Suspend vs Freeze #1854
Suspend vs Freeze
#1854
-
What's the difference between Suspend I see is from |
Beta Was this translation helpful? Give feedback.
Answered by
diversenok
Oct 1, 2023
Replies: 1 comment 3 replies
-
What does PhFreezeProcess call instead of NtSuspendProcess? |
Beta Was this translation helpful? Give feedback.
3 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Freezing is a stronger version of suspension that cannot be undone via resuming (only thawing). Effectively, when a process is frozen, it adds an additional (permanent) +1 to the suspension counter of each thread. The current implementation of
PhFreezeProcess
uses state change objects, so it performs freezing, not suspension.If you're interested in more details, I have a repository about this topic. It is slightly outdated (doesn't cover freeze-bypassing threads, for instance) but can still shed some light on the topic.