PsSuspend - CMD

Overview

PsSuspend is a command-line utility for Windows that allows users to suspend and resume processes. It is primarily used for managing the state of processes on a system, which can be useful in system administration, debugging, and controlling resource usage. By freezing the activity of a process, users can temporarily halt its operations without terminating it, allowing for a controlled management and analysis.

Syntax

The basic syntax for PsSuspend is as follows:

PsSuspend [-r] <pid | name> [...]

• <pid | name>: Specify the target process by its Process ID (PID) or by its name. If a name is provided, all processes with that name will be affected.
• [...]: This allows specifying multiple PIDs or names.

Variations

• To resume a suspended process:

  PsSuspend -r <pid | name>
  

Options/Flags

• -r: This flag is used to resume a previously suspended process. Without this flag, the default action is to suspend the process(es).

Examples

1. Suspend a process by PID:

   PsSuspend 1234
   

   This command suspends the process with PID 1234.

2. Suspend multiple processes by their PIDs:

   PsSuspend 1234 5678 9101
   

   This suspends processes with PIDs 1234, 5678, and 9101.

3. Resume a process by name:

   PsSuspend -r notepad
   

   Resumes all processes named “notepad”.

Common Issues

• Access Denied: Users might encounter this if they do not have sufficient privileges to manipulate the state of a process. Running the command prompt as an administrator can resolve this issue.
• Process not found: Ensure the correct PID or process name is provided. Using the task manager or tasklist command can help verify existing processes.

Integration

PsSuspend can be integrated with other commands for powerful automation and management scripts. For instance:

• Creating a maintenance script:

  PsSuspend myservice
  perform-maintenance.bat
  PsSuspend -r myservice
  

  This script suspends “myservice”, runs a maintenance batch file, and then resumes the service.

• Combining with PsList for conditional suspension:

  for /f "tokens=1" %%i in ('PsList | find "chrome"') do PsSuspend %%i
  

  This command suspends all instances of Chrome browsers conditionally, based on the output of PsList.

Related Commands

• PsList: Provides a list of detailed information about processes.
• tasklist: Displays a list of currently running processes on a local or a remote machine.
• taskkill: Used to terminate tasks by process ID or image name.

Further reading and more detailed information about the PsSuspend command can be accessed through Sysinternals or Microsoft’s official documentation websites.