问题
Is there any possible way to protect an exe from being suspended ?
Note that the i'm the owner of the application.
回答1:
There are tools such as Sysinternals ProcessExpert that allows you to suspend any process. If the user has admin authorisations there is no way to avoid this.
This SO answer shows three solutions to suspend a windows process.
However there is a way to make this extremely difficult : the solution consist of having a shadow process for your application. The application and the shadow process then shall monitor each other's suspension status and resume the suspended process if necessary:
as processes have to be suspended one after the other, this twin approach ensures that one of the two process is active and can prevent the suspension.
however this constant monitoring is CPU consuming, so you'd really think whether it's necessary to do so, and acceptable for your application's performance.
If you want to prevent suspension to avoid reverse engineering of your code with a debugger, you have another more effective option. You insert several timer calls throughout your critical pieces of code, and check if abnormal execution time reveals suspension/debugging and if it's the case, you stop your code.
回答2:
According to msdn. You need to disable the THREAD_SUSPEND_RESUME access right when creating the thread. This will prevent it from being suspended
来源:https://stackoverflow.com/questions/28354896/c-protect-process-from-being-suspended