PROCESS_UPTIME_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The PROCESS_UPTIME_INFORMATION structure contains information about the uptime of a process and diagnostic information.
 */
typedef struct _PROCESS_UPTIME_INFORMATION
{
    ULONGLONG QueryInterruptTime;      // The interrupt time when the query was made.
    ULONGLONG QueryUnbiasedTime;       // The unbiased time when the query was made.
    ULONGLONG EndInterruptTime;        // The interrupt time when the process ended.
    ULONGLONG TimeSinceCreation;       // The total time elapsed since the process was created.
    ULONGLONG Uptime;                  // The total uptime of the process.
    ULONGLONG SuspendedTime;           // The total time the process was in a suspended state.
    struct
    {
        ULONG HangCount : 4;           // The number of times the process was detected as hanging.
        ULONG GhostCount : 4;          // The number of times the process was detected as a ghost process.
        ULONG Crashed : 1;             // Indicates whether the process has crashed (1 if true, 0 otherwise).
        ULONG Terminated : 1;          // Indicates whether the process has been terminated (1 if true, 0 otherwise).
    };
} PROCESS_UPTIME_INFORMATION, *PPROCESS_UPTIME_INFORMATION;

#endif
#endif

View code on GitHub

This structure describes the uptime statistics for the process.

Applicable to

Members

QueryInterruptTime

The number of 100-nanosecond intervals passed since boot to the time of the query.

QueryUnbiasedTime

The number of 100-nanosecond intervals the system was active since boot to the time of the query.

EndInterruptTime

The number of 100-nanosecond intervals passed since boot to process termination.

TimeSinceCreation

The number of 100-nanosecond intervals passed since process creation to the time of the query.

Uptime

The number of 100-nanosecond intervals the process spent unfrozen.

SuspendedTime

The number of 100-nanosecond intervals that the process spent in a deep-frozen state. Note that despite the name, this field does not include time spent in suspended and regular (non-deep) frozen state.

HangCount

The number of times the UI threads of the process hang.

GhostCount

The number of times the UI threads of the process triggered window ghosting.

Crashed

The flag indicates whether the process has crashed.

Terminated

The flag indicates whether the process has terminated.

Required OS version

This structure was introduced in Windows 10 RS3 (1709).

Edit description on GitHub