NtQuerySection - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers
Loading...
#ifndef _NTMMAPI_H
//
// Sections
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * Provides the capability to determine the base address, size, granted access, and allocation of an opened section object.
 *
 * @param SectionHandle An open handle to a section object.
 * @param SectionInformationClass The section information class about which to retrieve information.
 * @param SectionInformation A pointer to a buffer that receives the specified information. The format and content of the buffer depend on the specified section class.
 * @param SectionInformationLength Specifies the length in bytes of the section information buffer.
 * @param ReturnLength An optional pointer which, if specified, receives the number of bytes placed in the section information buffer.
 * @return NTSTATUS Successful or errant status.
 * @sa https://learn.microsoft.com/en-us/windows/win32/devnotes/ntquerysection
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySection(
    _In_ HANDLE SectionHandle,
    _In_ SECTION_INFORMATION_CLASS SectionInformationClass,
    _Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation,
    _In_ SIZE_T SectionInformationLength,
    _Out_opt_ PSIZE_T ReturnLength
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQuerySection(
    _In_ HANDLE SectionHandle,
    _In_ SECTION_INFORMATION_CLASS SectionInformationClass,
    _Out_writes_bytes_(SectionInformationLength) PVOID SectionInformation,
    _In_ SIZE_T SectionInformationLength,
    _Out_opt_ PSIZE_T ReturnLength
    );

#endif

View code on GitHub

This function is documented in Windows SDK.

InformationClass

Use one of following:

SectionImageInformation Are available only for file-based sections.

See also

Edit description on GitHub