NtQueryInformationProcess - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers

#ifndef _NTPSAPI_H
// Processes
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationProcess(
    _In_ HANDLE ProcessHandle,
    _In_ PROCESSINFOCLASS ProcessInformationClass,
    _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
    _In_ ULONG ProcessInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryInformationProcess(
    _In_ HANDLE ProcessHandle,
    _In_ PROCESSINFOCLASS ProcessInformationClass,
    _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
    _In_ ULONG ProcessInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
View code on GitHub

This function is documented in Windows SDK.

ProcessHandle

Handle to process opened with PROCESS_QUERY_INFORMATION access.

ProcessInformationClass

See PROCESS_INFORMATION_CLASS.

ProcessInformation

Buffer for results.

ProcessInformationLength

Length of buffer. See PROCESS_INFORMATION_CLASS for additional information.

ReturnLength

Number of bytes needed, if ProcessInformationLength was too small.

Documented by

ReactOS
Sven B. Schreiber
Tomasz Nowak

See also

NtCreateProcess
NtOpenProcess
NtSetInformationProcess
PROCESS_INFORMATION_CLASS

Edit description on GitHub