PsGetProcessCreateTimeQuadPart function (ntddk.h)
The PsGetProcessCreateTimeQuadPart routine returns a LONGLONG value that represents the time at which the process was created.
Syntax
LONGLONG PsGetProcessCreateTimeQuadPart(
[in] PEPROCESS Process
);
Parameters
[in] Process
A pointer to the EPROCESS structure that represents the process. Drivers can use the PsGetCurrentProcess and ObReferenceObjectByHandle routines to obtain a pointer to the EPROCESS structure for a process.
Return value
PsGetProcessCreateTimeQuadPart returns the process creation time, in 100-nanosecond intervals, since January 1, 1601. The return value is the same as the value that the KeQuerySystemTime routine returns when the process was created. (Note that if the system time is changed, the value that PsGetProcessCreateTimeQuadPart returns is unaffected.)
Requirements
Requirement | Value |
---|---|
Minimum supported client | Available in Windows XP and later versions of Windows. |
Target Platform | Universal |
Header | ntddk.h (include Wdm.h, Ntddk.h, Ntifs.h) |
Library | Ntoskrnl.lib |
DLL | Ntoskrnl.exe |
IRQL | Any level |
See also
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for