NativeAPI乃
Windows用户模式中为上层Win32API提供接口的本机
系统服务。平常我们总是调用MS为我们提供的公用的Win32API函数来实现来实现我们系统的
功能。今天我们要谈的是如何通过本机系统服务(NativeAPI)来探测本机系统
信息。当然,
微软没有为我们提供关于本机系统服务的文档(Undocumented),也就是不会为对它的使用提供任何的保证,所以我们不提倡使用NativeAPI来开发
软件。不过在特殊情况下,本机系统服务却为我们提供了通向“秘密”的捷径。本文提到的信息仅在Windows2000/
XP/2003上
测试过。
5 S) {, j- s) k) q: E v j; F# k5 A) X' U' P4 J+ B
今天,我们主要讨论的是一个函数NtQuerySystemInformation(ZwQuerySystemInformation)。当然,你不要小看这么一个函数,它却为我们提供了丰富的系统信息,同时还包括对某些信息的控制和设置。以下是这个函数的原型:
u+ h( x& Z% c. p, a% i z" F5 f6 l0 o' j1 ?# ~3 C7 B
typedefNTSTATUS(__stdcall*NTQ
UERYSYSTEMINFORMATION)
+ s0 B5 n5 g7 E$ z& J1 N (IN SYSTEM_INFORMATION_CLASSSystemInformationClass,
; B+ h3 V4 N+ f" U INOUT
PVOID SystemInformation,
1 _3 k! h# C/ z! w! t IN ULONG SystemInformationLength,
. F u! q$ P6 V1 G3 X z
OUT PULONG ReturnLengthOPTIONAL);
0 `! |5 u6 M( J2 q
NTQUERYSYSTEMINFORMATIONNtQuerySystemInformation;
( C L$ V7 n# C+ F. d0 k/ H1 }, m
# N4 I- ~1 i9 r4 X8 v 从中可以看到,SystemInformationClass是一个
类型信息,它大概提供了50余种信息,也就是我们可以通过这个函数对大约50多种的系统信息进行探测或设置。SystemInformation是一个LPVOID型的指针,它为我们提供需要获得的信息,或是我们需要设置的系统信息。SystemInformationLength是SystemInformation的长度,它根据探测的信息类型来决定。至于ReturnLength则是系统返回的需要的长度,通常可以设置为空指针(NULL)。
; N* e( C# k7 _
) a/ x$ Z/ L) _/ ~/ V( B/ p% | 首先,我们来看看大家比较熟悉的系统进程/线程相关的信息。这个题目在网上已经讨论了N多年了,所以我就不在老生常谈了,呵呵。那么就提出这个
结构类型的定义:
9 b! A2 r. i/ x
. R8 n7 Y4 ?$ y2 q3 e
typedefstruct_SYSTEM_PROCESSES
3 b) q0 i3 u* f
{
! L2 t z \4 CULONG NextEntryDelta; //构成结构序列的偏移量;
7 ?. N; N7 m6 y) `! F8 M) F2 bULONG ThreadCount; //线程数目;
- g5 f3 b( p4 A$ I! C2 W
ULONG Reserved1[6];
+ \6 L! i% L9 J; ~8 x; }LARGE_INTEGERCreateTime; //创建
时间;
; i2 d4 f! x4 r% d+ L8 p. H9 V. t" G' z
LARGE_INTEGERUserTime; //用户模式(Ring3)的
CPU时间;
; t) d+ M3 |# V# P7 D
LARGE_INTEGERKernelTime; //内核模式(Ring0)的CPU时间;
# e1 K) K( }9 q4 G) C
UNICODE_STRINGProcessName; //进程名称;
; Y$ s/ l- _ x$ y$ G h6 UKPRIOR99vY BasePriority; //进程优先权;
6 g1 W3 J$ l' a" l6 u$ C0 JULONG ProcessId; //进程标识符;
. `# A C: a( O5 k" l' qULONG InheritedFromProcessId;//父进程的标识符;
' Z' S. `, k/ u! l- u; \
ULONG HandleCount; //句柄数目;
# i# c+ k$ f; Y* v; O; n1 P0 ?
ULONG Reserved2[2];
: b' c* d' _1 E0 e$ e( w: ?
VM_COUNTERS VmCounters; //虚拟存储器的结构,见下;
$ [9 [) o2 M: E4 w U) jIO_COUNTERS IoCounters; //IO计数结构,见下;
, @5 |; V7 m7 l! G8 O# T: tSYSTEM_THREADSThreads[1]; //进程相关线程的结构数组,见下;
0 F# z: ]) q9 G" P+ i1 p4 E. @4 d}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
( {7 |% x' b6 F+ w1 W) m
; v. B7 S+ u* r0 P4 ^' }6 {1 O4 z& rtypedefstruct_SYSTEM_THREADS
9 F a5 _% k; d; _9 c* Y8 F
{
4 }, \1 C) c+ C3 M& J- M1 p9 KLARGE_INTEGERKernelTime; //CPU内核模式使用时间;
* _3 S/ D+ o; Z; M* t& v$ z- q6 K6 T
LARGE_INTEGERUserTime; //CPU用户模式使用时间;
3 { H2 V7 h E4 ~) e
LARGE_INTEGERCreateTime; //线程创建时间;
- L$ F4 m$ K$ ^: u0 UULONG WaitTime; //等待时间;
6 y% s: w1 S' p# @8 }6 j
PVOID StartAddress; //线程开始的虚拟地址;
: S$ {% J* k( {7 q
CLIENT_ID ClientId; //线程标识符;
7 H" b. z1 e; f: jKPRIOR99vY Priority; //线程优先级;
5 _- y1 u1 [7 ~+ S$ z1 n' @/ yKPRIOR99vY BasePriority; //基本优先级;
) X2 \& w) w/ y1 O# p/ ~( H
ULONG ContextSwitchCount; //
环境切换数目;
- H7 s$ j8 }! p1 E) }+ p0 w* ?/ }" F' aTHREAD_STATEState; //当前状态;
( [* }- o- R) N$ [8 u1 y; D* HKWA99v_REASONWaitReason; //等待原因;
% ^, D2 E6 }" Y
}SYSTEM_THREADS,*PSYSTEM_THREADS;
4 `# z" V$ J" X# ~, q% Z9 \" K: h i" L( e6 {( j
typedefstruct_VM_COUNTERS
) c! T2 n, G3 Y) {6 y8 X{
9 Z5 b% e* H3 C q+ }( n
ULONGPeakVirtualSize; //虚拟存储峰值大小;
; e7 V1 V2 b7 {+ jULONGVirtualSize; //虚拟存储大小;
( G9 X* u3 E# L
ULONGPageFaultCount; //页
故障数目;
6 y) ^3 |' N! [$ {$ x0 z: NULONGPeakWorkingSetSize; //工作集峰值大小;
& i b% m' d( a0 f/ B( _9 FULONGWorkingSetSize; //工作集大小;
/ ~, R; G% O. K6 _$ v3 MULONGQuotaPeakPagedPoolUsage; //分页池使用配额峰值;
- f; s. t2 J# z* [) m/ _. q+ k
ULONGQuotaPagedPoolUsage; //分页池使用配额;
+ J7 H0 E4 |' G" ~3 e. RULONGQuotaPeakNonPagedPoolUsage; //非分页池使用配额峰值;
( @5 D8 j& ]# j8 `$ e3 C$ J
ULONGQuotaNonPagedPoolUsage; //非分页池使用配额;
7 [5 [" \0 h' R8 V g' z8 }9 q/ CULONGPagefileUsage; //页文件使用情况;
' z! _9 B1 t a; B6 N bULONGPeakPagefileUsage; //页文件使用峰值;
! F2 h9 Q4 w: S( x}VM_COUNTERS,*PVM_COUNTERS;
' O |8 [% i* C6 W- a9 ]
2 s+ s3 c! B9 H; j+ ~' s9 Jtypedefstruct_IO_COUNTERS
2 t0 r6 z* ~% w4 I' v{
% F0 d6 s& \2 f' P6 HLARGE_INTEGERReadOperationCount; //I/O读操作数目;
/ n# h5 S0 m* c9 }, |# t3 D$ z
LARGE_INTEGERWriteOperationCount; //I/O写操作数目;
# N+ x& o: R2 ?% g) [; ALARGE_INTEGEROtherOperationCount; //I/O其他操作数目;
( M, o& ]% t1 W" i% h3 y# S
LARGE_INTEGERReadTransferCount; //I/O读
数据数目;
. [# ^) b' A. Z3 @LARGE_INTEGERWriteTransferCount; //I/O写数据数目;
4 Y) [/ u$ U: N Z* p6 Q& E9 w
LARGE_INTEGEROtherTransferCount; //I/O其他操作数据数目;
" ^& K# |- i0 y9 b s& }}IO_COUNTERS,*PIO_COUNTERS;
; R/ L* a* F9 B: ~$ J" i
; Q/ p' \" o m* L4 Q, ~1 Z
% D* X+ |" A. _# t6 H; V i. K" P 以上这些信息应该是比较全面的了,在Win32API里为我们提供了PSAPI(进程状态)和ToolHelp32这两种探测系统进程/线程信息的方式,在Windows2K/XP/2003都支持它们。
; `& G3 A" z: K7 H) r6 N
现在,我们来看看系统的性能信息,性能结构SYSTEM_PERFORMANCE_INFORMATION为我们提供了70余种系统性能方面的信息,真是太丰富了,请慢慢体会"
1 z# E& w( q. c* v
/ U% j2 T x5 i4 vtypedefstruct_SYSTEM_PERFORMANCE_INFORMATION
& A$ Z% y9 |3 Z& y
{
: t* N& _8 j2 Q5 ELARGE_INTEGERIdleTime; //CPU空闲时间;
6 y/ w8 j% S3 q2 s5 _
LARGE_INTEGERReadTransferCount; //I/O读操作数目;
' X2 |( l0 ^; A( [# X4 G
LARGE_INTEGERWriteTransferCount; //I/O写操作数目;
- l/ R( L+ y( Y2 u& _LARGE_INTEGEROtherTransferCount; //I/O其他操作数目;
# Z! h& C0 O# {* Q* x2 RULONG ReadOperationCount; //I/O读数据数目;
& j8 ^: F+ ?. f3 xULONG WriteOperationCount; //I/O写数据数目;
- V! [2 X2 s- v. L/ \+ e
ULONG OtherOperationCount; //I/O其他操作数据数目;
+ `- ~. o0 e2 J) ~ULONG AvailablePages; //可获得的页数目;
1 `$ a! Z9 z$ T( q/ @$ `& Y
ULONG TotalCommittedPages; //总共提交页数目;
* ~) _( H; d4 b4 @* e" W' B! {
ULONG TotalCommitLimit; //已提交页数目;
+ q h" y7 n5 [ULONG PeakCommitment; //页提交峰值;
7 u4 m) r' c& D' E3 x& HULONG PageFaults; //页故障数目;
: K' n! I* n* X2 p) PULONG WriteCopyFaults; //Copy-On-Write故障数目;
, f+ O. F/ L5 {6 {" `4 ~+ P7 B V2 u1 BULONG TransitionFaults; //软页故障数目;
+ w& Y% ~1 h8 }+ Y) L4 c( D" O9 IULONG Reserved1;
; V0 i2 d. H4 E8 j$ U, N( d
ULONG DemandZeroFaults; //
需求0故障数;
7 C7 j4 Q( g% X5 p( |
ULONG PagesRead; //读页数目;
6 W. H- l( r$ z S) [
ULONG PageReadIos; //读页I/O操作数;
) f3 F9 |5 `5 j) B
ULONG Reserved2[2];
3 @6 v# R& T T9 a9 t+ S
ULONG PagefilePagesWritten; //已写页文件页数;
( @- x) T+ H; ]" L- C- C, M+ Z O
ULONG PagefilePageWriteIos; //已写页文件操作数;
% j8 p/ A2 d, Y" E, [+ _
ULONG MappedFilePagesWritten; //已写映射文件页数;
) w4 E: L9 h, X# N! {* s2 m' ZULONG MappedFileWriteIos; //已写映射文件操作数;
6 j+ H# a+ I% l& qULONG PagedPoolUsage; //分页池使用;
6 x4 e: q/ R9 c" W4 X
ULONG NonPagedPoolUsage; //非分页池使用;
4 Q" z5 m3 b+ D5 i+ X3 y! M1 R9 m
ULONG PagedPoolAllocs; //分页池分配情况;
0 K# w! L! K. n5 UULONG PagedPoolFrees; //分页池释放情况;
+ \8 ^: U( t" T$ r' ] Q5 f$ {1 kULONG NonPagedPoolAllocs; //非分页池分配情况;
3 J7 l5 W" I8 V6 W
ULONG NonPagedPoolFress; //非分页池释放情况;
: ?/ W+ Y' M) Z" H: T- m3 J/ e
ULONG TotalFreeSystemPtes; //系统页表项释放总数;
& `8 J- b* a# e" F$ K' l& W! }$ e
ULONG SystemCodePage; //
操作系统代码页数;
( R3 z9 @$ {$ d8 F9 | |0 L7 @
ULONG TotalSystemDriverPages; //可分页
驱动程序页数;
8 [/ N! [6 b# _5 O. k" ?7 k+ [+ `/ K9 a
ULONG TotalSystemCodePages; //操作系统代码页总数;
0 r" o0 d) ?. B) _ULONG SmallNonPagedLookasideListAllocateHits;//小非分页侧视列表分配次数;
, [+ P N, Z1 F; M7 k7 j* _ULONG SmallPagedLookasideListAllocateHits; //小分页侧视列表分配次数;
" L ^8 P. P0 T& P: b( l7 x. EULONG Reserved3;
& D1 q: j1 s# wULONG MmSystemCachePage; //系统缓存页数;
* W. U. ]) S2 \& KULONG PagedPoolPage; //分页池页数;
5 m' `" Q, Q+ H! i4 CULONG SystemDriverPage; //可分页驱动页数;
, `) ?. O) |6 p; ?+ }
ULONG FastReadNoWait; //异步快速读数目;
: b$ Q8 ?# I; e% t5 kULONG FastReadWait; //同步快速读数目;
_" d* g) r* U s' _0 S
ULONG FastReadResourceMiss; //快速读资源冲突数;
G& ]% Z" F/ ?& w0 yULONG FastReadNotPossible; //快速读失败数;
5 k7 v3 Y9 P7 Z: Q
ULONG FastMdlReadNoWait; //异步MDL快速读数目;
, d& r( E7 k7 a7 ^
ULONG FastMdlReadWait; //同步MDL快速读数目;
- @6 l7 R; {$ [8 P, eULONG FastMdlReadResourceMiss; //MDL读资源冲突数;
! l$ B- d3 z: E9 EULONG FastMdlReadNotPossible; //MDL读失败数;
: z* W" |2 j4 H% x6 a8 O3 k2 LULONG MapDataNoWait; //异步映射数据次数;
. ~: D0 Q7 f6 Q* y' \' e4 kULONG MapDataWait; //同步映射数据次数;
! @3 m- R! {$ c R' x# f6 T* [
ULONG MapDataNoWaitMiss; //异步映射数据冲突次数;
) W7 S; _& N# [0 N) I" \& KULONG MapDataWaitMiss; //同步映射数据冲突次数;
( R6 m! s; W6 O# N
ULONG PinMappedDataCount; //牵制映射数据数目;
0 T# X9 m0 V3 b" E* AULONG PinReadNoWait; //牵制异步读数目;
4 j. D' K& p6 b2 y% G4 P4 u
ULONG PinReadWait; //牵制同步读数目;
. _& p* r; h# z' }. e6 N4 o UULONG PinReadNoWaitMiss; //牵制异步读冲突数目;
, M- h5 B1 E: P) X% WULONG PinReadWaitMiss; //牵制同步读冲突数目;
* l1 C. C: ]* s1 S0 ~, zULONG CopyReadNoWait; //异步拷贝读次数;
( B9 B. P, L/ T4 ?- b. q' eULONG CopyReadWait; //同步拷贝读次数;
, M3 o+ \$ o& X8 B4 J
ULONG CopyReadNoWaitMiss; //异步拷贝读故障次数;
, k5 _0 M/ `" i$ j& _- g% W; L! K
ULONG CopyReadWaitMiss; //同步拷贝读故障次数;
# g" P/ Z7 j- D$ s8 \8 l, ^
ULONG MdlReadNoWait; //异步MDL读次数;
& M) d1 Y9 V- _" h8 I& r; lULONG MdlReadWait; //同步MDL读次数;
1 [1 I. n/ l& O4 s, RULONG MdlReadNoWaitMiss; //异步MDL读故障次数;
; ?% w& J6 Z- G0 {# h( s/ XULONG MdlReadWaitMiss; //同步MDL读故障次数;
0 D8 L. q' H$ T6 W0 f& ?6 h0 x `
ULONG ReadAheadIos; //向前读操作数目;
; t$ Z a! |2 [+ ~& m
ULONG LazyWriteIos; //LAZY写操作数目;
2 o% G1 R& R. [1 Q4 I
ULONG LazyWritePages; //LAZY写页文件数目;
( n) F4 n. y- n2 E# ]( A
ULONG DataFlushes; //缓存刷新次数;
& g- n6 A8 H. D% C* |ULONG DataPages; //缓存刷新页数;
6 R# d4 W1 c# [ J+ H }
ULONG ContextSwitches; //环境切换数目;
9 R5 E9 C$ F3 F! V2 y
ULONG FirstLevelTbFills; //第一层缓冲区填充次数;
' X! M6 t/ s/ SULONG SecondLevelTbFills; //第二层缓冲区填充次数;
3 F* h) O) q- s3 f
ULONG SystemCall; //系统调用次数;
( M- K3 K& t) F/ Z5 b
}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;
; ^/ y% h9 c5 X
* J0 ], k, i7 ^! l2 C! x
现在看到的是结构SYSTEM_PROCESSOR_TIMES提供的系统
处理器的使用情况,包括各种情况下的使用时间及中断数目:
: @" _5 W$ M( U. ?' t
3 H' H4 l5 m9 Q+ \1 etypedefstruct__SYSTEM_PROCESSOR_TIMES
/ N6 K" v. c% r{
4 O; @6 \, H# L9 U& C5 t# \LARGE_INTEGERIdleTime; //空闲时间;
% ?$ z! Y4 }9 Y+ ~. z/ W% }% rLARGE_INTEGERKernelTime; //内核模式时间;
) y% r ]* @4 O. P' L6 @9 Z, qLARGE_INTEGERUserTime; //用户模式时间;
9 M/ j5 w9 {- H. l l* K: }& @+ _
LARGE_INTEGERDpcTime; //延迟过程调用时间;
7 |9 j+ n. [1 R' }: Z& a! rLARGE_INTEGERInterruptTime; //中断时间;
) S& [$ m0 _) I3 _2 H, dULONG InterruptCount; //中断次数;
/ G+ s% U5 g5 H e0 r' g# ] Z}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;
) M5 V- l }# ~2 w
( \% P1 R/ X# g' L( h' O; J! u1 V9 B
( u1 X6 x2 S3 m- @
页文件的使用情况,SYSTEM_PAGEFILE_INFORMATION提供了所需的相关信息:
9 d2 L+ F# ^* J6 W! N8 Y8 ~1 g
typedefstruct_SYSTEM_PAGEFILE_INFORMATION
% p! C5 g" v5 j* \8 U0 W$ H
{
I& `% B5 k; p
ULONGNetxEntryOffset; //下一个结构的偏移量;
* c8 [3 T- @/ u$ @ h1 YULONGCurrentSize; //当前页文件大小;
8 g0 W; k8 x4 m) q) [2 D/ G
ULONGTotalUsed; //当前使用的页文件数;
7 a/ G1 Y* O' z( }7 \6 y( Y9 {
ULONGPeakUsed; //当前使用的页文件峰值数;
- A' ?; x: L( |# i8 W: J$ ^UNICODE_STRINGFileName; //页文件的文件名称;
+ ?# A) m- [; K' \; |' Y2 P}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;
" m3 _) e4 ~3 j+ z/ _7 S- V) G( G: ?
系统高速缓存的使用情况参见结构SYSTEM_CACHE_INFORMATION提供的信息:
3 `( G/ W0 N, K3 w* M8 B% p# b) \) @1 W' @1 [+ @& F
typedefstruct_SYSTEM_CACHE_INFORMATION
T9 U7 C1 U- v8 U, _4 I& d% C
{
# A6 j5 y4 D4 |9 [ULONGSystemCacheWsSize; //高速缓存大小;
* P6 y2 n/ [' F# ^: Y; @; QULONGSystemCacheWsPeakSize; //高速缓存峰值大小;
- @4 |+ d/ r. x$ O, G {ULONGSystemCacheWsFaults; //高速缓存页故障数目;
* b$ o3 ]" y- I+ z' r5 lULONGSystemCacheWsMinimum; //高速缓存最小页大小;
* U- ?" C$ P+ k; WULONGSystemCacheWsMaximum; //高速缓存最大页大小;
% g$ b2 Z1 J# a) H8 o
ULONGTransitionSharedPages; //
共享页数目;
" W6 |+ p/ a/ ^/ g
ULONGTransitionSharedPagesPeak; //共享页峰值数目;
4 X/ b! ?2 ~; {- I% f& E
ULONGReserved[2];
& W! T3 O& Z4 S |: p# E) n5 w
}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;
7 S" D# c6 w f% N9 b4 ~
# b; \+ y w* n" |
附录:(所有完整
源代码,您可以到我们FZ5FZ的主页
下载)。
4 p! [3 m% I* H. W' x2 P9 b3 y( U
1.T-PMList的头文件源代码:
1 P$ c8 s8 @( }6 O9 y& e+ Q6 {
5 a+ U0 u/ U, t0 X#ifndefT_PMLIST_H
% L& z2 k/ H$ e#defineT_PMLIST_H
" z! m5 C% X0 a4 g; [' g: X
! u( L" z$ S6 a( ~7 j+ p2 x. [5 S$ n" p#include%26lt;
windows.h%26gt;
) H. c, q# @/ n! ^
#include%26lt;stdio.h%26gt;
$ e: I% `1 b! Q0 k
5 n5 \1 H2 \% s! C1 i7 [
#defineNT_PROCESSTHREAD_INFO 0x05
1 R# D& I9 p$ c#defineMAX_INFO_BUF_LEN 0x500000
, I/ n. H% X1 J8 Y- E4 L+ c
#defineSTATUS_SUCCESS ((NTSTATUS)0x00000000L)
5 U2 b/ }9 Z/ W6 i7 L& \4 @#defineSTATUS_INFO_LENGTH_MISMATCH((NTSTATUS)0xC0000004L)
: t/ g0 x+ }" s$ R* d" t! u
$ E* k# y) J, C: Y- e5 B: C4 BtypedefLONGNTSTATUS;
1 J5 E5 a1 |( K5 A6 A8 P; v
& M4 A2 b: P% @
typedefstruct_LSA_UNICODE_STRING
- F6 {4 c& N- r2 g+ `# F8 b7 @
{
0 N- Z. i; V* H8 A+ b% j
USHORTLength;
& ?( F' z- `" ?$ n: d' c
USHORTMaximumLength;
/ {1 a. C9 E( o$ \7 PPWSTRBuffer;
, J: V- H9 M4 d5 l# m2 g4 r' v$ n
}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
h3 l+ `8 g. E$ l& ]typedefLSA_UNICODE_STRINGUNICODE_STRING,*PUNICODE_STRING;
) I$ V3 l# v8 M2 T% J7 I8 \& k( n1 `9 V- F" C0 j
, n |$ I0 ?, A; vtypedefstruct_CLIENT_ID
/ W& @6 {4 p2 g0 l3 e
{
( s) o. h, |% ^2 {HANDLEUniqueProcess;
# Y% A o/ t! SHANDLEUniqueThread;
) f1 m" I5 A3 h) A- D1 l
}CLIENT_ID;
$ h3 C' X8 p" g/ jtypedefCLIENT_ID*PCLIENT_ID;
0 W% L& h% N2 K2 q* o) |
! @/ K' L! r0 M) C9 btypedefLONGKPRIOR99vY;
& p4 |3 X0 o. H6 m. u
7 b2 `% Y# b9 \( n9 [ w. n# Ltypedefstruct_VM_COUNTERS
( P' j; z( \# g# y6 R{
, m% g# W8 I/ V' V7 E. H2 ^
ULONGPeakVirtualSize;
( _- G2 Q1 p5 n% r* F; QULONGVirtualSize;
- r' I: \ g' A l0 Z# d; EULONGPageFaultCount;
( t3 Y) e4 G/ } n+ C O/ Q
ULONGPeakWorkingSetSize;
$ {0 P8 d1 d' Y7 L3 f9 ^& I" gULONGWorkingSetSize;
6 ` C8 S4 z8 }: |
ULONGQuotaPeakPagedPoolUsage;
" n. z4 J$ f9 a, g- {7 z$ LULONGQuotaPagedPoolUsage;
" x( j' P& T d$ k; V: DULONGQuotaPeakNonPagedPoolUsage;
5 Q% l$ Q, N* bULONGQuotaNonPagedPoolUsage;
, v, J1 P# r! a, I; EULONGPagefileUsage;
( X8 p( c: o8 z' ]% CULONGPeakPagefileUsage;
$ O; l) G' V; c; @/ Z. F
}VM_COUNTERS,*PVM_COUNTERS;
% M. {6 c1 L X5 ?9 R i6 m9 J5 r
( q; q. k( f- f. n
typedefstruct_IO_COUNTERS
! Q+ J3 a: a- T% e{
3 T2 q9 A0 z" H$ v5 X2 |
LARGE_INTEGERReadOperationCount;
' o' j4 f& W) [8 r) X2 A" Y2 W
LARGE_INTEGERWriteOperationCount;
% |) u& J, ^& c% V4 C
LARGE_INTEGEROtherOperationCount;
% W4 m5 m8 U6 f) i& S/ L+ B$ t4 T* YLARGE_INTEGERReadTransferCount;
$ j* z1 P9 D3 t: y1 \( q6 sLARGE_INTEGERWriteTransferCount;
9 y y' U# r/ z" H# H) W- mLARGE_INTEGEROtherTransferCount;
" {# D) T# f+ N( G* Q0 h. N9 s}IO_COUNTERS,*PIO_COUNTERS;
+ T& n& d* A2 p: C" \2 [8 I8 M. g% J1 Z& n8 {
typedefenum_THREAD_STATE
0 k- \0 D8 _: e* k( I5 F5 b{
. N: G- m' p1 b2 C% @) k; V% n
StateInitialized,
! i; g' E! p( ]1 {! ?/ f
StateReady,
h O3 d/ Z, e7 i2 o) e; \2 wStateRunning,
( B# Q4 A7 ~8 w3 a
StateStandby,
' m b5 n8 \% b7 Y0 L
StateTerminated,
& w+ k7 J7 R+ `9 q& _, o
StateWait,
' o: C* H; v( |6 q. ?* `/ P0 \
StateTransition,
" [9 D/ d: t$ X0 U' t
StateUnknown
2 Z( X o' M/ ] \. c0 w$ ]0 o7 _
}THREAD_STATE;
6 J+ E0 X5 M) J
5 L( \, g" l* d5 _' x5 @0 ~1 @
typedefenum_KWA99v_REASON
& s) o% O7 J- T& Y( M3 K" G4 ?
{
6 Q4 {: [% ~# v$ I& K" u/ Q
Executive,
4 c. X# F1 l! G9 W' {6 l' BFreePage,
9 P+ T3 `. z0 p2 c+ T: ]PageIn,
" J& s% z k$ T: u2 X: Q' y. c$ e/ fPoolAllocation,
! W$ L4 q0 l; z3 |
DelayExecution,
Y' v; z e0 z ]# bSuspended,
9 H2 R5 `( l6 O6 _) n" D9 p' }
UserRequest,
6 s) [ l4 o% @) ~3 U& z, ^
WrExecutive,
. d' c* a1 x, C9 }% g/ ~8 a6 A
WrFreePage,
/ `$ M; \1 V" m+ D4 wWrPageIn,
- U v, r. O! B% U2 K7 {
WrPoolAllocation,
$ Y- o" X/ \7 M' T! @' \+ ?
WrDelayExecution,
3 g3 d$ V+ @1 K" E% @* s+ ?WrSuspended,
0 ]& U' F. u& F3 J+ v, O
WrUserRequest,
- }/ O2 Z+ x% I4 I, T4 S3 XWrEventPair,
$ M+ C4 Z; b! H' Q2 h' C6 f* x
WrQueue,
: G* n' W: i2 h- j2 CWrLpcReceive,
4 j+ d6 t( D& {( @; eWrLpcReply,
& f) u6 T) J& i+ n
WrVertualMemory,
" l& C- k" [0 H0 M9 {WrPageOut,
$ h2 }/ H5 S2 M3 O2 h6 FWrRendezvous,
4 U' u) ~; I0 H2 E/ z2 [; D% wSpare2,
8 s/ f D V7 s7 T3 e9 F" f* ySpare3,
# G1 B3 |) g; K f' p; wSpare4,
/ W$ T/ Z/ y+ n \Spare5,
0 R- l3 K* H# F! [7 ^: M2 ESpare6,
' q4 p. b# K8 ~' E5 HWrKernel
4 _( J3 o, A; e- i}KWA99v_REASON;
5 P. P: Z; D9 ^0 L
" u+ }9 g* {/ y. @7 r& c& g& wtypedefstruct_SYSTEM_THREADS
6 D5 t, M; w! _
{
: w" y4 O6 w0 M- {
LARGE_INTEGERKernelTime;
+ ]* M. q+ X3 A0 J A3 z; j
LARGE_INTEGERUserTime;
, O* i2 g# x/ y3 X
LARGE_INTEGERCreateTime;
3 U3 N a( ~1 rULONG WaitTime;
+ u/ _2 d) Z0 B( a7 e0 S* ^PVOID StartAddress;
4 E+ j( b8 L) F0 j, \
CLIENT_ID ClientId;
. n5 b0 Z! w: R+ J. E3 {: ~" v
KPRIOR99vY Priority;
% M2 \$ l+ r) K8 v( J3 p/ l
KPRIOR99vY BasePriority;
' b9 f7 l4 f x( P8 m: S# ?" W. G* ~) l
ULONG ContextSwitchCount;
, }: Q8 t2 r" c; UTHREAD_STATEState;
3 q0 d/ F6 }! e* r
KWA99v_REASONWaitReason;
9 ]2 r) l! m1 ~/ v6 M) U1 ^. ~}SYSTEM_THREADS,*PSYSTEM_THREADS;
' G3 S% b: x+ k+ L4 l. a
5 k2 x0 [" a- k! h3 I* y1 g
typedefstruct_SYSTEM_PROCESSES
* M7 m8 K# N" j" H' {0 {) T, s
{
' C% p8 T# K- T1 a7 Z6 z3 x
ULONG NextEntryDelta;
/ a! n4 ~& j' H) [3 GULONG ThreadCount;
1 X/ W# \ ^; {6 }/ p6 ]8 e' ^ULONG Reserved1[6];
9 Z# x' |" t5 \# \ K
LARGE_INTEGERCreateTime;
% E Z/ g/ i6 A) V/ S
LARGE_INTEGERUserTime;
7 Z$ e7 u0 w3 G7 ~" K& eLARGE_INTEGERKernelTime;
( C2 W; m3 g4 K
UNICODE_STRINGProcessName;
, C5 y8 L$ O8 i7 V( jKPRIOR99vY BasePriority;
; O0 N. l! z( k: z$ r% ^
ULONG ProcessId;
8 v: D) T, X, ^) n1 \; o
ULONG InheritedFromProcessId;
( u# H( q2 [0 ]! q0 R3 T
ULONG HandleCount;
$ t. B N) _, z: ] L; N" N, Z' l
ULONG Reserved2[2];
0 D7 ]1 S7 z+ Q0 R1 M6 d2 PVM_COUNTERS VmCounters;
+ X6 d. C* O$ ? t6 W. z$ D3 \9 H
IO_COUNTERS IoCounters;
5 O9 U2 S& X4 M/ I2 FSYSTEM_THREADSThreads[1];
. A3 A0 q/ g# X}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
% N$ ~% k9 x" e q
# @5 ]# [+ e5 p! I( \typedefDWORD SYSTEM_INFORMATION_CLASS;
3 \$ C% O8 e/ u5 _3 O4 qtypedefNTSTATUS(__stdcall*NTQUERYSYSTEMINFORMATION)
+ I- t$ C2 \" ]2 W J G
(IN SYSTEM_INFORMATION_CLASS,
) P; t3 z3 d4 c+ Y8 _; k. R0 f
INOUTPVOID,
0 S. Y. N, w/ U* Q
IN ULONG,
$ [7 P L- l- a( C9 d0 V. Z; T. L OUT PULONGOPTIONAL);
% e+ q( W9 D$ A
NTQUERYSYSTEMINFORMATIONNtQuerySystemInformation;
! q; P2 |$ S& U5 ]3 Y Q! Y- {5 q0 x( @7 a" S8 l1 k/ u) h
! h! P% f" Z5 z& T" Q
DWORDEnumProcess()
; P- p. Y$ @+ R. n
{
2 Z0 R$ }3 q6 Q
PSYSTEM_PROCESSESpSystemProc;
6 X) B- A0 A' x" j) z$ t8 }
HMODULE hNtDll =NULL;
9 J: E. ^' Z2 I4 O R: f0 G" YLPVOID lpSystemInfo=NULL;
2 [4 n7 {( f4 sDWORD dwNumberBytes=MAX_INFO_BUF_LEN;
: Y" o' Z$ d" y, d3 ?; k- c" f
DWORD dwTotalProcess=0;
" k. [4 x2 ] I+ a& dDWORD dwReturnLength;
4 G" c3 G+ d3 r8 O; x# m0 \
NTSTATUS Status;
& E% b3 C) Q. |2 q v* T
LONGLONG llTempTime;
0 j3 d' P; B/ S' e8 b( p. K( Z& Z__try
9 `! P8 h/ E$ K2 C9 C Q{
6 H, O. K: e7 \& f' ^* b
hNtDll=LoadLibrary("NtDll.dll");
/ y/ |+ H* d% B3 @4 } if(hNtDll==NULL)
% J G! o$ Y. G: r2 N{
9 J9 L+ ?6 U& r' Q) U& A printf("LoadLibraryError:%d\n",GetLastError());
4 [* v/ n6 @; c* q j5 I
__leave;
0 H6 A2 Q7 Y4 |+ a0 K
}
! X. h. J/ y! |6 \6 | a1 G& k/ M+ \/ a2 h$ u
NtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");
) @) I7 f' e% L4 M if(NtQuerySystemInformation==NULL)
8 o7 w" M/ J4 z( i% K& P# j4 h
{
$ h# ?7 @, Z" w: V, g) i printf("GetProcAddressforNtQuerySystemInformationError:%d\n",GetLastError());
1 }/ \4 H- p& \) s J __leave;
6 }$ A" x/ R6 a. j9 s! Q7 g
}
0 L- s, |7 z$ j: \3 k. g4 n
& V( k0 h9 [) ~- V0 j9 q4 QlpSystemInfo=(LPVOID)malloc(dwNumberBytes);
! z8 Y3 h1 D" b
Status=NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,
/ X9 p, o4 P8 @9 l, L* x
lpSystemInfo,
* b ?: D( ^) _dwNumberBytes,
' Z5 g& g1 s; ^7 C" [' q
%26dwReturnLength);
3 J- ~9 {9 }: Q
if(Status==STATUS_INFO_LENGTH_MISMATCH)
2 d; T. R2 u* N4 {* V$ Z- `{
0 \- W8 m4 b" J7 T
printf("STATUS_INFO_LENGTH_MISMATCH\n");
/ M1 @4 R1 s: t/ n g5 h/ ]* h
__leave;
7 d- N- T; U/ T, n: ~7 z+ B: i}
! G& B, o& R4 felseif(Status!=STATUS_SUCCESS)
/ c3 J8 V! R: Q9 o l7 h! }* N2 ]
{
6 H! C! P6 `& h0 S0 N1 k1 |
printf("NtQuerySystemInformationError:%d\n",GetLastError());
2 N' g, U; ^' S- {__leave;
. z( E& Y; O+ u) B) ?* O, x}
4 u9 h' Z6 Q7 D- t9 r X3 Z( J! ~$ W- s0 E, E7 n
printf("%-20s%6s%7s%8s%6s%7s%7s%13s\n","
rocessName","
ID","
PID","WsSize","
rio.","Thread","Handle","CPUTime");
* Z( r4 u3 _! X: z" X
printf("--------------------------------------------------------------------------\n");
7 V* F; ]1 s( W9 w4 i. B- S7 m. c
pSystemProc=(PSYSTEM_PROCESSES)lpSystemInfo;
1 P2 R' G/ w9 E* ]while(pSystemProc-%26gt;NextEntryDelta!=0)
) }7 e8 h/ l8 C- T# L{
; Z' \: B* ?7 H5 o, {if(pSystemProc-%26gt
rocessId!=0)
9 A+ H5 \6 H5 |. H) O{
! R0 E1 H x3 O0 U* C9 R9 W: h) r) H7 j
wprintf(L"%-20s",pSystemProc-%26gt;ProcessName.Buffer);
, c# O$ a/ W6 N2 v7 [4 q
}
4 a8 Q' k4 j2 U6 \else
, Z/ F1 a" M# ^8 ]6 o{
) k$ @& d, F! y4 Q
wprintf(L"%-20s",L"SystemIdleProcess");
- I2 `8 p$ H$ m6 G9 r}
; z1 m3 }) M) ~printf("%6d",pSystemProc-%26gt;ProcessId);
) O; z/ K" f% j. i; }printf("%7d",pSystemProc-%26gt;InheritedFromProcessId);
# [# B; j1 t5 j1 d; a; \printf("%7dK",pSystemProc-%26gt;VmCounters.WorkingSetSize/1024);
5 s& {) |! y0 C9 uprintf("%6d",pSystemProc-%26gt;BasePriority);
, D6 \ T9 ~8 q- S# t( `printf("%7d",pSystemProc-%26gt;ThreadCount);
4 O. |. \$ X0 X( }
printf("%7d",pSystemProc-%26gt;HandleCount);
, v d& q# F8 a y& N; G
llTempTime=pSystemProc-%26gt;KernelTime.QuadPart+pSystemProc-%26gt;UserTime.QuadPart;
/ A+ p2 t8 v. K
llTempTime/=10000;
( W5 r' O, _; z2 sprintf("%3d:",llTempTime/(60*60*1000));
) R. o5 Z) n- `, r$ j4 C/ g
llTempTime%=60*60*1000;
0 g% J, a, [* T' j/ s( h* s, Z
printf("%.2d:",llTempTime/(60*1000));
. A$ N, h$ T w' |5 n
llTempTime%=60*1000;
1 S9 ^% g6 R$ ~; J, ?/ L6 ^! Vprintf("%.2d.",llTempTime/1000);
7 \' I, _1 Y) Y) E9 Y. t+ B7 n1 VllTempTime%=1000;
: [- N6 @: m- |& l5 Gprintf("%.3d",llTempTime);
3 `* x/ r* j% `2 o& Z) t; c
2 y# q+ `+ @+ H z8 uprintf("\n");
3 |( S( R( L% ]% O. }
dwTotalProcess++;
1 S0 s7 \2 `, d4 ~7 J! q3 mpSystemProc=(PSYSTEM_PROCESSES)((char*)pSystemProc+pSystemProc-%26gt;NextEntryDelta);
( J; L( G+ G6 D* B' b! v}
. K: ]* W1 N1 t! d5 w7 [, Y( Zprintf("--------------------------------------------------------------------------\n");
& {# y' Y' W3 x& Q& B
printf("\nTotal%dProcess(es)!\n\n",dwTotalProcess);
9 [. R3 A, R, ^) J9 h$ cprintf("PID\t==%26gt;ProcessIdentification\n");
' L0 H- @' F, l- Hprintf("PPID\t==%26gt;ParentProcessIdentification\n");
- a4 C6 J& V7 N: Y
printf("WsSize\t==%26gt;WorkingSetSize\n");
+ ^) U- l1 f5 W5 O: ]% hprintf("Prio.\t==%26gt;BasePriority\n");
2 V! S- H9 \: Z% L5 _+ ~) L
printf("Thread\t==%26gt;ThreadCount\n");
3 u4 P; {, B( t
printf("Handle\t==%26gt;HandleCount\n");
# ]" R$ ?: l% e& H
printf("CPUTime==%26gt;ProcessorTime\n");
2 }9 E/ h4 x: C0 r. h# b# Y9 s F
}
/ n9 s+ x6 Y$ B" u% u6 X__finally
% g2 O4 V# `6 X( l{
# h4 ~9 m% Y# Z3 n, @/ I, b
if(lpSystemInfo!=NULL)
* [1 O! U+ g0 X2 r2 y! Z
{
; ?; v' F% j' K* I& s& {# Y$ qfree(lpSystemInfo);
& a4 F9 D, B& Y! S5 l3 J1 W) I}
# x" i: Z7 y# v5 D8 iif(hNtDll!=NULL)
! q& t* a1 p) R; {" N; D" Q{
$ N. r7 X2 w |8 |/ S FreeLibrary(hNtDll);
: k* A+ f$ y3 @}
# {% [6 P. U% y6 B% [4 ]
}
1 u/ n4 a7 v0 C$ l3 w' V* T$ }+ ~$ e2 G0 C
return0;
0 g; E& ^# ~7 T* ]; ^6 W2 L
}
5 h8 }! x- v5 f
# t' z% a( b0 F3 L' a9 z: a7 V$ y
DWORDSpeciProcess(DWORDdwPID)
6 ^& G; W9 c( G6 c+ k
{
# c3 ?* I6 c) ~) V- N PSYSTEM_PROCESSESpSystemProc =NULL;
8 N! L+ k# X5 N/ B, b; r
PSYSTEM_THREADS pSystemThre =NULL;
- b" O: P$ B: y5 B! f( J
HMODULE hNtDll =NULL;
6 t" E5 x# e4 _% [" K
LPVOID lpSystemInfo=NULL;
$ s5 c5 b, ^6 P* Q
DWORD dwNumberBytes=MAX_INFO_BUF_LEN;
* r& {" o2 J1 S1 P. n; ~6 j( VDWORD dwTotalProcess=0;
* B0 I4 r2 t& f y2 SDWORD dwReturnLength;
4 w- v5 ^4 |4 W$ T
NTSTATUS Status;
6 a: I) m4 w, t/ n6 f& F' U+ c+ Q. GLONGLONG llTempTime;
6 U9 j& \/ G! e: Z0 Z' r; U! O
ULONG ulIndex;
( K* a& o$ |6 m/ B) Q! Y2 I# s4 F1 ]6 _+ J. z z( G2 x- ~7 z
__try
9 M, ?7 b i, d0 F* c( [! G: u{
6 n9 P& ^, {! k5 o$ x) r5 n
hNtDll=LoadLibrary("NtDll.dll");
5 U: E7 Z% x4 M; z
if(hNtDll==NULL)
) A B* ^+ {; ^. L% Q{
, W7 w7 o/ A- t! s7 q8 U
printf("LoadLibraryError:%d\n",GetLastError());
* |' p e2 x# [7 S __leave;
- Q/ N7 Z+ ]+ ]. M9 ]1 D' {
}
& O: @9 f, f1 @+ |$ V; R7 \
9 e% z& i H% m" Y& j
NtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");
: Q: \: j5 s% A, S6 ^' u1 m if(NtQuerySystemInformation==NULL)
& g& W9 U1 l L% b{
* m6 k. I8 [7 U) P7 G, l4 L5 u
printf("GetProcAddressforNtQuerySystemInformationError:%d\n",GetLastError());
/ _$ g: _$ h$ T __leave;
- [3 X k; T, `# F, ?, Q, P
}
) Z; R4 p' D. w! m( A! h- m3 ?5 V4 R; H: C$ ~3 U4 T# {/ M9 V
lpSystemInfo=(LPVOID)malloc(dwNumberBytes);
& O) d- ~% Y7 Y a, NStatus=NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,
; A0 L- B" f( b' ~
lpSystemInfo,
9 J& R9 ^/ C# N; y" y- c& b; ndwNumberBytes,
/ o* Q6 @$ N3 t6 h8 y4 S%26dwReturnLength);
$ u: x7 T! ]4 Z0 G) m
if(Status==STATUS_INFO_LENGTH_MISMATCH)
# ~" A* T4 B4 V+ U3 [{
2 q: |! _. V) O* ~0 w
printf("STATUS_INFO_LENGTH_MISMATCH\n");
) L( |; l7 W2 F, G( U8 Y" e
__leave;
: s& m/ c4 Z6 k}
) i/ C" H3 r0 w
elseif(Status!=STATUS_SUCCESS)
8 ]9 G! H6 f/ z
{
7 R% D9 N- `: A5 [0 \8 I9 C2 W0 H
printf("NtQuerySystemInformationError:%d\n",GetLastError());
+ H3 q5 N$ g7 E. d; H/ R* W
__leave;
4 z, m) y% r x+ k! w# |% t4 X9 A0 E- v}
3 p! O5 `, l9 q& u4 c* q( C% f
; q* o* G& v \( A5 p5 cpSystemProc=(PSYSTEM_PROCESSES)lpSystemInfo;
* {4 c& i# ~9 N+ K. O+ G/ ?
while(pSystemProc-%26gt;NextEntryDelta!=0)
$ l) ]( I3 S: u4 T
{
9 ]* P! V0 r N) T' I9 D& Xif(pSystemProc-%26gt;ProcessId==dwPID)
; ]& F( U: e6 T& R" L8 ]& j
{
( Y' ]) h# z: ]/ I3 G
printf("ProcessName:\t\t");
9 M$ G( b# }4 o4 L+ |; `' B' A
if(pSystemProc-%26gt;ProcessId!=0)
2 l5 m( ]5 ?2 h1 n( ]
{
/ q8 \5 W# d" R* U9 E. K! mwprintf(L"%-20s\n",pSystemProc-%26gt;ProcessName.Buffer);
2 a! [9 V9 Y4 u7 k% _4 k3 h4 T
}
3 j5 i4 Q+ D! H+ ]* {; K. L R& K
else
_' v7 i7 R" {. R/ ^1 x s{
6 F' V" c- }9 t* Zwprintf(L"%-20s\n",L"SystemIdleProcess");
+ P/ q$ \2 {5 t* U1 k# M) ]
}
* Y- T" C& X) x( p$ R8 d2 ~2 pprintf("ProcessID:\t\t%d\t\t",pSystemProc-%26gt;ProcessId);
3 {$ }8 Z+ w$ ?; g4 d
printf("ParentProcessID:\t%d\n",pSystemProc-%26gt;InheritedFromProcessId);
3 i; q" ^) `7 s- _; ?+ y% U" e' t+ P* E: Q/ m+ C+ ]
printf("KernelTime:\t\t");
" c& v% }. L- r3 g! a" kllTempTime=pSystemProc-%26gt;KernelTime.QuadPart;
5 C) A; _1 S7 L& _llTempTime/=10000;
3 J. ]! \ H9 |1 T; u
printf("%d:",llTempTime/(60*60*1000));
# x% ~- ]8 M1 Q1 E* P$ ?
llTempTime%=60*60*1000;
# d' e1 i8 e( U
printf("%.2d:",llTempTime/(60*1000));
# ~8 D( A: Z7 h5 x# Q/ b4 OllTempTime%=60*1000;
9 P2 d5 b# b' E" f. Gprintf("%.2d.",llTempTime/1000);
) A' Z7 V3 J* W2 G) vllTempTime%=1000;
% O$ |& [% O; G9 U- \$ O& \
printf("%.3d\t",llTempTime);
# p/ _$ |( g6 x8 d0 ?! }6 n* @9 x: \
# a* S2 V) ^. o
printf("UserTime:\t\t");
* d- u- y& N5 @
llTempTime=pSystemProc-%26gt;UserTime.QuadPart;
- f' Y3 d5 o- g. [& l2 n7 k
llTempTime/=10000;
/ h: \ H, D6 u
printf("%d:",llTempTime/(60*60*1000));
* p4 q4 \9 z1 allTempTime%=60*60*1000;
. _. \0 \* r& `* r
printf("%.2d:",llTempTime/(60*1000));
: o2 Z; T' I% L- O4 w
llTempTime%=60*1000;
& W5 p* S) C" ?% y2 c
printf("%.2d.",llTempTime/1000);
0 {9 A& ?& S) H {& h* L+ MllTempTime%=1000;
" t) r6 |" }3 K1 t! _9 \& _printf("%.3d\n",llTempTime);
. A! \1 s1 |; P. I9 ^1 w
# H; }: `8 ?8 Uprintf("Privilege:\t\t%d%%\t\t",(pSystemProc-%26gt;KernelTime.QuadPart*100)/(pSystemProc-%26gt;KernelTime.QuadPart+pSystemProc-%26gt;UserTime.QuadPart));
' f5 r, ~1 [$ ^' R1 v- Nprintf("User:\t\t\t%d%%\n",(pSystemProc-%26gt;UserTime.QuadPart*100)/(pSystemProc-%26gt;KernelTime.QuadPart+pSystemProc-%26gt;UserTime.QuadPart));
: |8 c1 W# p% X- B! d+ A- b7 g
; Z6 V m' V2 d2 s4 I4 l0 {printf("ThreadCount:\t\t%d\t\t",pSystemProc-%26gt;ThreadCount);
8 h% K# e1 Y0 Sprintf("HandleCount:\t\t%d\n",pSystemProc-%26gt;HandleCount);
: w5 ~; ?7 W" X0 {( I
; i% u# q" _+ E5 j7 j3 K8 nprintf("BasePriority:\t\t%-2d\t\t",pSystemProc-%26gt;BasePriority);
# ^( Y# I; U+ {
printf("PageFaultCount:\t\t%d\n\n",pSystemProc-%26gt;VmCounters.PageFaultCount);
9 N4 W5 M9 t9 `0 m9 `
/ i2 y, U' z) ^& gprintf("PeakWorkingSetSize(K):\t%-8d\t",pSystemProc-%26gt;VmCounters.PeakWorkingSetSize/1024);
# r* T3 I; U) d! x8 W2 ^/ M" e
printf("WorkingSetSize(K):\t%-8d\n",pSystemProc-%26gt;VmCounters.WorkingSetSize/1024);
( r9 L& ^ R- T7 v' j' _4 X p, g6 c* ~8 {
1 |+ y; C8 {+ q6 t# }5 ]2 \
printf("PeakPagedPool(K):\t%-8d\t",pSystemProc-%26gt;VmCounters.QuotaPeakPagedPoolUsage/1024);
6 g0 \( Y2 j7 {0 `2 O k& H
printf("PagedPool(K):\t\t%-8d\n",pSystemProc-%26gt;VmCounters.QuotaPagedPoolUsage/1024);
3 v S) {$ I8 N2 ?printf("PeakNonPagedPook(K):\t%-8d\t",pSystemProc-%26gt;VmCounters.QuotaPeakNonPagedPoolUsage/1024);
9 j2 s* ]! U) O+ G: Oprintf("NonePagedPook(K):\t%-8d\n",pSystemProc-%26gt;VmCounters.QuotaNonPagedPoolUsage/1024);
7 D8 I1 e' j2 z
; |. ~: }* A9 Y# _printf("PeakPagefile(K):\t%-8d\t",pSystemProc-%26gt;VmCounters.PeakPagefileUsage/1024);
; P' X. K: e' d! f1 z/ j" ?$ h1 Zprintf("Pagefile(K):\t\t%-8d\n",pSystemProc-%26gt;VmCounters.PagefileUsage/1024);
7 N B: W2 A& Y
' b( k. R: h9 f! K' |printf("PeakVirtualSize(K):\t%-8d\t",pSystemProc-%26gt;VmCounters.PeakVirtualSize/1024);
% K, {- s; b: K0 o: h+ k7 t
printf("VirtualSize(K):\t\t%-8d\n\n",pSystemProc-%26gt;VmCounters.VirtualSize/1024);
4 T1 y3 ~" n+ k4 f" @" v& E8 S
8 m3 W' B% C$ V4 R3 lprintf("ReadTransfer:\t\t%-8d\t",pSystemProc-%26gt;IoCounters.ReadTransferCount);
# ?$ m, W8 @5 |: `printf("ReadOperationCount:\t%-8d\n",pSystemProc-%26gt;IoCounters.ReadOperationCount);
- T$ b& f& s' C* i7 d: Q! Q1 y" b
- C( V5 q. q% U; d N6 N% w
printf("WriteTransfer:\t\t%-8d\t",pSystemProc-%26gt;IoCounters.WriteTransferCount);
0 P( W+ A$ D. C- u5 J7 ~# Y$ \printf("WriteOperationCount:\t%-8d\n",pSystemProc-%26gt;IoCounters.WriteOperationCount);
2 `' p) O2 W# ~0 i, F
* l$ T( q! M" \9 v; @: l
printf("OtherTransfer:\t\t%-8d\t",pSystemProc-%26gt;IoCounters.OtherTransferCount);
( I' m/ o4 V7 |& [% N5 iprintf("OtherOperationCount:\t%-8d\n\n",pSystemProc-%26gt;IoCounters.OtherOperationCount);
; U) Z& \+ |7 M; m. L7 a
2 Y8 @5 k3 u- c' [printf("%-5s%3s%4s%5s%5s%11s%12s%12s%7s%6s%9s\n","TID","Pri","BPr","Priv","User","KernelTime","UserTime","StartAddr","CSwitC","State","WtReason");
. p& }, X- C2 l [) c' g/ T
printf("-------------------------------------------------------------------------------\n");
7 h4 I1 R( g* ?1 ^ e% e$ A
6 t8 C3 p) }, l5 W3 n/ z
for(ulIndex=0;ulIndex%26lt;pSystemProc-%26gt;ThreadCount;ulIndex++)
/ U( p& ?; v* n& G1 d4 k4 M+ d* c{
7 [% L# c3 X0 S8 W2 l' r2 l7 zpSystemThre=%26pSystemProc-%26gt;Threads[ulIndex];
5 e, \& I' N' k# u& y4 E: @3 Vprintf("%-5d",pSystemProc-%26gt;Threads[ulIndex].ClientId.UniqueThread);
$ m9 T( G2 o( [. ]. i! r6 _! i- W, Y) d$ N$ e
printf("%3d",pSystemProc-%26gt;Threads[ulIndex].Priority);
9 L6 k" v# t* V9 W4 M5 l* T+ U- l+ s
printf("%4d",pSystemProc-%26gt;Threads[ulIndex].BasePriority);
* ]( h/ S, O. Q' t& Q
7 ]) q9 J" i! \+ X" ~ printf("%4d%%",(pSystemProc-%26gt;Threads[ulIndex].KernelTime.QuadPart*100)/(pSystemProc-%26gt;KernelTime.QuadPart+pSystemProc-%26gt;UserTime.QuadPart));
9 C' l2 @% }4 A printf("%4d%%",(pSystemProc-%26gt;Threads[ulIndex].UserTime.QuadPart*100)/(pSystemProc-%26gt;KernelTime.QuadPart+pSystemProc-%26gt;UserTime.QuadPart));
9 K1 q; r0 N) h
7 K" ?5 R# U4 q" R9 H9 K5 jllTempTime=pSystemProc-%26gt;Threads[ulIndex].KernelTime.QuadPart;
: z0 b, s3 W- b/ VllTempTime/=10000;
+ u. F6 b) D g3 z
printf("%2d:",llTempTime/(60*60*1000));
+ G8 i9 i# t# l- X4 z4 QllTempTime%=60*60*1000;
. G8 L: I5 |* i
printf("%.2d.",llTempTime/(60*1000));
2 C7 I+ ] s' i9 S! h0 V ~( r3 KllTempTime%=60*1000;
6 z0 B$ j% ~8 Q" L; wprintf("%.2d.",llTempTime/1000);
# k r) z4 N% i5 J D0 b$ EllTempTime%=100;
4 O2 P4 T0 D$ ^# b( U6 ?5 K- `
printf("%.2d",llTempTime);
8 Y2 o) R" W/ R3 [3 k4 \# P) y, N% F1 N* t# B- W# t T8 y" ~, `
llTempTime=pSystemProc-%26gt;Threads[ulIndex].UserTime.QuadPart;
) ^6 u+ Q& i" Q; X; Z: CllTempTime/=10000;
/ Q0 @2 v. i9 G6 A$ {4 i$ `
printf("%2d:",llTempTime/(60*60*1000));
$ ~* A' `& D" w% P8 q5 X; }llTempTime%=60*60*1000;
+ u+ h( r; ~0 W1 [5 Tprintf("%.2d.",llTempTime/(60*1000));
# J2 l7 Z8 V6 D% S5 qllTempTime%=60*1000;
* n: \8 I9 w! ^# V
printf("%.2d.",llTempTime/1000);
+ `4 A) H: ^. Z# z/ v2 N" W
llTempTime%=100;
: O* V0 p. j$ K. Z/ N
printf("%.2d",llTempTime);
* j3 l# o. m9 T8 X3 N+ J1 o# z! ~+ H
printf("0x%.8X",pSystemProc-%26gt;Threads[ulIndex].StartAddress);
+ |3 I9 s$ L$ N+ ?
printf("%7d",pSystemProc-%26gt;Threads[ulIndex].ContextSwitchCount);
+ t) O5 F: {- c9 X) H' F/ O
1 [" Z/ S% Z0 H5 f" t5 dswitch(pSystemProc-%26gt;Threads[ulIndex].State)
# @, T+ F% e3 j) ?, \ G( J& v" R/ \
{
% q' s9 I z1 q m7 h+ q6 T. Z
caseStateInitialized:
+ C6 Q; u) a' j
printf("%6s","Init.");
) f0 A, r% U4 j% x, C/ N# Tbreak;
* i% S8 @4 j6 f* c* K) |) `
caseStateReady:
* j7 a; h5 q) f6 v: E; uprintf("%6s","Ready");
, s1 u1 F# I9 r9 X3 f& O* Ibreak;
# W, ]& k1 p; M8 M% d1 G' w* {
caseStateRunning:
/ S8 l, @$ P0 n" v5 qprintf("%6s","Run");
$ v p2 a* m; L; s/ V$ B
break;
+ Z x( J" a, o' o2 ?4 Z- O5 K
caseStateStandby:
8 F1 i! |3 c9 u' gprintf("%6s","StBy.");
0 Y5 j6 s* r3 |) c- d, P2 @
break;
" j ~, l4 c. P: x
caseStateTerminated:
2 v( A. n$ Y' q2 o. i6 d4 tprintf("%6s","Term.");
' N) }) m. @9 Z2 R7 E/ _. ^break;
) ]. L P; H3 }9 W3 B& t& G" Z: T
caseStateWait:
) v. f2 j* f! Q
printf("%6s","Wait");
% n+ y' q/ w5 H+ [0 wbreak;
, n7 M) x; C. o* Q0 |
caseStateTransition:
& C3 {6 t; P, X% ~! L2 c0 x3 L
printf("%6s","Tran.");
. I2 {/ i1 ]' f* zbreak;
; `3 P2 k/ t _, } G" ]
caseStateUnknown:
) j" {" u. V2 j" c/ j
printf("%6s","Unkn.");
B" {8 @$ I) u: Fbreak;
* F+ y) ]' {- ~default:
# \: _2 T5 O1 qprintf("%6s","Unkn.");
/ W' `, }( C8 E- S& Hbreak;
7 Q4 L8 r. H* i}
5 [8 U% Q# r, `7 ?7 \( P9 I8 u- C2 t% J# J/ C4 H
switch(pSystemProc-%26gt;Threads[ulIndex].WaitReason)
R4 z% K) _) L2 Q( Y% G
{
, W9 J0 x( Z" J' C, ~
caseExecutive:
* q, v l1 U2 X6 D. |2 Cprintf("%-8s","Executi.");
% ~0 v7 |3 `; B {+ q2 R
break;
) |7 m& O9 E }& \: l( O* F1 O9 l
caseFreePage:
6 }7 A% v" i+ H- M( mprintf("%-8s","FreePag.");
# H4 p& j8 }3 B. ]5 k( h) ~
break;
9 w0 N7 T0 e5 O8 ?; F( Q1 J2 a
casePageIn:
, t8 t) u" E+ p' f
printf("%-8s","PageIn");
# n- y. t# h! b& ?/ w
break;
0 m( U8 r9 U2 D' p1 F P
casePoolAllocation:
3 p, h3 ]; h0 _2 P; t% \1 @' U
printf("%-8s","PoolAll.");
, s0 w* T5 X7 o; R Vbreak;
% K7 P1 Y9 W0 U$ Q0 m* w
caseDelayExecution:
5 j4 M6 [6 ?' ]; Kprintf("%-8s","DelayEx.");
) N! {/ B, `9 x. B# w- N1 _4 k1 n
break;
4 x$ q; @, s3 B4 n% G6 G+ P; VcaseSuspended:
. j G0 E8 J( r1 H! E6 }- f9 o
printf("%-8s","Suspend.");
/ U, v3 M) n$ K/ x8 W
break;
5 r* v: X6 h; m6 _" S: j5 fcaseUserRequest:
, b7 [" A" }" K* n2 G2 `2 Aprintf("%-8s","UserReq.");
g' }$ ~- X( Y k$ D4 W6 y
break;
6 A& Z+ W8 P0 v9 R* j
caseWrExecutive:
3 m$ u/ C0 c% I
printf("%-8s","WrExect.");
6 R, I$ K* t5 p% D& H6 V
break;
; e2 T! S$ _3 R) Q/ OcaseWrFreePage:
% \1 f1 S+ M! K6 D" k) c- S1 s7 fprintf("%-8s","WrFrePg.");
6 [. F7 [7 {" j* v# C! u8 f4 p
break;
( V7 ?9 F; v L2 L. XcaseWrPageIn:
; T: |1 w1 [8 B/ X/ Y+ w% nprintf("%-8s","WrPageIn");
" S/ D9 V' {' G2 K" Fbreak;
k/ ]# z2 c, K7 c
caseWrPoolAllocation:
4 H1 ~' D' h2 G% T
printf("%-8s","WrPoolA.");
$ t2 O/ b' N; p$ s7 @" h1 ?break;
( }$ k$ e. D% @0 S9 VcaseWrSuspended:
4 M( c/ D# M" l1 eprintf("%-8s","WrSuspe.");
' i. Y, e6 V/ W4 kbreak;
. L4 e3 a& e0 O/ ]( L
caseWrUserRequest:
& m7 |8 s0 {, X$ o- U) o5 _printf("%-8s","WrUsReq.");
" Z7 C: _' h) D. N
break;
3 M$ Z, P9 L* w! k4 g5 t8 ocaseWrEventPair:
9 q D6 J$ z4 @' [! z3 Q W( r
printf("%-8s","WrEvent.");
' a" j0 w- `( O% B5 obreak;
+ P1 H. g% W, T
caseWrQueue:
, X) L5 e$ z* Q- _
printf("%-8s","WrQueue");
: |+ |( l4 `& `9 S6 i! O* [" @break;
7 i5 T% f4 ^% D# p1 a( McaseWrLpcReceive:
# C& }4 Y/ z1 } O- fprintf("%-8s","WrLpcRv.");
% ?. B! V+ t3 k: k _6 f/ D) pbreak;
7 A0 [; B6 G# |caseWrLpcReply:
2 e4 z+ @8 c( b! T8 k
printf("%-8s","WrLpcRp.");
5 g2 w$ o/ j, R+ \2 [0 {break;
; [0 e$ S; k* t) I7 |: M
caseWrVertualMemory:
$ f7 `) C2 F `) ^* E+ x
printf("%-8s","WrVerMm.");
6 y1 K6 ^6 d7 c; w' T' ]
break;
4 L; G4 m% O3 b) N/ y- K' xcaseWrPageOut:
5 J7 Z1 x0 k9 j2 }- [
printf("%-8s","WrPgOut.");
+ `7 ^0 b0 A- U g1 Wbreak;
5 t, A. E; ^ z9 y
caseWrRendezvous:
" u% W$ j" h3 J) p3 \! F
printf("%-8s","WrRende.");
3 y2 Z/ Y5 |3 q8 C
break;
& u1 P. }, R; k
caseWrKernel:
1 c8 ?& y5 o0 ~6 Z* r
printf("%-8s","WrKernel");
& g3 j) H+ L3 s1 t `8 f( vbreak;
, O# ^ U4 U. W, P0 ?) |5 d
default:
+ ~( p2 P- y1 K7 |printf("%-8s","Unknown");
- A7 l) N3 ^. Q! h5 G- E6 }
break;
# Q7 O- J1 P$ o- H$ {" y
}
" |& h) n3 f& }
printf("\n");
- q. ]3 r! f8 f) K}
) K. M' m8 Z- k3 ? printf("-------------------------------------------------------------------------------\n\n");
# Q8 k# ^1 h% w8 H% B4 c printf("Total%dThread(s)!\n\n",ulIndex);
7 p3 Z4 b8 j+ d9 ~* y/ R
& y+ B4 ]# M1 s% Z$ HdwTotalProcess++;
. R! Y5 g* g, g; h2 L" r8 d; O0 t9 r' ^# B, c
break;
: o$ c. \. B% {5 N9 R4 M7 v}
9 `1 B# P/ F1 q+ E3 ?& z. XpSystemProc=(PSYSTEM_PROCESSES)((char*)pSystemProc+pSystemProc-%26gt;NextEntryDelta);
) V" n+ N8 O; t- \" l' I5 i}
) }8 s! @& s. m0 E, E( h}
8 T# @& \0 n- v+ ?* ~1 F
__finally
4 I" q# T# w0 W6 `; F9 l) _{
% ~5 P$ }2 w' J9 C) j& D+ @if(dwTotalProcess==0)
1 Y5 u( Q: z) l6 C{
4 E4 d2 G% Q! U3 t- L' d1 K
printf("Couldnotfoundthe%dProcess!\n",dwPID);
7 x2 k* z# J" E$ w n- u}
8 W7 \: D; l( b7 J! Melse
; u: Q) K x' ~& g
{
5 j! c0 Q: x% F3 x+ P" h/ j" }
printf("TID:\t\t====%26gt;\tThreadIdentification\n");
6 u$ w6 r0 a8 _) u% ~
printf("Pri:\t\t====%26gt;\tPriority\n");
8 h8 Q+ B+ }; R: T
printf("BPr:\t\t====%26gt;\tBasePriority\n");
2 ]# J4 Q$ y1 K* H* p4 i$ |printf("Priv:\t\t====%26gt;\tPrivilege\n");
6 `7 M# s/ A3 ^1 b h3 v
printf("StartAddr:\t====%26gt;\tThreadStartAddress\n");
9 u- P2 L( V' \4 l3 |9 ~printf("CSwitC:\t\t====%26gt;\tContextSwitchCount\n");
+ y; ?& |+ J1 ~" h! ?9 i
printf("WtReason:\t====%26gt;\tWaitReason\n");
! ]1 {% p8 r( k6 E. \4 E6 k2 p9 F2 [
}
9 w; F8 `4 f4 B P7 \if(lpSystemInfo!=NULL)
8 ? e4 N) e# Q* I8 [- h/ Z
{
' K, J1 ~( h6 |, b* }) G Xfree(lpSystemInfo);
( V4 p" ]' D& Y( M4 |
}
" }8 \9 u% S6 I4 i7 A6 D; Sif(hNtDll!=NULL)
+ u+ Y0 `" m) a* G# {1 b. H
{
3 u+ ]8 Z: y7 H. ?3 [' Z/ [! G, }
FreeLibrary(hNtDll);
7 O6 Q1 \. o7 Y5 R7 C
}
e, y, g2 K0 l# D}
* V5 `* a$ A+ h7 `! @
! F7 F5 I; o% m9 Q3 W# w; S
return0;
% |5 B" |; h$ y4 ^}
7 k4 o3 b0 \' x
. Z8 x2 R2 M& H+ S s# \8 |. m
VOIDStart()
+ E5 G' E& _: w: Z3 g: O' }{
D& \% ]* g8 B( N( C- ~) \7 R4 N# kprintf("T-PMList,byTOo2y\n");
% ~$ g* a& |' p) A) p z aprintf("E-mail:TOo2y@safechina.net\n");
" N; G7 p4 @7 r J8 Q( G3 P% uprintf("HomePage:www.safechina.net\n");
+ ?' O1 k4 {9 O7 @' N+ h* k" a2 O
printf("Date:05-10-2003\n\n");
- J6 ]$ [0 |2 k
return;
: E% D# x4 g9 f- K1 T}
, Q& @8 O, V. N9 E$ y
% T) ~7 }/ G" y- w' L( d4 q; G1 I9 sVOIDUsage()
( U* _0 ~2 x3 H3 L# c2 q
{
5 A* T. [+ C7 Qprintf("Usage:\tT-PMList[-e]│[-sPID]\n");
2 C; |; b+ C! p3 mprintf("-e\tEnumerateAllProcesses\n");
+ i$ b( g) r [% Dprintf("-sPIDShowSpecialProcessInformationwithPID\n\n");
|' T& m8 v% B k
return;
( V: _) i+ n, w& N2 Z( z}
1 o( y1 _& P, v: t' `. V( A1 K* S! Y) z) \8 h1 y% q$ ^8 E( i: K+ f$ o
#endif
- w" \- c( k% N6 R% o9 Z* u( a* S1 A
2.T-PMPerf的头文件源代码:
/ ~: y: ^2 C9 O1 E
6 I* z( z5 c% n k#ifndefT_PMPERF_H
. U3 ^ P" C! c1 B" i
#defineT_PMPERF_H
% Z0 N- D$ @; [9 D0 `
' g( A! X4 E1 s# s) a% x
#include"windows.h"
9 g" n- q3 M7 e5 ~. c% s
#include"stdio.h"
3 a4 g, u. k3 y5 e# H5 x) y7 r% {. E% Y0 j- Z3 b- C$ z
#defineSYSTEM_PERF_INFO 0x02
& p" F9 F2 [$ p. t) d- c X: c! Y" R#defineSYSTEM_PROC_TIME 0x08
5 I5 Y/ R2 X2 @/ `
#defineSYSTEM_PAGE_INFO 0x12
* T. I- L( w/ p
#defineSYSTEM_CACHE_INFO 0x15
+ J2 z7 I, A4 r+ w
#defineMAX_INFO_BUF_LEN 0x500000
7 j, V/ N/ g5 @" j0 F1 s# ^* J
#defineSTATUS_SUCCESS ((NTSTATUS)0x00000000L)
5 X* F, R2 D" X s# X2 D+ H3 X7 g
typedefLONGNTSTATUS;
+ x5 N( Y# e0 a& o
typedefDWORDSYSTEM_INFORMATION_CLASS;
- W; W. F# \ g- B
& a2 l( g7 o. }. c) P0 C! ~/ I+ P
typedefstruct_LSA_UNICODE_STRING
5 r) t* Y/ a+ c# i$ F F{
+ b* @6 e. y% O7 m4 ?' XUSHORTLength;
9 ?+ _9 ~% f2 d$ }8 w
USHORTMaximumLength;
' h% j1 z' ^( S/ R6 wPWSTRBuffer;
2 Q" D' B' }* s; T}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
5 T$ d) S6 Z/ K' Y1 \
typedefLSA_UNICODE_STRINGUNICODE_STRING,*PUNICODE_STRING;
3 ~/ A4 G1 I. {) ~+ I
0 O; O4 }$ R- y( F: t. W' C# E+ m
+ Y+ d& @/ x9 d' G/ {1 etypedefstruct_SYSTEM_PERFORMANCE_INFORMATION
: A& R0 e ^# y) q
{
4 M6 z; G. K3 t3 g2 H! Q8 ?4 u% M
LARGE_INTEGERIdleTime;
+ b D' u- h3 X* J2 v+ O" LLARGE_INTEGERReadTransferCount;
: i& S; c9 t2 _6 K7 ]4 XLARGE_INTEGERWriteTransferCount;
( v5 r6 M% T2 C8 E" U& a& W, I" ?
LARGE_INTEGEROtherTransferCount;
8 {' u( V, o+ [" _3 _. _
ULONG ReadOperationCount;
6 Q8 a, L6 x, }5 h$ M: M: }
ULONG WriteOperationCount;
! x! {8 @: q# [' N& i* ^7 IULONG OtherOperationCount;
, \# K" ~3 c% k$ g& [+ }- l' L5 P
ULONG AvailablePages;
7 z' I& |' V. _+ a/ t0 u; }; r
ULONG TotalCommittedPages;
$ p7 q+ ?8 g# K' I6 ^5 ?ULONG TotalCommitLimit;
# p* X a1 Q, J& \ ]! c
ULONG PeakCommitment;
- ^2 @% g) |+ V* a+ ?, z& H5 MULONG PageFaults;
+ G* V& w' f4 Q- H+ F4 p
ULONG WriteCopyFaults;
9 h# ?% B( Z' N/ r4 Q$ DULONG TransitionFaults;
( d8 ^; E. W! G* b! L& ]5 E2 L
ULONG Reserved1;
: u0 l( k% Q# `9 j: e8 |; QULONG DemandZeroFaults;
/ }1 @. e, @* t2 v
ULONG PagesRead;
1 |# x' n* K e2 U$ I! XULONG PageReadIos;
: K2 f; K( N5 s6 l1 |
ULONG Reserved2[2];
) l) ^$ z0 v: W1 n
ULONG PagefilePagesWritten;
$ v5 q7 K- ]& Z9 v5 A8 j
ULONG PagefilePageWriteIos;
J( u/ ], N. K3 o" S+ L' y1 f
ULONG MappedFilePagesWritten;
1 d' ^- O- V; J& M+ D4 k; aULONG MappedFileWriteIos;
; \+ W5 i9 Q# L8 {# `ULONG PagedPoolUsage;
3 w: U3 Y" r( b0 {4 g1 K9 q7 r7 mULONG NonPagedPoolUsage;
$ W6 ]! U! P. Z. F# C" ^, D# L
ULONG PagedPoolAllocs;
' }8 B- {: b C* o) k. hULONG PagedPoolFrees;
5 k- z9 ~- D; zULONG NonPagedPoolAllocs;
9 ^; L6 ~2 Y$ o) s6 G- m
ULONG NonPagedPoolFress;
1 S; e3 h7 r$ }0 ^ C, }
ULONG TotalFreeSystemPtes;
3 S! C7 d; F! r. n, b6 Z8 V
ULONG SystemCodePage;
' `2 j7 [" N0 M
ULONG TotalSystemDriverPages;
; Z% n6 M- R' H6 tULONG TotalSystemCodePages;
+ |2 }) c Z2 X2 w
ULONG SmallNonPagedLookasideListAllocateHits;
/ |% e, Y; z- i8 ~# ^# t
ULONG SmallPagedLookasideListAllocateHits;
[* E3 ^+ }. w" R7 v S+ y
ULONG Reserved3;
) }' A4 f: m6 g. y% T' r1 ]
ULONG MmSystemCachePage;
1 x( j! D9 T/ ]
ULONG PagedPoolPage;
; q' G7 _, T. i- w# ~. nULONG SystemDriverPage;
/ f& T+ _( y, y! P, {
ULONG FastReadNoWait;
: G0 X1 [. J0 P0 }' @' yULONG FastReadWait;
* Z8 C* j4 i' gULONG FastReadResourceMiss;
2 A/ B" j7 O' @! ~ULONG FastReadNotPossible;
! L O9 I q" O m$ M5 EULONG FastMdlReadNoWait;
7 ^0 r, r6 ~4 ]# BULONG FastMdlReadWait;
6 J; s5 N( | `' t0 u7 mULONG FastMdlReadResourceMiss;
5 v. M2 D$ Y+ P9 zULONG FastMdlReadNotPossible;
) c5 o( F, o" T' u7 P2 a& C7 gULONG MapDataNoWait;
4 h4 o0 l. r" w
ULONG MapDataWait;
: {3 d: `- r, ]" X
ULONG MapDataNoWaitMiss;
$ P/ W+ o" f9 w8 J- I$ U% d; w: n
ULONG MapDataWaitMiss;
1 f7 s* ^" A0 f8 {8 k" i
ULONG PinMappedDataCount;
0 H! A2 o0 q) L" E. B: Y4 W7 B/ IULONG PinReadNoWait;
# n0 p' M; q+ z% ]; iULONG PinReadWait;
* P) Z+ {4 D$ b; x2 v* O) @
ULONG PinReadNoWaitMiss;
: j4 K* ]6 M d- s e" h
ULONG PinReadWaitMiss;
, w7 L9 {- F% v ^# |
ULONG CopyReadNoWait;
$ B3 h' M/ o! K5 d' w8 F
ULONG CopyReadWait;
5 w+ N& c: j7 n- d6 X9 P! r: GULONG CopyReadNoWaitMiss;
, o2 P" }2 l3 @
ULONG CopyReadWaitMiss;
( M* z# I8 P4 D8 g! C
ULONG MdlReadNoWait;
% E% e/ D9 T# P( R! nULONG MdlReadWait;
' n1 b2 ~+ z& n4 E) U( u+ lULONG MdlReadNoWaitMiss;
! y( e1 O$ G* m2 Y7 `' l/ X* F* X
ULONG MdlReadWaitMiss;
: T8 R* X# ~, A) WULONG ReadAheadIos;
2 O! v/ o/ D, e; q$ A
ULONG LazyWriteIos;
* u: W: C$ ^# h! N6 C* f' K
ULONG LazyWritePages;
) \% x$ R$ H( t
ULONG DataFlushes;
3 T1 U3 S/ m9 t0 t2 U: I7 a" e$ z
ULONG DataPages;
% _( V/ E M1 S Q3 h
ULONG ContextSwitches;
1 b# P4 o4 Q9 E" C0 |
ULONG FirstLevelTbFills;
( t Y; h! T1 F, [# D9 I4 @
ULONG SecondLevelTbFills;
1 e0 S8 O" A) M9 l2 gULONG SystemCall;
2 V3 h/ t! G) j
}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;
, Z( u5 v% `5 q4 h( |- q( e' e2 q# s+ u0 n4 N7 C; e4 @9 F
typedefstruct__SYSTEM_PROCESSOR_TIMES
- } Z6 i1 |" n( ?7 L1 o: ?
{
. e* V/ Y% R. W/ X5 q mLARGE_INTEGERIdleTime;
* Z6 q' O. o9 U L4 t
LARGE_INTEGERKernelTime;
7 i/ {/ }1 y( b0 K. ^LARGE_INTEGERUserTime;
. H, K0 S5 B6 z VLARGE_INTEGERDpcTime;
. q6 R4 g; m% Y4 p! @: \LARGE_INTEGERInterruptTime;
4 I+ q9 O( w' K' b/ N0 {: U- hULONG InterruptCount;
9 F% d0 K1 a& q% b' S9 e2 G}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;
' |- ~- x" u. X* ~+ T
; s* n: x& Z" T! l1 Xtypedefstruct_SYSTEM_PAGEFILE_INFORMATION
& \+ m; `1 d8 o& `! F$ _- A{
/ q) E% D$ p9 PULONGNetxEntryOffset;
~' {1 x9 d5 n4 q3 |2 IULONGCurrentSize;
e0 @" L) \& p* mULONGTotalUsed;
* C* P$ z$ S* ^) f
ULONGPeakUsed;
/ n3 J3 K- Y: M7 t; D( U/ y+ z
UNICODE_STRINGFileName;
9 K, W4 E3 w4 k L. i
}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;
( V7 l2 ?( E: O4 e* d$ l
- J6 y2 c7 ?- a* Stypedefstruct_SYSTEM_CACHE_INFORMATION
# M+ v) y0 V& l R i{
2 g9 ~% l5 h, t
ULONGSystemCacheWsSize;
0 R% j! Q/ m7 L. eULONGSystemCacheWsPeakSize;
( g! U' k! g7 A# e( H# a( E. sULONGSystemCacheWsFaults;
6 P, N* s- W' w7 @ULONGSystemCacheWsMinimum;
. k& b3 X& \5 [4 K& o0 X5 b) I
ULONGSystemCacheWsMaximum;
+ u: R) X- D& B! ^0 T1 J8 j# O
ULONGTransitionSharedPages;
# @6 V% |: [4 \; o4 A$ f6 DULONGTransitionSharedPagesPeak;
* P4 W0 b' Z# H- N0 E
ULONGReserved[2];
# Y( a( B, }0 K}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;
$ s/ t( b6 T+ p
' a! m+ c2 h2 C U! p
typedefNTSTATUS(__stdcall*NTQUERYSYSTEMINFORMATION)
6 a' S) c0 I/ ]# B+ a# ~ (IN SYSTEM_INFORMATION_CLASS,
/ k5 K% \2 H. R6 b) T
INOUTPVOID,
$ Z! L- n- d6 c/ V7 B, x2 ^: |9 H) j INT ULONG,
' ~+ S' {2 j; F4 O OUT PULONGOPTION);
2 j- z% N5 v) m* a* {8 p+ I, o& [NTQUERYSYSTEMINFORMATIONNtQuerySystemInformation;
~% I$ {- a) a2 D2 e; m( |, l8 g0 [1 \, T+ S
DWORDPerfInfo()
5 K$ q) \: D% s8 f. p
{
A- O+ a, V* O/ F( U
SYSTEM_PERFORMANCE_INFORMATIONSystemPerfInfo;
@2 V; N# i( l' M; W7 {; G' @* [+ s
HMODULE hNtDll=NULL;
/ |/ }: M0 J9 N& y1 DDWORD dwNumberBytes;
7 f. o' A1 [4 n- L+ b( ^1 w. H
DWORD dwReturnLength;
1 q* d' C4 _% `# s3 n8 x
NTSTATUS Status;
/ p$ {0 u# [% `8 @4 E
LONGLONG llTempTime;
) M) Q; J! S' x
, X) m0 X! p. n
__try
+ u2 s4 B5 d0 H0 r. l, O
{
5 Y4 |. \# U8 D
hNtDll=LoadLibrary("NtDll.dll");
5 N& \! P; N/ G b. q& p6 P6 I if(hNtDll==NULL)
7 g: b! t, \9 X{
5 t& o. U! n% Z3 a1 r printf("LoadLibraryError:%d\n",GetLastError());
* g: Z2 S' Y9 S7 U4 H6 O __leave;
0 ^( s* S+ B$ s
}
4 g* {, y1 _: P: e
' E. P1 `0 T0 w/ KNtQuerySystemInformation=(NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");
6 f% J% `2 G7 w! pif(NtQuerySystemInformation==NULL)
* F- B' h0 x# w! c, r3 z) J
{
; D' C/ u0 [" P/ F$ Bprintf("GetProcAddressforNtQuerySystemInformationError:%d\n",GetLastError());
2 F7 Q9 S( c9 z__leave;
# a. P6 s; i# V& f" j+ q. n2 K
}
' k: Y0 E- }2 g+ Z/ v. F7 x
- P9 @" o/ \( e7 ~- WdwNumberBytes=sizeof(SYSTEM_PERFORMANCE_INFORMATION);
) V, b+ W) ^. y& B0 v3 o2 @- j% LStatus=NtQuerySystemInformation(SYSTEM_PERF_INFO,
7 Z: j- h: w! { |+ v0 h2 ?
%26SystemPerfInfo,
" y5 [! K/ @7 ?
dwNumberBytes,
6 z6 F5 s! K- P) D- @6 C8 Y
%26dwReturnLength);
7 N+ s! w8 k& ?6 T0 G- B( r5 _
if(Status!=STATUS_SUCCESS)
! A6 l4 p/ ?4 c2 Y* F" q$ x0 Y2 s{
( I( f- ^7 X+ u. q% \: Y/ r+ w( h4 G0 bprintf("NtQuerySystemInformationforPerformanceError:%d\n",GetLastError());
2 p; x: d6 J; Y$ v ~; H
__leave;
' F! S/ }2 F0 g- d+ a" O# o/ m}
. [& I# d, `" I# _: M7 G; e& ]
! e6 a" S/ H0 D6 T+ N! t
printf("IdleTime:\t\t");
' V* I$ L' G1 }2 IllTempTime=SystemPerfInfo.IdleTime.QuadPart;
: Q. B# Q+ T' T% Y/ U! l/ ?llTempTime/=10000;
( g$ g( r& k) K
printf("%d:",llTempTime/(60*60*1000));
2 {. [8 |5 x: l4 `7 _6 GllTempTime%=60*60*1000;
( f1 ]# }/ I0 p( h# ^5 t
printf("%.2d:",llTempTime/(60*1000));
9 O, @( B/ A" x7 W, h: {+ [ @
llTempTime%=60*1000;
' V7 h0 F! i- U
printf("%.2d.",llTempTime/1000);
% b' x9 d O8 H
llTempTime%=1000;
" h; @) r$ a: A1 M' l
printf("%.3d\n",llTempTime);
/ Q8 ]6 s3 d: @# a) M8 Y2 ~+ {9 m, |
: B/ x# v& g. \4 z
printf("ReadOperationCount:\t%-10d\t",SystemPerfInfo.ReadOperationCount);
: S0 m6 N2 [1 x9 ?- T8 w$ uprintf("ReadTransferCount:\t%d\n",SystemPerfInfo.ReadTransferCount);
4 h# g' W" T5 Gprintf("WriteOperationCount:\t%-10d\t",SystemPerfInfo.WriteOperationCount);
% |. \/ W3 }% V, M$ x1 j$ F! r: sprintf("WriteTransferCount:\t%d\n",SystemPerfInfo.WriteTransferCount);
/ Y/ Y( {. ~, \1 q; [2 f2 Rprintf("OtherOperationCount:\t%-10d\t",SystemPerfInfo.OtherOperationCount);
5 P2 g) i/ h3 y) t) |( O8 `; c) R
printf("OtherTransferCount:\t%d\n",SystemPerfInfo.OtherTransferCount);
4 e3 T0 F- Q* r2 V+ ^
4 w2 ~5 T% V/ c4 \' W, Lprintf("AvailablePages:\t\t%-10d\t",SystemPerfInfo.AvailablePages);
1 W3 d4 R- q" Q1 z4 V
printf("TotalCommittedPage:\t%d\n",SystemPerfInfo.TotalCommittedPages);
/ R- k+ g2 t# d6 [$ ^2 ]- P
printf("CommitLimit:\t\t%-10d\t",SystemPerfInfo.TotalCommitLimit);
P8 E) j# U D# j: `* [printf("PeakCommitment:\t\t%d\n",SystemPerfInfo.PeakCommitment);
, G7 o2 W4 _/ t( s8 `: r* ?, b7 e; a, \9 y* z
printf("PageFault:\t\t%-10d\t",SystemPerfInfo.PageFaults);
) }1 U$ e" C6 @! S: d Y
printf("WriteCopyFault:\t\t%d\n",SystemPerfInfo.WriteCopyFaults);
0 m) F; d6 C; d3 d% H
printf("TransitionFault:\t%-10d\t",SystemPerfInfo.TransitionFaults);
3 t" c9 ]4 l& P8 o1 J' Fprintf("DemandZeroFault:\t%d\n",SystemPerfInfo.DemandZeroFaults);
. s4 U J- S4 @5 f2 }# m
/ U0 g) P; `* q" {$ _( r1 z
printf("PagesRead:\t\t%-10d\t",SystemPerfInfo.PagesRead);
$ W4 h$ L o4 _1 P
printf("PageReadIos:\t\t%d\n",SystemPerfInfo.PageReadIos);
5 d! D2 c) D# r, ]+ Eprintf("PagesWritten:\t\t%-10d\t",SystemPerfInfo.PagefilePagesWritten);
* J. @3 E; D5 G$ M- U# J0 f
printf("PageWriteIos:\t\t%d\n",SystemPerfInfo.PagefilePageWriteIos);
; q9 v! [" h1 J# M& Q9 Y2 eprintf("MappedFilePagesWritten:\t%-10d\t",SystemPerfInfo.MappedFilePagesWritten);
. t1 W* u1 d2 L" g- l. V, u6 Sprintf("MappedFileWriteIos:\t%d\n",SystemPerfInfo.MappedFileWriteIos);
& D5 K2 {$ F+ [, f' L9 {1 q- L. N5 B v+ O( m8 \+ C
printf("PagedPoolUsage:\t\t%-10d\t",SystemPerfInfo.PagedPoolUsage);
: c( b4 F, d% x' u4 J2 B8 ?
printf("NonPagedPoolUsage:\t%d\n",SystemPerfInfo.NonPagedPoolUsage);
9 Q; A1 H3 }1 h( n- Z9 fprintf("PagedPoolAllocs:\t%-10d\t",SystemPerfInfo.PagedPoolAllocs);
2 S1 e7 z8 a+ `printf("NonPagedPoolAllocs:\t%d\n",SystemPerfInfo.NonPagedPoolAllocs);
6 w; c8 \9 S Hprintf("PagedPoolFrees:\t\t%-10d\t",SystemPerfInfo.PagedPoolFrees);
) s4 }, t. j( Q/ j! L4 Jprintf("NonPagedPoolFrees:\t%d\n",SystemPerfInfo.NonPagedPoolFress);
# s) y0 X8 @; z& s( S8 \/ q* q
* O" p l7 |& k$ Z$ @3 R' a' D1 Gprintf("SystemCodePage:\t\t%-10d\t",SystemPerfInfo.SystemCodePage);
% o' Z, C9 U, I- Q* U6 g1 L2 C. T% Q! Pprintf("TotalSystemCodePage:\t%d\n",SystemPerfInfo.TotalSystemCodePages);
3 \/ R4 L0 H4 |printf("TotalFreeSysPTE:\t%-10d\t",SystemPerfInfo.TotalFreeSystemPtes);
7 c {- N# y# Tprintf("TotalSystemDriverPages:\t%d\n",SystemPerfInfo.TotalSystemDriverPages);
! w& `. W% S' w. U! u
printf("PagedPoolPage:\t\t%-10d\t",SystemPerfInfo.PagedPoolPage);
) b0 i" }/ g4 s! v8 x4 e1 zprintf("SystemDriverPage:\t%d\n",SystemPerfInfo.SystemDriverPage);
. g5 I( D6 J' r3 e' X
" s) Y4 ^* z; a) G% h. I0 R; i
printf("FastReadWait:\t\t%-10d\t",SystemPerfInfo.FastReadWait);
2 B& k4 Q0 }" Y+ J1 h
printf("FastReadNoWait:\t\t%d\n",SystemPerfInfo.FastReadNoWait);
0 z$ L7 J8 M6 {
printf("FastReadNoPossible:\t%-10d\t",SystemPerfInfo.FastReadNotPossible);
( r' \% I/ y9 Q3 `* j1 ?
printf("FastReadResourceMiss:\t%d\n",SystemPerfInfo.FastReadResourceMiss);
5 U* B" C. Y0 G* a6 z- q; w4 T
printf("FastMdlReadWait:\t%-10d\t",SystemPerfInfo.FastMdlReadWait);
7 F2 `8 W: B: f# zprintf("FastMdlReadNoWait:\t%d\n",SystemPerfInfo.FastMdlReadNoWait);
D: ^' u9 c3 M+ s5 L* A# o9 pprintf("FastMdlReadNotPossible:\t%-10d\t",SystemPerfInfo.FastMdlReadNotPossible);
/ |$ V) C# L" S( z* A' Gprintf("FastMdlReadResourceMiss:%d\n",SystemPerfInfo.FastMdlReadResourceMiss);
9 ~$ x4 J( r- U# w4 ?) V4 R
5 \1 u: G" ~# o/ w6 F+ e1 F) |2 T% l% _$ Z* U
printf("MapDataWait:\t\t%-10d\t",SystemPerfInfo.MapDataWait);
) n$ I& R/ T- Q* u e" ~
printf("MapDataNoWait:\t\t%d\n",SystemPerfInfo.MapDataNoWait);
7 ~2 z; |9 c' P# x1 Q7 lprintf("MapDataWaitMiss:\t%-10d\t",SystemPerfInfo.MapDataWaitMiss);
# \- l: d, a- n5 o8 e! ^% O# nprintf("MapDataNoWaitMiss:\t%d\n",SystemPerfInfo.MapDataNoWaitMiss);
% g5 s- x2 ]; j' J
9 r$ I8 D5 }' ~ i5 _printf("ReadAheadIos:\t\t%-10d\t",SystemPerfInfo.ReadAheadIos);
, K) D) E S' D, M9 D' k8 T$ u( O$ |+ e
printf("PinMappedDataCount:\t%d\n",SystemPerfInfo.PinMappedDataCount);
! t1 p9 f! u1 F6 B& z; ~ t$ pprintf("PinReadWait:\t\t%-10d\t",SystemPerfInfo.PinReadWait);
8 F0 D5 d' ?* i
printf("PinReadNoWait:\t\t%d\n",SystemPerfInfo.PinReadNoWait);
; w2 S- W+ S+ W; {
printf("PinReadWaitMiss:\t%-10d\t",SystemPerfInfo.PinReadWaitMiss);
, ?2 T. d& x6 A8 b, _$ \% wprintf("PinReadNoWaitMiss:\t%d\n",SystemPerfInfo.PinReadNoWaitMiss);
5 i; x, Q/ ^& a$ T3 }" ?$ I# ?
3 b, K. z: X, k& l+ A" t' }printf("CopyReadWait:\t\t%-10d\t",SystemPerfInfo.CopyReadWait);
: s) S% g; S5 @& R7 W9 G8 m8 O8 q: ^8 cprintf("CopyReadNoWait:\t\t%d\n",SystemPerfInfo.CopyReadNoWait);
% |) a% c! W6 N) q; pprintf("CopyReadWaitMiss:\t%-10d\t",SystemPerfInfo.CopyReadWaitMiss);
; N( L, H% H% T* @% u/ E' X( L0 yprintf("CopyReadNoWaitMiss:\t%-10d\n",SystemPerfInfo.CopyReadNoWaitMiss);
3 Z/ y0 [+ H" w1 [# Z3 z# S1 }6 b
printf("MdlReadWait:\t\t%-10d\t",SystemPerfInfo.MdlReadWait);
2 i' d! a8 w5 o U$ i9 `
printf("MdlReadNoWait:\t\t%d\n",SystemPerfInfo.MdlReadNoWait);
) f, g5 
