NtReadVirtualMemory - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTMMAPI_H
//
// Virtual memory
//
#if (PHNT_MODE != PHNT_MODE_KERNEL)

 /**
 * The NtReadVirtualMemory routine reads virtual memory from a process.
 *
 * \param ProcessHandle A handle to the process whose memory is to be read.
 * \param BaseAddress A pointer to the base address in the specified process from which to read.
 * \param Buffer A pointer to a buffer that receives the contents from the address space of the specified process.
 * \param NumberOfBytesToRead The number of bytes to be read from the specified process.
 * \param NumberOfBytesRead A pointer to a variable that receives the number of bytes transferred into the specified buffer.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtReadVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _In_opt_ PVOID BaseAddress,
    _Out_writes_bytes_to_(NumberOfBytesToRead, *NumberOfBytesRead) PVOID Buffer,
    _In_ SIZE_T NumberOfBytesToRead,
    _Out_opt_ PSIZE_T NumberOfBytesRead
    );

#endif
#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwReadVirtualMemory(
    _In_ HANDLE ProcessHandle,
    _In_opt_ PVOID BaseAddress,
    _Out_writes_bytes_to_(NumberOfBytesToRead, *NumberOfBytesRead) PVOID Buffer,
    _In_ SIZE_T NumberOfBytesToRead,
    _Out_opt_ PSIZE_T NumberOfBytesRead
    );

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub

NTinternals.net (undocumented.ntinternals.net)

NtReadVirtualMemory is similar to API ReadProcessMemory, described in MS SDK.

Documented by

See also

Edit description on GitHub