Kernel Mode IP Helper Functions

Besides user mode IP Helper functions, Vista or above also have kernel mode IP Helper functions, which can be used by include netioapi.h and link to netio.lib (the lib is not mentioned in current MSDN Library), unfortunately the kernel version looks like a subset of user mode version.

Some other useful kernel routines for query process information:

  • PsLookupProcessByProcessId
  • ObReferenceObjectByPointer
  • ObReferenceObjectByHandle
  • ZwOpenProcess
  • ZwQueryInformationProcess
  • ZwQuerySystemInformation

