#ifndef _NTPSAPI_H
// Processes
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryInformationProcess(
    _In_ HANDLE ProcessHandle,
    _In_ PROCESSINFOCLASS ProcessInformationClass,
    _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
    _In_ ULONG ProcessInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryInformationProcess(
    _In_ HANDLE ProcessHandle,
    _In_ PROCESSINFOCLASS ProcessInformationClass,
    _Out_writes_bytes_(ProcessInformationLength) PVOID ProcessInformation,
    _In_ ULONG ProcessInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
View code on GitHub

Queries various information about the specified process. This function is partially documented in Windows SDK.

Parameters

ProcessHandle - a handle to the process or the NtCurrentProcess pseudo-handle. For most information classes, the handle must grant either PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access.
ProcessInformationClass - the type of information to retrieve.
ProcessInformation - a pointer to a user-allocated buffer that receives the requested information.
ProcessInformationLength - the size of the provided buffer in bytes.
ReturnLength - an optional pointer to a variable that receives the number of bytes written when the function succeeds or the number of bytes requires when the buffer is too small.

Information classes

For the list of supported info classes and required process access, see PROCESSINFOCLASS.

Notable return values

STATUS_BUFFER_TOO_SMALL and STATUS_INFO_LENGTH_MISMATCH indicate that the requested information does not fit into the provided buffer.

NtQueryInformationProcess - NtDoc

Parameters

Information classes

Notable return values

See also

Parameters

Information classes

Notable return values

Related Win32 API

See also