Just a follow up to my previous post. One of the things that sets that method apart is the fact that the suspension (once the DLL injection occurs) comes from within the process, and it suspends all the child processes as well.
Another way you can do this without the injection is just sending a suspend to all the threads in the process.
pid = 2980 targetprocess = client.sys.process.open(pid, PROCESS_ALL_ACCESS) targetprocess.![]()
![]()
![]()
![]()
![]()
↧