NtOpenProcess - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTPSAPI_H
// Processes
#if (PHNT_MODE != PHNT_MODE_KERNEL)
NTSYSCALLAPI
NTSTATUS
NTAPI
NtOpenProcess(
_Out_ PHANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PCLIENT_ID ClientId
);
View code on GitHub#ifndef _NTZWAPI_H
NTSYSCALLAPI
NTSTATUS
NTAPI
ZwOpenProcess(
_Out_ PHANDLE ProcessHandle,
_In_ ACCESS_MASK DesiredAccess,
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_opt_ PCLIENT_ID ClientId
);
View code on GitHubThis function is documented in Windows Driver Kit here and here.
PROCESS_TERMINATEPROCESS_CREATE_THREADPROCESS_SET_SESSIONIDPROCESS_VM_OPERATIONPROCESS_VM_READPROCESS_VM_WRITEPROCESS_DUP_HANDLEPROCESS_CREATE_PROCESSPROCESS_SET_QUOTAPROCESS_SET_INFORMATIONPROCESS_QUERY_INFORMATIONPROCESS_ALL_ACCESSFor standard processes, all fields of ObjectAttributes should be NULL.
Process id and thread id must be fill with valid values.