pinvoke.net: ntdll.NtWow64QueryInformationProcess64(2020-11-16-14-16-55.6860--186.136.223.176)

QueryInformationProcess from a 32 bit process to a 64 bit process

Boo Signature:

[DllImport("ntdll.dll", SetLastError : true)]
def NtWow64QueryInformationProcess64(hProcess as IntPtr, ProcessBasicInformation as UInt32, ref ProcessInformation as PROCESS_BASIC_INFORMATION64, ProcessInformationLength as UInt32, ref ReturnLength as UInt32) as NTSTATUS:
pass

User-Defined Types:

[StructLayout(LayoutKind.Sequential)]
struct PROCESS_BASIC_INFORMATION64:
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 2)]
     Reserved1 as (IntPtr)
     PebBaseAddress as UInt64
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 4)]
     Reserved2 as (IntPtr)
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 2)]
     UniqueProcessId as (IntPtr)
     [MarshalAs(UnmanagedType.ByValArray, SizeConst : 2)]
     Reserved3 as (IntPtr)

Alternative Managed API:

Do you know one? Please contribute it!

Notes:

None.

Tips & Tricks:

Please add some!

Sample Code:

Please add some!

Documentation

NtWow64QueryInformationProcess64 on MSDN