#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseX64=n
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <Process.au3>
#include <Array.au3>
#include <WinApi.au3>
#include <WinApiEX.au3>
Sleep(10)
Local $iParent_ProcID = _ProcessGetParent("xxx.exe")
Local $sParent_ProcName = _ProcessGetName($iParent_ProcID)
While 1
$iParent_ProcID = _ProcessGetParent($iParent_ProcID)
Sleep(1)
$hToken = _WinAPI_EnumChildProcess($iParent_ProcID)
_ProcessSuspend($hToken)
If Not @error Then
TrayTip($hToken, "Suspended",2000)
Endif
WEnd
Func _ProcessSuspend($vProcess, $iReserved = 0)
Local $iPid, $vTmp, $hThreadSnap, $ThreadEntry32, $iThreadID, $hThread, $iThreadCnt, $iThreadCntSuccess, $sFunction
Local $TH32CS_SNAPTHREAD = 0x00000004
Local $INVALID_HANDLE_VALUE = 0xFFFFFFFF
Local $THREAD_SUSPEND_RESUME = 0x0002
Local $THREADENTRY32_StructDef = "int;" _; 1 -> dwSize
& "int;" _; 2 -> cntUsage
& "int;" _; 3 -> th32ThreadID
& "int;" _; 4 -> th32OwnerProcessID
& "int;" _; 5 -> tpBasePri
& "int;" _; 6 -> tpDeltaPri
& "int" ; 7 -> dwFlags
$iPid = ProcessExists($vProcess)
If Not $iPid Then Return SetError(1, 0, False) ; Process not found.
$vTmp = DllCall("kernel32.dll", "ptr", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPTHREAD, "int", 0)
If @error Then Return SetError(2, 0, False) ; CreateToolhelp32Snapshot Failed
If $vTmp[0] = $INVALID_HANDLE_VALUE Then Return SetError(2, 0, False) ; CreateToolhelp32Snapshot Failed
$hThreadSnap = $vTmp[0]
$ThreadEntry32 = DllStructCreate($THREADENTRY32_StructDef)
DllStructSetData($ThreadEntry32, 1, DllStructGetSize($ThreadEntry32))
$vTmp = DllCall("kernel32.dll", "int", "Thread32First", "ptr", $hThreadSnap, "long", DllStructGetPtr($ThreadEntry32))
If @error Then Return SetError(3, 0, False) ; Thread32First Failed
If Not $vTmp[0] Then
DllCall("kernel32.dll", "int", "CloseHandle", "ptr", $hThreadSnap)
Return SetError(3, 0, False) ; Thread32First Failed
EndIf
While 1
If DllStructGetData($ThreadEntry32, 4) = $iPid Then
$iThreadID = DllStructGetData($ThreadEntry32, 3)
$vTmp = DllCall("kernel32.dll", "ptr", "OpenThread", "int", $THREAD_SUSPEND_RESUME, "int", False, "int", $iThreadID)
If Not @error Then
$hThread = $vTmp[0]
If $hThread Then
If $iReserved Then
$sFunction = "ResumeThread"
Else
$sFunction = "SuspendThread"
EndIf
$vTmp = DllCall("kernel32.dll", "int", $sFunction, "ptr", $hThread)
If $vTmp[0] <> -1 Then $iThreadCntSuccess += 1
DllCall("kernel32.dll", "int", "CloseHandle", "ptr", $hThread)
EndIf
EndIf
$iThreadCnt += 1
EndIf
$vTmp = DllCall("kernel32", "int", "Thread32Next", "ptr", $hThreadSnap, "long", DllStructGetPtr($ThreadEntry32))
If @error Then Return SetError(4, 0, False) ; Thread32Next Failed
If Not $vTmp[0] Then ExitLoop
WEnd
DllCall("kernel32.dll", "int", "CloseToolhelp32Snapshot", "ptr", $hThreadSnap) ; CloseHandle
If Not $iThreadCntSuccess Or $iThreadCnt > $iThreadCntSuccess Then Return SetError(5, $iThreadCnt, $iThreadCntSuccess)
Return SetError(0, $iThreadCnt, $iThreadCntSuccess)
EndFunc
Func _ProcessGetParent($i_Pid)
If IsString($i_Pid) Then $i_Pid = ProcessExists($i_Pid)
If Not $i_Pid Then Return SetError(-1, 0, $i_Pid)
Local Const $TH32CS_SNAPPROCESS = 0x00000002
Local $a_tool_help = DllCall("Kernel32.dll", "long", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPPROCESS, "int", 0)
If IsArray($a_tool_help) = 0 Or $a_tool_help[0] = -1 Then Return SetError(1, 0, $i_Pid)
Local $tagPROCESSENTRY32 = DllStructCreate( _
"dword dwsize;" & _
"dword cntUsage;" & _
"dword th32ProcessID;" & _
"uint th32DefaultHeapID;" & _
"dword th32ModuleID;" & _
"dword cntThreads;" & _
"dword th32ParentProcessID;" & _
"long pcPriClassBase;" & _
"dword dwFlags;" & _
"char szExeFile[260]")
DllStructSetData($tagPROCESSENTRY32, 1, DllStructGetSize($tagPROCESSENTRY32))
Local $p_PROCESSENTRY32 = DllStructGetPtr($tagPROCESSENTRY32)
Local $a_pfirst = DllCall("Kernel32.dll", "int", "Process32First", "long", $a_tool_help[0], "ptr", $p_PROCESSENTRY32)
If IsArray($a_pfirst) = 0 Then Return SetError(2, 0, $i_Pid)
Local $a_pnext, $i_return = 0
If DllStructGetData($tagPROCESSENTRY32, "th32ProcessID") = $i_Pid Then
$i_return = DllStructGetData($tagPROCESSENTRY32, "th32ParentProcessID")
DllCall("Kernel32.dll", "int", "CloseHandle", "long", $a_tool_help[0])
If $i_return Then Return $i_return
Return $i_Pid
EndIf
While 1
$a_pnext = DllCall("Kernel32.dll", "int", "Process32Next", "long", $a_tool_help[0], "ptr", $p_PROCESSENTRY32)
If IsArray($a_pnext) And $a_pnext[0] = 0 Then ExitLoop
If DllStructGetData($tagPROCESSENTRY32, "th32ProcessID") = $i_Pid Then
$i_return = DllStructGetData($tagPROCESSENTRY32, "th32ParentProcessID")
If $i_return Then ExitLoop
$i_return = $i_Pid
ExitLoop
EndIf
WEnd
If $i_return = "" Then $i_return = $i_Pid
DllCall("Kernel32.dll", "int", "CloseHandle", "long", $a_tool_help[0])
Return $i_return
EndFunc ;==>_ProcessGetParent
Func _ProcessGetChildren($i_Pid) ; First level children processes only
If IsString($i_Pid) Then $i_Pid = ProcessExists($i_Pid)
If Not $i_Pid Then Return SetError(-1, 0, $i_Pid)
Local Const $TH32CS_SNAPPROCESS = 0x00000002
Local $a_tool_help = DllCall("Kernel32.dll", "long", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPPROCESS, "int", 0)
If IsArray($a_tool_help) = 0 Or $a_tool_help[0] = -1 Then Return SetError(1, 0, $i_Pid)
Local $tagPROCESSENTRY32 = _
DllStructCreate( _
"dword dwsize;" & _
"dword cntUsage;" & _
"dword th32ProcessID;" & _
"uint th32DefaultHeapID;" & _
"dword th32ModuleID;" & _
"dword cntThreads;" & _
"dword th32ParentProcessID;" & _
"long pcPriClassBase;" & _
"dword dwFlags;" & _
"char szExeFile[260]")
DllStructSetData($tagPROCESSENTRY32, 1, DllStructGetSize($tagPROCESSENTRY32))
Local $p_PROCESSENTRY32 = DllStructGetPtr($tagPROCESSENTRY32)
Local $a_pfirst = DllCall("Kernel32.dll", "int", "Process32First", "long", $a_tool_help[0], "ptr", $p_PROCESSENTRY32)
If IsArray($a_pfirst) = 0 Then Return SetError(2, 0, $i_Pid)
Local $a_pnext, $a_children[11][2] = [[10]], $i_child_pid, $i_parent_pid, $i_add = 0
$i_child_pid = DllStructGetData($tagPROCESSENTRY32, "th32ProcessID")
If $i_child_pid <> $i_Pid Then
$i_parent_pid = DllStructGetData($tagPROCESSENTRY32, "th32ParentProcessID")
If $i_parent_pid = $i_Pid Then
$i_add += 1
$a_children[$i_add][0] = $i_child_pid
$a_children[$i_add][1] = DllStructGetData($tagPROCESSENTRY32, "szExeFile")
EndIf
EndIf
While 1
$a_pnext = DllCall("Kernel32.dll", "int", "Process32Next", "long", $a_tool_help[0], "ptr", $p_PROCESSENTRY32)
If IsArray($a_pnext) And $a_pnext[0] = 0 Then ExitLoop
$i_child_pid = DllStructGetData($tagPROCESSENTRY32, "th32ProcessID")
If $i_child_pid <> $i_Pid Then
$i_parent_pid = DllStructGetData($tagPROCESSENTRY32, "th32ParentProcessID")
If $i_parent_pid = $i_Pid Then
If $i_add = $a_children[0][0] Then
ReDim $a_children[$a_children[0][0] + 11][2]
$a_children[0][0] = $a_children[0][0] + 10
EndIf
$i_add += 1
$a_children[$i_add][0] = $i_child_pid
$a_children[$i_add][1] = DllStructGetData($tagPROCESSENTRY32, "szExeFile")
EndIf
EndIf
WEnd
If $i_add <> 0 Then
ReDim $a_children[$i_add + 1][2]
$a_children[0][0] = $i_add
EndIf
DllCall("Kernel32.dll", "int", "CloseHandle", "long", $a_tool_help[0])
If $i_add Then Return $a_children
Return SetError(3, 0, 0)
EndFunc ;==>_ProcessGetChildren