以下是小编帮大家整理的探测Win/XP/本机系统信息,本文共2篇,供大家参考借鉴,希望可以帮助到您。
篇1:探测Win/XP/本机系统信息
Native API乃Windows用户模式中为上层Win32 API提供接口的本机系统服务,平常我们总是调用MS为我们提供的公用的Win32 API函数来实现来实现 我们系统的功能。今天我们要谈的是如何通过本机系统服务(Native API)来探测本机系统信息。当然,微软没有为我们提供关于本机系统服务的文档 (Undocumented),也就是不会为对它的使用提供任何的保证,所以我们不提倡使用Native API来开发软件。不过在特殊情况下,本机系统服务却为我们提供了通向“秘密”的捷径。本文提到的信息仅在Windows2000/XP/2003上测试过。
今天,我们主要讨论的是一个函数NtQuerySystemInformation(ZwQuerySystemInformation)。当然,你不要小看这么一个函数,它却为我们提供了丰富的系统信息,同时还包括对某些信息的控制和设置。以下是这个函数的原型:
typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION)
(IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
IN OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL);
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
从中可以看到,SystemInformationClass是一个类型信息,它大概提供了50余种信息,也就是我们可以通过这个函数对大约50多种的系统信息进行探测或设置。SystemInformation是一个LPVOID型的指针,它为我们提供需要获得的信息,或是我们需要设置的系统信息。SystemInformationLength是SystemInformation的长度,它根据探测的信息类型来决定。至于ReturnLength则是系统返回的需要的长度,通常可以设置为空指针(NULL)。
首先,我们来看看大家比较熟悉的系统进程/线程相关的信息。这个题目在网上已经讨论了N多年了,所以我就不在老生常谈了,呵呵。那么就提出这个结构类型的定义:
typedef struct _SYSTEM_PROCESSES
{
ULONG NextEntryDelta; //构成结构序列的偏移量;
ULONG ThreadCount; //线程数目;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime; //创建时间;
LARGE_INTEGER UserTime; //用户模式(Ring 3)的CPU时间;
LARGE_INTEGER KernelTime; //内核模式(Ring 0)的CPU时间;
UNICODE_STRING ProcessName; //进程名称;
KPRIORITY BasePriority;//进程优先权;
ULONG ProcessId; //进程标识符;
ULONG InheritedFromProcessId; //父进程的标识符;
ULONG HandleCount; //句柄数目;
ULONG Reserved2[2];
VM_COUNTERS VmCounters; //虚拟存储器的结构,见下;
IO_COUNTERS IoCounters; //IO计数结构,见下;
SYSTEM_THREADS Threads[1]; //进程相关线程的结构数组,见下;
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime; //CPU内核模式使用时间;
LARGE_INTEGER UserTime; //CPU用户模式使用时间;
LARGE_INTEGER CreateTime; //线程创建时间;
ULONG WaitTime; //等待时间;
PVOID StartAddress; //线程开始的虚拟地址;
CLIENT_ID ClientId; //线程标识符;
KPRIORITY Priority; //线程优先级;
KPRIORITY BasePriority; //基本优先级;
ULONG ContextSwitchCount; //环境切换数目;
THREAD_STATE State; //当前状态;
KWAIT_REASON WaitReason; //等待原因;
}SYSTEM_THREADS,*PSYSTEM_THREADS;
typedef struct _VM_COUNTERS
{
ULONG PeakVirtualSize; //虚拟存储峰值大小;
ULONG VirtualSize; //虚拟存储大小;
ULONG PageFaultCount; //页故障数目;
ULONG PeakWorkingSetSize; //工作集峰值大小;
ULONG WorkingSetSize; //工作集大小;
ULONG QuotaPeakPagedPoolUsage; //分页池使用配额峰值;
ULONG QuotaPagedPoolUsage; //分页池使用配额;
ULONG QuotaPeakNonPagedPoolUsage; //非分页池使用配额峰值;
ULONG QuotaNonPagedPoolUsage; //非分页池使用配额;
ULONG PagefileUsage; //页文件使用情况;
ULONG PeakPagefileUsage; //页文件使用峰值;
}VM_COUNTERS,*PVM_COUNTERS;
typedef struct _IO_COUNTERS
{
LARGE_INTEGER ReadOperationCount; //I/O读操作数目;
LARGE_INTEGER WriteOperationCount; //I/O写操作数目;
LARGE_INTEGER OtherOperationCount; //I/O其他操作数目;
LARGE_INTEGER ReadTransferCount; //I/O读数据数目;
LARGE_INTEGER WriteTransferCount; //I/O写数据数目;
LARGE_INTEGER OtherTransferCount; //I/O其他操作数据数目;
}IO_COUNTERS,*PIO_COUNTERS;
以上这些信息应该是比较全面的了,在Win32 API里为我们提供了PSAPI(进程状态)和ToolHelp32这两种探测系统进程/线程信息的方式,在Windows2K/XP/2003都支持它们。
现在,我们来看看系统的性能信息,性能结构SYSTEM_PERFORMANCE_INFORMATION为我们提供了70余种系统性能方面的信息,真是太丰富了,请慢慢体会~
typedef struct _SYSTEM_PERFORMANCE_INFORMATION
{
LARGE_INTEGER IdleTime; //CPU空闲时间;
LARGE_INTEGER ReadTransferCount; //I/O读操作数目;
LARGE_INTEGER WriteTransferCount; //I/O写操作数目;
LARGE_INTEGER OtherTransferCount; //I/O其他操作数目;
ULONG ReadOperationCount; //I/O读数据数目;
ULONG WriteOperationCount; //I/O写数据数目;
ULONG OtherOperationCount; //I/O其他操作数据数目;
ULONG AvailablePages; //可获得的页数目;
ULONG TotalCommittedPages; //总共提交页数目;
ULONG TotalCommitLimit;//已提交页数目;
ULONG PeakCommitment; //页提交峰值;
ULONG PageFaults; //页故障数目;
ULONG WriteCopyFaults; //Copy-On-Write故障数目;
ULONG TransitionFaults;//软页故障数目;
ULONG Reserved1;
ULONG DemandZeroFaults;//需求0故障数;
ULONG PagesRead; //读页数目;
ULONG PageReadIos; //读页I/O操作数;
ULONG Reserved2[2];
ULONG PagefilePagesWritten; //已写页文件页数;
ULONG PagefilePageWriteIos; //已写页文件操作数;
ULONG MappedFilePagesWritten; //已写映射文件页数;
ULONG MappedFileWriteIos; //已写映射文件操作数;
ULONG PagedPoolUsage; //分页池使用;
ULONG NonPagedPoolUsage; //非分页池使用;
ULONG PagedPoolAllocs; //分页池分配情况;
ULONG PagedPoolFrees; //分页池释放情况;
ULONG NonPagedPoolAllocs; //非分页池分配情况;
ULONG NonPagedPoolFress; //非分页池释放情况;
ULONG TotalFreeSystemPtes; //系统页表项释放总数;
ULONG SystemCodePage; //操作系统代码页数;
ULONG TotalSystemDriverPages; //可分页驱动程序页数;
ULONG TotalSystemCodePages; //操作系统代码页总数;
ULONG SmallNonPagedLookasideListAllocateHits; //小非分页侧视列表分配次数;
ULONG SmallPagedLookasideListAllocateHits; //小分页侧视列表分配次数;
ULONG Reserved3;
ULONG MmSystemCachePage; //系统缓存页数;
ULONG PagedPoolPage; //分页池页数;
ULONG SystemDriverPage; //可分页驱动页数;
ULONG FastReadNoWait; //异步快速读数目;
ULONG FastReadWait; //同步快速读数目;
ULONG FastReadResourceMiss; //快速读资源冲突数;
ULONG FastReadNotPossible; //快速读失败数;
ULONG FastMdlReadNoWait; //异步MDL快速读数目;
ULONG FastMdlReadWait;//同步MDL快速读数目;
ULONG FastMdlReadResourceMiss; //MDL读资源冲突数;
ULONG FastMdlReadNotPossible; //MDL读失败数;
ULONG MapDataNoWait; //异步映射数据次数;
ULONG MapDataWait; //同步映射数据次数;
ULONG MapDataNoWaitMiss; //异步映射数据冲突次数;
ULONG MapDataWaitMiss;//同步映射数据冲突次数;
ULONG PinMappedDataCount; //牵制映射数据数目;
ULONG PinReadNoWait; //牵制异步读数目;
ULONG PinReadWait; //牵制同步读数目;
ULONG PinReadNoWaitMiss; //牵制异步读冲突数目;
ULONG PinReadWaitMiss;//牵制同步读冲突数目;
ULONG CopyReadNoWait; //异步拷贝读次数;
ULONG CopyReadWait; //同步拷贝读次数;
ULONG CopyReadNoWaitMiss; //异步拷贝读故障次数;
ULONG CopyReadWaitMiss; //同步拷贝读故障次数;
ULONG MdlReadNoWait; //异步MDL读次数;
ULONG MdlReadWait; //同步MDL读次数;
ULONG MdlReadNoWaitMiss; //异步MDL读故障次数;
ULONG MdlReadWaitMiss;//同步MDL读故障次数;
ULONG ReadAheadIos; //向前读操作数目;
ULONG LazyWriteIos; //LAZY写操作数目;
ULONG LazyWritePages; //LAZY写页文件数目;
ULONG DataFlushes; //缓存刷新次数;
ULONG DataPages; //缓存刷新页数;
ULONG ContextSwitches;//环境切换数目;
ULONG FirstLevelTbFills; //第一层缓冲区填充次数;
ULONG SecondLevelTbFills; //第二层缓冲区填充次数;
ULONG SystemCall; //系统调用次数;
}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;
现在看到的是结构SYSTEM_PROCESSOR_TIMES提供的系统处理器的使用情况,包括各种情况下的使用时间及中断数目:
typedef struct __SYSTEM_PROCESSOR_TIMES
{
LARGE_INTEGER IdleTime; //空闲时间;
LARGE_INTEGER KernelTime; //内核模式时间;
LARGE_INTEGER UserTime; //用户模式时间;
LARGE_INTEGER DpcTime; //延迟过程调用时间;
LARGE_INTEGER InterruptTime; //中断时间;
ULONG InterruptCount; //中断次数;
}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;
页文件的使用情况,SYSTEM_PAGEFILE_INFORMATION提供了所需的相关信息:
typedef struct _SYSTEM_PAGEFILE_INFORMATION
{
ULONG NetxEntryOffset; //下一个结构的偏移量;
ULONG CurrentSize; //当前页文件大小;
ULONG TotalUsed; //当前使用的页文件数;
ULONG PeakUsed; //当前使用的页文件峰值数;
UNICODE_STRING FileName; //页文件的文件名称;
}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;
系统高速缓存的使用情况参见结构SYSTEM_CACHE_INFORMATION提供的信息:
typedef struct _SYSTEM_CACHE_INFORMATION
{
ULONG SystemCacheWsSize; //高速缓存大小;
ULONG SystemCacheWsPeakSize; //高速缓存峰值大小;
ULONG SystemCacheWsFaults;//高速缓存页故障数目;
ULONG SystemCacheWsMinimum; //高速缓存最小页大小;
ULONG SystemCacheWsMaximum; //高速缓存最大页大小;
ULONG TransitionSharedPages; //共享页数目;
ULONG TransitionSharedPagesPeak; //共享页峰值数目;
ULONG Reserved[2];
}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;
附录:(所有完整源代码,您可以到我们FZ5FZ的主页下载)。
1.T-PMList的头文件源代码:
#ifndef T_PMLIST_H
#define T_PMLIST_H
#include
#include
#define NT_PROCESSTHREAD_INFO 0x05
#define MAX_INFO_BUF_LEN 0x500000
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
typedef LONG NTSTATUS;
typedef struct _LSA_UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
}CLIENT_ID;
typedef CLIENT_ID *PCLIENT_ID;
typedef LONG KPRIORITY;
typedef struct _VM_COUNTERS
{
ULONG PeakVirtualSize;
ULONG VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG QuotaPeakPagedPoolUsage;
ULONG QuotaPagedPoolUsage;
ULONG QuotaPeakNonPagedPoolUsage;
ULONG QuotaNonPagedPoolUsage;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
}VM_COUNTERS,*PVM_COUNTERS;
typedef struct _IO_COUNTERS
{
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
}IO_COUNTERS,*PIO_COUNTERS;
typedef enum _THREAD_STATE
{
StateInitialized,
StateReady,
StateRunning,
StateStandby,
StateTerminated,
StateWait,
StateTransition,
StateUnknown
}THREAD_STATE;
typedef enum _KWAIT_REASON
{
Executive,
FreePage,
PageIn,
PoolAllocation,
DelayExecution,
Suspended,
UserRequest,
WrExecutive,
WrFreePage,
WrPageIn,
WrPoolAllocation,
WrDelayExecution,
WrSuspended,
WrUserRequest,
WrEventPair,
WrQueue,
WrLpcReceive,
WrLpcReply,
WrVertualMemory,
WrPageOut,
WrRendezvous,
Spare2,
Spare3,
Spare4,
Spare5,
Spare6,
WrKernel
}KWAIT_REASON;
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientId;
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitchCount;
THREAD_STATE State;
KWAIT_REASON WaitReason;
}SYSTEM_THREADS,*PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES
{
ULONG NextEntryDelta;
ULONG ThreadCount;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
ULONG ProcessId;
ULONG InheritedFromProcessId;
ULONG HandleCount;
ULONG Reserved2[2];
VM_COUNTERS VmCounters;
IO_COUNTERS IoCounters;
SYSTEM_THREADS Threads[1];
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
typedef DWORD SYSTEM_INFORMATION_CLASS;
typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION)
(IN SYSTEM_INFORMATION_CLASS,
IN OUT PVOID,
IN ULONG,
OUT PULONG OPTIONAL);
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
DWORD EnumProcess
{
PSYSTEM_PROCESSES pSystemProc;
HMODULEhNtDll = NULL;
LPVOID lpSystemInfo = NULL;
DWORD dwNumberBytes = MAX_INFO_BUF_LEN;
DWORD dwTotalProcess = 0;
DWORD dwReturnLength;
NTSTATUS Status;
LONGLONG llTempTime;
__try
{
hNtDll = LoadLibrary(“NtDll.dll”);
if(hNtDll == NULL)
{
printf(“LoadLibrary Error: %d\n”,GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress for NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
lpSystemInfo = (LPVOID)malloc(dwNumberBytes);
Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,
lpSystemInfo,
dwNumberBytes,
&dwReturnLength);
if(Status == STATUS_INFO_LENGTH_MISMATCH)
{
printf(“STATUS_INFO_LENGTH_MISMATCH\n”);
__leave;
}
else if(Status != STATUS_SUCCESS)
{
printf(“NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
printf(“%-20s%6s%7s%8s%6s%7s%7s%13s\n”,“ProcessName”,“PID”,“PPID”,“WsSize”,“Prio.”,“Thread”,“Handle”,“CPU Time”);
printf(“--------------------------------------------------------------------------\n”);
pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo;
while(pSystemProc->NextEntryDelta != 0)
{
if(pSystemProc->ProcessId != 0)
{
wprintf(L“%-20s”,pSystemProc->ProcessName.Buffer);
}
else
{
wprintf(L“%-20s”,L“System Idle Process”);
}
printf(“%6d”,pSystemProc->ProcessId);
printf(“%7d”,pSystemProc->InheritedFromProcessId);
printf(“%7dK”,pSystemProc->VmCounters.WorkingSetSize/1024);
printf(“%6d”,pSystemProc->BasePriority);
printf(“%7d”,pSystemProc->ThreadCount);
printf(“%7d”,pSystemProc->HandleCount);
llTempTime = pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart;
llTempTime /= 10000;
printf(“%3d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d”,llTempTime);
printf(“\n”);
dwTotalProcess ++;
pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta);
}
printf(“--------------------------------------------------------------------------\n”);
printf(“\nTotal %d Process(es) !\n\n”,dwTotalProcess);
printf(“PID\t ==>Process Identification\n”);
printf(“PPID\t ==>Parent Process Identification\n”);
printf(“WsSize\t ==>Working Set Size\n”);
printf(“Prio.\t ==>Base Priority\n”);
printf(“Thread\t ==>Thread Count\n”);
printf(“Handle\t ==>Handle Count\n”);
printf(“CPU Time ==>Processor Time\n”);
}
__finally
{
if(lpSystemInfo != NULL)
{
free(lpSystemInfo);
}
if(hNtDll != NULL)
{
FreeLibrary(hNtDll);
}
}
return 0;
}
DWORD SpeciProcess(DWORD dwPID)
{
PSYSTEM_PROCESSES pSystemProc = NULL;
PSYSTEM_THREADS pSystemThre = NULL;
HMODULEhNtDll = NULL;
LPVOID lpSystemInfo = NULL;
DWORD dwNumberBytes = MAX_INFO_BUF_LEN;
DWORD dwTotalProcess = 0;
DWORD dwReturnLength;
NTSTATUS Status;
LONGLONG llTempTime;
ULONG ulIndex;
__try
{
hNtDll = LoadLibrary(“NtDll.dll”);
if(hNtDll == NULL)
{
printf(“LoadLibrary Error: %d\n”,GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress for NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
lpSystemInfo = (LPVOID)malloc(dwNumberBytes);
Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,
lpSystemInfo,
dwNumberBytes,
&dwReturnLength);
if(Status == STATUS_INFO_LENGTH_MISMATCH)
{
printf(“STATUS_INFO_LENGTH_MISMATCH\n”);
__leave;
}
else if(Status != STATUS_SUCCESS)
{
printf(“NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo;
while(pSystemProc->NextEntryDelta != 0)
{
if(pSystemProc->ProcessId == dwPID)
{
printf(“ProcessName:\t\t ”);
if(pSystemProc->ProcessId != 0)
{
wprintf(L“%-20s\n”,pSystemProc->ProcessName.Buffer);
}
else
{
wprintf(L“%-20s\n”,L“System Idle Process”);
}
printf(“ProcessID:\t\t %d\t\t”,pSystemProc->ProcessId);
printf(“ParentProcessID:\t%d\n”,pSystemProc->InheritedFromProcessId);
printf(“KernelTime:\t\t ”);
llTempTime = pSystemProc->KernelTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\t”,llTempTime);
printf(“UserTime:\t\t”);
llTempTime = pSystemProc->UserTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“Privilege:\t\t %d%%\t\t”,(pSystemProc->KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));
printf(“User:\t\t\t%d%%\n”,(pSystemProc->UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));
printf(“ThreadCount:\t\t %d\t\t”,pSystemProc->ThreadCount);
printf(“HandleCount:\t\t%d\n”,pSystemProc->HandleCount);
printf(“BasePriority:\t\t %-2d\t\t”,pSystemProc->BasePriority);
printf(“PageFaultCount:\t\t%d\n\n”,pSystemProc->VmCounters.PageFaultCount);
printf(“PeakWorkingSetSize(K):\t %-8d\t”,pSystemProc->VmCounters.PeakWorkingSetSize/1024);
printf(“WorkingSetSize(K):\t%-8d\n”,pSystemProc->VmCounters.WorkingSetSize/1024);
printf(“PeakPagedPool(K):\t %-8d\t”,pSystemProc->VmCounters.QuotaPeakPagedPoolUsage/1024);
printf(“PagedPool(K):\t\t%-8d\n”,pSystemProc->VmCounters.QuotaPagedPoolUsage/1024);
printf(“PeakNonPagedPook(K):\t %-8d\t”,pSystemProc->VmCounters.QuotaPeakNonPagedPoolUsage/1024);
printf(“NonePagedPook(K):\t%-8d\n”,pSystemProc->VmCounters.QuotaNonPagedPoolUsage/1024);
printf(“PeakPagefile(K):\t %-8d\t”,pSystemProc->VmCounters.PeakPagefileUsage/1024);
printf(“Pagefile(K):\t\t%-8d\n”,pSystemProc->VmCounters.PagefileUsage/1024);
printf(“PeakVirtualSize(K):\t %-8d\t”,pSystemProc->VmCounters.PeakVirtualSize/1024);
printf(“VirtualSize(K):\t\t%-8d\n\n”,pSystemProc->VmCounters.VirtualSize/1024);
printf(“ReadTransfer:\t\t %-8d\t”,pSystemProc->IoCounters.ReadTransferCount);
printf(“ReadOperationCount:\t%-8d\n”,pSystemProc->IoCounters.ReadOperationCount);
printf(“WriteTransfer:\t\t %-8d\t”,pSystemProc->IoCounters.WriteTransferCount);
printf(“WriteOperationCount:\t%-8d\n”,pSystemProc->IoCounters.WriteOperationCount);
printf(“OtherTransfer:\t\t %-8d\t”,pSystemProc->IoCounters.OtherTransferCount);
printf(“OtherOperationCount:\t%-8d\n\n”,pSystemProc->IoCounters.OtherOperationCount);
printf(“%-5s%3s%4s%5s%5s%11s%12s%12s%7s%6s%9s\n”,“TID”,“Pri”,“BPr”,“Priv”,“User”,“KernelTime”,“UserTime”,“StartAddr”,“CSwitC”,“State”,“WtReason”);
printf(“-------------------------------------------------------------------------------\n”);
for(ulIndex = 0; ulIndex < pSystemProc->ThreadCount; ulIndex++)
{
pSystemThre = &pSystemProc->Threads[ulIndex];
printf(“%-5d”,pSystemProc->Threads[ulIndex].ClientId.UniqueThread);
printf(“%3d”,pSystemProc->Threads[ulIndex].Priority);
printf(“%4d”,pSystemProc->Threads[ulIndex].BasePriority);
printf(“%4d%%”,(pSystemProc->Threads[ulIndex].KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));
printf(“%4d%%”,(pSystemProc->Threads[ulIndex].UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart));
llTempTime = pSystemProc->Threads[ulIndex].KernelTime.QuadPart;
llTempTime /= 10000;
printf(“%2d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d.”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 100;
printf(“%.2d ”,llTempTime);
llTempTime = pSystemProc->Threads[ulIndex].UserTime.QuadPart;
llTempTime /= 10000;
printf(“%2d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d.”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 100;
printf(“%.2d ”,llTempTime);
printf(“ 0x%.8X”,pSystemProc->Threads[ulIndex].StartAddress);
printf(“%7d”,pSystemProc->Threads[ulIndex].ContextSwitchCount);
switch(pSystemProc->Threads[ulIndex].State)
{
case StateInitialized:
printf(“%6s”,“Init.”);
break;
case StateReady:
printf(“%6s”,“Ready”);
break;
case StateRunning:
printf(“%6s”,“Run”);
break;
case StateStandby:
printf(“%6s”,“StBy.”);
break;
case StateTerminated:
printf(“%6s”,“Term.”);
break;
case StateWait:
printf(“%6s”,“Wait”);
break;
case StateTransition:
printf(“%6s”,“Tran.”);
break;
case StateUnknown:
printf(“%6s”,“Unkn.”);
break;
default:
printf(“%6s”,“Unkn.”);
break;
}
switch(pSystemProc->Threads[ulIndex].WaitReason)
{
case Executive:
printf(“ %-8s”,“Executi.”);
break;
case FreePage:
printf(“ %-8s”,“FreePag.”);
break;
case PageIn:
printf(“ %-8s”,“PageIn”);
break;
case PoolAllocation:
printf(“ %-8s”,“PoolAll.”);
break;
case DelayExecution:
printf(“ %-8s”,“DelayEx.”);
break;
case Suspended:
printf(“ %-8s”,“Suspend.”);
break;
case UserRequest:
printf(“ %-8s”,“UserReq.”);
break;
case WrExecutive:
printf(“ %-8s”,“WrExect.”);
break;
case WrFreePage:
printf(“ %-8s”,“WrFrePg.”);
break;
case WrPageIn:
printf(“ %-8s”,“WrPageIn”);
break;
case WrPoolAllocation:
printf(“ %-8s”,“WrPoolA.”);
break;
case WrSuspended:
printf(“ %-8s”,“WrSuspe.”);
break;
case WrUserRequest:
printf(“ %-8s”,“WrUsReq.”);
break;
case WrEventPair:
printf(“ %-8s”,“WrEvent.”);
break;
case WrQueue:
printf(“ %-8s”,“WrQueue”);
break;
case WrLpcReceive:
printf(“ %-8s”,“WrLpcRv.”);
break;
case WrLpcReply:
printf(“ %-8s”,“WrLpcRp.”);
break;
case WrVertualMemory:
printf(“ %-8s”,“WrVerMm.”);
break;
case WrPageOut:
printf(“ %-8s”,“WrPgOut.”);
break;
case WrRendezvous:
printf(“ %-8s”,“WrRende.”);
break;
case WrKernel:
printf(“ %-8s”,“WrKernel”);
break;
default:
printf(“ %-8s”,“Unknown”);
break;
}
printf(“\n”);
}
printf(“-------------------------------------------------------------------------------\n\n”);
printf(“Total %d Thread(s) !\n\n”,ulIndex);
dwTotalProcess ++;
break;
}
pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta);
}
}
__finally
{
if(dwTotalProcess == 0)
{
printf(“Could not found the %d Process !\n”,dwPID);
}
else
{
printf(“TID:\t\t====>\tThread Identification\n”);
printf(“Pri:\t\t====>\tPriority\n”);
printf(“BPr:\t\t====>\tBase Priority\n”);
printf(“Priv:\t\t====>\tPrivilege\n”);
printf(“StartAddr:\t====>\tThread Start Address\n”);
printf(“CSwitC:\t\t====>\tContext Switch Count\n”);
printf(“WtReason:\t====>\tWait Reason\n”);
}
if(lpSystemInfo != NULL)
{
free(lpSystemInfo);
}
if(hNtDll != NULL)
{
FreeLibrary(hNtDll);
}
}
return 0;
}
VOID Start()
{
printf(“T-PMList, by TOo2y\n”);
printf(“E-mail: TOo2y@safechina.net\n”);
printf(“HomePage: www.safechina.net\n”);
printf(“Date: 05-10-2003\n\n”);
return ;
}
VOID Usage()
{
printf(“Usage:\tT-PMList [-e] │ [-s PID]\n”);
printf(“ -e\t Enumerate All Processes\n”);
printf(“ -s PID Show Special Process Information with PID\n\n”);
return ;
}
#endif
2.T-PMPerf的头文件源代码:
#ifndef T_PMPERF_H
#define T_PMPERF_H
#include “windows.h”
#include “stdio.h”
#define SYSTEM_PERF_INFO 0x02
#define SYSTEM_PROC_TIME 0x08
#define SYSTEM_PAGE_INFO 0x12
#define SYSTEM_CACHE_INFO0x15
#define MAX_INFO_BUF_LEN 0x500000
#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
typedef LONG NTSTATUS;
typedef DWORD SYSTEM_INFORMATION_CLASS;
typedef struct _LSA_UNICODE_STRING
{
USHORT Length;
USHORT MaximumLength;
PWSTR Buffer;
}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
typedef struct _SYSTEM_PERFORMANCE_INFORMATION
{
LARGE_INTEGER IdleTime;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
ULONG ReadOperationCount;
ULONG WriteOperationCount;
ULONG OtherOperationCount;
ULONG AvailablePages;
ULONG TotalCommittedPages;
ULONG TotalCommitLimit;
ULONG PeakCommitment;
ULONG PageFaults;
ULONG WriteCopyFaults;
ULONG TransitionFaults;
ULONG Reserved1;
ULONG DemandZeroFaults;
ULONG PagesRead;
ULONG PageReadIos;
ULONG Reserved2[2];
ULONG PagefilePagesWritten;
ULONG PagefilePageWriteIos;
ULONG MappedFilePagesWritten;
ULONG MappedFileWriteIos;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG PagedPoolAllocs;
ULONG PagedPoolFrees;
ULONG NonPagedPoolAllocs;
ULONG NonPagedPoolFress;
ULONG TotalFreeSystemPtes;
ULONG SystemCodePage;
ULONG TotalSystemDriverPages;
ULONG TotalSystemCodePages;
ULONG SmallNonPagedLookasideListAllocateHits;
ULONG SmallPagedLookasideListAllocateHits;
ULONG Reserved3;
ULONG MmSystemCachePage;
ULONG PagedPoolPage;
ULONG SystemDriverPage;
ULONG FastReadNoWait;
ULONG FastReadWait;
ULONG FastReadResourceMiss;
ULONG FastReadNotPossible;
ULONG FastMdlReadNoWait;
ULONG FastMdlReadWait;
ULONG FastMdlReadResourceMiss;
ULONG FastMdlReadNotPossible;
ULONG MapDataNoWait;
ULONG MapDataWait;
ULONG MapDataNoWaitMiss;
ULONG MapDataWaitMiss;
ULONG PinMappedDataCount;
ULONG PinReadNoWait;
ULONG PinReadWait;
ULONG PinReadNoWaitMiss;
ULONG PinReadWaitMiss;
ULONG CopyReadNoWait;
ULONG CopyReadWait;
ULONG CopyReadNoWaitMiss;
ULONG CopyReadWaitMiss;
ULONG MdlReadNoWait;
ULONG MdlReadWait;
ULONG MdlReadNoWaitMiss;
ULONG MdlReadWaitMiss;
ULONG ReadAheadIos;
ULONG LazyWriteIos;
ULONG LazyWritePages;
ULONG DataFlushes;
ULONG DataPages;
ULONG ContextSwitches;
ULONG FirstLevelTbFills;
ULONG SecondLevelTbFills;
ULONG SystemCall;
}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;
typedef struct __SYSTEM_PROCESSOR_TIMES
{
LARGE_INTEGER IdleTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER DpcTime;
LARGE_INTEGER InterruptTime;
ULONG InterruptCount;
}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;
typedef struct _SYSTEM_PAGEFILE_INFORMATION
{
ULONG NetxEntryOffset;
ULONG CurrentSize;
ULONG TotalUsed;
ULONG PeakUsed;
UNICODE_STRING FileName;
}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;
typedef struct _SYSTEM_CACHE_INFORMATION
{
ULONG SystemCacheWsSize;
ULONG SystemCacheWsPeakSize;
ULONG SystemCacheWsFaults;
ULONG SystemCacheWsMinimum;
ULONG SystemCacheWsMaximum;
ULONG TransitionSharedPages;
ULONG TransitionSharedPagesPeak;
ULONG Reserved[2];
}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;
typedef NTSTATUS (__stdcall * NTQUERYSYSTEMINFORMATION)
(IN SYSTEM_INFORMATION_CLASS,
IN OUT PVOID,
INT ULONG,
OUT PULONG OPTION);
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
DWORD PerfInfo()
{
SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo;
HMODULE hNtDll = NULL;
DWORD dwNumberBytes;
DWORD dwReturnLength;
NTSTATUS Status;
LONGLONG llTempTime;
__try
{
hNtDll = LoadLibrary(“NtDll.dll”);
if(hNtDll == NULL)
{
printf(“LoadLibrary Error: %d\n”,GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress for NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
dwNumberBytes = sizeof(SYSTEM_PERFORMANCE_INFORMATION);
Status = NtQuerySystemInformation(SYSTEM_PERF_INFO,
&SystemPerfInfo,
dwNumberBytes,
&dwReturnLength);
if(Status != STATUS_SUCCESS)
{
printf(“NtQuerySystemInformation for Performance Error: %d\n”,GetLastError());
__leave;
}
printf(“IdleTime:\t\t”);
llTempTime = SystemPerfInfo.IdleTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“ReadOperationCount:\t%-10d\t”,SystemPerfInfo.ReadOperationCount);
printf(“ReadTransferCount:\t%d\n”,SystemPerfInfo.ReadTransferCount);
printf(“WriteOperationCount:\t%-10d\t”,SystemPerfInfo.WriteOperationCount);
printf(“WriteTransferCount:\t%d\n”,SystemPerfInfo.WriteTransferCount);
printf(“OtherOperationCount:\t%-10d\t”,SystemPerfInfo.OtherOperationCount);
printf(“OtherTransferCount:\t%d\n”,SystemPerfInfo.OtherTransferCount);
printf(“AvailablePages:\t\t%-10d\t”,SystemPerfInfo.AvailablePages);
printf(“TotalCommittedPage:\t%d\n”,SystemPerfInfo.TotalCommittedPages);
printf(“CommitLimit:\t\t%-10d\t”,SystemPerfInfo.TotalCommitLimit);
printf(“PeakCommitment:\t\t%d\n”,SystemPerfInfo.PeakCommitment);
printf(“PageFault:\t\t%-10d\t”,SystemPerfInfo.PageFaults);
printf(“WriteCopyFault:\t\t%d\n”,SystemPerfInfo.WriteCopyFaults);
printf(“TransitionFault:\t%-10d\t”,SystemPerfInfo.TransitionFaults);
printf(“DemandZeroFault:\t%d\n”,SystemPerfInfo.DemandZeroFaults);
printf(“PagesRead:\t\t%-10d\t”,SystemPerfInfo.PagesRead);
printf(“PageReadIos:\t\t%d\n”,SystemPerfInfo.PageReadIos);
printf(“PagesWritten:\t\t%-10d\t”,SystemPerfInfo.PagefilePagesWritten);
printf(“PageWriteIos:\t\t%d\n”,SystemPerfInfo.PagefilePageWriteIos);
printf(“MappedFilePagesWritten:\t%-10d\t”,SystemPerfInfo.MappedFilePagesWritten);
printf(“MappedFileWriteIos:\t%d\n”,SystemPerfInfo.MappedFileWriteIos);
printf(“PagedPoolUsage:\t\t%-10d\t”,SystemPerfInfo.PagedPoolUsage);
printf(“NonPagedPoolUsage:\t%d\n”,SystemPerfInfo.NonPagedPoolUsage);
printf(“PagedPoolAllocs:\t%-10d\t”,SystemPerfInfo.PagedPoolAllocs);
printf(“NonPagedPoolAllocs:\t%d\n”,SystemPerfInfo.NonPagedPoolAllocs);
printf(“PagedPoolFrees:\t\t%-10d\t”,SystemPerfInfo.PagedPoolFrees);
printf(“NonPagedPoolFrees:\t%d\n”,SystemPerfInfo.NonPagedPoolFress);
printf(“SystemCodePage:\t\t%-10d\t”,SystemPerfInfo.SystemCodePage);
printf(“TotalSystemCodePage:\t%d\n”,SystemPerfInfo.TotalSystemCodePages);
printf(“TotalFreeSysPTE:\t%-10d\t”,SystemPerfInfo.TotalFreeSystemPtes);
printf(“TotalSystemDriverPages:\t%d\n”,SystemPerfInfo.TotalSystemDriverPages);
printf(“PagedPoolPage:\t\t%-10d\t”,SystemPerfInfo.PagedPoolPage);
printf(“SystemDriverPage:\t%d\n”,SystemPerfInfo.SystemDriverPage);
printf(“FastReadWait:\t\t%-10d\t”,SystemPerfInfo.FastReadWait);
printf(“FastReadNoWait:\t\t%d\n”,SystemPerfInfo.FastReadNoWait);
printf(“FastReadNoPossible:\t%-10d\t”,SystemPerfInfo.FastReadNotPossible);
printf(“FastReadResourceMiss:\t%d\n”,SystemPerfInfo.FastReadResourceMiss);
printf(“FastMdlReadWait:\t%-10d\t”,SystemPerfInfo.FastMdlReadWait);
printf(“FastMdlReadNoWait:\t%d\n”,SystemPerfInfo.FastMdlReadNoWait);
printf(“FastMdlReadNotPossible:\t%-10d\t”,SystemPerfInfo.FastMdlReadNotPossible);
printf(“FastMdlReadResourceMiss:%d\n”,SystemPerfInfo.FastMdlReadResourceMiss);
printf(“MapDataWait:\t\t%-10d\t”,SystemPerfInfo.MapDataWait);
printf(“MapDataNoWait:\t\t%d\n”,SystemPerfInfo.MapDataNoWait);
printf(“MapDataWaitMiss:\t%-10d\t”,SystemPerfInfo.MapDataWaitMiss);
printf(“MapDataNoWaitMiss:\t%d\n”,SystemPerfInfo.MapDataNoWaitMiss);
printf(“ReadAheadIos:\t\t%-10d\t”,SystemPerfInfo.ReadAheadIos);
printf(“PinMappedDataCount:\t%d\n”,SystemPerfInfo.PinMappedDataCount);
printf(“PinReadWait:\t\t%-10d\t”,SystemPerfInfo.PinReadWait);
printf(“PinReadNoWait:\t\t%d\n”,SystemPerfInfo.PinReadNoWait);
printf(“PinReadWaitMiss:\t%-10d\t”,SystemPerfInfo.PinReadWaitMiss);
printf(“PinReadNoWaitMiss:\t%d\n”,SystemPerfInfo.PinReadNoWaitMiss);
printf(“CopyReadWait:\t\t%-10d\t”,SystemPerfInfo.CopyReadWait);
printf(“CopyReadNoWait:\t\t%d\n”,SystemPerfInfo.CopyReadNoWait);
printf(“CopyReadWaitMiss:\t%-10d\t”,SystemPerfInfo.CopyReadWaitMiss);
printf(“CopyReadNoWaitMiss:\t%-10d\n”,SystemPerfInfo.CopyReadNoWaitMiss);
printf(“MdlReadWait:\t\t%-10d\t”,SystemPerfInfo.MdlReadWait);
printf(“MdlReadNoWait:\t\t%d\n”,SystemPerfInfo.MdlReadNoWait);
printf(“MdlReadWaitMiss:\t%-10d\t”,SystemPerfInfo.MdlReadWaitMiss);
printf(“MdlReadNoWaitMiss:\t%d\n”,SystemPerfInfo.MdlReadNoWaitMiss);
printf(“LazyWriteIos:\t\t%-10d\t”,SystemPerfInfo.LazyWriteIos);
printf(“LazyWritePages:\t\t%d\n”,SystemPerfInfo.LazyWritePages);
printf(“DataPages:\t\t%-10d\t”,SystemPerfInfo.DataPages);
printf(“DataFlushes:\t\t%d\n”,SystemPerfInfo.DataFlushes);
printf(“FirstLevelTbFills:\t%-10d\t”,SystemPerfInfo.FirstLevelTbFills);
printf(“SecondLevelTbFills:\t%d\n”,SystemPerfInfo.SecondLevelTbFills);
printf(“ContextSwitches:\t%-10d\t”,SystemPerfInfo.ContextSwitches);
printf(“SytemCall:\t\t%d\n”,SystemPerfInfo.SystemCall);
printf(“MemorySystemCachePage:\t\t\t%d\n”,SystemPerfInfo.MmSystemCachePage);
printf(“SmallPagedLookasideListAllocateHits:\t%d\n”,SystemPerfInfo.SmallPagedLookasideListAllocateHits);
printf(“SmallNonPagedLookasideListAllocateHits:\t%d\n”,SystemPerfInfo.SmallNonPagedLookasideListAllocateHits);
}
__finally
{
if(hNtDll != NULL)
{
FreeLibrary(hNtDll);
}
}
return 0;
}
DWORD ProcTime()
{
SYSTEM_PROCESSOR_TIMES SystemProcTime;
HMODULE hNtDll = NULL;
DWORD dwNumberBytes;
DWORD dwReturnLength;
NTSTATUS Status;
LONGLONG llTempTime;
__try
{
hNtDll = LoadLibrary(“NtDll.dll”);
if(hNtDll == NULL)
{
printf(“LoadLibrary Error: %d\n”,GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress for NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
dwNumberBytes = sizeof(SYSTEM_PROCESSOR_TIMES);
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress Error: %d\n”,GetLastError());
__leave;
}
Status = NtQuerySystemInformation(SYSTEM_PROC_TIME,
&SystemProcTime,
dwNumberBytes,
&dwReturnLength);
if(Status != STATUS_SUCCESS)
{
printf(“NtQuerySystemInformation for Processor Time Error: %d\n”,GetLastError());
__leave;
}
printf(“IdleTime:\t\t”);
llTempTime = SystemProcTime.IdleTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“KernelTime:\t\t”);
llTempTime = SystemProcTime.KernelTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“UserTime:\t\t”);
llTempTime = SystemProcTime.UserTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“DpcTime:\t\t”);
llTempTime = SystemProcTime.DpcTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“InterruptTime:\t\t”);
llTempTime = SystemProcTime.InterruptTime.QuadPart;
llTempTime /= 10000;
printf(“%d:”,llTempTime/(60*60*1000));
llTempTime %= 60*60*1000;
printf(“%.2d:”,llTempTime/(60*1000));
llTempTime %= 60*1000;
printf(“%.2d.”,llTempTime/1000);
llTempTime %= 1000;
printf(“%.3d\n”,llTempTime);
printf(“InterruptCount:\t\t%d\n”,SystemProcTime.InterruptCount);
}
__finally
{
if(hNtDll != NULL)
{
FreeLibrary(hNtDll);
}
}
return 0;
}
DWORD PagefileInfo()
{
PSYSTEM_PAGEFILE_INFORMATION pSystemPagefileInfo;
PVOID pBuffer;
HMODULEhNtDll = NULL;
DWORD dwNumberBytes;
DWORD dwReturnLength;
NTSTATUS Status;
__try
{
hNtDll = LoadLibrary(“NtDll.dll”);
if(hNtDll == NULL)
{
printf(“LoadLibrary Error: %d\n”,GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress for NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
dwNumberBytes = MAX_INFO_BUF_LEN;
pBuffer = (LPVOID)malloc(dwNumberBytes);
Status = NtQuerySystemInformation(SYSTEM_PAGE_INFO,
pBuffer,
dwNumberBytes,
&dwReturnLength);
if(Status != STATUS_SUCCESS)
{
printf(“NtQuerySystemInformation for Pagefile Error: %d\n”,GetLastError());
__leave;
}
pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)pBuffer;
do
{
printf(“CurrentPagefileSize:\t%d\n”,pSystemPagefileInfo->CurrentSize);
printf(“TotalPagefileUsed:\t%d\n”,pSystemPagefileInfo->TotalUsed);
printf(“PeakPagefileUsed:\t%d\n”,pSystemPagefileInfo->PeakUsed);
wprintf(L“PagefileFileName:\t%s\n”,pSystemPagefileInfo->FileName.Buffer);
pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)((char *)pBuffer + pSystemPagefileInfo->NetxEntryOffset);
}while(pSystemPagefileInfo->NetxEntryOffset != 0);
}
__finally
{
if(pBuffer != NULL)
{
free(pBuffer);
}
if(hNtDll != NULL)
{
FreeLibrary(hNtDll);
}
}
return 0;
}
DWORD CacheInfo()
{
SYSTEM_CACHE_INFORMATION SystemCacheInfo;
HMODULEhNtDll = NULL;
DWORD dwNumberBytes;
DWORD dwReturnLength;
NTSTATUS Status;
__try
{
hNtDll = LoadLibrary(“NtDll.dll”);
if(hNtDll == NULL)
{
printf(“LoadLibrary Error: %d\n”,GetLastError());
__leave;
}
NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,“NtQuerySystemInformation”);
if(NtQuerySystemInformation == NULL)
{
printf(“GetProcAddress for NtQuerySystemInformation Error: %d\n”,GetLastError());
__leave;
}
dwNumberBytes = sizeof(SYSTEM_CACHE_INFORMATION);
Status = NtQuerySystemInformation(SYSTEM_CACHE_INFO,
&SystemCacheInfo,
dwNumberBytes,
&dwReturnLength);
if(Status != STATUS_SUCCESS)
{
printf(“NtQuerySystemInformation for Cache Error: %d\n”,GetLastError());
__leave;
}
printf(“CacheWorkingSetSize:\t\t%d(KB)\n”,SystemCacheInfo.SystemCacheWsSize/1024);
printf(“CacheWorkingSetPeakSize:\t%d(KB)\n”,SystemCacheInfo.SystemCacheWsPeakSize/1024);
printf(“CacheWorkingSetFaults:\t\t%d\n”,SystemCacheInfo.SystemCacheWsFaults);
printf(“CacheWorkingSetMinimum:\t\t%d\n”,SystemCacheInfo.SystemCacheWsMinimum);
printf(“CacheWorkingSetMaximum:\t\t%d\n”,SystemCacheInfo.SystemCacheWsMaximum);
printf(“TransitionSharedPages:\t\t%d\n”,SystemCacheInfo.TransitionSharedPages);
printf(“TransitionSharedPagesPeak:\t%d\n”,SystemCacheInfo.TransitionSharedPagesPeak);
}
__finally
{
if(hNtDll != NULL)
{
FreeLibrary(hNtDll);
}
}
return 0;
}
VOID Start()
{
printf(“T-PMPerf, by TOo2y\n”);
printf(“E-mail: TOo2y@safechina.net\n”);
printf(“HomePage: www.safechina.net\n”);
printf(“Date: 05-09-2003\n\n”);
return ;
}
VOID Usage()
{
printf(“Usage:\tT-PMPerf \n”);
printf(“Option:\n”);
printf(“ -Perf System Performance Information\n”);
printf(“ -Proc System Processor Information\n”);
printf(“ -Page System Pagefile Information\n”);
printf(“ -Cache System Cache Information\n”);
return ;
}
#endif
Reference:
篇2:经典系统完美优化 Win XP 终极p肥
Winxp用起来确实不错,但是体积有点太大了,最初的安装就有1.3g,如果是使用 免激活的英文2600+中文汉化包体积会更大,我在网上征集众多高人的经验和 我的本人的意见创作出xp终极瘦身大法,在这里跟大家分享。
1. 删除系统文件备份 sfc.exe /purgecache (一般用户是不怎么用的)
2 删除驱动备份 windows\driver cache\i386目录下的Driver.cab文件 (73mb)
3. 取消系统还原 (总体来说系统还原功能还是不错的,建议除了xp安装的那个 盘使用,其它盘都别用,如果哪一天硬盘的空间不够了,可以通过系统清理程 序删除一些比较早的还原点)
4、删除帮助文件(减掉40多mb) (使用中文汉化包的文件大小为92兆,刚开始 使用xp的同志最好别删)
5、删掉\WINDOWS\system32\dllcache下文件(减去200――300mb)。
(这是备用的dll文件,只要你拷贝了安装文件,完全可以这样做,
既然这样删你 没话说)
6、把我的文档、IE的临时文件夹都转到其他盘(分区)。 (同时对系统的速 度,和硬盘都有好处,如果使用的是双系统,最好把两个系统的IE临时文件都 放在同一个文件夹,这样既加快速度有节省空间)
7、把虚拟内存也转到其他盘。 (最好就是将这些东西和平时临时下载文件放 在一个不大的分区里,这样也方便整理硬盘)
8、将应用软件装在其他盘(这对重装系统也有好处,可以省很多事)。
9、删除\windows\ime下不用的输入法! (日文,韩文,繁体中文输入 法,84.5MB) (到底哪个是哪个自己研究一下吧!有时候也要自己动动脑子 的,锻炼一下吧!)
10、如用ntfs p,本身就节省地盘。
注意:有些文件的删除可能有潜在的危险性,如果对windows了解不多请慎用 此法,如果出错的话本人盖不负责。(操作前请找到文件夹选项,将文件查看 选择为显示所有文件,显示受系统保护的文件,否则有些文件找不到)编者的按:原则来说这么来给系统减肥我们是不支持的。仅限于玩家一种学习和了解。如果您的机器上有重要的数据请备份好。再试试操作一下。
文档为doc格式
