NtCreateThreadStateChange - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_VERSION >= PHNT_WIN11)

/**
 * Creates a state change handle for changing the suspension state of a process.
 *
 * @param ProcessStateChangeHandle A pointer to a variable that receives the handle.
 * @param DesiredAccess The access rights desired for the handle.
 * @param ObjectAttributes Optional attributes for the handle.
 * @param ProcessHandle A handle to the process.
 * @param Reserved Reserved for future use.
 * @return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateThreadStateChange(
    _Out_ PHANDLE ThreadStateChangeHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_opt_ PCOBJECT_ATTRIBUTES ObjectAttributes,
    _In_ HANDLE ThreadHandle,
    _In_opt_ ULONG64 Reserved
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateThreadStateChange(
    _Out_ PHANDLE ThreadStateChangeHandle,
    _In_ ACCESS_MASK DesiredAccess,
    _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
    _In_ HANDLE ThreadHandle,
    _In_opt_ ULONG64 Reserved
    );

#endif

View code on GitHub

Creates a new thread state object. This object offers a more resilient alternative to suspending threads, tying the duration of the operation to the lifetime of the state object. To change the state of the thread state object, use NtChangeThreadState.

Parameters

Remarks

To avoid retaining unused resources, call NtClose to close the returned handle when it is no longer required. When the reference counter on the thread state object drops to zero, the system automatically undoes the effect of the state changes on the associated thread.

Related Win32 API

This functionality is not exposed in Win32 API.

Required OS version

This function was introduced in Windows 11.

See also

Edit description on GitHub