|
/*++
Module Name:
ice.c
Abstract:
This utility "freezes" and "thaws" processes.
Author:
Michael Wookey 6-Jun-2003 (ntutils@wookey.org)
Notes:
ice.exe [freeze|thaw] pid
Compiler:
VC7
Build:
cl ice.c
--*/
#define STRICT
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
//
// The native functions exported from ntdll.
//
typedef LONG ( NTAPI *_NtSuspendProcess )( IN HANDLE ProcessHandle );
typedef LONG ( NTAPI *_NtResumeProcess )( IN HANDLE ProcessHandle );
int main( int argc, char* argv[] )
{
HANDLE ProcessHandle = 0;
_NtSuspendProcess NtSuspendProcess = 0;
_NtResumeProcess NtResumeProcess = 0;
//
// Make sure we have enough arguments.
//
if( 3 > argc )
{
printf( "ice [freeze|thaw] pid\n" );
return 0;
}
//
// Obtain our function imports.
//
NtSuspendProcess = (_NtSuspendProcess)
GetProcAddress( GetModuleHandle( "ntdll" ), "NtSuspendProcess" );
NtResumeProcess = (_NtResumeProcess)
GetProcAddress( GetModuleHandle( "ntdll" ), "NtResumeProcess" );
//
// Attempt to open the target process.
//
ProcessHandle = OpenProcess( PROCESS_ALL_ACCESS, FALSE, atoi( argv[2] ));
//
// Freeze or thaw the process. Note that these alter the process'
// suspend count, so freezing the process twice will require thawing
// the process twice to restore.
//
if( ! ProcessHandle )
{
printf( "Unable to open process id %d\n", atoi( argv[2] ));
}
else
{
if( ! strcmpi( argv[1], "freeze" ))
{
if( NtSuspendProcess )
{
NtSuspendProcess( ProcessHandle );
}
}
else if( ! strcmpi( argv[1], "thaw" ))
{
if( NtResumeProcess )
{
NtResumeProcess( ProcessHandle );
}
}
else
{
printf( "ice [freeze|thaw] pid\n" );
}
}
//
// Close our process handle.
//
if( ProcessHandle )
{
CloseHandle( ProcessHandle );
}
return 0;
}
/* EOF */
|