When the suspender DLL is loaded inside a process, it will wait for 60 seconds and then suspend all the threads of the host process. If you want another delay, just change the name of the file by appending the number of seconds to sleep. For example, suspender10.dll will wait for 10 seconds before suspending the process.
To resume the process, you can use Process Explorer.
I’ve used this DLL to analyze malware and to disable some unwanted programs without killing them.
And from now on, I’ll try to release 32-bit and 64-bit versions of my tools.
Download:
Suspender_V0_0_0_3.zip (https)
MD5: C87FCAB2586C6154B58FB0F95FBB1FBE
SHA256: 56D0C641569E99AC31C7590DE513025E21166747565B73C5EBE34346616FFB2F
Didier Stevens 
Hello Didier,
Why not just use Process Explorer for suspending? Seems easier.
By the way, I really like the idea with the filename. 🙂
Ori.
Comment by Ori Lahav — Wednesday 27 April 2011 @ 21:20
@Ori Lahav Because you can’t use PE to automate this. If you use my LoadDLLViaAppInit DLL to load suspender.dll automatically at proces creation, you can automatically suspend a process after it’s created (60s by default).
Comment by Didier Stevens — Wednesday 27 April 2011 @ 22:36
[…] de Didier Stevens, gèle tous les threads d’un processus hĂ´te dans lequel il est installĂ©. L’action de ce sympathique outil d’analyse peut ĂŞtre dĂ©bloquĂ©e […]
Pingback by En Bref … - CNIS mag — Monday 2 May 2011 @ 12:43
[…] Recently Didier Stevens wrote ‘Suspender.dll’ which is a DLL that will suspend a process and all of it’s child processes after a delay. 60 seconds is it’s default but you can rename the DLL to add a number (as such ‘Suspender10.dll’ for 10 seconds) to make the delay whatever you wish. You can find the blog post and download here: https://blog.didierstevens.com/2011/04/27/suspender-dll/ […]
Pingback by Actual Security » Remote DLL Injection with Meterpreter — Tuesday 31 May 2011 @ 6:37
[…] Recently Didier Stevens wrote ‘Suspender.dll’ which is a DLL that will suspend a process and all of it’s child processes after a delay. 60 seconds is it’s default but you can rename the DLL to add a number (as such ‘Suspender10.dll’ for 10 seconds) to make the delay whatever you wish. You can find the blog post and download here: https://blog.didierstevens.com/2011/04/27/suspender-dll/ […]
Pingback by cmdline » Blog Archive » Remote DLL Injection with Meterpreter — Tuesday 31 May 2011 @ 17:40
[…] Recently Didier Stevens wrote ‘Suspender.dll’ which is a DLL that will suspend a process and all of it’s child processes after a delay. 60 seconds is it’s default but you can rename the DLL to add a number (as such ‘Suspender10.dll’ for 10 seconds) to make the delay whatever you wish. You can find the blog post and download here: https://blog.didierstevens.com/2011/04/27/suspender-dll/ […]
Pingback by Remote DLL Injection with Meterpreter — Friday 10 June 2011 @ 4:21
[…] meterpreter) La librerĂa que se ha venido mencionando es Suspender.dll y se puede descargar desde: https://blog.didierstevens.com/2011/04/27/suspender-dll/ Como indica la informaciĂłn contenida en el enlace anterior, el uso de la librerĂa es muy […]
Pingback by Intentando evadir mecanismos y restricciones de Seguridad – Desactivando procesos resilientes en una máquina comprometida – Parte XV « Seguridad en Sistemas y Tecnicas de Hacking. — Wednesday 14 March 2012 @ 17:04
[…] Suspender is a DLL that suspends all threads of a process. […]
Pingback by Update: Suspender V0.0.0.4 | Didier Stevens — Monday 21 October 2013 @ 10:19