选择显示字体大小

探测win2k/xp/2003本机系统信息

  native api乃windows用户模式中为上层win32 api提供接口的本机系统服务。平常我们总是调用ms为我们提供的公用的win32 api函数来实现来实现 我们系统的功能。今天我们要谈的是如何通过本机系统服务(native api)来探测本机系统信息。当然,微软没有为我们提供关于本机系统服务的文档 (undocumented),也就是不会为对它的使用提供任何的保证,所以我们不提倡使用native api来开发软件。不过在特殊情况下,本机系统服务却为我们提供了通向“秘密”的捷径。本文提到的信息仅在windows2000/xp/2003上测试过。

  今天,我们主要讨论的是一个函数ntquerysysteminformation(zwquerysysteminformation)。当然,你不要小看这么一个函数,它却为我们提供了丰富的系统信息,同时还包括对某些信息的控制和设置。以下是这个函数的原型:

typedef ntstatus (__stdcall *ntquerysysteminformation)
         (in   system_information_class systeminformationclass,
   in out pvoid          systeminformation,
   in   ulong          systeminformationlength,
   out   pulong         returnlength optional);
ntquerysysteminformation ntquerysysteminformation;

  从中可以看到,systeminformationclass是一个类型信息,它大概提供了50余种信息,也就是我们可以通过这个函数对大约50多种的系统信息进行探测或设置。systeminformation是一个lpvoid型的指针,它为我们提供需要获得的信息,或是我们需要设置的系统信息。systeminformationlength是systeminformation的长度,它根据探测的信息类型来决定。至于returnlength则是系统返回的需要的长度,通常可以设置为空指针(null)。

  首先,我们来看看大家比较熟悉的系统进程/线程相关的信息。这个题目在网上已经讨论了n多年了,所以我就不在老生常谈了,呵呵。那么就提出这个结构类型的定义:

typedef struct _system_processes
{
ulong     nextentrydelta;     //构成结构序列的偏移量;
ulong     threadcount;       //线程数目;
ulong     reserved1[6];    
large_integer createtime;       //创建时间;
large_integer usertime;        //用户模式(ring 3)的cpu时间;
large_integer kerneltime;       //内核模式(ring 0)的cpu时间;
unicode_string processname;       //进程名称;
kpriority   basepriority;      //进程优先权;
ulong     processid;       //进程标识符;
ulong     inheritedfromprocessid; //父进程的标识符;
ulong     handlecount;       //句柄数目;
ulong     reserved2[2];
vm_counters  vmcounters;       //虚拟存储器的结构,见下;
io_counters  iocounters;       //io计数结构,见下;
system_threads threads[1];       //进程相关线程的结构数组,见下;
}system_processes,*psystem_processes;

typedef struct _system_threads
{
large_integer kerneltime;       //cpu内核模式使用时间;
large_integer usertime;         //cpu用户模式使用时间;
large_integer createtime;       //线程创建时间;
ulong     waittime;         //等待时间;
pvoid     startaddress;       //线程开始的虚拟地址;
client_id   clientid;         //线程标识符;
kpriority   priority;         //线程优先级;
kpriority   basepriority;       //基本优先级;
ulong     contextswitchcount;   //环境切换数目;
thread_state state;          //当前状态;
kwait_reason waitreason;       //等待原因;
}system_threads,*psystem_threads;

typedef struct _vm_counters
{
ulong peakvirtualsize;         //虚拟存储峰值大小;
ulong virtualsize;           //虚拟存储大小;
ulong pagefaultcount;         //页故障数目;
ulong peakworkingsetsize;       //工作集峰值大小;
ulong workingsetsize;         //工作集大小;
ulong quotapeakpagedpoolusage;     //分页池使用配额峰值;
ulong quotapagedpoolusage;       //分页池使用配额;
ulong quotapeaknonpagedpoolusage;   //非分页池使用配额峰值;
ulong quotanonpagedpoolusage;     //非分页池使用配额;
ulong pagefileusage;          //页文件使用情况;
ulong peakpagefileusage;        //页文件使用峰值;
}vm_counters,*pvm_counters;

typedef struct _io_counters
{
large_integer readoperationcount;   //i/o读操作数目;
large_integer writeoperationcount;   //i/o写操作数目;
large_integer otheroperationcount;   //i/o其他操作数目;
large_integer readtransfercount;    //i/o读数据数目;
large_integer writetransfercount;   //i/o写数据数目;
large_integer othertransfercount;   //i/o其他操作数据数目;
}io_counters,*pio_counters;


   以上这些信息应该是比较全面的了,在win32 api里为我们提供了psapi(进程状态)和toolhelp32这两种探测系统进程/线程信息的方式,在windows2k/xp/2003都支持它们。

  现在,我们来看看系统的性能信息,性能结构system_performance_information为我们提供了70余种系统性能方面的信息,真是太丰富了,请慢慢体会~

typedef struct _system_performance_information
{
large_integer idletime;          //cpu空闲时间;
large_integer readtransfercount;     //i/o读操作数目;
large_integer writetransfercount;     //i/o写操作数目;
large_integer othertransfercount;     //i/o其他操作数目;
ulong     readoperationcount;     //i/o读数据数目;
ulong     writeoperationcount;     //i/o写数据数目;
ulong     otheroperationcount;     //i/o其他操作数据数目;
ulong     availablepages;       //可获得的页数目;
ulong     totalcommittedpages;     //总共提交页数目;
ulong     totalcommitlimit;      //已提交页数目;
ulong     peakcommitment;       //页提交峰值;
ulong     pagefaults;         //页故障数目;
ulong     writecopyfaults;       //copy-on-write故障数目;
ulong     transitionfaults;      //软页故障数目;
ulong     reserved1;
ulong     demandzerofaults;      //需求0故障数;
ulong     pagesread;         //读页数目;
ulong     pagereadios;         //读页i/o操作数;
ulong     reserved2[2];
ulong     pagefilepageswritten;    //已写页文件页数;
ulong     pagefilepagewriteios;    //已写页文件操作数;
ulong     mappedfilepageswritten;   //已写映射文件页数;
ulong     mappedfilewriteios;     //已写映射文件操作数;
ulong     pagedpoolusage;       //分页池使用;
ulong     nonpagedpoolusage;     //非分页池使用;
ulong     pagedpoolallocs;       //分页池分配情况;
ulong     pagedpoolfrees;       //分页池释放情况;
ulong     nonpagedpoolallocs;     //非分页池分配情况;
ulong     nonpagedpoolfress;     //非分页池释放情况;
ulong     totalfreesystemptes;     //系统页表项释放总数;
ulong     systemcodepage;       //操作系统代码页数;
ulong     totalsystemdriverpages;   //可分页驱动程序页数;
ulong     totalsystemcodepages;    //操作系统代码页总数;
ulong     smallnonpagedlookasidelistallocatehits; //小非分页侧视列表分配次数;
ulong     smallpagedlookasidelistallocatehits;  //小分页侧视列表分配次数;
ulong     reserved3;        
ulong     mmsystemcachepage;     //系统缓存页数;
ulong     pagedpoolpage;       //分页池页数;
ulong     systemdriverpage;     //可分页驱动页数;
ulong     fastreadnowait;       //异步快速读数目;
ulong     fastreadwait;       //同步快速读数目;
ulong     fastreadresourcemiss;   //快速读资源冲突数;
ulong     fastreadnotpossible;    //快速读失败数;
ulong     fastmdlreadnowait;     //异步mdl快速读数目;
ulong     fastmdlreadwait;      //同步mdl快速读数目;
ulong     fastmdlreadresourcemiss;  //mdl读资源冲突数;
ulong     fastmdlreadnotpossible;   //mdl读失败数;
ulong     mapdatanowait;       //异步映射数据次数;
ulong     mapdatawait;        //同步映射数据次数;
ulong     mapdatanowaitmiss;     //异步映射数据冲突次数;
ulong     mapdatawaitmiss;      //同步映射数据冲突次数;
ulong     pinmappeddatacount;     //牵制映射数据数目;
ulong     pinreadnowait;       //牵制异步读数目;
ulong     pinreadwait;        //牵制同步读数目;
ulong     pinreadnowaitmiss;     //牵制异步读冲突数目;
ulong     pinreadwaitmiss;      //牵制同步读冲突数目;
ulong     copyreadnowait;       //异步拷贝读次数;
ulong     copyreadwait;       //同步拷贝读次数;
ulong     copyreadnowaitmiss;     //异步拷贝读故障次数;
ulong     copyreadwaitmiss;     //同步拷贝读故障次数;
ulong     mdlreadnowait;       //异步mdl读次数;
ulong     mdlreadwait;        //同步mdl读次数;
ulong     mdlreadnowaitmiss;     //异步mdl读故障次数;
ulong     mdlreadwaitmiss;      //同步mdl读故障次数;
ulong     readaheadios;       //向前读操作数目;
ulong     lazywriteios;       //lazy写操作数目;
ulong     lazywritepages;       //lazy写页文件数目;
ulong     dataflushes;        //缓存刷新次数;
ulong     datapages;         //缓存刷新页数;
ulong     contextswitches;      //环境切换数目;
ulong     firstleveltbfills;     //第一层缓冲区填充次数;
ulong     secondleveltbfills;     //第二层缓冲区填充次数;
ulong     systemcall;         //系统调用次数;
}system_performance_information,*psystem_performance_information;

  现在看到的是结构system_processor_times提供的系统处理器的使用情况,包括各种情况下的使用时间及中断数目:

typedef struct __system_processor_times
{
large_integer idletime;       //空闲时间;
large_integer kerneltime;       //内核模式时间;
large_integer usertime;       //用户模式时间;
large_integer dpctime;        //延迟过程调用时间;
large_integer interrupttime;     //中断时间;
ulong     interruptcount;     //中断次数;
}system_processor_times,*psystem_processor_times;


   页文件的使用情况,system_pagefile_information提供了所需的相关信息:

typedef struct _system_pagefile_information
{
ulong.netxentryoffset;        //下一个结构的偏移量;
ulong currentsize;          //当前页文件大小;
ulong totalused;           //当前使用的页文件数;
ulong peakused;           //当前使用的页文件峰值数;
unicode_string filename;       //页文件的文件名称;
}system_pagefile_information,*psystem_pagefile_information;

  系统高速缓存的使用情况参见结构system_cache_information提供的信息:

typedef struct _system_cache_information
{
ulong systemcachewssize;       //高速缓存大小;
ulong systemcachewspeaksize;     //高速缓存峰值大小;
ulong systemcachewsfaults;      //高速缓存页故障数目;
ulong systemcachewsminimum;     //高速缓存最小页大小;
ulong systemcachewsmaximum;     //高速缓存最大页大小;
ulong transitionsharedpages;     //共享页数目;
ulong transitionsharedpagespeak;   //共享页峰值数目;
ulong reserved[2];
}system_cache_information,*psystem_cache_information;

附录:(所有完整源代码,您可以到我们fz5fz的主页下载)。

1.t-pmlist的头文件源代码:

#ifndef t_pmlist_h
#define t_pmlist_h

#include <windows.h>
#include <stdio.h>

#define nt_processthread_info    0x05
#define max_info_buf_len       0x500000
#define status_success       ((ntstatus)0x00000000l)
#define status_info_length_mismatch ((ntstatus)0xc0000004l)

typedef long ntstatus;

typedef struct _lsa_unicode_string
{
ushort length;
ushort maximumlength;
pwstr buffer;
}lsa_unicode_string,*plsa_unicode_string;
typedef lsa_unicode_string unicode_string, *punicode_string;

typedef struct _client_id
{
handle uniqueprocess;
handle uniquethread;
}client_id;
typedef client_id *pclient_id;

typedef long kpriority;

typedef struct _vm_counters
{
ulong peakvirtualsize;
ulong virtualsize;
ulong pagefaultcount;
ulong peakworkingsetsize;
ulong workingsetsize;
ulong quotapeakpagedpoolusage;
ulong quotapagedpoolusage;
ulong quotapeaknonpagedpoolusage;
ulong quotanonpagedpoolusage;
ulong pagefileusage;
ulong peakpagefileusage;
}vm_counters,*pvm_counters;

typedef struct _io_counters
{
large_integer readoperationcount;
large_integer writeoperationcount;
large_integer otheroperationcount;
large_integer readtransfercount;
large_integer writetransfercount;
large_integer othertransfercount;
}io_counters,*pio_counters;

typedef enum _thread_state
{
stateinitialized,
stateready,
staterunning,
statestandby,
stateterminated,
statewait,
statetransition,
stateunknown
}thread_state;

typedef enum _kwait_reason
{
executive,
freepage,
pagein,
poolallocation,
delayexecution,
suspended,
userrequest,
wrexecutive,
wrfreepage,
wrpagein,
wrpoolallocation,
wrdelayexecution,
wrsuspended,
wruserrequest,
wreventpair,
wrqueue,
wrlpcreceive,
wrlpcreply,
wrvertualmemory,
wrpageout,
wrrendezvous,
spare2,
spare3,
spare4,
spare5,
spare6,
wrkernel
}kwait_reason;

typedef struct _system_threads
{
large_integer kerneltime;
large_integer usertime;
large_integer createtime;
ulong     waittime;
pvoid     startaddress;
client_id   clientid;
kpriority   priority;
kpriority   basepriority;
ulong     contextswitchcount;
thread_state state;
kwait_reason waitreason;
}system_threads,*psystem_threads;

typedef struct _system_processes
{
ulong     nextentrydelta;
ulong     threadcount;
ulong     reserved1[6];
large_integer createtime;
large_integer usertime;
large_integer kerneltime;
unicode_string processname;
kpriority   basepriority;
ulong     processid;
ulong     inheritedfromprocessid;
ulong     handlecount;
ulong     reserved2[2];
vm_counters  vmcounters;
io_counters  iocounters;
system_threads threads[1];
}system_processes,*psystem_processes;

typedef dword  system_information_class;
typedef ntstatus (__stdcall *ntquerysysteminformation)
         (in   system_information_class,
   in out pvoid,
   in   ulong,
   out  pulong optional);
ntquerysysteminformation ntquerysysteminformation;


dword enumprocess()
{
   psystem_processes psystemproc;
hmodule      hntdll     = null;
lpvoid       lpsysteminfo = null;
dword       dwnumberbytes = max_info_buf_len;
dword       dwtotalprocess = 0;
dword       dwreturnlength;
ntstatus     status;
longlong     lltemptime;

__try
{
hntdll = loadlibrary("ntdll.dll");
     if(hntdll == null)
{
       printf("loadlibrary error: %d\n",getlasterror());
   __leave;
}

ntquerysysteminformation = (ntquerysysteminformation)getprocaddress(hntdll,"ntquerysysteminformation");
     if(ntquerysysteminformation == null)
{
   printf("getprocaddress for ntquerysysteminformation error: %d\n",getlasterror());
     __leave;
}

lpsysteminfo = (lpvoid)malloc(dwnumberbytes);
status = ntquerysysteminformation(nt_processthread_info,
             lpsysteminfo,
dwnumberbytes,
&dwreturnlength);
if(status == status_info_length_mismatch)
{
printf("status_info_length_mismatch\n");
__leave;
}
else if(status != status_success)
{
printf("ntquerysysteminformation error: %d\n",getlasterror());
__leave;
}

printf("%-20s%6s%7s%8s%6s%7s%7s%13s\n","processname","pid","ppid","wssize","prio.","thread","handle","cpu time");
printf("--------------------------------------------------------------------------\n");
psystemproc = (psystem_processes)lpsysteminfo;
while(psystemproc->nextentrydelta != 0)
{
if(psystemproc->processid != 0)
{
wprintf(l"%-20s",psystemproc->processname.buffer);
}
else
{
wprintf(l"%-20s",l"system idle process");
}
printf("%6d",psystemproc->processid);
printf("%7d",psystemproc->inheritedfromprocessid);
printf("%7dk",psystemproc->vmcounters.workingsetsize/1024);
printf("%6d",psystemproc->basepriority);
printf("%7d",psystemproc->threadcount);
printf("%7d",psystemproc->handlecount);
lltemptime = psystemproc->kerneltime.quadpart + psystemproc->usertime.quadpart;
lltemptime /= 10000;
printf("%3d:",lltemptime/(60*60*1000));
lltemptime %= 60*60*1000;
printf("%.2d:",lltemptime/(60*1000));
lltemptime %= 60*1000;
printf("%.2d.",lltemptime/1000);
lltemptime %= 1000;
printf("%.3d",lltemptime);

printf("\n");
dwtotalprocess ++;
psystemproc = (psystem_processes)((char *)psystemproc + psystemproc->nextentrydelta);
}
printf("--------------------------------------------------------------------------\n");
printf("\ntotal %d process(es) !\n\n",dwtotalprocess);
printf("pid\t ==> process identification\n");
printf("ppid\t ==> parent process identification\n");
printf("wssize\t ==> working set size\n");
printf("prio.\t ==> base priority\n");
printf("thread\t ==> thread count\n");
printf("handle\t ==> handle count\n");
printf("cpu time ==> processor time\n");
}
__finally
{
if(lpsysteminfo != null)
{
free(lpsysteminfo);
}
if(hntdll != null)
{
   freelibrary(hntdll);
}
}

return 0;
}

dword speciprocess(dword dwpid)
{
   psystem_processes psystemproc  = null;
psystem_threads  psystemthre  = null;
hmodule      hntdll     = null;
lpvoid       lpsysteminfo = null;
dword       dwnumberbytes = max_info_buf_len;
dword       dwtotalprocess = 0;
dword       dwreturnlength;
ntstatus     status;
longlong     lltemptime;
ulong       ulindex;

__try
{
hntdll = loadlibrary("ntdll.dll");
     if(hntdll == null)
{
     printf("loadlibrary error: %d\n",getlasterror());
       __leave;
}

ntquerysysteminformation = (ntquerysysteminformation)getprocaddress(hntdll,"ntquerysysteminformation");
   if(ntquerysysteminformation == null)
{
   printf("getprocaddress for ntquerysysteminformation error: %d\n",getlasterror());
     __leave;
}

lpsysteminfo = (lpvoid)malloc(dwnumberbytes);
status = ntquerysysteminformation(nt_processthread_info,
             lpsysteminfo,
dwnumberbytes,
&dwreturnlength);
if(status == status_info_length_mismatch)
{
printf("status_info_length_mismatch\n");
__leave;
}
else if(status != status_success)
{
printf("ntquerysysteminformation error: %d\n",getlasterror());
__leave;
}

psystemproc = (psystem_processes)lpsysteminfo;
while(psystemproc->nextentrydelta != 0)
{
if(psystemproc->processid == dwpid)
{
printf("processname:\t\t ");
if(psystemproc->processid != 0)
{
wprintf(l"%-20s\n",psystemproc->processname.buffer);
}
else
{
wprintf(l"%-20s\n",l"system idle process");
}
printf("processid:\t\t %d\t\t",psystemproc->processid);
printf("parentprocessid:\t%d\n",psystemproc->inheritedfromprocessid);

printf("kerneltime:\t\t ");
lltemptime = psystemproc->kerneltime.quadpart;
lltemptime /= 10000;
printf("%d:",lltemptime/(60*60*1000));
lltemptime %= 60*60*1000;
printf("%.2d:",lltemptime/(60*1000));
lltemptime %= 60*1000;
printf("%.2d.",lltemptime/1000);
lltemptime %= 1000;
printf("%.3d\t",lltemptime);

printf("usertime:\t\t");
lltemptime = psystemproc->usertime.quadpart;
lltemptime /= 10000;
printf("%d:",lltemptime/(60*60*1000));
lltemptime %= 60*60*1000;
printf("%.2d:",lltemptime/(60*1000));
lltemptime %= 60*1000;
printf("%.2d.",lltemptime/1000);
lltemptime %= 1000;
printf("%.3d\n",lltemptime);

printf("privilege:\t\t %d%%\t\t",(psystemproc->kerneltime.quadpart * 100)/(psystemproc->kerneltime.quadpart + psystemproc->usertime.quadpart));
printf("user:\t\t\t%d%%\n",(psystemproc->usertime.quadpart * 100)/(psystemproc->kerneltime.quadpart + psystemproc->usertime.quadpart));

printf("threadcount:\t\t %d\t\t",psystemproc->threadcount);
printf("handlecount:\t\t%d\n",psystemproc->handlecount);

printf("basepriority:\t\t %-2d\t\t",psystemproc->basepriority);
printf("pagefaultcount:\t\t%d\n\n",psystemproc->vmcounters.pagefaultcount);

printf("peakworkingsetsize(k):\t %-8d\t",psystemproc->vmcounters.peakworkingsetsize/1024);
printf("workingsetsize(k):\t%-8d\n",psystemproc->vmcounters.workingsetsize/1024);

  


 


关键字 本文所属关键字

相关 与本文相关文章

分类 所有文章关键字导航

源码编程相关

Java   Asp   PHP   .Net   XML   C/C++   CGI   VB   Jsp   J2ee   J2se   J2me   EJB   Servlet   Tomcat   Resin   Struts   Weblogic   Eclipse   ANT   GUI   JMS   Web servise   IDEA   Webphere   Hibernate   Spring   Jboss   Applet   Swing   Socket   Javamail   Perl   Ajax   P2P   安全   模式   框架   测试   开源   游戏

SQL数据库相关

My-SQL   Ms-SQL   Access   DB2   Oracle   Sybase   SQLserver   索引   存储过程   加密   数据库   分页   视图  

手机无线相关

3G   Wap   CDMA   GRPS   GSM   IVR   彩信   短信   无线   增值业务

网页设计制作相关

HTML   CSS   网页配色   网页特效   Javascript   VBscript   Dreamweaver   Frontpage   JS   Web   网站设计

网站建设推广相关

建站经验   网站优化   网站排名   推广   Alexa

操作系统/服务器相关

Windows XP   Windows 2000   Windows 2003   Windows Me   Windows 9.x   Linux   UNIX   注册表   操作系统   服务器   应用服务器

图形图像多媒体相关

Photoshop   Fireworks   Flash   Coreldraw   Illustrator   Freehand   Photoimpact   多媒体   图形图像

标准 网站致力的规范

Valid CSS!

无不良内容,无不良广告,无恶意代码

Valid XHTML 1.0 Transitional

creativecommons