This, however, is not an API you will find on Microsoft Learn. NtQueryWnfStateData is part of the , the lowest-level user-mode interface to the Windows kernel. Most familiar Windows APIs, like those for file or window management, are higher-level abstractions built on top of these native calls. As such, NtQueryWnfStateData is an undocumented function, and its usage comes with the inherent risk that it could change or be removed in a future version of Windows.
typedef NTSTATUS (NTAPI *pNtQueryWnfStateData)( PVOID, PVOID, PVOID, PULONG, PVOID, PULONG); ntquerywnfstatedata ntdlldll better
WNF was introduced in Windows 8, so none of these functions exist on Windows 7 or earlier. Attempting to call GetProcAddress for NtQueryWnfStateData on Windows 7 will return NULL , and any code that doesn't check for this will crash. Projects must implement fallback behavior for older systems or require Windows 8/10/11 as a minimum. This, however, is not an API you will
int main() HMODULE hNtdll = GetModuleHandleA("ntdll.dll"); pNtOpenWnfState NtOpenWnfState = (pNtOpenWnfState)GetProcAddress(hNtdll, "NtOpenWnfState"); pNtQueryWnfStateData NtQueryWnfStateData = (pNtQueryWnfStateData)GetProcAddress(hNtdll, "NtQueryWnfStateData"); Projects must implement fallback behavior for older systems