Merge pull request #891 from tribes/master

[process][windows] implement suspending and resuming with ntdll library

process/process_windows.go

@@ -18,6 +18,10 @@ import (
 )
 
 var (
+	modntdll             = windows.NewLazySystemDLL("ntdll.dll")
+	procNtResumeProcess  = modntdll.NewProc("NtResumeProcess")
+	procNtSuspendProcess = modntdll.NewProc("NtSuspendProcess")
+
 	modpsapi                     = windows.NewLazySystemDLL("psapi.dll")
 	procGetProcessMemoryInfo     = modpsapi.NewProc("GetProcessMemoryInfo")
 	procGetProcessImageFileNameW = modpsapi.NewProc("GetProcessImageFileNameW")
@@ -680,14 +684,39 @@ func (p *Process) Suspend() error {
 }
 
 func (p *Process) SuspendWithContext(ctx context.Context) error {
-	return common.ErrNotImplementedError
+	c, err := windows.OpenProcess(windows.PROCESS_SUSPEND_RESUME, false, uint32(p.Pid))
+	if err != nil {
+		return err
+	}
+	defer windows.CloseHandle(c)
+
+	r1, _, _ := procNtSuspendProcess.Call(uintptr(unsafe.Pointer(c)))
+	if r1 != 0 {
+		// See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55
+		return fmt.Errorf("NtStatus='0x%.8X'", r1)
+	}
+
+	return nil
 }
+
 func (p *Process) Resume() error {
 	return p.ResumeWithContext(context.Background())
 }
 
 func (p *Process) ResumeWithContext(ctx context.Context) error {
-	return common.ErrNotImplementedError
+	c, err := windows.OpenProcess(windows.PROCESS_SUSPEND_RESUME, false, uint32(p.Pid))
+	if err != nil {
+		return err
+	}
+	defer windows.CloseHandle(c)
+
+	r1, _, _ := procNtResumeProcess.Call(uintptr(unsafe.Pointer(c)))
+	if r1 != 0 {
+		// See https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55
+		return fmt.Errorf("NtStatus='0x%.8X'", r1)
+	}
+
+	return nil
 }
 
 func (p *Process) Terminate() error {