标题: [系统相关] 请问cmd下有没有能暂停进程的线程的程序 [打印本页]
作者: sigma36 时间: 2014-4-5 21:47 标题: 请问cmd下有没有能暂停进程的线程的程序
本帖最后由 sigma36 于 2014-4-5 23:49 编辑
学校用的netkeeper上网,会检测共享,检测模块是在netkeeper.exe进程中的一个线程实现的,暂停该线程即可避免检测,目前我只知道pslist能查看线程,请问有没有能暂停线程的程序可以使用,顺便求帮忙写一键bat
首先用tasklist命令获取netkeeper.exe的pid- C:\Users\Administrator>tasklist /FI "IMAGENAME eq netkeeper.exe"
-
- 映像名称 PID 会话名 会话# 内存使用
- ========================= ======== ================ =========== ============
- NetKeeper.exe 1064 Console 1 54,464 K
然后用pslist命令获取netkeeper.exe的线程- C:\Users\Administrator\Desktop>pslist -x 1064
-
- pslist v1.29 - Sysinternals PsList
- Copyright (C) 2000-2009 Mark Russinovich
- Sysinternals
-
- Process and thread information for 1310ZGP:
-
- Name Pid VM WS Priv Priv Pk Faults NonP Page
- NetKeeper 1064 312164 54512 33756 35088 17844 53 463
- Tid Pri Cswtch State User Time Kernel Time Elapsed Time
- 6068 12 36138 Wait:Suspended 0:00:00.436 0:00:00.265 0:18:03.831
- 6128 3 11660 Wait:UserReq 0:00:00.000 0:00:00.000 0:18:03.630
- 6096 12 89 Wait:UserReq 0:00:00.000 0:00:00.000 0:18:03.610
- 6108 10 4 Wait:UserReq 0:00:00.000 0:00:00.000 0:18:00.527
- 5832 10 5 Wait:UserReq 0:00:00.000 0:00:00.000 0:17:53.423
- 2724 10 9 Wait:UserReq 0:00:00.000 0:00:00.000 0:17:53.311
- 5772 11 495 Wait:UserReq 0:00:00.000 0:00:00.000 0:17:53.307
- 3800 10 13 Wait:UserReq 0:00:00.000 0:00:00.000 0:17:53.171
- 5316 10 966 Wait:Queue 0:00:00.031 0:00:00.000 0:17:53.165
- 5320 7 95 Wait:UserReq 0:00:00.000 0:00:00.000 0:17:53.162
- 5336 10 48 Wait:UserReq 0:00:00.031 0:00:00.000 0:17:53.162
- 2540 10 8203 Wait:UserReq 0:00:00.000 0:00:00.000 0:17:53.153
- 5328 10 2 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.148
- 5312 10 2 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.148
- 1624 10 5 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.148
- 6076 10 2 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.148
- 6072 10 4 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.148
- 4808 10 2 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 1012 10 5 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 3272 10 3 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 5332 10 4 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 3792 10 4 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 6044 10 2 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 6048 11 3 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 5252 10 5 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 5220 10 2 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 3976 10 3 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 5140 10 3 Wait:Queue 0:00:00.000 0:00:00.000 0:17:53.147
- 5552 8 5 Wait:Queue 0:00:00.000 0:00:00.000 0:02:18.353
- 6000 8 8 Wait:Queue 0:00:00.000 0:00:00.000 0:02:18.353
- 3580 8 3 Wait:Queue 0:00:00.000 0:00:00.000 0:00:48.399
- 5940 8 8 Wait:Queue 0:00:00.000 0:00:00.000 0:00:48.398
其中第一个线程6068就是负责检测的线程,线程ID每次可能不同,但永远是在第一位,可能是比较活跃的原因吧
作者: PowerShell 时间: 2014-4-6 13:03
顺便求帮忙写一键bat
首先用tasklist命令获取netkeeper.exe的pid
powershell代码- (get-process netkeeper).id
作者: DAIC 时间: 2014-4-6 16:49
回复 2# PowerShell
这样无法暂停线程吧
作者: CrLf 时间: 2014-4-6 23:36
这个不知道是否有用:
http://www.51xue8xue8.com/thread-553-1-1.html
作者: qzwqzw 时间: 2014-4-8 12:06
可以尝试使用pausep暂停进程的所有线程
http://www.codeproject.com/Artic ... suspend-resume-tool
作者: CrLf 时间: 2014-4-8 18:10
回复 5# qzwqzw
森马!脚踩七色祥云头顶万丈霞光的qzw大神降临了...偶像您好,while(1){膜拜();}
| 欢迎光临 批处理之家 (http://www.bathome.net/) |
Powered by Discuz! 7.2 |