// Loads the top-level structure of the process's information block and caches it.
private void CacheProcessInformation() {
System.Diagnostics.Debug.Assert(CanReadPeb);
// Fetch the process info and set the fields.
LowLevelTypes.PROCESS_BASIC_INFORMATION temp = new LowLevelTypes.PROCESS_BASIC_INFORMATION();
int size;
LowLevelTypes.NTSTATUS status = NativeMethods.NtQueryInformationProcess(
processHandle,
LowLevelTypes.PROCESSINFOCLASS.PROCESS_BASIC_INFORMATION,
ref temp,
Utility.UnmanagedStructSize<LowLevelTypes.PROCESS_BASIC_INFORMATION>(),
out size);
if (status != LowLevelTypes.NTSTATUS.SUCCESS) {
throw new Win32Exception();
}
cachedProcessBasicInfo = temp;
}
public static extern LowLevelTypes.NTSTATUS NtQueryInformationProcess(
IntPtr hProcess,
LowLevelTypes.PROCESSINFOCLASS pic,
ref LowLevelTypes.PROCESS_BASIC_INFORMATION pbi,
int cb,
out int pSize);
