#ifndef _NTOBAPI_H
// Objects, handles
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryObject(
    _In_opt_ HANDLE Handle,
    _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
    _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
    _In_ ULONG ObjectInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
#endif
View code on GitHub

#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryObject(
    _In_opt_ HANDLE Handle,
    _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
    _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
    _In_ ULONG ObjectInformationLength,
    _Out_opt_ PULONG ReturnLength
    );

#endif
View code on GitHub

Retrieves various information about kernel handles and the objects they point to. This function is partially documented in Windows Driver Kit here and here.

Parameters

Handle - a kernel handle to query information about. The handle does not need to grant any specific access.
ObjectInformationClass - the type of information to retrieve.
ObjectInformation - a pointer to a user-allocated buffer that receives the requested information.
ObjectInformationLength - the size of the provided buffer in bytes.
ReturnLength - an optional pointer to a variable that receives the number of bytes written when the function succeeds or the number of bytes requires when the buffer is too small.

Information classes

For the list of supported information classes, see OBJECT_INFORMATION_CLASS.

Notable return values

STATUS_BUFFER_TOO_SMALL and STATUS_INFO_LENGTH_MISMATCH indicate that the requested information does not fit into the provided buffer.

GetHandleInformation

NtQueryObject - NtDoc

Parameters

Information classes

Notable return values

See also

Parameters

Information classes

Notable return values

Related Win32 API

See also