探测Win2K/XP/2003本机系统信息 探测,Win2K,XP,2003,本机,系统,信息

今天,我们主要讨论的是一个函数NtQuerySystemInformation(ZwQuerySystemInformation)。当然,你不要小看这么一个函数,它却为我们提供了丰富的系统信息,同时还包括对某些信息的控制和设置。以下是这个函数的原型: typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION)
(IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
IN OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL);
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; 从中可以看到,SystemInformationClass是一个类型信息,它大概提供了50余种信息,也就是我们可以通过这个函数对大约50多种的系统信息进行探测或设置。SystemInformation是一个LPVOID型的指针,它为我们提供需要获得的信息,或是我们需要设置的系统信息。SystemInformationLength是SystemInformation的长度,它根据探测的信息类型来决定。至于ReturnLength则是系统返回的需要的长度,通常可以设置为空指针(NULL)。 首先,我们来看看大家比较熟悉的系统进程/线程相关的信息。这个题目在网上已经讨论了N多年了,所以我就不在老生常谈了,呵呵。那么就提出这个结构类型的定义: typedef struct _SYSTEM_PROCESSES
{
ULONG NextEntryDelta; //构成结构序列的偏移量;
ULONG ThreadCount; //线程数目;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime; //创建时间;
LARGE_INTEGER UserTime; //用户模式(Ring 3)的CPU时间;
LARGE_INTEGER KernelTime; //内核模式(Ring 0)的CPU时间;
UNICODE_STRING ProcessName; //进程名称;
KPRIORITY BasePriority; //进程优先权;
ULONG ProcessId; //进程标识符;
ULONG InheritedFromProcessId; //父进程的标识符;
ULONG HandleCount; //句柄数目;
ULONG Reserved2[2];
VM_COUNTERS VmCounters; //虚拟存储器的结构,见下;
IO_COUNTERS IoCounters; //IO计数结构,见下;
SYSTEM_THREADS Threads[1]; //进程相关线程的结构数组,见下;
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES; typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime; //CPU内核模式使用时间;
LARGE_INTEGER UserTime; //CPU用户模式使用时间;
LARGE_INTEGER CreateTime; //线程创建时间;
ULONG WaitTime; //等待时间;
PVOID StartAddress; //线程开始的虚拟地址;
CLIENT_ID ClientId; //线程标识符;
KPRIORITY Priority; //线程优先级;
KPRIORITY BasePriority; //基本优先级;
ULONG ContextSwitchCount; //环境切换数目;
THREAD_STATE State; //当前状态;
KWAIT_REASON WaitReason; //等待原因;
}SYSTEM_THREADS,*PSYSTEM_THREADS; typedef struct _VM_COUNTERS
{
ULONG PeakVirtualSize; //虚拟存储峰值大小;
ULONG VirtualSize; //虚拟存储大小;
ULONG PageFaultCount; //页故障数目;
ULONG PeakWorkingSetSize; //工作集峰值大小;
ULONG WorkingSetSize; //工作集大小;
ULONG QuotaPeakPagedPoolUsage; //分页池使用配额峰值;
ULONG QuotaPagedPoolUsage; //分页池使用配额;
ULONG QuotaPeakNonPagedPoolUsage; //非分页池使用配额峰值;
ULONG QuotaNonPagedPoolUsage; //非分页池使用配额;
ULONG PagefileUsage; //页文件使用情况;
ULONG PeakPagefileUsage; //页文件使用峰值;
}VM_COUNTERS,*PVM_COUNTERS; typedef struct _IO_COUNTERS
{
LARGE_INTEGER ReadOperationCount; //I/O读操作数目;
LARGE_INTEGER WriteOperationCount; //I/O写操作数目;
LARGE_INTEGER OtherOperationCount; //I/O其他操作数目;
LARGE_INTEGER ReadTransferCount; //I/O读数据数目;
LARGE_INTEGER WriteTransferCount; //I/O写数据数目;
LARGE_INTEGER OtherTransferCount; //I/O其他操作数据数目;
}IO_COUNTERS,*PIO_COUNTERS; 以上这些信息应该是比较全面的了,在Win32 API里为我们提供了PSAPI(进程状态)和ToolHelp32这两种探测系统进程/线程信息的方式,在Windows2K/XP/2003都支持它们。 现在,我们来看看系统的性能信息,性能结构SYSTEM_PERFORMANCE_INFORMATION为我们提供了70余种系统性能方面的信息,真是太丰富了,请慢慢体会~ typedef struct _SYSTEM_PERFORMANCE_INFORMATION
{
LARGE_INTEGER IdleTime; //CPU空闲时间;
LARGE_INTEGER ReadTransferCount; //I/O读操作数目;
LARGE_INTEGER WriteTransferCount; //I/O写操作数目;
LARGE_INTEGER OtherTransferCount; //I/O其他操作数目;
ULONG ReadOperationCount; //I/O读数据数目;
ULONG WriteOperationCount; //I/O写数据数目;
ULONG OtherOperationCount; //I/O其他操作数据数目;
ULONG AvailablePages; //可获得的页数目;
ULONG TotalCommittedPages; //总共提交页数目;
ULONG TotalCommitLimit; //已提交页数目;
ULONG PeakCommitment; //页提交峰值;
ULONG PageFaults; //页故障数目;
ULONG WriteCopyFaults; //Copy-On-Write故障数目;
ULONG TransitionFaults; //软页故障数目;
ULONG Reserved1;
ULONG DemandZeroFaults; //需求0故障数;
ULONG PagesRead; //读页数目;
ULONG PageReadIos; //读页I/O操作数;
ULONG Reserved2[2];
ULONG PagefilePagesWritten; //已写页文件页数;
ULONG PagefilePageWriteIos; //已写页文件操作数;
ULONG MappedFilePagesWritten; //已写映射文件页数;
ULONG MappedFileWriteIos; //已写映射文件操作数;
ULONG PagedPoolUsage; //分页池使用;
ULONG NonPagedPoolUsage; //非分页池使用;
ULONG PagedPoolAllocs; //分页池分配情况;
ULONG PagedPoolFrees; //分页池释放情况;
ULONG NonPagedPoolAllocs; //非分页池分配情况;
ULONG NonPagedPoolFress; //非分页池释放情况;
ULONG TotalFreeSystemPtes; //系统页表项释放总数;
ULONG SystemCodePage; //操作系统代码页数;
ULONG TotalSystemDriverPages; //可分页驱动程序页数;
ULONG TotalSystemCodePages; //操作系统代码页总数;
ULONG SmallNonPagedLookasideListAllocateHits; //小非分页侧视列表分配次数;
ULONG SmallPagedLookasideListAllocateHits; //小分页侧视列表分配次数;
ULONG Reserved3;
ULONG MmSystemCachePage; //系统缓存页数;
ULONG PagedPoolPage; //分页池页数;
ULONG SystemDriverPage; //可分页驱动页数;
ULONG FastReadNoWait; //异步快速读数目;
ULONG FastReadWait; //同步快速读数目;
ULONG FastReadResourceMiss; //快速读资源冲突数;
ULONG FastReadNotPossible; //快速读失败数;
ULONG FastMdlReadNoWait; //异步MDL快速读数目;
ULONG FastMdlReadWait; //同步MDL快速读数目;
ULONG FastMdlReadResourceMiss; //MDL读资源冲突数;
ULONG FastMdlReadNotPossible; //MDL读失败数;
ULONG MapDataNoWait; //异步映射数据次数;
ULONG MapDataWait; //同步映射数据次数;
ULONG MapDataNoWaitMiss; //异步映射数据冲突次数;
ULONG MapDataWaitMiss; //同步映射数据冲突次数;
ULONG PinMappedDataCount; //牵制映射数据数目;
ULONG PinReadNoWait; //牵制异步读数目;
ULONG PinReadWait; //牵制同步读数目;
ULONG PinReadNoWaitMiss; //牵制异步读冲突数目;
ULONG PinReadWaitMiss; //牵制同步读冲突数目;
ULONG CopyReadNoWait; //异步拷贝读次数;
ULONG CopyReadWait; //同步拷贝读次数;
ULONG CopyReadNoWaitMiss; //异步拷贝读故障次数;
ULONG CopyReadWaitMiss; //同步拷贝读故障次数;
ULONG MdlReadNoWait; //异步MDL读次数;
ULONG MdlReadWait; //同步MDL读次数;
ULONG MdlReadNoWaitMiss; //异步MDL读故障次数;
ULONG MdlReadWaitMiss; //同步MDL读故障次数;
ULONG ReadAheadIos; //向前读操作数目;
ULONG LazyWriteIos; //LAZY写操作数目;
ULONG LazyWritePages; //LAZY写页文件数目;
ULONG DataFlushes; //缓存刷新次数;
ULONG DataPages; //缓存刷新页数;
ULONG ContextSwitches; //环境切换数目;
ULONG FirstLevelTbFills; //第一层缓冲区填充次数;
ULONG SecondLevelTbFills; //第二层缓冲区填充次数;
ULONG SystemCall; //系统调用次数;
}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION; 现在看到的是结构SYSTEM_PROCESSOR_TIMES提供的系统处理器的使用情况,包括各种情况下的使用时间及中断数目: typedef struct __SYSTEM_PROCESSOR_TIMES
{
LARGE_INTEGER IdleTime; //空闲时间;
LARGE_INTEGER KernelTime; //内核模式时间;
LARGE_INTEGER UserTime; //用户模式时间;
LARGE_INTEGER DpcTime; //延迟过程调用时间;
LARGE_INTEGER InterruptTime; //中断时间;
ULONG InterruptCount; //中断次数;
}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES; 页文件的使用情况,SYSTEM_PAGEFILE_INFORMATION提供了所需的相关信息: typedef struct _SYSTEM_PAGEFILE_INFORMATION
{
ULONG NetxEntryOffset; //下一个结构的偏移量;
ULONG CurrentSize; //当前页文件大小;
ULONG TotalUsed; //当前使用的页文件数;
ULONG PeakUsed; //当前使用的页文件峰值数;
UNICODE_STRING FileName; //页文件的文件名称;
}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION; 系统高速缓存的使用情况参见结构SYSTEM_CACHE_INFORMATION提供的信息: typedef struct _SYSTEM_CACHE_INFORMATION
{
ULONG SystemCacheWsSize; //高速缓存大小;
ULONG SystemCacheWsPeakSize; //高速缓存峰值大小;
ULONG SystemCacheWsFaults; //高速缓存页故障数目;
ULONG SystemCacheWsMinimum; //高速缓存最小页大小;
ULONG SystemCacheWsMaximum; //高速缓存最大页大小;
ULONG TransitionSharedPages; //共享页数目;
ULONG TransitionSharedPagesPeak; //共享页峰值数目;
ULONG Reserved[2];
}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION; 附录:(所有完整源代码,您可以到我们FZ5FZ的主页下载)。 1.T-PMList的头文件源代码: #ifndef T_PMLIST_H
#define T_PMLIST_H #include

  1<windows.h>   
  2#include <stdio.h> #define NT_PROCESSTHREAD_INFO 0x05   
  3#define MAX_INFO_BUF_LEN 0x500000   
  4#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)   
  5#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) typedef LONG NTSTATUS; typedef struct _LSA_UNICODE_STRING   
  6{   
  7USHORT Length;   
  8USHORT MaximumLength;   
  9PWSTR Buffer;   
 10}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;   
 11typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; typedef struct _CLIENT_ID   
 12{   
 13HANDLE UniqueProcess;   
 14HANDLE UniqueThread;   
 15}CLIENT_ID;   
 16typedef CLIENT_ID *PCLIENT_ID; typedef LONG KPRIORITY; typedef struct _VM_COUNTERS   
 17{   
 18ULONG PeakVirtualSize;   
 19ULONG VirtualSize;   
 20ULONG PageFaultCount;   
 21ULONG PeakWorkingSetSize;   
 22ULONG WorkingSetSize;   
 23ULONG QuotaPeakPagedPoolUsage;   
 24ULONG QuotaPagedPoolUsage;   
 25ULONG QuotaPeakNonPagedPoolUsage;   
 26ULONG QuotaNonPagedPoolUsage;   
 27ULONG PagefileUsage;   
 28ULONG PeakPagefileUsage;   
 29}VM_COUNTERS,*PVM_COUNTERS; typedef struct _IO_COUNTERS   
 30{   
 31LARGE_INTEGER ReadOperationCount;   
 32LARGE_INTEGER WriteOperationCount;   
 33LARGE_INTEGER OtherOperationCount;   
 34LARGE_INTEGER ReadTransferCount;   
 35LARGE_INTEGER WriteTransferCount;   
 36LARGE_INTEGER OtherTransferCount;   
 37}IO_COUNTERS,*PIO_COUNTERS; typedef enum _THREAD_STATE   
 38{   
 39StateInitialized,   
 40StateReady,   
 41StateRunning,   
 42StateStandby,   
 43StateTerminated,   
 44StateWait,   
 45StateTransition,   
 46StateUnknown   
 47}THREAD_STATE; typedef enum _KWAIT_REASON   
 48{   
 49Executive,   
 50FreePage,   
 51PageIn,   
 52PoolAllocation,   
 53DelayExecution,   
 54Suspended,   
 55UserRequest,   
 56WrExecutive,   
 57WrFreePage,   
 58WrPageIn,   
 59WrPoolAllocation,   
 60WrDelayExecution,   
 61WrSuspended,   
 62WrUserRequest,   
 63WrEventPair,   
 64WrQueue,   
 65WrLpcReceive,   
 66WrLpcReply,   
 67WrVertualMemory,   
 68WrPageOut,   
 69WrRendezvous,   
 70Spare2,   
 71Spare3,   
 72Spare4,   
 73Spare5,   
 74Spare6,   
 75WrKernel   
 76}KWAIT_REASON; typedef struct _SYSTEM_THREADS   
 77{   
 78LARGE_INTEGER KernelTime;   
 79LARGE_INTEGER UserTime;   
 80LARGE_INTEGER CreateTime;   
 81ULONG WaitTime;   
 82PVOID StartAddress;   
 83CLIENT_ID ClientId;   
 84KPRIORITY Priority;   
 85KPRIORITY BasePriority;   
 86ULONG ContextSwitchCount;   
 87THREAD_STATE State;   
 88KWAIT_REASON WaitReason;   
 89}SYSTEM_THREADS,*PSYSTEM_THREADS; typedef struct _SYSTEM_PROCESSES   
 90{   
 91ULONG NextEntryDelta;   
 92ULONG ThreadCount;   
 93ULONG Reserved1[6];   
 94LARGE_INTEGER CreateTime;   
 95LARGE_INTEGER UserTime;   
 96LARGE_INTEGER KernelTime;   
 97UNICODE_STRING ProcessName;   
 98KPRIORITY BasePriority;   
 99ULONG ProcessId;   
100ULONG InheritedFromProcessId;   
101ULONG HandleCount;   
102ULONG Reserved2[2];   
103VM_COUNTERS VmCounters;   
104IO_COUNTERS IoCounters;   
105SYSTEM_THREADS Threads[1];   
106}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES; typedef DWORD SYSTEM_INFORMATION_CLASS;   
107typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION)   
108(IN SYSTEM_INFORMATION_CLASS,   
109IN OUT PVOID,   
110IN ULONG,   
111OUT PULONG OPTIONAL);   
112NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;   
113DWORD EnumProcess()   
114{   
115PSYSTEM_PROCESSES pSystemProc;   
116HMODULE hNtDll = NULL;   
117LPVOID lpSystemInfo = NULL;   
118DWORD dwNumberBytes = MAX_INFO_BUF_LEN;   
119DWORD dwTotalProcess = 0;   
120DWORD dwReturnLength;   
121NTSTATUS Status;   
122LONGLONG llTempTime; __try   
123{   
124hNtDll = LoadLibrary("NtDll.dll");   
125if(hNtDll == NULL)   
126{   
127printf("LoadLibrary Error: %d\n",GetLastError());   
128__leave;   
129} NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
130if(NtQuerySystemInformation == NULL)   
131{   
132printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());   
133__leave;   
134} lpSystemInfo = (LPVOID)malloc(dwNumberBytes);   
135Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,   
136lpSystemInfo,   
137dwNumberBytes,   
138&amp;dwReturnLength);   
139if(Status == STATUS_INFO_LENGTH_MISMATCH)   
140{   
141printf("STATUS_INFO_LENGTH_MISMATCH\n");   
142__leave;   
143}   
144else if(Status != STATUS_SUCCESS)   
145{   
146printf("NtQuerySystemInformation Error: %d\n",GetLastError());   
147__leave;   
148} printf("%-20s%6s%7s%8s%6s%7s%7s%13s\n","ProcessName","PID","PPID","WsSize","Prio.","Thread","Handle","CPU Time");   
149printf("--------------------------------------------------------------------------\n");   
150pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo;   
151while(pSystemProc-&gt;NextEntryDelta != 0)   
152{   
153if(pSystemProc-&gt;ProcessId != 0)   
154{   
155wprintf(L"%-20s",pSystemProc-&gt;ProcessName.Buffer);   
156}   
157else   
158{   
159wprintf(L"%-20s",L"System Idle Process");   
160}   
161printf("%6d",pSystemProc-&gt;ProcessId);   
162printf("%7d",pSystemProc-&gt;InheritedFromProcessId);   
163printf("%7dK",pSystemProc-&gt;VmCounters.WorkingSetSize/1024);   
164printf("%6d",pSystemProc-&gt;BasePriority);   
165printf("%7d",pSystemProc-&gt;ThreadCount);   
166printf("%7d",pSystemProc-&gt;HandleCount);   
167llTempTime = pSystemProc-&gt;KernelTime.QuadPart + pSystemProc-&gt;UserTime.QuadPart;   
168llTempTime /= 10000;   
169printf("%3d:",llTempTime/(60*60*1000));   
170llTempTime %= 60*60*1000;   
171printf("%.2d:",llTempTime/(60*1000));   
172llTempTime %= 60*1000;   
173printf("%.2d.",llTempTime/1000);   
174llTempTime %= 1000;   
175printf("%.3d",llTempTime); printf("\n");   
176dwTotalProcess ++;   
177pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc-&gt;NextEntryDelta);   
178}   
179printf("--------------------------------------------------------------------------\n");   
180printf("\nTotal %d Process(es) !\n\n",dwTotalProcess);   
181printf("PID\t ==&gt; Process Identification\n");   
182printf("PPID\t ==&gt; Parent Process Identification\n");   
183printf("WsSize\t ==&gt; Working Set Size\n");   
184printf("Prio.\t ==&gt; Base Priority\n");   
185printf("Thread\t ==&gt; Thread Count\n");   
186printf("Handle\t ==&gt; Handle Count\n");   
187printf("CPU Time ==&gt; Processor Time\n");   
188}   
189__finally   
190{   
191if(lpSystemInfo != NULL)   
192{   
193free(lpSystemInfo);   
194}   
195if(hNtDll != NULL)   
196{   
197FreeLibrary(hNtDll);   
198}   
199} return 0;   
200} DWORD SpeciProcess(DWORD dwPID)   
201{   
202PSYSTEM_PROCESSES pSystemProc = NULL;   
203PSYSTEM_THREADS pSystemThre = NULL;   
204HMODULE hNtDll = NULL;   
205LPVOID lpSystemInfo = NULL;   
206DWORD dwNumberBytes = MAX_INFO_BUF_LEN;   
207DWORD dwTotalProcess = 0;   
208DWORD dwReturnLength;   
209NTSTATUS Status;   
210LONGLONG llTempTime;   
211ULONG ulIndex; __try   
212{   
213hNtDll = LoadLibrary("NtDll.dll");   
214if(hNtDll == NULL)   
215{   
216printf("LoadLibrary Error: %d\n",GetLastError());   
217__leave;   
218} NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
219if(NtQuerySystemInformation == NULL)   
220{   
221printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());   
222__leave;   
223} lpSystemInfo = (LPVOID)malloc(dwNumberBytes);   
224Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,   
225lpSystemInfo,   
226dwNumberBytes,   
227&amp;dwReturnLength);   
228if(Status == STATUS_INFO_LENGTH_MISMATCH)   
229{   
230printf("STATUS_INFO_LENGTH_MISMATCH\n");   
231__leave;   
232}   
233else if(Status != STATUS_SUCCESS)   
234{   
235printf("NtQuerySystemInformation Error: %d\n",GetLastError());   
236__leave;   
237} pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo;   
238while(pSystemProc-&gt;NextEntryDelta != 0)   
239{   
240if(pSystemProc-&gt;ProcessId == dwPID)   
241{   
242printf("ProcessName:\t\t ");   
243if(pSystemProc-&gt;ProcessId != 0)   
244{   
245wprintf(L"%-20s\n",pSystemProc-&gt;ProcessName.Buffer);   
246}   
247else   
248{   
249wprintf(L"%-20s\n",L"System Idle Process");   
250}   
251printf("ProcessID:\t\t %d\t\t",pSystemProc-&gt;ProcessId);   
252printf("ParentProcessID:\t%d\n",pSystemProc-&gt;InheritedFromProcessId); printf("KernelTime:\t\t ");   
253llTempTime = pSystemProc-&gt;KernelTime.QuadPart;   
254llTempTime /= 10000;   
255printf("%d:",llTempTime/(60*60*1000));   
256llTempTime %= 60*60*1000;   
257printf("%.2d:",llTempTime/(60*1000));   
258llTempTime %= 60*1000;   
259printf("%.2d.",llTempTime/1000);   
260llTempTime %= 1000;   
261printf("%.3d\t",llTempTime); printf("UserTime:\t\t");   
262llTempTime = pSystemProc-&gt;UserTime.QuadPart;   
263llTempTime /= 10000;   
264printf("%d:",llTempTime/(60*60*1000));   
265llTempTime %= 60*60*1000;   
266printf("%.2d:",llTempTime/(60*1000));   
267llTempTime %= 60*1000;   
268printf("%.2d.",llTempTime/1000);   
269llTempTime %= 1000;   
270printf("%.3d\n",llTempTime); printf("Privilege:\t\t %d%%\t\t",(pSystemProc-&gt;KernelTime.QuadPart * 100)/(pSystemProc-&gt;KernelTime.QuadPart + pSystemProc-&gt;UserTime.QuadPart));   
271printf("User:\t\t\t%d%%\n",(pSystemProc-&gt;UserTime.QuadPart * 100)/(pSystemProc-&gt;KernelTime.QuadPart + pSystemProc-&gt;UserTime.QuadPart)); printf("ThreadCount:\t\t %d\t\t",pSystemProc-&gt;ThreadCount);   
272printf("HandleCount:\t\t%d\n",pSystemProc-&gt;HandleCount); printf("BasePriority:\t\t %-2d\t\t",pSystemProc-&gt;BasePriority);   
273printf("PageFaultCount:\t\t%d\n\n",pSystemProc-&gt;VmCounters.PageFaultCount); printf("PeakWorkingSetSize(K):\t %-8d\t",pSystemProc-&gt;VmCounters.PeakWorkingSetSize/1024);   
274printf("WorkingSetSize(K):\t%-8d\n",pSystemProc-&gt;VmCounters.WorkingSetSize/1024);    
275printf("PeakPagedPool(K):\t %-8d\t",pSystemProc-&gt;VmCounters.QuotaPeakPagedPoolUsage/1024);   
276printf("PagedPool(K):\t\t%-8d\n",pSystemProc-&gt;VmCounters.QuotaPagedPoolUsage/1024); printf("PeakNonPagedPook(K):\t %-8d\t",pSystemProc-&gt;VmCounters.QuotaPeakNonPagedPoolUsage/1024);   
277printf("NonePagedPook(K):\t%-8d\n",pSystemProc-&gt;VmCounters.QuotaNonPagedPoolUsage/1024); printf("PeakPagefile(K):\t %-8d\t",pSystemProc-&gt;VmCounters.PeakPagefileUsage/1024);   
278printf("Pagefile(K):\t\t%-8d\n",pSystemProc-&gt;VmCounters.PagefileUsage/1024); printf("PeakVirtualSize(K):\t %-8d\t",pSystemProc-&gt;VmCounters.PeakVirtualSize/1024);   
279printf("VirtualSize(K):\t\t%-8d\n\n",pSystemProc-&gt;VmCounters.VirtualSize/1024); printf("ReadTransfer:\t\t %-8d\t",pSystemProc-&gt;IoCounters.ReadTransferCount);   
280printf("ReadOperationCount:\t%-8d\n",pSystemProc-&gt;IoCounters.ReadOperationCount); printf("WriteTransfer:\t\t %-8d\t",pSystemProc-&gt;IoCounters.WriteTransferCount);   
281printf("WriteOperationCount:\t%-8d\n",pSystemProc-&gt;IoCounters.WriteOperationCount); printf("OtherTransfer:\t\t %-8d\t",pSystemProc-&gt;IoCounters.OtherTransferCount);   
282printf("OtherOperationCount:\t%-8d\n\n",pSystemProc-&gt;IoCounters.OtherOperationCount); printf("%-5s%3s%4s%5s%5s%11s%12s%12s%7s%6s%9s\n","TID","Pri","BPr","Priv","User","KernelTime","UserTime","StartAddr","CSwitC","State","WtReason");   
283printf("-------------------------------------------------------------------------------\n"); for(ulIndex = 0; ulIndex &lt; pSystemProc-&gt;ThreadCount; ulIndex++)   
284{   
285pSystemThre = &amp;pSystemProc-&gt;Threads[ulIndex];   
286printf("%-5d",pSystemProc-&gt;Threads[ulIndex].ClientId.UniqueThread); printf("%3d",pSystemProc-&gt;Threads[ulIndex].Priority);   
287printf("%4d",pSystemProc-&gt;Threads[ulIndex].BasePriority); printf("%4d%%",(pSystemProc-&gt;Threads[ulIndex].KernelTime.QuadPart * 100)/(pSystemProc-&gt;KernelTime.QuadPart + pSystemProc-&gt;UserTime.QuadPart));   
288printf("%4d%%",(pSystemProc-&gt;Threads[ulIndex].UserTime.QuadPart * 100)/(pSystemProc-&gt;KernelTime.QuadPart + pSystemProc-&gt;UserTime.QuadPart)); llTempTime = pSystemProc-&gt;Threads[ulIndex].KernelTime.QuadPart;   
289llTempTime /= 10000;   
290printf("%2d:",llTempTime/(60*60*1000));   
291llTempTime %= 60*60*1000;   
292printf("%.2d.",llTempTime/(60*1000));   
293llTempTime %= 60*1000;   
294printf("%.2d.",llTempTime/1000);   
295llTempTime %= 100;   
296printf("%.2d ",llTempTime); llTempTime = pSystemProc-&gt;Threads[ulIndex].UserTime.QuadPart;   
297llTempTime /= 10000;   
298printf("%2d:",llTempTime/(60*60*1000));   
299llTempTime %= 60*60*1000;   
300printf("%.2d.",llTempTime/(60*1000));   
301llTempTime %= 60*1000;   
302printf("%.2d.",llTempTime/1000);   
303llTempTime %= 100;   
304printf("%.2d ",llTempTime); printf(" 0x%.8X",pSystemProc-&gt;Threads[ulIndex].StartAddress);   
305printf("%7d",pSystemProc-&gt;Threads[ulIndex].ContextSwitchCount); switch(pSystemProc-&gt;Threads[ulIndex].State)   
306{   
307case StateInitialized:   
308printf("%6s","Init.");   
309break;   
310case StateReady:   
311printf("%6s","Ready");   
312break;   
313case StateRunning:   
314printf("%6s","Run");   
315break;   
316case StateStandby:   
317printf("%6s","StBy.");   
318break;   
319case StateTerminated:   
320printf("%6s","Term.");   
321break;   
322case StateWait:   
323printf("%6s","Wait");   
324break;   
325case StateTransition:   
326printf("%6s","Tran.");   
327break;   
328case StateUnknown:   
329printf("%6s","Unkn.");   
330break;   
331default:   
332printf("%6s","Unkn.");   
333break;   
334} switch(pSystemProc-&gt;Threads[ulIndex].WaitReason)   
335{   
336case Executive:   
337printf(" %-8s","Executi.");   
338break;   
339case FreePage:   
340printf(" %-8s","FreePag.");   
341break;   
342case PageIn:   
343printf(" %-8s","PageIn");   
344break;   
345case PoolAllocation:   
346printf(" %-8s","PoolAll.");   
347break;   
348case DelayExecution:   
349printf(" %-8s","DelayEx.");   
350break;   
351case Suspended:   
352printf(" %-8s","Suspend.");   
353break;   
354case UserRequest:   
355printf(" %-8s","UserReq.");   
356break;   
357case WrExecutive:   
358printf(" %-8s","WrExect.");   
359break;   
360case WrFreePage:   
361printf(" %-8s","WrFrePg.");   
362break;   
363case WrPageIn:   
364printf(" %-8s","WrPageIn");   
365break;   
366case WrPoolAllocation:   
367printf(" %-8s","WrPoolA.");   
368break;   
369case WrSuspended:   
370printf(" %-8s","WrSuspe.");   
371break;   
372case WrUserRequest:   
373printf(" %-8s","WrUsReq.");   
374break;   
375case WrEventPair:   
376printf(" %-8s","WrEvent.");   
377break;   
378case WrQueue:   
379printf(" %-8s","WrQueue");   
380break;   
381case WrLpcReceive:   
382printf(" %-8s","WrLpcRv.");   
383break;   
384case WrLpcReply:   
385printf(" %-8s","WrLpcRp.");   
386break;   
387case WrVertualMemory:   
388printf(" %-8s","WrVerMm.");   
389break;   
390case WrPageOut:   
391printf(" %-8s","WrPgOut.");   
392break;   
393case WrRendezvous:   
394printf(" %-8s","WrRende.");   
395break;   
396case WrKernel:   
397printf(" %-8s","WrKernel");   
398break;   
399default:   
400printf(" %-8s","Unknown");   
401break;   
402}   
403printf("\n");   
404}   
405printf("-------------------------------------------------------------------------------\n\n");   
406printf("Total %d Thread(s) !\n\n",ulIndex); dwTotalProcess ++;   
407break;   
408}   
409pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc-&gt;NextEntryDelta);   
410}   
411}   
412__finally   
413{   
414if(dwTotalProcess == 0)   
415{   
416printf("Could not found the %d Process !\n",dwPID);   
417}   
418else   
419{   
420printf("TID:\t\t====&gt;\tThread Identification\n");   
421printf("Pri:\t\t====&gt;\tPriority\n");   
422printf("BPr:\t\t====&gt;\tBase Priority\n");   
423printf("Priv:\t\t====&gt;\tPrivilege\n");   
424printf("StartAddr:\t====&gt;\tThread Start Address\n");   
425printf("CSwitC:\t\t====&gt;\tContext Switch Count\n");   
426printf("WtReason:\t====&gt;\tWait Reason\n");   
427}   
428if(lpSystemInfo != NULL)   
429{   
430free(lpSystemInfo);   
431}   
432if(hNtDll != NULL)   
433{   
434FreeLibrary(hNtDll);   
435}   
436} return 0;   
437} VOID Start()   
438{   
439printf("T-PMList, by TOo2y\n");   
440printf("E-mail: [email protected]\n");   
441printf("HomePage: www.safechina.net\n");   
442printf("Date: 05-10-2003\n\n");   
443return ;   
444} VOID Usage()   
445{   
446printf("Usage:\tT-PMList [-e] │ [-s PID]\n");   
447printf(" -e\t Enumerate All Processes\n");   
448printf(" -s PID Show Special Process Information with PID\n\n");   
449return ;   
450} #endif 2.T-PMPerf的头文件源代码: #ifndef T_PMPERF_H   
451#define T_PMPERF_H #include "windows.h"   
452#include "stdio.h" #define SYSTEM_PERF_INFO 0x02   
453#define SYSTEM_PROC_TIME 0x08   
454#define SYSTEM_PAGE_INFO 0x12   
455#define SYSTEM_CACHE_INFO 0x15   
456#define MAX_INFO_BUF_LEN 0x500000   
457#define STATUS_SUCCESS ((NTSTATUS)0x00000000L) typedef LONG NTSTATUS;   
458typedef DWORD SYSTEM_INFORMATION_CLASS; typedef struct _LSA_UNICODE_STRING   
459{   
460USHORT Length;   
461USHORT MaximumLength;   
462PWSTR Buffer;   
463}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;   
464typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;    
465typedef struct _SYSTEM_PERFORMANCE_INFORMATION   
466{   
467LARGE_INTEGER IdleTime;   
468LARGE_INTEGER ReadTransferCount;   
469LARGE_INTEGER WriteTransferCount;   
470LARGE_INTEGER OtherTransferCount;   
471ULONG ReadOperationCount;   
472ULONG WriteOperationCount;   
473ULONG OtherOperationCount;   
474ULONG AvailablePages;   
475ULONG TotalCommittedPages;   
476ULONG TotalCommitLimit;   
477ULONG PeakCommitment;   
478ULONG PageFaults;   
479ULONG WriteCopyFaults;   
480ULONG TransitionFaults;   
481ULONG Reserved1;   
482ULONG DemandZeroFaults;   
483ULONG PagesRead;   
484ULONG PageReadIos;   
485ULONG Reserved2[2];   
486ULONG PagefilePagesWritten;   
487ULONG PagefilePageWriteIos;   
488ULONG MappedFilePagesWritten;   
489ULONG MappedFileWriteIos;   
490ULONG PagedPoolUsage;   
491ULONG NonPagedPoolUsage;   
492ULONG PagedPoolAllocs;   
493ULONG PagedPoolFrees;   
494ULONG NonPagedPoolAllocs;   
495ULONG NonPagedPoolFress;   
496ULONG TotalFreeSystemPtes;   
497ULONG SystemCodePage;   
498ULONG TotalSystemDriverPages;   
499ULONG TotalSystemCodePages;   
500ULONG SmallNonPagedLookasideListAllocateHits;   
501ULONG SmallPagedLookasideListAllocateHits;   
502ULONG Reserved3;   
503ULONG MmSystemCachePage;   
504ULONG PagedPoolPage;   
505ULONG SystemDriverPage;   
506ULONG FastReadNoWait;   
507ULONG FastReadWait;   
508ULONG FastReadResourceMiss;   
509ULONG FastReadNotPossible;   
510ULONG FastMdlReadNoWait;   
511ULONG FastMdlReadWait;   
512ULONG FastMdlReadResourceMiss;   
513ULONG FastMdlReadNotPossible;   
514ULONG MapDataNoWait;   
515ULONG MapDataWait;   
516ULONG MapDataNoWaitMiss;   
517ULONG MapDataWaitMiss;   
518ULONG PinMappedDataCount;   
519ULONG PinReadNoWait;   
520ULONG PinReadWait;   
521ULONG PinReadNoWaitMiss;   
522ULONG PinReadWaitMiss;   
523ULONG CopyReadNoWait;   
524ULONG CopyReadWait;   
525ULONG CopyReadNoWaitMiss;   
526ULONG CopyReadWaitMiss;   
527ULONG MdlReadNoWait;   
528ULONG MdlReadWait;   
529ULONG MdlReadNoWaitMiss;   
530ULONG MdlReadWaitMiss;   
531ULONG ReadAheadIos;   
532ULONG LazyWriteIos;   
533ULONG LazyWritePages;   
534ULONG DataFlushes;   
535ULONG DataPages;   
536ULONG ContextSwitches;   
537ULONG FirstLevelTbFills;   
538ULONG SecondLevelTbFills;   
539ULONG SystemCall;   
540}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION; typedef struct __SYSTEM_PROCESSOR_TIMES   
541{   
542LARGE_INTEGER IdleTime;   
543LARGE_INTEGER KernelTime;   
544LARGE_INTEGER UserTime;   
545LARGE_INTEGER DpcTime;   
546LARGE_INTEGER InterruptTime;   
547ULONG InterruptCount;   
548}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES; typedef struct _SYSTEM_PAGEFILE_INFORMATION   
549{   
550ULONG NetxEntryOffset;   
551ULONG CurrentSize;   
552ULONG TotalUsed;   
553ULONG PeakUsed;   
554UNICODE_STRING FileName;   
555}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION; typedef struct _SYSTEM_CACHE_INFORMATION   
556{   
557ULONG SystemCacheWsSize;   
558ULONG SystemCacheWsPeakSize;   
559ULONG SystemCacheWsFaults;   
560ULONG SystemCacheWsMinimum;   
561ULONG SystemCacheWsMaximum;   
562ULONG TransitionSharedPages;   
563ULONG TransitionSharedPagesPeak;   
564ULONG Reserved[2];   
565}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION; typedef NTSTATUS (__stdcall * NTQUERYSYSTEMINFORMATION)   
566(IN SYSTEM_INFORMATION_CLASS,   
567IN OUT PVOID,   
568INT ULONG,   
569OUT PULONG OPTION);   
570NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; DWORD PerfInfo()   
571{   
572SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo;   
573HMODULE hNtDll = NULL;   
574DWORD dwNumberBytes;   
575DWORD dwReturnLength;   
576NTSTATUS Status;   
577LONGLONG llTempTime; __try   
578{   
579hNtDll = LoadLibrary("NtDll.dll");   
580if(hNtDll == NULL)   
581{   
582printf("LoadLibrary Error: %d\n",GetLastError());   
583__leave;   
584} NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
585if(NtQuerySystemInformation == NULL)   
586{   
587printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());   
588__leave;   
589} dwNumberBytes = sizeof(SYSTEM_PERFORMANCE_INFORMATION);   
590Status = NtQuerySystemInformation(SYSTEM_PERF_INFO,   
591&amp;SystemPerfInfo,   
592dwNumberBytes,   
593&amp;dwReturnLength);   
594if(Status != STATUS_SUCCESS)   
595{   
596printf("NtQuerySystemInformation for Performance Error: %d\n",GetLastError());   
597__leave;   
598} printf("IdleTime:\t\t");   
599llTempTime = SystemPerfInfo.IdleTime.QuadPart;   
600llTempTime /= 10000;   
601printf("%d:",llTempTime/(60*60*1000));   
602llTempTime %= 60*60*1000;   
603printf("%.2d:",llTempTime/(60*1000));   
604llTempTime %= 60*1000;   
605printf("%.2d.",llTempTime/1000);   
606llTempTime %= 1000;   
607printf("%.3d\n",llTempTime); printf("ReadOperationCount:\t%-10d\t",SystemPerfInfo.ReadOperationCount);   
608printf("ReadTransferCount:\t%d\n",SystemPerfInfo.ReadTransferCount);   
609printf("WriteOperationCount:\t%-10d\t",SystemPerfInfo.WriteOperationCount);   
610printf("WriteTransferCount:\t%d\n",SystemPerfInfo.WriteTransferCount);   
611printf("OtherOperationCount:\t%-10d\t",SystemPerfInfo.OtherOperationCount);   
612printf("OtherTransferCount:\t%d\n",SystemPerfInfo.OtherTransferCount); printf("AvailablePages:\t\t%-10d\t",SystemPerfInfo.AvailablePages);   
613printf("TotalCommittedPage:\t%d\n",SystemPerfInfo.TotalCommittedPages);   
614printf("CommitLimit:\t\t%-10d\t",SystemPerfInfo.TotalCommitLimit);   
615printf("PeakCommitment:\t\t%d\n",SystemPerfInfo.PeakCommitment); printf("PageFault:\t\t%-10d\t",SystemPerfInfo.PageFaults);   
616printf("WriteCopyFault:\t\t%d\n",SystemPerfInfo.WriteCopyFaults);   
617printf("TransitionFault:\t%-10d\t",SystemPerfInfo.TransitionFaults);   
618printf("DemandZeroFault:\t%d\n",SystemPerfInfo.DemandZeroFaults); printf("PagesRead:\t\t%-10d\t",SystemPerfInfo.PagesRead);   
619printf("PageReadIos:\t\t%d\n",SystemPerfInfo.PageReadIos);   
620printf("PagesWritten:\t\t%-10d\t",SystemPerfInfo.PagefilePagesWritten);   
621printf("PageWriteIos:\t\t%d\n",SystemPerfInfo.PagefilePageWriteIos);   
622printf("MappedFilePagesWritten:\t%-10d\t",SystemPerfInfo.MappedFilePagesWritten);   
623printf("MappedFileWriteIos:\t%d\n",SystemPerfInfo.MappedFileWriteIos); printf("PagedPoolUsage:\t\t%-10d\t",SystemPerfInfo.PagedPoolUsage);   
624printf("NonPagedPoolUsage:\t%d\n",SystemPerfInfo.NonPagedPoolUsage);   
625printf("PagedPoolAllocs:\t%-10d\t",SystemPerfInfo.PagedPoolAllocs);   
626printf("NonPagedPoolAllocs:\t%d\n",SystemPerfInfo.NonPagedPoolAllocs);   
627printf("PagedPoolFrees:\t\t%-10d\t",SystemPerfInfo.PagedPoolFrees);   
628printf("NonPagedPoolFrees:\t%d\n",SystemPerfInfo.NonPagedPoolFress); printf("SystemCodePage:\t\t%-10d\t",SystemPerfInfo.SystemCodePage);   
629printf("TotalSystemCodePage:\t%d\n",SystemPerfInfo.TotalSystemCodePages);   
630printf("TotalFreeSysPTE:\t%-10d\t",SystemPerfInfo.TotalFreeSystemPtes);   
631printf("TotalSystemDriverPages:\t%d\n",SystemPerfInfo.TotalSystemDriverPages);   
632printf("PagedPoolPage:\t\t%-10d\t",SystemPerfInfo.PagedPoolPage);   
633printf("SystemDriverPage:\t%d\n",SystemPerfInfo.SystemDriverPage); printf("FastReadWait:\t\t%-10d\t",SystemPerfInfo.FastReadWait);   
634printf("FastReadNoWait:\t\t%d\n",SystemPerfInfo.FastReadNoWait);   
635printf("FastReadNoPossible:\t%-10d\t",SystemPerfInfo.FastReadNotPossible);   
636printf("FastReadResourceMiss:\t%d\n",SystemPerfInfo.FastReadResourceMiss);   
637printf("FastMdlReadWait:\t%-10d\t",SystemPerfInfo.FastMdlReadWait);   
638printf("FastMdlReadNoWait:\t%d\n",SystemPerfInfo.FastMdlReadNoWait);   
639printf("FastMdlReadNotPossible:\t%-10d\t",SystemPerfInfo.FastMdlReadNotPossible);   
640printf("FastMdlReadResourceMiss:%d\n",SystemPerfInfo.FastMdlReadResourceMiss);   
641printf("MapDataWait:\t\t%-10d\t",SystemPerfInfo.MapDataWait);   
642printf("MapDataNoWait:\t\t%d\n",SystemPerfInfo.MapDataNoWait);   
643printf("MapDataWaitMiss:\t%-10d\t",SystemPerfInfo.MapDataWaitMiss);   
644printf("MapDataNoWaitMiss:\t%d\n",SystemPerfInfo.MapDataNoWaitMiss); printf("ReadAheadIos:\t\t%-10d\t",SystemPerfInfo.ReadAheadIos);   
645printf("PinMappedDataCount:\t%d\n",SystemPerfInfo.PinMappedDataCount);   
646printf("PinReadWait:\t\t%-10d\t",SystemPerfInfo.PinReadWait);   
647printf("PinReadNoWait:\t\t%d\n",SystemPerfInfo.PinReadNoWait);   
648printf("PinReadWaitMiss:\t%-10d\t",SystemPerfInfo.PinReadWaitMiss);   
649printf("PinReadNoWaitMiss:\t%d\n",SystemPerfInfo.PinReadNoWaitMiss); printf("CopyReadWait:\t\t%-10d\t",SystemPerfInfo.CopyReadWait);   
650printf("CopyReadNoWait:\t\t%d\n",SystemPerfInfo.CopyReadNoWait);   
651printf("CopyReadWaitMiss:\t%-10d\t",SystemPerfInfo.CopyReadWaitMiss);   
652printf("CopyReadNoWaitMiss:\t%-10d\n",SystemPerfInfo.CopyReadNoWaitMiss);   
653printf("MdlReadWait:\t\t%-10d\t",SystemPerfInfo.MdlReadWait);   
654printf("MdlReadNoWait:\t\t%d\n",SystemPerfInfo.MdlReadNoWait);   
655printf("MdlReadWaitMiss:\t%-10d\t",SystemPerfInfo.MdlReadWaitMiss);   
656printf("MdlReadNoWaitMiss:\t%d\n",SystemPerfInfo.MdlReadNoWaitMiss); printf("LazyWriteIos:\t\t%-10d\t",SystemPerfInfo.LazyWriteIos);   
657printf("LazyWritePages:\t\t%d\n",SystemPerfInfo.LazyWritePages);   
658printf("DataPages:\t\t%-10d\t",SystemPerfInfo.DataPages);   
659printf("DataFlushes:\t\t%d\n",SystemPerfInfo.DataFlushes);   
660printf("FirstLevelTbFills:\t%-10d\t",SystemPerfInfo.FirstLevelTbFills);   
661printf("SecondLevelTbFills:\t%d\n",SystemPerfInfo.SecondLevelTbFills);   
662printf("ContextSwitches:\t%-10d\t",SystemPerfInfo.ContextSwitches);   
663printf("SytemCall:\t\t%d\n",SystemPerfInfo.SystemCall); printf("MemorySystemCachePage:\t\t\t%d\n",SystemPerfInfo.MmSystemCachePage);   
664printf("SmallPagedLookasideListAllocateHits:\t%d\n",SystemPerfInfo.SmallPagedLookasideListAllocateHits);   
665printf("SmallNonPagedLookasideListAllocateHits:\t%d\n",SystemPerfInfo.SmallNonPagedLookasideListAllocateHits); }   
666__finally   
667{   
668if(hNtDll != NULL)   
669{   
670FreeLibrary(hNtDll);   
671}   
672} return 0;   
673} DWORD ProcTime()   
674{   
675SYSTEM_PROCESSOR_TIMES SystemProcTime;   
676HMODULE hNtDll = NULL;   
677DWORD dwNumberBytes;   
678DWORD dwReturnLength;   
679NTSTATUS Status;   
680LONGLONG llTempTime;    
681__try   
682{   
683hNtDll = LoadLibrary("NtDll.dll");   
684if(hNtDll == NULL)   
685{   
686printf("LoadLibrary Error: %d\n",GetLastError());   
687__leave;   
688} NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
689if(NtQuerySystemInformation == NULL)   
690{   
691printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());   
692__leave;   
693} dwNumberBytes = sizeof(SYSTEM_PROCESSOR_TIMES);   
694NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
695if(NtQuerySystemInformation == NULL)   
696{   
697printf("GetProcAddress Error: %d\n",GetLastError());   
698__leave;   
699} Status = NtQuerySystemInformation(SYSTEM_PROC_TIME,   
700&amp;SystemProcTime,   
701dwNumberBytes,   
702&amp;dwReturnLength);   
703if(Status != STATUS_SUCCESS)   
704{   
705printf("NtQuerySystemInformation for Processor Time Error: %d\n",GetLastError());   
706__leave;   
707} printf("IdleTime:\t\t");   
708llTempTime = SystemProcTime.IdleTime.QuadPart;   
709llTempTime /= 10000;   
710printf("%d:",llTempTime/(60*60*1000));   
711llTempTime %= 60*60*1000;   
712printf("%.2d:",llTempTime/(60*1000));   
713llTempTime %= 60*1000;   
714printf("%.2d.",llTempTime/1000);   
715llTempTime %= 1000;   
716printf("%.3d\n",llTempTime); printf("KernelTime:\t\t");   
717llTempTime = SystemProcTime.KernelTime.QuadPart;   
718llTempTime /= 10000;   
719printf("%d:",llTempTime/(60*60*1000));   
720llTempTime %= 60*60*1000;   
721printf("%.2d:",llTempTime/(60*1000));   
722llTempTime %= 60*1000;   
723printf("%.2d.",llTempTime/1000);   
724llTempTime %= 1000;   
725printf("%.3d\n",llTempTime); printf("UserTime:\t\t");   
726llTempTime = SystemProcTime.UserTime.QuadPart;   
727llTempTime /= 10000;   
728printf("%d:",llTempTime/(60*60*1000));   
729llTempTime %= 60*60*1000;   
730printf("%.2d:",llTempTime/(60*1000));   
731llTempTime %= 60*1000;   
732printf("%.2d.",llTempTime/1000);   
733llTempTime %= 1000;   
734printf("%.3d\n",llTempTime); printf("DpcTime:\t\t");   
735llTempTime = SystemProcTime.DpcTime.QuadPart;   
736llTempTime /= 10000;   
737printf("%d:",llTempTime/(60*60*1000));   
738llTempTime %= 60*60*1000;   
739printf("%.2d:",llTempTime/(60*1000));   
740llTempTime %= 60*1000;   
741printf("%.2d.",llTempTime/1000);   
742llTempTime %= 1000;   
743printf("%.3d\n",llTempTime); printf("InterruptTime:\t\t");   
744llTempTime = SystemProcTime.InterruptTime.QuadPart;   
745llTempTime /= 10000;   
746printf("%d:",llTempTime/(60*60*1000));   
747llTempTime %= 60*60*1000;   
748printf("%.2d:",llTempTime/(60*1000));   
749llTempTime %= 60*1000;   
750printf("%.2d.",llTempTime/1000);   
751llTempTime %= 1000;   
752printf("%.3d\n",llTempTime); printf("InterruptCount:\t\t%d\n",SystemProcTime.InterruptCount); }   
753__finally   
754{   
755if(hNtDll != NULL)   
756{   
757FreeLibrary(hNtDll);   
758}   
759} return 0;   
760} DWORD PagefileInfo()   
761{   
762PSYSTEM_PAGEFILE_INFORMATION pSystemPagefileInfo;   
763PVOID pBuffer;   
764HMODULE hNtDll = NULL;   
765DWORD dwNumberBytes;   
766DWORD dwReturnLength;   
767NTSTATUS Status; __try   
768{   
769hNtDll = LoadLibrary("NtDll.dll");   
770if(hNtDll == NULL)   
771{   
772printf("LoadLibrary Error: %d\n",GetLastError());   
773__leave;   
774} NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
775if(NtQuerySystemInformation == NULL)   
776{   
777printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());   
778__leave;   
779} dwNumberBytes = MAX_INFO_BUF_LEN;   
780pBuffer = (LPVOID)malloc(dwNumberBytes);   
781Status = NtQuerySystemInformation(SYSTEM_PAGE_INFO,   
782pBuffer,   
783dwNumberBytes,   
784&amp;dwReturnLength);   
785if(Status != STATUS_SUCCESS)   
786{   
787printf("NtQuerySystemInformation for Pagefile Error: %d\n",GetLastError());   
788__leave;   
789} pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)pBuffer;   
790do   
791{   
792printf("CurrentPagefileSize:\t%d\n",pSystemPagefileInfo-&gt;CurrentSize);   
793printf("TotalPagefileUsed:\t%d\n",pSystemPagefileInfo-&gt;TotalUsed);   
794printf("PeakPagefileUsed:\t%d\n",pSystemPagefileInfo-&gt;PeakUsed);   
795wprintf(L"PagefileFileName:\t%s\n",pSystemPagefileInfo-&gt;FileName.Buffer); pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)((char *)pBuffer + pSystemPagefileInfo-&gt;NetxEntryOffset);   
796}while(pSystemPagefileInfo-&gt;NetxEntryOffset != 0);   
797}   
798__finally   
799{   
800if(pBuffer != NULL)   
801{   
802free(pBuffer);   
803}   
804if(hNtDll != NULL)   
805{   
806FreeLibrary(hNtDll);   
807}   
808} return 0;   
809} DWORD CacheInfo()   
810{   
811SYSTEM_CACHE_INFORMATION SystemCacheInfo;   
812HMODULE hNtDll = NULL;   
813DWORD dwNumberBytes;   
814DWORD dwReturnLength;   
815NTSTATUS Status; __try   
816{   
817hNtDll = LoadLibrary("NtDll.dll");   
818if(hNtDll == NULL)   
819{   
820printf("LoadLibrary Error: %d\n",GetLastError());   
821__leave;   
822} NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");   
823if(NtQuerySystemInformation == NULL)   
824{   
825printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());   
826__leave;   
827} dwNumberBytes = sizeof(SYSTEM_CACHE_INFORMATION);   
828Status = NtQuerySystemInformation(SYSTEM_CACHE_INFO,   
829&amp;SystemCacheInfo,   
830dwNumberBytes,   
831&amp;dwReturnLength);   
832if(Status != STATUS_SUCCESS)   
833{   
834printf("NtQuerySystemInformation for Cache Error: %d\n",GetLastError());   
835__leave;   
836} printf("CacheWorkingSetSize:\t\t%d(KB)\n",SystemCacheInfo.SystemCacheWsSize/1024);   
837printf("CacheWorkingSetPeakSize:\t%d(KB)\n",SystemCacheInfo.SystemCacheWsPeakSize/1024);   
838printf("CacheWorkingSetFaults:\t\t%d\n",SystemCacheInfo.SystemCacheWsFaults);   
839printf("CacheWorkingSetMinimum:\t\t%d\n",SystemCacheInfo.SystemCacheWsMinimum);   
840printf("CacheWorkingSetMaximum:\t\t%d\n",SystemCacheInfo.SystemCacheWsMaximum);   
841printf("TransitionSharedPages:\t\t%d\n",SystemCacheInfo.TransitionSharedPages);   
842printf("TransitionSharedPagesPeak:\t%d\n",SystemCacheInfo.TransitionSharedPagesPeak); }   
843__finally   
844{   
845if(hNtDll != NULL)   
846{   
847FreeLibrary(hNtDll);   
848}   
849} return 0;   
850} VOID Start()   
851{   
852printf("T-PMPerf, by TOo2y\n");   
853printf("E-mail: [email protected]\n");   
854printf("HomePage: www.safechina.net\n");   
855printf("Date: 05-09-2003\n\n");   
856return ;   
857} VOID Usage()   
858{   
859printf("Usage:\tT-PMPerf <option>\n");   
860printf("Option:\n");   
861printf(" -Perf System Performance Information\n");   
862printf(" -Proc System Processor Information\n");   
863printf(" -Page System Pagefile Information\n");   
864printf(" -Cache System Cache Information\n");   
865return ;   
866} #endif Reference:</option></stdio.h></windows.h>
Published At
Categories with 服务器类
Tagged with
comments powered by Disqus