NtQuerySystemInformation vs Win64

[dollylamb]

Hi,

I got problem of getting my ProcessList application to work under Win64 because of NtQuerySystemInformation() refused to work. I did searching the whole forum but found nothing. The question is: is there any workaround for this problem? I mean calling NtQuerySystemInformation() under Win64 rather than another substitute solutions?

Thanks.

[ovidiucucu]

NtQuerySystemInformation is a poor documented ntdll function and its using can differ in different Windows versions.
MSDN recommends using alternate functions.

To list processes you have many other choices: WMI, PSAPI, PDH, Tool Help Library, and so on.

[NLscotty]

For some weird reason, process and thread id's are 64bit in the kernel and 32bit in the documented windows api on x64

Process and thread is are 64 bit in kernel and only 32 bit in the documentation on 64 bit. The function itself should work fine

[ovidiucucu]

Except cases you are writing drivers or want to dig in some Windows internals, it's just shooting in the dark to hook into undocumented or partially documented and susceptible to be changed structures which are used by NtQuerySystemInformation.

As already said and is stated in MSDN, use alternate higher-level functions.