NtQueryInformationProcess
NtQueryInformationProcess is an internal Windows function that retrieves various kinds of information about a specified process. Because this function may change in future versions of Windows, use public functions instead where possible, as described below.
NTSTATUS NtQueryInformationProcess(
HANDLE ProcessHandle,
PROCESSINFOCLASS ProcessInformationClass,
PVOID ProcessInformation,
ULONG ProcessInformationLength,
PULONG ReturnLength
);
Parameters
ProcessHandle
[in] Handle to the process about which information is being requested.
ProcessInformationClass
[in] One of the values enumerated in PROCESSINFOCLASS, that specifies what kind of process information is to be returned. These include:
ProcessBasicInformation
ProcessWow64Information
ProcessInformation
[in, out] Pointer to a buffer supplied by the calling application into which the function writes the requested information. The size of the information written varies depending on the value of the ProcessInformationClass parameter:
PROCESS_BASIC_INFORMATION
ULONG_PTR
ProcessInformationLength
[in] Size of the buffer pointed to by the ProcessInformation parameter, in bytes.
ReturnLength
[in, optional] Pointer to a variable in which the function returns the size of the requested information. If the function was successful, this is the size of the information written to the buffer pointed to by the ProcessInformation parameter, but if the buffer was too small, this is the minimum size of buffer needed to receive the information successfully.
Return Values
Returns a success NTSTATUS if successful, and an NTSTATUS error code otherwise.
The forms and significance of NTSTATUS error codes are listed in the ntstatus.h header file available in the Windows Device Driver Kit (DDK), and are described in the DDK documentation under Kernel-Mode Driver Architecture / Design Guide / Driver Programming Techniques / Logging Errors.
Remarks
The NtQueryInformationProcess function and the structures that it returns are internal to the operating system and subject to change from one release of Windows to another. To maintain the compatiblity of your application, it is better to use public functions mentioned above instead.
If you do use NtQueryInformationProcess, access the function through run-time dynamic linking as shown in the example below. This gives your code an opportunity to respond gracefully if the function has been changed or removed from the operating system. Signature changes, however, may not be detectable.
Requirements
Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Header: Declared in Winternl.h.
