RtlSetProcessIsCritical - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTRTL_H
/**
* The RtlSetProcessIsCritical function sets or clears the critical status of the current process.
*
* \param NewValue TRUE to mark the process as critical, FALSE to clear.
* \param OldValue Optional pointer to receive the previous critical status.
* \param CheckFlag If TRUE, checks for certain conditions before setting.
* \return NTSTATUS Successful or errant status.
* \remarks A critical process will cause a system bugcheck if terminated.
*/
NTSYSAPI
NTSTATUS
STDAPIVCALLTYPE
RtlSetProcessIsCritical(
_In_ BOOLEAN NewValue,
_Out_opt_ PBOOLEAN OldValue,
_In_ BOOLEAN CheckFlag
);
View code on GitHubAdjusts the critical state of the current process. Termination of a critical process causes a BSOD. Calling this function requires SeDebugPrivilege.
NewValue - a boolean indicating whether to set or to clear the critical flag.OldValue - an optional pointer to a boolean indicating whether the critical flag was previously set.CheckFlag - a boolean indicating whether the function should honor the FLG_ENABLE_SYSTEM_CRIT_BREAKS global flag.STATUS_UNSUCCESSFUL - the caller specified CheckFlag and the global flags indicate the use of critical processes is disabled.STATUS_PRIVILEGE_NOT_HELD - the caller doesn't have the SeDebugPrivilege enabled in the token.This function uses NtQueryInformationProcess and NtSetInformationProcess with the PROCESSINFOCLASS value of ProcessBreakOnTermination (29) on the current process.