From 79e55b6b69e9a5e5a59f99f8e34933448500396d Mon Sep 17 00:00:00 2001
From: Tyler Bennett <tbennett6421@users.noreply.github.com>
Date: Wed, 24 Sep 2025 19:48:30 -0500
Subject: [PATCH] Update Program.cs

check for NtSuspendProcess: See EDR-Freeze
---
 HookDetector/Program.cs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/HookDetector/Program.cs b/HookDetector/Program.cs
index 5a4cdc9..4cff35c 100755
--- a/HookDetector/Program.cs
+++ b/HookDetector/Program.cs
@@ -26,6 +26,7 @@ class Program
             "NtResumeThread",
             "NtSetContextThread",
             "NtSetInformationProcess",
+            "NtSuspendProcess",
             "NtSuspendThread",
             "NtUnloadDriver",
             "NtWriteVirtualMemory"
@@ -135,4 +136,5 @@ class Win32
         [DllImport("kernel32.dll", SetLastError = true, CallingConvention = CallingConvention.Winapi)]
         public static extern bool IsWow64Process(IntPtr hProcess, out bool Wow64Process);
     }
-}
\ No newline at end of file
+
+}