KERNEL_USER_TIMES - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The KERNEL_USER_TIMES structure contains timing information for a process or thread.
 *
 * \remarks https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-getthreadtimes
 */
typedef struct _KERNEL_USER_TIMES
{
    LARGE_INTEGER CreateTime;        // The creation time of the process or thread.
    LARGE_INTEGER ExitTime;          // The exit time of the process or thread.
    LARGE_INTEGER KernelTime;        // The amount of time the process has executed in kernel mode.
    LARGE_INTEGER UserTime;          // The amount of time the process has executed in user mode.
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;

#endif
#endif

View code on GitHub

NtDoc

This structure describes the timing information for threads.

Applicable to

Members

CreateTime

The number of 100-nanosecond intervals since the 1st of January 1600 to the creation of the thread/process.

ExitTime

The number of 100-nanosecond intervals since 1st of January 1600 to the termination of the thread/process.

KernelTime

The number of 100-nanosecond intervals spent by the thread(s) executing in kernel mode.

UserTime

The number of 100-nanosecond intervals spent by the thread(s) executing in user mode.

Edit description on GitHub