pinvoke.net: ntdll.NtWow64QueryInformationProcess64

QueryInformationProcess from a 32 bit process to a 64 bit process

Boo Signature:

[DllImport("ntdll.dll", SetLastError : true)]
def NtWow64QueryInformationProcess64(
     hProcess as IntPtr,
     ProcessBasicInformation as UInt32,
     ref ProcessInformation64 as PROCESS_BASIC_INFORMATION64,
     ProcessInformationLength as UInt32,
     ref ReturnLength as UInt32) as UInt32:
     pass

User-Defined Types:

[StructLayout(LayoutKind.Sequential)]
struct PROCESS_BASIC_INFORMATION64:
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 2)]
     Reserved1 as (IntPtr)
     PebBaseAddress as UInt64
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 4)]
     Reserved2 as (IntPtr)
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 2)]
     UniqueProcessId as (IntPtr)
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 2)]
     Reserved3 as (IntPtr)

Alternative Managed API:

Do you know one? Please contribute it!

Notes:

None.

Tips & Tricks:

Please add some!

Sample Code:

Please add some!

Documentation

NtWow64QueryInformationProcess64 on MSDN