genau das selbe).
$iOwnerPid : Prozess ID dessen Threads eingeforen/fortgeführt werden soll
$bResume : true = Prozess fortführen, false = einfrieren
Global Const $PROCESS_SUSPEND_RESUME = 0x0800
Global Const $SYNCHRONIZE = 0x00100000
Global Const $PROCESS_TERMINATE = 0x0001
Func _TerminateProcess ($iPID)
$vDLL = DllOpen ('Kernel32.dll')
$vProc = DllCall ($vDLL, "hwnd", "OpenProcess", "dword", $SYNCHRONIZE + $PROCESS_TERMINATE, "int", false, "dword", $iPID)
$vReturn = DllCall ($vDLL, "int", "TerminateProcess", "hwnd", $vProc[0], "int", 0)
DllCall ($vDLL, "int", "CloseHandle", "hwnd", $vProc[0])
Return $vReturn[0]
EndFunc
Func _ResumeProcess ($iPID)
$vDLL = DllOpen ('Kernel32.dll')
$vProc = DllCall ($vDLL, "hwnd", "OpenProcess", "dword", $SYNCHRONIZE + $PROCESS_SUSPEND_RESUME, "int", false, "dword", $iPID)
$vReturn = DllCall ("ntdll.dll", "int", "NtResumeProcess", "hwnd", $vProc[0])
DllCall ($vDLL, "int", "CloseHandle", "hwnd", $vProc[0])
Return $vReturn[0]
EndFunc
Func _SuspendProcess ($iPID)
$vDLL = DllOpen ('Kernel32.dll')
$vProc = DllCall ($vDLL, "hwnd", "OpenProcess", "dword", $SYNCHRONIZE + $PROCESS_SUSPEND_RESUME, "int", false, "dword", $iPID)
$vReturn = DllCall ("ntdll.dll", "int", "NtSuspendProcess", "hwnd", $vProc[0])
DllCall ($vDLL, "int", "CloseHandle", "hwnd", $vProc[0])
Return $vReturn[0]
EndFunc
func _PauseResumeThread ( $iOwnerPid, $bResume = true)
Local Const $TH32CS_SNAPTHREAD = 0x00000004
Local Const $THREAD_SUSPEND_RESUME = 0x0002
Local Const $tagTHREADENTRY32 = "DWORD dwSize; DWORD cntUsage; DWORD th32ThreadID; DWORD th32OwnerProcessID; LONG tpBasePri; LONG tpDeltaPri; DWORD dwFlags;"
$vDLL = DllOpen ('Kernel32.dll')
$hThreadSnap = DllCall($vDLL , "hwnd", "CreateToolhelp32Snapshot", "dword", $TH32CS_SNAPTHREAD, "dword", 0)
$vStruct = DllStructCreate ( $tagTHREADENTRY32 )
DllStructSetData ($vStruct, "dwSize", DllStructGetSize ($vStruct))
$vReturn = DllCall ($vDLL, "int", "Thread32First", "hwnd", $hThreadSnap[0], "ptr", DllStructGetPtr ($vStruct))
if $vReturn[0] Then
Do
if DllStructGetData ( $vStruct, "th32OwnerProcessID") == $iOwnerPid Then
$vThread = DllCall ($vDLL, "hwnd", "OpenThread", "dword", $THREAD_SUSPEND_RESUME , "int", false, "dword", DllStructGetData ($vStruct, "th32ThreadID"))
if $bResume Then
DllCall ($vDLL, "dword", "ResumeThread", "hwnd", $vThread[0])
Else
DllCall ($vDLL, "dword", "SuspendThread", "hwnd", $vThread[0])
EndIf
EndIf
$vReturn = DllCall ($vDLL, "int", "Thread32Next", "hwnd", $hThreadSnap[0], "ptr", DllStructGetPtr ($vStruct))
Until @error or not $vReturn[0]
EndIf
DllCall ($vDLL, "int", "CloseHandle", "hwnd", $hThreadSnap[0])
EndFunc
