您的位置:首页技术文章
文章详情页

探测Win2K/XP/2003本机系统信息

更多 QQ空间 微信 QQ好友 腾讯朋友 复制链接
【字号: 日期:2023-10-28 18:25:31浏览:60作者:猪猪
;Native API乃Windows用户模式中为上层Win32 API提供接口的本机系统服务。平常我们总是调用MS为我们提供的公用的Win32 API函数来实现来实现我们系统的功能。今天我们要谈的是如何通过本机系统服务(Native API)来探测本机系统信息。当然,微软没有为我们提供关于本机系统服务的文档 (Undocumented),也就是不会为对它的使用提供任何的保证,所以我们不提倡使用Native API来开发软件。不过在特殊情况下,本机系统服务却为我们提供了通向“秘密”的捷径。本文提到的信息仅在Windows2000/XP/2003上测试过。

今天,我们主要讨论的是一个函数NtQuerySystemInformation(ZwQuerySystemInformation)。当然,你不要小看这么一个函数,它却为我们提供了丰富的系统信息,同时还包括对某些信息的控制和设置。以下是这个函数的原型:

typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION) (IN; SYSTEM_INFORMATION_CLASS SystemInformationClass,IN OUT; PVOIDSystemInformation,IN; ULONGSystemInformationLength,OUT PULONGReturnLength; OPTIONAL);NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;

从中可以看到,SystemInformationClass是一个类型信息,它大概提供了50余种信息,也就是我们可以通过这个函数对大约50多种的系统信息进行探测或设置。SystemInformation是一个LPVOID型的指针,它为我们提供需要获得的信息,或是我们需要设置的系统信息。SystemInformationLength是SystemInformation的长度,它根据探测的信息类型来决定。至于ReturnLength则是系统返回的需要的长度,通常可以设置为空指针(NULL)。

首先,我们来看看大家比较熟悉的系统进程/线程相关的信息。这个题目在网上已经讨论了N多年了,所以我就不在老生常谈了,呵呵。那么就提出这个结构类型的定义:

typedef struct _SYSTEM_PROCESSES{ULONG; NextEntryDelta;; //构成结构序列的偏移量;ULONG; ThreadCount; //线程数目;ULONG; Reserved1[6];LARGE_INTEGER; CreateTime;; //创建时间;LARGE_INTEGER; UserTime;//用户模式(Ring 3)的CPU时间;LARGE_INTEGER; KernelTime;; //内核模式(Ring 0)的CPU时间;UNICODE_STRING ProcessName; //进程名称;KPRIORITY; BasePriority;//进程优先权;ULONG; ProcessId;//进程标识符;ULONG; InheritedFromProcessId;; //父进程的标识符;ULONG; HandleCount; //句柄数目;ULONG; Reserved2[2];VM_COUNTERSVmCounters;; //虚拟存储器的结构,见下;IO_COUNTERSIoCounters;; //IO计数结构,见下;SYSTEM_THREADS Threads[1];; //进程相关线程的结构数组,见下;}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;

typedef struct _SYSTEM_THREADS{LARGE_INTEGER KernelTime;//CPU内核模式使用时间;LARGE_INTEGER UserTime; //CPU用户模式使用时间;LARGE_INTEGER CreateTime;//线程创建时间;ULONG WaitTime; //等待时间;PVOID StartAddress; //线程开始的虚拟地址;CLIENT_ID ClientId; //线程标识符;KPRIORITY Priority; //线程优先级;KPRIORITY BasePriority; //基本优先级;ULONG ContextSwitchCount;//环境切换数目;THREAD_STATE; State;//当前状态;KWAIT_REASON; WaitReason;//等待原因;}SYSTEM_THREADS,*PSYSTEM_THREADS;

typedef struct _VM_COUNTERS{ULONG PeakVirtualSize;; //虚拟存储峰值大小;ULONG VirtualSize;; //虚拟存储大小;ULONG PageFaultCount;//页故障数目;ULONG PeakWorkingSetSize;//工作集峰值大小;ULONG WorkingSetSize;//工作集大小;ULONG QuotaPeakPagedPoolUsage;; //分页池使用配额峰值;ULONG QuotaPagedPoolUsage;; //分页池使用配额;ULONG QuotaPeakNonPagedPoolUsage;//非分页池使用配额峰值;ULONG QuotaNonPagedPoolUsage;//非分页池使用配额;ULONG PagefileUsage;//页文件使用情况;ULONG PeakPagefileUsage;//页文件使用峰值;}VM_COUNTERS,*PVM_COUNTERS;

typedef struct _IO_COUNTERS{LARGE_INTEGER ReadOperationCount;//I/O读操作数目;LARGE_INTEGER WriteOperationCount;; //I/O写操作数目;LARGE_INTEGER OtherOperationCount;; //I/O其他操作数目;LARGE_INTEGER ReadTransferCount;//I/O读数据数目;LARGE_INTEGER WriteTransferCount;//I/O写数据数目;LARGE_INTEGER OtherTransferCount;//I/O其他操作数据数目;}IO_COUNTERS,*PIO_COUNTERS;

以上这些信息应该是比较全面的了,在Win32 API里为我们提供了PSAPI(进程状态)和ToolHelp32这两种探测系统进程/线程信息的方式,在Windows2K/XP/2003都支持它们。

现在,我们来看看系统的性能信息,性能结构SYSTEM_PERFORMANCE_INFORMATION为我们提供了70余种系统性能方面的信息,真是太丰富了,请慢慢体会~

typedef struct _SYSTEM_PERFORMANCE_INFORMATION{LARGE_INTEGER; IdleTime;//CPU空闲时间;LARGE_INTEGER; ReadTransferCount;//I/O读操作数目;LARGE_INTEGER; WriteTransferCount;; //I/O写操作数目;LARGE_INTEGER; OtherTransferCount;; //I/O其他操作数目;ULONG; ReadOperationCount;; //I/O读数据数目;ULONG; WriteOperationCount; //I/O写数据数目;ULONG; OtherOperationCount; //I/O其他操作数据数目;ULONG; AvailablePages;; //可获得的页数目;ULONG; TotalCommittedPages; //总共提交页数目;ULONG; TotalCommitLimit;//已提交页数目;ULONG; PeakCommitment;; //页提交峰值;ULONG; PageFaults;; //页故障数目;ULONG; WriteCopyFaults; //Copy-On-Write故障数目;ULONG; TransitionFaults;//软页故障数目;ULONG; Reserved1;ULONG; DemandZeroFaults;//需求0故障数;ULONG; PagesRead;//读页数目;ULONG; PageReadIos; //读页I/O操作数;ULONG; Reserved2[2];ULONG; PagefilePagesWritten;//已写页文件页数;ULONG; PagefilePageWriteIos;//已写页文件操作数;ULONG; MappedFilePagesWritten;; //已写映射文件页数;ULONG; MappedFileWriteIos;; //已写映射文件操作数;ULONG; PagedPoolUsage;; //分页池使用;ULONG; NonPagedPoolUsage;//非分页池使用;ULONG; PagedPoolAllocs; //分页池分配情况;ULONG; PagedPoolFrees;; //分页池释放情况;ULONG; NonPagedPoolAllocs;; //非分页池分配情况;ULONG; NonPagedPoolFress;//非分页池释放情况;ULONG; TotalFreeSystemPtes; //系统页表项释放总数;ULONG; SystemCodePage;; //操作系统代码页数;ULONG; TotalSystemDriverPages;; //可分页驱动程序页数;ULONG; TotalSystemCodePages;//操作系统代码页总数;ULONG; SmallNonPagedLookasideListAllocateHits; //小非分页侧视列表分配次数;ULONG; SmallPagedLookasideListAllocateHits;//小分页侧视列表分配次数;ULONG; Reserved3;ULONG; MmSystemCachePage;; //系统缓存页数;ULONG; PagedPoolPage;; //分页池页数;ULONG; SystemDriverPage;//可分页驱动页数;ULONG; FastReadNoWait; //异步快速读数目;ULONG; FastReadWait;//同步快速读数目;ULONG; FastReadResourceMiss;//快速读资源冲突数;ULONG; FastReadNotPossible;//快速读失败数;ULONG; FastMdlReadNoWait;; //异步MDL快速读数目;ULONG; FastMdlReadWait;//同步MDL快速读数目;ULONG; FastMdlReadResourceMiss;//MDL读资源冲突数;ULONG; FastMdlReadNotPossible; //MDL读失败数;ULONG; MapDataNoWait;; //异步映射数据次数;ULONG; MapDataWait;//同步映射数据次数;ULONG; MapDataNoWaitMiss;; //异步映射数据冲突次数;ULONG; MapDataWaitMiss;//同步映射数据冲突次数;ULONG; PinMappedDataCount; //牵制映射数据数目;ULONG; PinReadNoWait;; //牵制异步读数目;ULONG; PinReadWait;//牵制同步读数目;ULONG; PinReadNoWaitMiss;; //牵制异步读冲突数目;ULONG; PinReadWaitMiss;//牵制同步读冲突数目;ULONG; CopyReadNoWait; //异步拷贝读次数;ULONG; CopyReadWait;//同步拷贝读次数;ULONG; CopyReadNoWaitMiss; //异步拷贝读故障次数;ULONG; CopyReadWaitMiss;//同步拷贝读故障次数;ULONG; MdlReadNoWait;; //异步MDL读次数;ULONG; MdlReadWait;//同步MDL读次数;ULONG; MdlReadNoWaitMiss;; //异步MDL读故障次数;ULONG; MdlReadWaitMiss;//同步MDL读故障次数;ULONG; ReadAheadIos;//向前读操作数目;ULONG; LazyWriteIos;//LAZY写操作数目;ULONG; LazyWritePages; //LAZY写页文件数目;ULONG; DataFlushes;//缓存刷新次数;ULONG; DataPages;; //缓存刷新页数;ULONG; ContextSwitches;//环境切换数目;ULONG; FirstLevelTbFills;; //第一层缓冲区填充次数;ULONG; SecondLevelTbFills; //第二层缓冲区填充次数;ULONG; SystemCall; //系统调用次数;}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;

现在看到的是结构SYSTEM_PROCESSOR_TIMES提供的系统处理器的使用情况,包括各种情况下的使用时间及中断数目:

typedef struct __SYSTEM_PROCESSOR_TIMES{LARGE_INTEGER IdleTime;//空闲时间;LARGE_INTEGER KernelTime; //内核模式时间;LARGE_INTEGER UserTime;//用户模式时间;LARGE_INTEGER DpcTime;//延迟过程调用时间;LARGE_INTEGER InterruptTime;; //中断时间;ULONG InterruptCount; //中断次数;}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;

页文件的使用情况,SYSTEM_PAGEFILE_INFORMATION提供了所需的相关信息:

typedef struct _SYSTEM_PAGEFILE_INFORMATION{ULONG NetxEntryOffset;//下一个结构的偏移量;ULONG CurrentSize;//当前页文件大小;ULONG TotalUsed;; //当前使用的页文件数;ULONG PeakUsed;//当前使用的页文件峰值数;UNICODE_STRING FileName;; //页文件的文件名称;}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;

系统高速缓存的使用情况参见结构SYSTEM_CACHE_INFORMATION提供的信息:

typedef struct _SYSTEM_CACHE_INFORMATION{ULONG SystemCacheWsSize;; //高速缓存大小;ULONG SystemCacheWsPeakSize;; //高速缓存峰值大小;ULONG SystemCacheWsFaults;//高速缓存页故障数目;ULONG SystemCacheWsMinimum;//高速缓存最小页大小;ULONG SystemCacheWsMaximum;//高速缓存最大页大小;ULONG TransitionSharedPages;; //共享页数目;ULONG TransitionSharedPagesPeak;; //共享页峰值数目;ULONG Reserved[2];}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;

附录:(所有完整源代码,您可以到我们FZ5FZ的主页下载)。

1.T-PMList的头文件源代码:

#ifndef T_PMLIST_H#define T_PMLIST_H

#include <windows.h>#include <stdio.h>

#define NT_PROCESSTHREAD_INFO0x05#define MAX_INFO_BUF_LEN 0x500000#define STATUS_SUCCESS((NTSTATUS)0x00000000L)#define STATUS_INFO_LENGTH_MISMATCH; ((NTSTATUS)0xC0000004L)

typedef LONG NTSTATUS;

typedef struct _LSA_UNICODE_STRING{USHORT; Length;USHORT; MaximumLength;PWSTRBuffer;}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;

typedef struct _CLIENT_ID{HANDLE UniqueProcess;HANDLE UniqueThread;}CLIENT_ID;typedef CLIENT_ID *PCLIENT_ID;

typedef LONG KPRIORITY;

typedef struct _VM_COUNTERS{ULONG PeakVirtualSize;ULONG VirtualSize;ULONG PageFaultCount;ULONG PeakWorkingSetSize;ULONG WorkingSetSize;ULONG QuotaPeakPagedPoolUsage;ULONG QuotaPagedPoolUsage;ULONG QuotaPeakNonPagedPoolUsage;ULONG QuotaNonPagedPoolUsage;ULONG PagefileUsage;ULONG PeakPagefileUsage;}VM_COUNTERS,*PVM_COUNTERS;

typedef struct _IO_COUNTERS{LARGE_INTEGER ReadOperationCount;LARGE_INTEGER WriteOperationCount;LARGE_INTEGER OtherOperationCount;LARGE_INTEGER ReadTransferCount;LARGE_INTEGER WriteTransferCount;LARGE_INTEGER OtherTransferCount;}IO_COUNTERS,*PIO_COUNTERS;

typedef enum _THREAD_STATE{StateInitialized,StateReady,StateRunning,StateStandby,StateTerminated,StateWait,StateTransition,StateUnknown}THREAD_STATE;

typedef enum _KWAIT_REASON{Executive,FreePage,PageIn,PoolAllocation,DelayExecution,Suspended,UserRequest,WrExecutive,WrFreePage,WrPageIn,WrPoolAllocation,WrDelayExecution,WrSuspended,WrUserRequest,WrEventPair,WrQueue,WrLpcReceive,WrLpcReply,WrVertualMemory,WrPageOut,WrRendezvous,Spare2,Spare3,Spare4,Spare5,Spare6,WrKernel}KWAIT_REASON;

typedef struct _SYSTEM_THREADS{LARGE_INTEGER KernelTime;LARGE_INTEGER UserTime;LARGE_INTEGER CreateTime;ULONG WaitTime;PVOID StartAddress;CLIENT_ID ClientId;KPRIORITY Priority;KPRIORITY BasePriority;ULONG ContextSwitchCount;THREAD_STATE; State;KWAIT_REASON; WaitReason;}SYSTEM_THREADS,*PSYSTEM_THREADS;

typedef struct _SYSTEM_PROCESSES{ULONG; NextEntryDelta;ULONG; ThreadCount;ULONG; Reserved1[6];LARGE_INTEGER; CreateTime;LARGE_INTEGER; UserTime;LARGE_INTEGER; KernelTime;UNICODE_STRING ProcessName;KPRIORITY; BasePriority;ULONG; ProcessId;ULONG; InheritedFromProcessId;ULONG; HandleCount;ULONG; Reserved2[2];VM_COUNTERSVmCounters;IO_COUNTERSIoCounters;SYSTEM_THREADS Threads[1];}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;

typedef DWordSYSTEM_INFORMATION_CLASS;typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS,IN OUT PVOID,IN ULONG,OUTPULONG OPTIONAL);NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;

DWORD EnumProcess(){PSYSTEM_PROCESSES; pSystemProc;HMODULEhNtDll = NULL;LPVOID lpSystemInfo= NULL;DWORD; dwNumberBytes; = MAX_INFO_BUF_LEN;DWORD; dwTotalProcess = 0;DWORD; dwReturnLength;NTSTATUSStatus; LONGLONGllTempTime;

__try{hNtDll = LoadLibrary('NtDll.dll');if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError());__leave;}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProCADdress(hNtDll,'NtQuerySystemInformation');; if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

lpSystemInfo = (LPVOID)malloc(dwNumberBytes);Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,lpSystemInfo,dwNumberBytes,&dwReturnLength);if(Status == STATUS_INFO_LENGTH_MISMATCH){printf('STATUS_INFO_LENGTH_MISMATCHn');__leave;}else if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

printf('%-20s%6s%7s%8s%6s%7s%7s%13sn','ProcessName','PID','PPID','WsSize','Prio.','Thread','Handle','CPU Time');printf('--------------------------------------------------------------------------n');pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo;while(pSystemProc->NextEntryDelta != 0){if(pSystemProc->ProcessId != 0){wprintf(L'%-20s',pSystemProc->ProcessName.Buffer);}else{wprintf(L'%-20s',L'System Idle Process');}printf('%6d',pSystemProc->ProcessId);printf('%7d',pSystemProc->InheritedFromProcessId);printf('%7dK',pSystemProc->VmCounters.WorkingSetSize/1024);printf('%6d',pSystemProc->BasePriority);printf('%7d',pSystemProc->ThreadCount);printf('%7d',pSystemProc->HandleCount);llTempTime; = pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart;llTempTime /= 10000;printf('%3d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3d',llTempTime);

printf('n');dwTotalProcess ++;pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta);}printf('--------------------------------------------------------------------------n');printf('nTotal %d Process(es) !nn',dwTotalProcess);printf('PIDt ==> Process Identificationn');printf('PPIDt ==> Parent Process Identificationn');printf('WsSizet ==> Working Set Sizen');printf('Prio.t ==> Base Priorityn');printf('Threadt ==> Thread Countn');printf('Handlet ==> Handle Countn');printf('CPU Time ==> Processor Timen');}__finally{if(lpSystemInfo != NULL){free(lpSystemInfo);}if(hNtDll != NULL){FreeLibrary(hNtDll);}}

return 0;}

DWORD SpeciProcess(DWORD dwPID){PSYSTEM_PROCESSES; pSystemProc= NULL;PSYSTEM_THREADSpSystemThre= NULL;; HMODULEhNtDll = NULL;LPVOID lpSystemInfo= NULL;DWORD; dwNumberBytes; = MAX_INFO_BUF_LEN;DWORD; dwTotalProcess = 0;DWORD; dwReturnLength;NTSTATUSStatus; LONGLONGllTempTime;ULONG; ulIndex;

__try{hNtDll = LoadLibrary('NtDll.dll');if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError()); __leave;}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation'); if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

lpSystemInfo = (LPVOID)malloc(dwNumberBytes);Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,lpSystemInfo,dwNumberBytes,&dwReturnLength);if(Status == STATUS_INFO_LENGTH_MISMATCH){printf('STATUS_INFO_LENGTH_MISMATCHn');__leave;}else if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo;while(pSystemProc->NextEntryDelta != 0){if(pSystemProc->ProcessId == dwPID){printf('ProcessName:tt ');if(pSystemProc->ProcessId != 0){wprintf(L'%-20sn',pSystemProc->ProcessName.Buffer);}else{wprintf(L'%-20sn',L'System Idle Process');}printf('ProcessID:tt %dtt',pSystemProc->ProcessId);printf('ParentProcessID:t%dn',pSystemProc->InheritedFromProcessId);

printf('KernelTime:tt ');llTempTime; = pSystemProc->KernelTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dt',llTempTime);

printf('UserTime:tt');llTempTime; = pSystemProc->UserTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('Privilege:tt %d%%tt',(pSystemProc->KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));printf('User:ttt%d%%n',(pSystemProc->UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));

printf('ThreadCount:tt %dtt',pSystemProc->ThreadCount);printf('HandleCount:tt%dn',pSystemProc->HandleCount);

printf('BasePriority:tt %-2dtt',pSystemProc->BasePriority);printf('PageFaultCount:tt%dnn',pSystemProc->VmCounters.PageFaultCount);

printf('PeakWorkingSetSize(K):t %-8dt',pSystemProc->VmCounters.PeakWorkingSetSize/1024);printf('WorkingSetSize(K):t%-8dn',pSystemProc->VmCounters.WorkingSetSize/1024);

printf('PeakPagedPool(K):t %-8dt',pSystemProc->VmCounters.QuotaPeakPagedPoolUsage/1024);printf('PagedPool(K):tt%-8dn',pSystemProc->VmCounters.QuotaPagedPoolUsage/1024);

printf('PeakNonPagedPook(K):t %-8dt',pSystemProc->VmCounters.QuotaPeakNonPagedPoolUsage/1024);printf('NonePagedPook(K):t%-8dn',pSystemProc->VmCounters.QuotaNonPagedPoolUsage/1024);

printf('PeakPagefile(K):t %-8dt',pSystemProc->VmCounters.PeakPagefileUsage/1024);printf('Pagefile(K):tt%-8dn',pSystemProc->VmCounters.PagefileUsage/1024);

printf('PeakVirtualSize(K):t %-8dt',pSystemProc->VmCounters.PeakVirtualSize/1024);printf('VirtualSize(K):tt%-8dnn',pSystemProc->VmCounters.VirtualSize/1024);

printf('ReadTransfer:tt %-8dt',pSystemProc->IoCounters.ReadTransferCount);printf('ReadOperationCount:t%-8dn',pSystemProc->IoCounters.ReadOperationCount);

printf('WriteTransfer:tt %-8dt',pSystemProc->IoCounters.WriteTransferCount);printf('WriteOperationCount:t%-8dn',pSystemProc->IoCounters.WriteOperationCount);

printf('OtherTransfer:tt %-8dt',pSystemProc->IoCounters.OtherTransferCount);printf('OtherOperationCount:t%-8dnn',pSystemProc->IoCounters.OtherOperationCount);

printf('%-5s%3s%4s%5s%5s%11s%12s%12s%7s%6s%9sn','TID','Pri','BPr','Priv','User','KernelTime','UserTime','StartAddr','CSwitC','State','WtReason');printf('-------------------------------------------------------------------------------n');

for(ulIndex = 0; ulIndex < pSystemProc->ThreadCount; ulIndex++){pSystemThre = &pSystemProc->Threads[ulIndex];printf('%-5d',pSystemProc->Threads[ulIndex].ClientId.UniqueThread);

printf('%3d',pSystemProc->Threads[ulIndex].Priority);printf('%4d',pSystemProc->Threads[ulIndex].BasePriority);

printf('%4d%%',(pSystemProc->Threads[ulIndex].KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart)); printf('%4d%%',(pSystemProc->Threads[ulIndex].UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));

llTempTime; = pSystemProc->Threads[ulIndex].KernelTime.QuadPart;llTempTime /= 10000;printf('%2d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d.',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 100;printf('%.2d ',llTempTime);

llTempTime; = pSystemProc->Threads[ulIndex].UserTime.QuadPart;llTempTime /= 10000;printf('%2d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d.',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 100;printf('%.2d ',llTempTime);

printf(' 0x%.8X',pSystemProc->Threads[ulIndex].StartAddress);printf('%7d',pSystemProc->Threads[ulIndex].ContextSwitchCount);

switch(pSystemProc->Threads[ulIndex].State){case StateInitialized:printf('%6s','Init.');break;case StateReady:printf('%6s','Ready');break;case StateRunning:printf('%6s','Run');break;case StateStandby:printf('%6s','StBy.');break;case StateTerminated:printf('%6s','Term.');break;case StateWait:printf('%6s','Wait');break;case StateTransition:printf('%6s','Tran.');break;case StateUnknown:printf('%6s','Unkn.');break;default:printf('%6s','Unkn.');break;}

switch(pSystemProc->Threads[ulIndex].WaitReason){case Executive:printf(' %-8s','Executi.');break;case FreePage:printf(' %-8s','FreePag.');break;case PageIn:printf(' %-8s','PageIn');break;case PoolAllocation:printf(' %-8s','PoolAll.');break;case DelayExecution:printf(' %-8s','DelayEx.');break;case Suspended:printf(' %-8s','Suspend.');break;case UserRequest:printf(' %-8s','UserReq.');break;case WrExecutive:printf(' %-8s','WrExect.');break;case WrFreePage:printf(' %-8s','WrFrePg.');break;case WrPageIn:printf(' %-8s','WrPageIn');break;case WrPoolAllocation:printf(' %-8s','WrPoolA.');break;case WrSuspended:printf(' %-8s','WrSuspe.');break;case WrUserRequest:printf(' %-8s','WrUsReq.');break;case WrEventPair:printf(' %-8s','WrEvent.');break;case WrQueue:printf(' %-8s','WrQueue');break;case WrLpcReceive:printf(' %-8s','WrLpcRv.');break;case WrLpcReply:printf(' %-8s','WrLpcRp.');break;case WrVertualMemory:printf(' %-8s','WrVerMm.');break;case WrPageOut:printf(' %-8s','WrPgOut.');break;case WrRendezvous:printf(' %-8s','WrRende.');break;case WrKernel:printf(' %-8s','WrKernel');break;default:printf(' %-8s','Unknown');break;}printf('n');}printf('-------------------------------------------------------------------------------nn');; printf('Total %d Thread(s) !nn',ulIndex);

dwTotalProcess ++;break;}pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta);}}__finally{if(dwTotalProcess == 0){printf('Could not found the %d Process !n',dwPID);}else{printf('TID:tt====>tThread Identificationn');printf('Pri:tt====>tPriorityn');printf('BPr:tt====>tBase Priorityn');printf('Priv:tt====>tPrivilegen');printf('StartAddr:t====>tThread Start Addressn');printf('CSwitC:tt====>tContext Switch Countn');printf('WtReason:t====>tWait Reasonn');}if(lpSystemInfo != NULL){free(lpSystemInfo);}if(hNtDll != NULL){FreeLibrary(hNtDll);}}

return 0;}

VOID Start(){printf('T-PMList, by TOo2yn');printf('E-mail: TOo2y@safechina.netn');printf('HomePage: www.safechina.netn');printf('Date: 05-10-2003nn');return ;}

VOID Usage(){printf('Usage:tT-PMList; [-e] │ [-s PID]n'); printf('; -et; Enumerate All Processesn');printf('; -s PID; Show Special Process Information with PIDnn');return ;}

#endif

2.T-PMPerf的头文件源代码:

#ifndef T_PMPERF_H#define T_PMPERF_H

#include 'windows.h'#include 'stdio.h'

#define SYSTEM_PERF_INFO 0x02#define SYSTEM_PROC_TIME 0x08#define SYSTEM_PAGE_INFO 0x12#define SYSTEM_CACHE_INFO0x15#define MAX_INFO_BUF_LEN 0x500000#define STATUS_SUCCESS((NTSTATUS)0x00000000L)

typedef LONG; NTSTATUS;typedef DWORD SYSTEM_INFORMATION_CLASS;

typedef struct _LSA_UNICODE_STRING{USHORT; Length;USHORT; MaximumLength;PWSTRBuffer;}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;

typedef struct _SYSTEM_PERFORMANCE_INFORMATION{LARGE_INTEGER; IdleTime;LARGE_INTEGER; ReadTransferCount;LARGE_INTEGER; WriteTransferCount;LARGE_INTEGER; OtherTransferCount;ULONG; ReadOperationCount;ULONG; WriteOperationCount;ULONG; OtherOperationCount;ULONG; AvailablePages;ULONG; TotalCommittedPages;ULONG; TotalCommitLimit;ULONG; PeakCommitment;ULONG; PageFaults;ULONG; WriteCopyFaults;ULONG; TransitionFaults;ULONG; Reserved1;ULONG; DemandZeroFaults;ULONG; PagesRead;ULONG; PageReadIos;ULONG; Reserved2[2];ULONG; PagefilePagesWritten;ULONG; PagefilePageWriteIos;ULONG; MappedFilePagesWritten;ULONG; MappedFileWriteIos;ULONG; PagedPoolUsage;ULONG; NonPagedPoolUsage;ULONG; PagedPoolAllocs;ULONG; PagedPoolFrees;ULONG; NonPagedPoolAllocs;ULONG; NonPagedPoolFress;ULONG; TotalFreeSystemPtes;ULONG; SystemCodePage;ULONG; TotalSystemDriverPages;ULONG; TotalSystemCodePages;ULONG; SmallNonPagedLookasideListAllocateHits;ULONG; SmallPagedLookasideListAllocateHits;ULONG; Reserved3;ULONG; MmSystemCachePage;ULONG; PagedPoolPage;ULONG; SystemDriverPage;ULONG; FastReadNoWait;ULONG; FastReadWait;ULONG; FastReadResourceMiss;ULONG; FastReadNotPossible;ULONG; FastMdlReadNoWait;ULONG; FastMdlReadWait;ULONG; FastMdlReadResourceMiss;ULONG; FastMdlReadNotPossible;ULONG; MapDataNoWait;ULONG; MapDataWait;ULONG; MapDataNoWaitMiss;ULONG; MapDataWaitMiss;ULONG; PinMappedDataCount;ULONG; PinReadNoWait;ULONG; PinReadWait;ULONG; PinReadNoWaitMiss;ULONG; PinReadWaitMiss;ULONG; CopyReadNoWait;ULONG; CopyReadWait;ULONG; CopyReadNoWaitMiss;ULONG; CopyReadWaitMiss;ULONG; MdlReadNoWait;ULONG; MdlReadWait;ULONG; MdlReadNoWaitMiss;ULONG; MdlReadWaitMiss;ULONG; ReadAheadIos;ULONG; LazyWriteIos;ULONG; LazyWritePages;ULONG; DataFlushes;ULONG; DataPages;ULONG; ContextSwitches;ULONG; FirstLevelTbFills;ULONG; SecondLevelTbFills;ULONG; SystemCall;}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;

typedef struct __SYSTEM_PROCESSOR_TIMES{LARGE_INTEGER IdleTime;LARGE_INTEGER KernelTime;LARGE_INTEGER UserTime;LARGE_INTEGER DpcTime;LARGE_INTEGER InterruptTime;ULONG InterruptCount;}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;

typedef struct _SYSTEM_PAGEFILE_INFORMATION{ULONG NetxEntryOffset;ULONG CurrentSize;ULONG TotalUsed;ULONG PeakUsed;UNICODE_STRING FileName;}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;

typedef struct _SYSTEM_CACHE_INFORMATION{ULONG SystemCacheWsSize;ULONG SystemCacheWsPeakSize;ULONG SystemCacheWsFaults;ULONG SystemCacheWsMinimum;ULONG SystemCacheWsMaximum;ULONG TransitionSharedPages;ULONG TransitionSharedPagesPeak;ULONG Reserved[2];}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;

typedef NTSTATUS (__stdcall * NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS,IN OUT PVOID,INTULONG,OUTPULONG OPTION);NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;

DWORD PerfInfo(){SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo;HMODULE hNtDll = NULL;DWORDdwNumberBytes;DWORDdwReturnLength;NTSTATUSStatus;LONGLONGllTempTime;

__try{hNtDll = LoadLibrary('NtDll.dll');if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError());; __leave;}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation');if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

dwNumberBytes = sizeof(SYSTEM_PERFORMANCE_INFORMATION);Status = NtQuerySystemInformation(SYSTEM_PERF_INFO,&SystemPerfInfo,dwNumberBytes,&dwReturnLength);if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Performance Error: %dn',GetLastError());__leave;}

printf('IdleTime:tt');llTempTime; = SystemPerfInfo.IdleTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('ReadOperationCount:t%-10dt',SystemPerfInfo.ReadOperationCount);printf('ReadTransferCount:t%dn',SystemPerfInfo.ReadTransferCount);printf('WriteOperationCount:t%-10dt',SystemPerfInfo.WriteOperationCount);printf('WriteTransferCount:t%dn',SystemPerfInfo.WriteTransferCount);printf('OtherOperationCount:t%-10dt',SystemPerfInfo.OtherOperationCount);printf('OtherTransferCount:t%dn',SystemPerfInfo.OtherTransferCount);

printf('AvailablePages:tt%-10dt',SystemPerfInfo.AvailablePages);printf('TotalCommittedPage:t%dn',SystemPerfInfo.TotalCommittedPages);printf('CommitLimit:tt%-10dt',SystemPerfInfo.TotalCommitLimit);printf('PeakCommitment:tt%dn',SystemPerfInfo.PeakCommitment);

printf('PageFault:tt%-10dt',SystemPerfInfo.PageFaults);printf('WriteCopyFault:tt%dn',SystemPerfInfo.WriteCopyFaults);printf('TransitionFault:t%-10dt',SystemPerfInfo.TransitionFaults);printf('DemandZeroFault:t%dn',SystemPerfInfo.DemandZeroFaults);

printf('PagesRead:tt%-10dt',SystemPerfInfo.PagesRead);printf('PageReadIos:tt%dn',SystemPerfInfo.PageReadIos);printf('PagesWritten:tt%-10dt',SystemPerfInfo.PagefilePagesWritten);printf('PageWriteIos:tt%dn',SystemPerfInfo.PagefilePageWriteIos);printf('MappedFilePagesWritten:t%-10dt',SystemPerfInfo.MappedFilePagesWritten);printf('MappedFileWriteIos:t%dn',SystemPerfInfo.MappedFileWriteIos);

printf('PagedPoolUsage:tt%-10dt',SystemPerfInfo.PagedPoolUsage);printf('NonPagedPoolUsage:t%dn',SystemPerfInfo.NonPagedPoolUsage);printf('PagedPoolAllocs:t%-10dt',SystemPerfInfo.PagedPoolAllocs);printf('NonPagedPoolAllocs:t%dn',SystemPerfInfo.NonPagedPoolAllocs);printf('PagedPoolFrees:tt%-10dt',SystemPerfInfo.PagedPoolFrees);printf('NonPagedPoolFrees:t%dn',SystemPerfInfo.NonPagedPoolFress);

printf('SystemCodePage:tt%-10dt',SystemPerfInfo.SystemCodePage);printf('TotalSystemCodePage:t%dn',SystemPerfInfo.TotalSystemCodePages);printf('TotalFreeSysPTE:t%-10dt',SystemPerfInfo.TotalFreeSystemPtes);printf('TotalSystemDriverPages:t%dn',SystemPerfInfo.TotalSystemDriverPages);printf('PagedPoolPage:tt%-10dt',SystemPerfInfo.PagedPoolPage);printf('SystemDriverPage:t%dn',SystemPerfInfo.SystemDriverPage);

printf('FastReadWait:tt%-10dt',SystemPerfInfo.FastReadWait);printf('FastReadNoWait:tt%dn',SystemPerfInfo.FastReadNoWait);printf('FastReadNoPossible:t%-10dt',SystemPerfInfo.FastReadNotPossible);printf('FastReadResourceMiss:t%dn',SystemPerfInfo.FastReadResourceMiss);printf('FastMdlReadWait:t%-10dt',SystemPerfInfo.FastMdlReadWait);printf('FastMdlReadNoWait:t%dn',SystemPerfInfo.FastMdlReadNoWait);printf('FastMdlReadNotPossible:t%-10dt',SystemPerfInfo.FastMdlReadNotPossible);printf('FastMdlReadResourceMiss:%dn',SystemPerfInfo.FastMdlReadResourceMiss);

printf('MapDataWait:tt%-10dt',SystemPerfInfo.MapDataWait);printf('MapDataNoWait:tt%dn',SystemPerfInfo.MapDataNoWait);printf('MapDataWaitMiss:t%-10dt',SystemPerfInfo.MapDataWaitMiss);printf('MapDataNoWaitMiss:t%dn',SystemPerfInfo.MapDataNoWaitMiss);

printf('ReadAheadIos:tt%-10dt',SystemPerfInfo.ReadAheadIos);printf('PinMappedDataCount:t%dn',SystemPerfInfo.PinMappedDataCount);printf('PinReadWait:tt%-10dt',SystemPerfInfo.PinReadWait);printf('PinReadNoWait:tt%dn',SystemPerfInfo.PinReadNoWait);printf('PinReadWaitMiss:t%-10dt',SystemPerfInfo.PinReadWaitMiss);printf('PinReadNoWaitMiss:t%dn',SystemPerfInfo.PinReadNoWaitMiss);

printf('CopyReadWait:tt%-10dt',SystemPerfInfo.CopyReadWait);printf('CopyReadNoWait:tt%dn',SystemPerfInfo.CopyReadNoWait);printf('CopyReadWaitMiss:t%-10dt',SystemPerfInfo.CopyReadWaitMiss);printf('CopyReadNoWaitMiss:t%-10dn',SystemPerfInfo.CopyReadNoWaitMiss);printf('MdlReadWait:tt%-10dt',SystemPerfInfo.MdlReadWait);printf('MdlReadNoWait:tt%dn',SystemPerfInfo.MdlReadNoWait);printf('MdlReadWaitMiss:t%-10dt',SystemPerfInfo.MdlReadWaitMiss);printf('MdlReadNoWaitMiss:t%dn',SystemPerfInfo.MdlReadNoWaitMiss);

printf('LazyWriteIos:tt%-10dt',SystemPerfInfo.LazyWriteIos);printf('LazyWritePages:tt%dn',SystemPerfInfo.LazyWritePages);printf('DataPages:tt%-10dt',SystemPerfInfo.DataPages);printf('DataFlushes:tt%dn',SystemPerfInfo.DataFlushes);printf('FirstLevelTbFills:t%-10dt',SystemPerfInfo.FirstLevelTbFills);printf('SecondLevelTbFills:t%dn',SystemPerfInfo.SecondLevelTbFills);printf('ContextSwitches:t%-10dt',SystemPerfInfo.ContextSwitches);printf('SytemCall:tt%dn',SystemPerfInfo.SystemCall);

printf('MemorySystemCachePage:ttt%dn',SystemPerfInfo.MmSystemCachePage);printf('SmallPagedLookasideListAllocateHits:t%dn',SystemPerfInfo.SmallPagedLookasideListAllocateHits);printf('SmallNonPagedLookasideListAllocateHits:t%dn',SystemPerfInfo.SmallNonPagedLookasideListAllocateHits);

}__finally{if(hNtDll != NULL){FreeLibrary(hNtDll);}}

return 0;}

DWORD ProcTime(){SYSTEM_PROCESSOR_TIMES; SystemProcTime;HMODULE hNtDll = NULL;DWORDdwNumberBytes;DWORDdwReturnLength;NTSTATUSStatus;LONGLONGllTempTime;

__try{hNtDll = LoadLibrary('NtDll.dll');if(hNtDll == NULL){ printf('LoadLibrary Error: %dn',GetLastError());__leave;}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation');if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

dwNumberBytes = sizeof(SYSTEM_PROCESSOR_TIMES);NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation');if(NtQuerySystemInformation == NULL){printf('GetProcAddress Error: %dn',GetLastError());__leave;}

Status = NtQuerySystemInformation(SYSTEM_PROC_TIME,&SystemProcTime,dwNumberBytes,&dwReturnLength);if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Processor Time Error: %dn',GetLastError());__leave;}

printf('IdleTime:tt');llTempTime; = SystemProcTime.IdleTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('KernelTime:tt');llTempTime; = SystemProcTime.KernelTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('UserTime:tt');llTempTime; = SystemProcTime.UserTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('DpcTime:tt');llTempTime; = SystemProcTime.DpcTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('InterruptTime:tt');llTempTime; = SystemProcTime.InterruptTime.QuadPart;llTempTime /= 10000;printf('%d:',llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf('%.2d:',llTempTime/(60*1000));llTempTime %= 60*1000;printf('%.2d.',llTempTime/1000);llTempTime %= 1000;printf('%.3dn',llTempTime);

printf('InterruptCount:tt%dn',SystemProcTime.InterruptCount);

}__finally{if(hNtDll != NULL){FreeLibrary(hNtDll);}}

return 0;}

DWORD PagefileInfo(){PSYSTEM_PAGEFILE_INFORMATIONpSystemPagefileInfo;PVOID; pBuffer;HMODULEhNtDll = NULL;DWORD; dwNumberBytes;DWORD; dwReturnLength;NTSTATUSStatus;

__try{hNtDll = LoadLibrary('NtDll.dll');if(hNtDll == NULL){ printf('LoadLibrary Error: %dn',GetLastError());__leave;}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation');if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

dwNumberBytes = MAX_INFO_BUF_LEN;pBuffer = (LPVOID)malloc(dwNumberBytes);Status; = NtQuerySystemInformation(SYSTEM_PAGE_INFO,pBuffer,dwNumberBytes,&dwReturnLength);if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Pagefile Error: %dn',GetLastError());__leave;}

pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)pBuffer;do{printf('CurrentPagefileSize:t%dn',pSystemPagefileInfo->CurrentSize);printf('TotalPagefileUsed:t%dn',pSystemPagefileInfo->TotalUsed);printf('PeakPagefileUsed:t%dn',pSystemPagefileInfo->PeakUsed);wprintf(L'PagefileFileName:t%sn',pSystemPagefileInfo->FileName.Buffer);

pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)((char *)pBuffer + pSystemPagefileInfo->NetxEntryOffset);}while(pSystemPagefileInfo->NetxEntryOffset != 0);}__finally{if(pBuffer != NULL){free(pBuffer);} if(hNtDll; != NULL){FreeLibrary(hNtDll);}}

return 0;}

DWORD CacheInfo(){SYSTEM_CACHE_INFORMATIONSystemCacheInfo;HMODULEhNtDll = NULL;DWORD; dwNumberBytes;DWORD; dwReturnLength;NTSTATUSStatus;

__try{hNtDll = LoadLibrary('NtDll.dll');if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError());__leave;}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation');if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError());__leave;}

dwNumberBytes = sizeof(SYSTEM_CACHE_INFORMATION);Status; = NtQuerySystemInformation(SYSTEM_CACHE_INFO,;&SystemCacheInfo,dwNumberBytes,&dwReturnLength);if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Cache Error: %dn',GetLastError());__leave;}

printf('CacheWorkingSetSize:tt%d(KB)n',SystemCacheInfo.SystemCacheWsSize/1024);printf('CacheWorkingSetPeakSize:t%d(KB)n',SystemCacheInfo.SystemCacheWsPeakSize/1024);printf('CacheWorkingSetFaults:tt%dn',SystemCacheInfo.SystemCacheWsFaults);printf('CacheWorkingSetMinimum:tt%dn',SystemCacheInfo.SystemCacheWsMinimum);printf('CacheWorkingSetMaximum:tt%dn',SystemCacheInfo.SystemCacheWsMaximum);printf('TransitionSharedPages:tt%dn',SystemCacheInfo.TransitionSharedPages);printf('TransitionSharedPagesPeak:t%dn',SystemCacheInfo.TransitionSharedPagesPeak);

}__finally{if(hNtDll != NULL){FreeLibrary(hNtDll);}}

return 0;}

VOID Start(){printf('T-PMPerf, by TOo2yn');printf('E-mail: TOo2y@safechina.netn');printf('HomePage: www.safechina.netn');printf('Date: 05-09-2003nn');return ;}

VOID Usage(){printf('Usage:tT-PMPerf <Option>n');printf('Option:n');printf('; -PerfSystem Performance Informationn');printf('; -ProcSystem Processor Informationn');printf('; -PageSystem Pagefile Informationn');printf('; -Cache; System Cache Informationn');return ;}

#endif

Reference:

标签: Windows系统 Win2k
上一条:windows 2000中活动目录的备份与恢复下一条:Windows2003 远程桌面超过最大连接数解决办法
排行榜
Win7旗舰版系统怎么禁止修改文件属性
Win7旗舰版系统怎么禁止修改文件属性
1. win10怎么设置pop3协议的邮箱
2. windows11防火墙如何关
3. Win2008系统下巧设IE不让别人降低IE安全性!
4. Win10如何设置日历事件提醒
5. 如何用u盘安装win11系统?教你用u盘安装win11系统教程
6. macOS High Sierra 照片应用有哪些变化?macOS High Sierra 照片应用更新内容大全
7. 解决苹果Mac安装Win7时出现AppleSSD.sys报错现象的方法介绍
8. 盗版Win7升级Win10黑屏怎么办?盗版Win7升级Win10黑屏解决方法
9. 如何修改Mac系统的个人用户名?
10. win11不能直接把图片拉到任务栏的ps里
热门标签