I am looking to use NtQueryProcessInformation into a C++ program. The problem is, when I declare the NtQuery function, i get a strange error.

Here's my code :

typedef NTSTATUS (WINAPI *_NtQueryInformationProcess)(
  __in	   HANDLE ProcessHandle,
  __in	   PROCESSINFOCLASS ProcessInformationClass,
  __out	  PVOID ProcessInformation,
  __in	   ULONG ProcessInformationLength,
  __out_opt  PULONG ReturnLength
);_NtQueryInformationProcess __NtQueryInformationProcess = NULL;HMODULE NtDll = LoadLibrary("ntdll.dll");_NtQueryInformationProcess __NtQueryInformationProcess = NULL;
__NtQueryInformationProcess = (_NtQueryInformationProcess) GetProcAddress(NtDll, "NtQueryInformationProcess");

But I get those errors because the typedef didnt work :

I know that WINAPI is __stdcall (#define WINAPI __stdcall) but I can't seems to fix this error..

I have the same way way to load dynamically another API (a regular one this time, not from ntdll.dll)...

Any help is much appreciated, thanks!

I also have ntdll.lib included into my project and the header Winternl.h (coming from msdn, i needed it).

I use Visual Studio .NET 2003.

Edited December 12, 200816 yr by ibanigger

Try ZwQueryInformationProcess remove that _in and _out paste

Went and got some old code:

struct PROCESS_BASIC_INFORMATION {
  void* Reserved1;
  dword PebBaseAddress;
  void* Reserved2[2];
  dword UniqueProcessId;
  void* Reserved3;
};typedef int (WINAPI* ZwQueryInformationProcess)(HANDLE,DWORD,PROCESS_BASIC_INFORMATION*,DWORD,DWORD*);
ZwQueryInformationProcess MyZwQueryInformationProcess;Example:dword SomeFunction (HANDLE hProc) {
	PROCESS_BASIC_INFORMATION peb;
	DWORD tmp;	HMODULE hMod=GetModuleHandle("ntdll.dll");
	MyZwQueryInformationProcess=(ZwQueryInformationProcess)GetProcAddress(hMod,"ZwQueryInformationProcess");	MyZwQueryInformationProcess(hProc,0,&peb,sizeof(PROCESS_BASIC_INFORMATION),&tmp);	return peb.PebBaseAddress;
}

Edited December 13, 200816 yr by What