I have a, well, disobedient program which, as I continue exploring it, shows some very interesting, possibly dangerous programming techniques. I do not have the source for this program. One of the things I have noticed is that attempting to suspend it results in it not suspending; it just seems to shrug off the attempt like it's a mere suggestion. Now I am curious how it is able to do this. I am a Computer Scientist, though I am not educated in cyber-security; this stuff is somewhat new to me. I am using NtSuspendProcess to attempt to make the program suspend.
Can a thread monitor another thread for attempts at suspending, and override this? How would you go about doing this? Is there some sort of pipeline or queue for suspend attempts, like a message queue? How should I go about making this program suspend, so I can get a better look at it?
