NtCreateProcessStateChange - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_VERSION >= PHNT_WIN11)

/**
 * Creates a state change handle for changing the suspension state of a process.
 *
 * @param ProcessStateChangeHandle A pointer to a variable that receives the handle.
 * @param DesiredAccess The access rights desired for the handle.
 * @param ObjectAttributes Optional attributes for the handle.
 * @param ProcessHandle A handle to the process.
 * @param Reserved Reserved for future use.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateProcessStateChange(
    _Out_ PHANDLE ProcessStateChangeHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_opt_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_ HANDLE ProcessHandle,
    _In_opt_ _Reserved_ ULONG64 Reserved
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateProcessStateChange(
    _Out_ PHANDLE ProcessStateChangeHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_opt_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_ HANDLE ProcessHandle,
    _In_opt_ _Reserved_ ULONG64 Reserved
    );

#endif

View code on GitHub

Creates a new process state object. This object offers a more resilient alternative to suspending processes, tying the duration of the operation to the lifetime of the state object. To change the state of the process state object, use NtChangeProcessState.

Parameters

Remarks

To avoid retaining unused resources, call NtClose to close the returned handle when it is no longer required. When the reference counter on the process state object drops to zero, the system automatically undoes the effect of the state changes on the associated process.

Related Win32 API

This functionality is not exposed in Win32 API.

Required OS version

This function was introduced in Windows 11.

See also

Edit description on GitHub