NtQuerySystemTime - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTEXAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

//
// Time
//

/**
 * The NtQuerySystemTime routine obtains the current system time.
 *
 * @param SystemTime A pointer to a LARGE_INTEGER structure that receives the system time. This is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).
 * @return NTSTATUS Successful or errant status.
 * @see https://learn.microsoft.com/en-us/windows/win32/api/winternl/nf-winternl-ntquerysystemtime
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtQuerySystemTime(
    _Out_ PLARGE_INTEGER SystemTime
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQuerySystemTime(
    _Out_ PLARGE_INTEGER SystemTime
    );

#endif

View code on GitHub

This function is documented in Windows SDK.

Function NtQuerySystemTime returns current time in Coordinated Universal Time (UTC) 8-bytes format.

SystemTime

Pointer to LARGE_INTEGER value receiving current time.

UTC time it's represented as 8 bytes length integer. This value means number of 100-nanosecond units since 1600, 1 January.

Time is incremented 10.000.000 times per second. So 64-bit counter overloads after about 58.426 years... (If you don't believe, check this).

Documented by

See also

Edit description on GitHub