NtCreateProfile - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTEXAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateProfile(
    _Out_ PHANDLE ProfileHandle,
    _In_opt_ HANDLE Process,
    _In_ PVOID ProfileBase,
    _In_ SIZE_T ProfileSize,
    _In_ ULONG BucketSize,
    _In_reads_bytes_(BufferSize) PULONG Buffer,
    _In_ ULONG BufferSize,
    _In_ KPROFILE_SOURCE ProfileSource,
    _In_ KAFFINITY Affinity
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateProfile(
    _Out_ PHANDLE ProfileHandle,
    _In_opt_ HANDLE Process,
    _In_ PVOID ProfileBase,
    _In_ SIZE_T ProfileSize,
    _In_ ULONG BucketSize,
    _In_reads_bytes_(BufferSize) PULONG Buffer,
    _In_ ULONG BufferSize,
    _In_ KPROFILE_SOURCE ProfileSource,
    _In_ KAFFINITY Affinity
    );

#endif

View code on GitHub

Function NtCreateProfile creates Profile Object.

Profile Objects are used for application profiling. There're 24 profile counters defined in KPROFILE_SOURCE enumeration type. Single Profile Object can be used to get information from one performance counter.

ProfileHandle

Result of call - HANDLE to Profile Object.

Process

HANDLE to Process Object to profile. Not required if profiled code is placed in Kernel address space (above 0x80000000).

ImageBase

Start address of profiling.

ImageSize

Size of profiled memory block.

BucketSize

??? (cannot be less than 2).

Buffer

Caller's allocated buffer for data.

BufferSize

Size of buffer, in bytes.

ProfileSource

Identifier of performance counter. See KPROFILE_SOURCE enumeration type for possible values.

Affinity

Processor affinity mask. It defines processors to ask about performance counter.

Documented by

Requirements

Privilege for UserMode: SE_PROF_SINGLE_PROCESS_PRIVILEGE Privilege for KernelMode: SE_SYSTEM_PROFILE_PRIVILEGE

See also

Edit description on GitHub