NtQuerySystemInformation

#include "stdafx.h"
#include <Windows.h>
#include <winternl.h>
using namespace std;
 
typedef NTSTATUS (WINAPI *PFUN_NtQuerySystemInformation)(
    _In_      SYSTEM_INFORMATION_CLASS SystemInformationClass,
    _Inout_   PVOID                    SystemInformation,
    _In_      ULONG                    SystemInformationLength,
    _Out_opt_ PULONG                   ReturnLength
    );
int _tmain(int argc, _TCHAR* argv[])
{   
    PFUN_NtQuerySystemInformation pFun = NULL;
    pFun = (PFUN_NtQuerySystemInformation)GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtQuerySystemInformation");
 
    char szInfo[0x20000] = { 0 };
    ULONG uReturnedLEngth = 0;
    NTSTATUS status = pFun(SystemProcessInformation, szInfo, sizeof(szInfo), &uReturnedLEngth);
    if (status != 0)
        return 0;
    PSYSTEM_PROCESS_INFORMATION pSystemInformation = (PSYSTEM_PROCESS_INFORMATION)szInfo;
    DWORD dwID = (DWORD)pSystemInformation->UniqueProcessId;
    HANDLE hHandle = NULL;
    PWCHAR pImageName = (PWCHAR)*(DWORD*)((PCHAR)pSystemInformation + 0x3c);
    printf("ProcessID: %d\tprocessName: %ws \n", dwID, pImageName);
    while (true)
    {
        if (pSystemInformation->NextEntryOffset == 0)
            break;
 
        pSystemInformation = (PSYSTEM_PROCESS_INFORMATION)((PCHAR)pSystemInformation + pSystemInformation->NextEntryOffset);
        dwID = (DWORD)pSystemInformation->UniqueProcessId;
        hHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, dwID);
        pImageName = (PWCHAR)*(DWORD*)((PCHAR)pSystemInformation + 0x3c);
        printf("ProcessID: %d\tprocessName: %ws \n", dwID, pImageName);
    }
    getchar();
}