NtQuerySystemTime - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTEXAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

//
// Time
//

/**
 * The NtQuerySystemTime routine obtains the current system time.
 *
 * \param SystemTime A pointer to a LARGE_INTEGER structure that receives the system time. This is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).
 * \return NTSTATUS Successful or errant status.
 * \see https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntquerysystemtime
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySystemTime(
    _Out_ PLARGE_INTEGER SystemTime
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQuerySystemTime(
    _Out_ PLARGE_INTEGER SystemTime
    );

#endif

View code on GitHub
// winternl.h

__kernel_entry NTSTATUS NtQuerySystemTime(
  [out] PLARGE_INTEGER SystemTime
);
View the official Win32 API reference

NtDoc

No description available.

Edit description on GitHub

Win32 API reference (nf-winternl-ntquerysystemtime)

NtQuerySystemTime function

Description

[NtQuerySystemTime may be altered or unavailable in future versions of Windows. Applications should use the GetSystemTimeAsFileTime function.]

Retrieves the current system time.

Parameters

SystemTime [out]

A pointer to a LARGE_INTEGER structure that receives the system time. This is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).

Return value

If the function succeeds, it returns STATUS_SUCCESS. If it fails, it will return the appropriate status code, which will typically be STATUS_ACCESS_VIOLATION.

Remarks

This function has no associated import library. You must use the LoadLibrary and GetProcAddress functions to dynamically link to Ntdll.dll.

See also

GetSystemTimeAsFileTime

Time Functions

View the official Win32 API reference

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

This function is documented in Windows SDK.

Function NtQuerySystemTime returns current time in Coordinated Universal Time (UTC) 8-bytes format.

SystemTime

Pointer to LARGE_INTEGER value receiving current time.

UTC time it's represented as 8 bytes length integer. This value means number of 100-nanosecond units since 1600, 1 January.

Time is incremented 10.000.000 times per second. So 64-bit counter overloads after about 58.426 years... (If you don't believe, check this).

Documented by

See also

Edit description on GitHub