IsWow64Process PROCESS_QUERY_INFORMATION check on process handle

Question

Simple question, but is there a win32 API call to retrieve if a process handle has the PROCESS_QUERY_INFORMATION access flag in order to successfully call IsWow64Process? AccessCheck Function - MSDN seems like it'd work but I'm not sure if that's checking the same sort of flags.

Answer 1

Have a look at the NtQueryObject() function. Set its ObjectInformationClass parameter to ObjectBasicInformation to request the handle's PUBLIC_OBJECT_BASIC_INFORMATION struct, which has a GrantedAccess member of type ACCESS_MASK, which might contain PROCESS_QUERY_INFORMATION.