So here's how to suspend a process via Windows API

I'd been trying to figure it out for a long time. You can use TerminateThread to terminate a thread, or SuspendThread to suspend a thread. While TerminateProcess is the process equivalent to TerminateThread, it appears at first that there is no process equivalent to SuspendThread. There is no SuspendProcess. Of course you can use the Tool Help functions to enumerate all the threads of a process and then suspend each thread separately with SuspendThread, this makes a simple task unnecesarilly complicated, and also there's no guaranty that, if one thread depends on the activity of another thread, that you won't mess up this thread-to-thread interaction. It appears at first that there's just no reasonable workaround for this lack of a SuspendProcess API function. But there is a workaround. In fact it's part of the Windows API. It's just not documented (even the name of the function never appears in the official MSDN website). You see, there's this really neat function in ntdll.dll called NtSuspendProcess, as well as NtResumeProcess so you can get the suspended process running again. And they work exactly as expected. Both functions take only one argument, the handle to the process to be suspended or resumed.

Theoretically you are never supposed to use undocumented functions when writing a program, because there's no guaranty that Microsoft is going to keep those functions in their system DLL files indefinitely. However, I'm using a PC with Windows 7 with SP1, and both of these functions work fine so far. And according to stuff I've read online, these function first became available in Windows XP, so it should work in XP, Vista, and 7 (not making any promises about 8, 8.1, or 10 though). Below are the Declare statements for these 2 functions.

They appear to work on a counter system. Each time you run the NtSupsendProcess function, it must increment a counter, because in order to resume the process you need to run the NtResumeProcess just as many times as you ran the NtSuspendProcess function. Running NtResumeProcess more times has no effect at all (for example, you don't need to run NtSuspendProcess just as many times as you ran NtResumeProcess in order to suspend the process). As for the function's return value, I don't know what it is supposed to be, but I've found it always is 0. I assume 0 means the function had no error, and that a non-zero value would indicate that the function failed to work. This applies for both the NtSuspendProcess and NtResumeProcess functions. As for what process access rights these functions need, I don't know, since they are undocumented. However they have always worked for me when I use them on any process opened with OpenProcess and when I use the constant MAXIMUM_ALLOWED (value = &H2000000) for the access flags in the OpenProcess function (which guaranties that the OpenProcess function doesn't fail, and that all access rights that my application is allowed when interacting with the target process are in fact activated).