diff --git a/util/win/nt_internals.cc b/util/win/nt_internals.cc
index 8cf96a45..12201620 100644
--- a/util/win/nt_internals.cc
+++ b/util/win/nt_internals.cc
@@ -38,6 +38,10 @@ NTSTATUS NTAPI NtOpenThread(HANDLE* ThreadHandle,
                             OBJECT_ATTRIBUTES* ObjectAttributes,
                             CLIENT_ID* ClientId);
 
+NTSTATUS NTAPI NtSuspendProcess(HANDLE);
+
+NTSTATUS NTAPI NtResumeProcess(HANDLE);
+
 void* NTAPI RtlGetUnloadEventTrace();
 
 namespace crashpad {
@@ -129,6 +133,18 @@ NTSTATUS NtQueryObject(HANDLE handle,
                          return_length);
 }
 
+NTSTATUS NtSuspendProcess(HANDLE handle) {
+  static const auto nt_suspend_process =
+      GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtSuspendProcess);
+  return nt_suspend_process(handle);
+}
+
+NTSTATUS NtResumeProcess(HANDLE handle) {
+  static const auto nt_resume_process =
+      GET_FUNCTION_REQUIRED(L"ntdll.dll", ::NtResumeProcess);
+  return nt_resume_process(handle);
+}
+
 template <class Traits>
 RTL_UNLOAD_EVENT_TRACE<Traits>* RtlGetUnloadEventTrace() {
   static const auto rtl_get_unload_event_trace =
diff --git a/util/win/nt_internals.h b/util/win/nt_internals.h
index 3ced5cc3..0a80fd53 100644
--- a/util/win/nt_internals.h
+++ b/util/win/nt_internals.h
@@ -71,6 +71,10 @@ NTSTATUS NtQueryObject(HANDLE handle,
                        ULONG object_information_length,
                        ULONG* return_length);
 
+NTSTATUS NtSuspendProcess(HANDLE handle);
+
+NTSTATUS NtResumeProcess(HANDLE handle);
+
 // From https://msdn.microsoft.com/en-us/library/bb432428(VS.85).aspx and
 // http://processhacker.sourceforge.net/doc/struct___r_t_l___u_n_l_o_a_d___e_v_e_n_t___t_r_a_c_e.html
 #define RTL_UNLOAD_EVENT_TRACE_NUMBER 64
diff --git a/util/win/scoped_process_suspend.cc b/util/win/scoped_process_suspend.cc
index 4450efb5..fc75ce02 100644
--- a/util/win/scoped_process_suspend.cc
+++ b/util/win/scoped_process_suspend.cc
@@ -16,26 +16,28 @@
 
 #include <winternl.h>
 
-#include "base/logging.h"
+#include "util/win/nt_internals.h"
+#include "util/win/ntstatus_logging.h"
 
 namespace crashpad {
 
-ScopedProcessSuspend::ScopedProcessSuspend(HANDLE process) : process_(process) {
-  typedef NTSTATUS(__stdcall * NtSuspendProcessFunc)(HANDLE);
-  static NtSuspendProcessFunc func = reinterpret_cast<NtSuspendProcessFunc>(
-      GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtSuspendProcess"));
-  NTSTATUS status = func(process_);
-  if (status)
-    LOG(ERROR) << "NtSuspendProcess, ntstatus=" << status;
+ScopedProcessSuspend::ScopedProcessSuspend(HANDLE process) {
+  NTSTATUS status = NtSuspendProcess(process);
+  if (NT_SUCCESS(status)) {
+    process_ = process;
+  } else {
+    process_ = nullptr;
+    NTSTATUS_LOG(ERROR, status) << "NtSuspendProcess";
+  }
 }
 
 ScopedProcessSuspend::~ScopedProcessSuspend() {
-  typedef NTSTATUS(__stdcall * NtResumeProcessFunc)(HANDLE);
-  static NtResumeProcessFunc func = reinterpret_cast<NtResumeProcessFunc>(
-      GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtResumeProcess"));
-  NTSTATUS status = func(process_);
-  if (status)
-    LOG(ERROR) << "NtResumeProcess, ntstatus=" << status;
+  if (process_) {
+    NTSTATUS status = NtResumeProcess(process_);
+    if (!NT_SUCCESS(status)) {
+      NTSTATUS_LOG(ERROR, status) << "NtResumeProcess";
+    }
+  }
 }
 
 }  // namespace crashpad