NtQueryVirtualMemory - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTMMAPI_H
// Virtual memory
#if (PHNT_MODE != PHNT_MODE_KERNEL)

NTSYSCALLAPI
NTSTATUS
NTAPI
NtQueryVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _In_opt_ PVOID BaseAddress,
    _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass,
    _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation,
    _In_ SIZE_T MemoryInformationLength,
    _Out_opt_ PSIZE_T ReturnLength
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwQueryVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _In_opt_ PVOID BaseAddress,
    _In_ MEMORY_INFORMATION_CLASS MemoryInformationClass,
    _Out_writes_bytes_(MemoryInformationLength) PVOID MemoryInformation,
    _In_ SIZE_T MemoryInformationLength,
    _Out_opt_ PSIZE_T ReturnLength
    );

#endif

View code on GitHub

This function is documented in Windows Driver Kit here and here.

Function NtQueryVirtualMemory retrieves parameters of queried memory block.

ProcessHandle

HANDLE to process containing queried address in process'es address space.

BaseAddress

Virtual address to query.

MemoryInformationClass

Information class defined in MEMORY_INFORMATION_CLASS enumeration type. Currently only one class is supported.

Buffer

As long as only MemoryBasicInformation is supported, this value points to structure MEMORY_BASIC_INFORMATION, defined in <WINNT.h> and described in MS SDK.

Length

Length of Buffer, in bytes.

ResultLength

Optionally pointer to ULONG value receiving required size of Buffer, in bytes.

Documented by

See also

Edit description on GitHub