PsGetProcessCreateTimeQuadPart - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
// ntddk.h

LONGLONG PsGetProcessCreateTimeQuadPart(
  [in] PEPROCESS Process
);
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (nf-ntddk-psgetprocesscreatetimequadpart)

PsGetProcessCreateTimeQuadPart function

Description

The PsGetProcessCreateTimeQuadPart routine returns a LONGLONG value that represents the time at which the process was created.

Parameters

Process [in]

A pointer to the EPROCESS structure that represents the process. Drivers can use the PsGetCurrentProcess and ObReferenceObjectByHandle routines to obtain a pointer to the EPROCESS structure for a process.

Return value

PsGetProcessCreateTimeQuadPart returns the process creation time, in 100-nanosecond intervals, since January 1, 1601. The return value is the same as the value that the KeQuerySystemTime routine returns when the process was created. (Note that if the system time is changed, the value that PsGetProcessCreateTimeQuadPart returns is unaffected.)

See also

KeQuerySystemTime

ObReferenceObjectByHandle

PsGetCurrentProcess

View the official Windows Driver Kit DDI reference

Edit description on GitHub