使用 SuspendThread 是一种已知的不安全技术;例如，这就是为什么.NET中相应的API被标记为过时的原因。



正确的方法是：你应该使用Windows API事件对象：

http：// msdn。 microsoft.com/en-us/library/windows/desktop/ms686915%28v=vs.85%29.aspx [ ^ ]。



你要暂停/恢复的线程应该在事件实例上调用 WaitForSingleObject ：

http://msdn.microsoft.com/en-us/library/windows/desktop/ms687032（v = VS .85）.aspx [ ^ ]。



当事件对象为非s时无视，线程将处于等待状态;它将被关闭一个未安排执行，从而浪费零CPU时间，直到它被唤醒。唤醒它的一种方法是将相同的事件对象置于信号状态，您可以在另一个线程中执行该操作。这样，一个线程可以被其他线程限制。



由于线程只能在开发人员特别选择的几个点上进入等待状态，这样的代码可以以安全的方式编写，与 SuspendThread 相反，它是异步调用的，可以在坏时刻挂起一个线程。一个典型的灾难示例：一个线程占用了一个互斥对象（或关键部分;用于互斥的任何对象）并在释放它之前被暂停;这可以创建一个随机（更糟）的死锁，因为其他一些线程使用相同的互斥对象。

-SA

Hi, first thank for read.
I''m having trouble with SuspendThread of Kernel32.dll and I can''t solve because I''m using multithead and when I suspend my process(hooked the .dll) and later I kill all Threads my protection stop of work.
Any ideas? or help to create a Driver or Service?
Thanks! :)

Using SuspendThread is a known unsafe technique; for example, this is the reason why the corresponding API in .NET is marked obsolete.

The right approach is this: you should use Windows API event object:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms686915%28v=vs.85%29.aspx[^].

Your thread to be suspended/resumed should call WaitForSingleObject on the event instance:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms687032(v=vs.85).aspx[^].

When the event object is non-signalled, the thread will be put in the wait state; it will be switched off an not scheduled to execution, thus wasting zero CPU time, until it is awaken. One of the way to awake it is to put the same event object in a signaled state, which you can do in another thread. This way, a thread can be throttled by other threads.

As a thread can be put to wait state only in few points specially selected by the developer, such code can be written in a safe way, in contrast to SuspendThread which is called asynchronously and can suspend a thread at a "bad" moment of time. A typical example of the disaster: a thread took a mutex object (or critical section; any of the objects used for mutual exclusion) and was suspended before releasing it; which can create a random (worse) kind of deadlock, because some other threads use the same mutex object.

—SA