Windows API one-day training (91) getprocessmemoryinfo Function

Windows API one-day training (91) getprocessmemoryinfo Function

When you open the windows task manager, you will see the distribution of memory used by each process. Some processes often occupy a large amount of memory, which is also an exception, can be used as a sign of malware. The following describes how to use the API function getprocessmemoryinfo to obtain memory usage.

The getprocessmemoryinfo function is declared as follows:

Bool
Winapi
Getprocessmemoryinfo (
Handle process,
Pprocess_memory_counters ppsmemcounters,
DWORD CB
);
Process is the process handle for obtaining memory usage.
Ppsmemcounters is the structure that returns memory usage.
CB is the size of the structure.

An example of calling a function is as follows:
#001 // obtain the memory information of a process.
#002 // Cai junsheng 2007/12/18 QQ: 9073204 Shenzhen
#003 void testgetprocessmemoryinfo (void)
#004 {
#005 //
#006 const int nbufsize = 512;
#007 tchar chbuf [nbufsize];
#008 zeromemory (chbuf, nbufsize );
#009
#010 //
#011 DWORD dwprocs [1, 1024];
#012 DWORD dwneeded;
#013
#014 // enumerate all process IDs.
#015 if (! Enumprocesses (dwprocs, sizeof (dwprocs), & dwneeded ))
#016 {
#017 // output error information.
#018 wsprintf (chbuf, _ T ("enumprocesses failed (% d)./N"), getlasterror ());
#019 outputdebugstring (chbuf );
#020
#021 return;
#022}
#023
#024 // calculate the number of process IDs.
#025 DWORD dwproccount = dwneeded/sizeof (DWORD );
#026
#027 wsprintf (chbuf, _ T ("enumprocesses count (% d)./N"), dwproccount );
#028 outputdebugstring (chbuf );
#029
#030 // traverse all process IDs and open the process.
#031 for (DWORD I = 0; I <dwproccount; I ++)
#032 {
#033 wsprintf (chbuf, _ T ("enumprocesses (% d)./R/N"), dwprocs);
#034 outputdebugstring (chbuf );
#035
#036 // open the process based on the process ID.
#037 handle hprocess = OpenProcess (process_query_information |
#038 process_vm_read,
#039 false, dwprocs);
#040
#041 if (hprocess)
#042 {
#043 //
#044 process_memory_counters PMC;
#045 PMC. cb = sizeof (process_memory_counters );
#046
#047 // obtain the memory usage of the process.
#048 if (: getprocessmemoryinfo (hprocess, & PMC, sizeof (PMC )))
#049 {
#050 zeromemory (chbuf, nbufsize );
#051
#052 wsprintf (chbuf, _ T ("/T page disconnection times: 0x % 08x/N"), PMC. pagefaultcount );
#053 outputdebugstring (chbuf );
#054
#055 wsprintf (chbuf, _ T ("/T memory usage peak: 0x % 08x/N "),
#056 PMC. peakworkingsetsize );
#057 outputdebugstring (chbuf );
#058
#059 wsprintf (chbuf, _ T ("/T current memory used: 0x % 08x/N"), PMC. workingsetsize );
#060 outputdebugstring (chbuf );
#061
#062 wsprintf (chbuf, _ T ("/T usage page cache pool peak: 0x % 08x/N "),
#063 PMC. quotapeakpagedpoolusage );
#064 outputdebugstring (chbuf );
#065
#066 wsprintf (chbuf, _ T ("/t use page cache pool: 0x % 08x/N "),
#067 PMC. quotapagedpoolusage );
#068 outputdebugstring (chbuf );
#069
#070 wsprintf (chbuf, _ T ("/T usage of non-Paging cache pool peak: 0x % 08x/N "),
#071 PMC. quotapeaknonpagedpoolusage );
#072 outputdebugstring (chbuf );
#073
#074 wsprintf (chbuf, _ T ("/T uses a non-Paging cache pool: 0x % 08x/N "),
#075 PMC. quotanonpagedpoolusage );
#076 outputdebugstring (chbuf );
#077
#078 wsprintf (chbuf, _ T ("/t using paging files: 0x % 08x/N"), PMC. pagefileusage );
#079 outputdebugstring (chbuf );
#080
#081 wsprintf (chbuf, _ T ("/t use paging file peak: 0x % 08x/N "),
#082 PMC. peakpagefileusage );
#083 outputdebugstring (chbuf );
#084}
#085
#086 //
#087 closehandle (hprocess );
#088}
#089}
#090
#091}