NtQueryObject - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTOBAPI_H
//
// Objects, handles
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The NtQueryObject routine retrieves various kinds of object information.
 *
 * @param Handle The handle of the object for which information is being queried.
 * @param ObjectInformationClass The information class indicating the kind of object information to be retrieved.
 * @param ObjectInformation An optional pointer to a buffer where the requested information is to be returned.
 * @param ObjectInformationLength The size of the buffer pointed to by the ObjectInformation parameter, in bytes.
 * @param ReturnLength An optional pointer to a location where the function writes the actual size of the information requested.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntqueryobject
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryObject(
    _In_opt_ HANDLE Handle,
    _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
    _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
    _In_ ULONG ObjectInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryObject(
    _In_opt_ HANDLE Handle,
    _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
    _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
    _In_ ULONG ObjectInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif

View code on GitHub

Retrieves various information about kernel handles and the objects they point to. This function is partially documented in Windows Driver Kit here and here.

Parameters

Information classes

For the list of supported information classes, see OBJECT_INFORMATION_CLASS.

Notable return values

Related Win32 API

See also

Edit description on GitHub