NtCreateProfile - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTEXAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The NtCreateProfile routine creates a profile object for performance monitoring.
 *
 * \param ProfileHandle A pointer to a variable that receives the handle to the profile object.
 * \param Process Optional handle to the process to be profiled. If NULL, the current process is used.
 * \param ProfileBase The base address of the region to be profiled.
 * \param ProfileSize The size, in bytes, of the region to be profiled.
 * \param BucketSize The size, in bytes, of each bucket in the profile buffer.
 * \param Buffer A pointer to a buffer that receives the profile data.
 * \param BufferSize The size, in bytes, of the buffer.
 * \param ProfileSource The source of the profiling data (KPROFILE_SOURCE).
 * \param Affinity The processor affinity mask indicating which processors to profile.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtCreateProfile(
    _Out_ PHANDLE ProfileHandle,
    _In_opt_ HANDLE Process,
    _In_ PVOID ProfileBase,
    _In_ SIZE_T ProfileSize,
    _In_ ULONG BucketSize,
    _In_reads_bytes_(BufferSize) PULONG Buffer,
    _In_ ULONG BufferSize,
    _In_ KPROFILE_SOURCE ProfileSource,
    _In_ KAFFINITY Affinity
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwCreateProfile(
    _Out_ PHANDLE ProfileHandle,
    _In_opt_ HANDLE Process,
    _In_ PVOID ProfileBase,
    _In_ SIZE_T ProfileSize,
    _In_ ULONG BucketSize,
    _In_reads_bytes_(BufferSize) PULONG Buffer,
    _In_ ULONG BufferSize,
    _In_ KPROFILE_SOURCE ProfileSource,
    _In_ KAFFINITY Affinity
    );

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

Function NtCreateProfile creates Profile Object.

Profile Objects are used for application profiling. There're 24 profile counters defined in KPROFILE_SOURCE enumeration type. Single Profile Object can be used to get information from one performance counter.

ProfileHandle

Result of call - HANDLE to Profile Object.

Process

HANDLE to Process Object to profile. Not required if profiled code is placed in Kernel address space (above 0x80000000).

ImageBase

Start address of profiling.

ImageSize

Size of profiled memory block.

BucketSize

??? (cannot be less than 2).

Buffer

Caller's allocated buffer for data.

BufferSize

Size of buffer, in bytes.

ProfileSource

Identifier of performance counter. See KPROFILE_SOURCE enumeration type for possible values.

Affinity

Processor affinity mask. It defines processors to ask about performance counter.

Documented by

Requirements

Privilege for UserMode: SE_PROF_SINGLE_PROCESS_PRIVILEGE Privilege for KernelMode: SE_SYSTEM_PROFILE_PRIVILEGE

See also

Edit description on GitHub