APIs used to return Windows System Information

 1. Window Information
Ms provides functions for opening a specific desktop and enumerating a desktop window.
Hdesk = opendesktop (lpszdesktop, 0, false, reply top_enumerate );
// Open our default desktop;

Enumdesktopwindows (hdesk, (wndenumproc) enumwindowproc, 0 );
// Enumeration opens all windows on the desktop and is implemented by the callback function.

 

Bool _ stdcall enumwindowproc (hwnd, lparam );
// In the callback function, we can obtain the title of the window, related processes, and thread information;
Getwindowtext (hwnd, szwindowtext, dwmaxcount );
Getwindowthreadprocessid (hwnd, & dwpid );

 

2. device drive (service) Information
The device driver information is managed by the Service Control Manager (SCM). I want to open the Service Control Manager and enumerate all the device drivers.
Openscmanager (null, null, SC _manager_all_access );
// Open the Service Control Manager with all permissions;

 

Enumservicesstatus (schmanager, dwdevicetype, dwdevicestate, enumstatus, dwbufsize, & dwbytesneeded, & dwdevicesreturned, & dwresumehandle ));
// Enumerate the current status of all devices;

 

Closeservicehandle (schmanager );
// Remember to close the Service handle after the access is completed;

 

Openservice (schmanager, szdevicename, service_all_access );
// Open the drive of the specified device;

 

Queryserviceconfig (schdevice, lpdeviceconfig, 1024*8, & dwbytesneeded );
// Query the service configuration information of the drive;

 

Queryservicestatus (schdevice, & devicestatus );
// Query the current status of the drive;

 

Queryserviceconfig2 (schdevice, service_config_description, (lpbyte) lpdevicedescription, 8*1024, & dwbytesneeded );
// Query the device description;

 

Startservice (schdevice, 0, null );
// Start the device;

 

Controlservice (schdevice, service_control_stop, & devicestatus );
// Stop the device;

 

Deleteservice (schdevice );
// Delete a device;

 

3. Disk Information

Obtain information about all disks in the system, including floppy disks, hard disks, and optical disks;

Agetlogicaldrivestrings (dwbufferlength, lpbuffer );
// Obtain the information of the logical device;

 

Getvolumeinformation (lprootpathname, lpvolumenamebuffer, dwvolumenamesize, & dwvolumeserialnumber,
& Dwmaximumcomponentlength, & dwfilesystemflags, lpfilesystemnamebuffer, dwfilesystemnamesize );
// Obtain the disk volume information, including the volume name and format type;

 

Getdiskfreespaceex (lprootpathname, & freebytesavailable, & totalnumberofbytes, & totalnumberoffreebytes );
// Test disk space usage;

 

4. Environment Variables
We can obtain the environment block information from the Registry: HKEY_LOCAL_MACHINE/system/CurrentControlSet/control/session

Manager/environment, of course, use the registry function.

 

Regopenkeyex (HKEY_LOCAL_MACHINE, regkey, 0, key_query_value, & hkey );
// Open the registry key;

 

Regenumvalue (hkey, dwindex, environvariable, & dwvariablelength, null );
// Query the required information values;

 

Getenvironmentvariable (environvariable, environstring, 1024 );
// Obtain the string information of the environment variable;

 

5. event record information

 

Openeventlog (null, szlog );
// Enable the time log record;

 

Getoldesteventlogrecord (hevent, & dwthisrecord );
// Obtain the latest log information to continue searching;

 

Readeventlog (hevent, eventlog_forwards_read │ eventlog_sequential_read,
0. peventlogrecord, 1024*32, & dwread, & dwneeded );

// Read the log information;

Lookupaccountsid (null, psid, szname, & dwname, szdomain, & dwdomain, & snu );
// Obtain the account Sid to obtain the account user name;

 

Getnumberofeventlogrecords (hevent, & dwtotal );
// Obtain the total number of Event Logs;

 

Closeeventlog (hevent );
// Close the event handle;

 

6. Network Sharing
Use Level 2 Internet shared search;

NetShareEnum (null, dwlevel, (pbyte *) & pbuf, max_preferred_length, & entriesread, & totalentries, & resume );
// List all shared directories and related information;

Netapibufferfree (pbuf );
// Release the buffer;

Netincludel (null, (char *) lpsharenamew, 0 );
// Delete the shared network directory;

 

7. network adapter Information
Detects Nic information and network traffic;

Getadaptersinfo (& adapterinfo, & outbuflen );
// Obtain the adapter information;

 

8. System Performance
Obtain the memory usage of the system;

Getperformanceinfo (& perfinfo, sizeof (effecmace_information ))
// Obtain system performance information;

 

9. Process/thread/module information
Toolhelp32 and System

Openprocesstoken (getcurrentprocess (), token_query │ token_adjust_privileges, & htoken );
// Open the process token to raise the permission;

Adjusttokenprivileges (htoken, false, & tokenprivileges, sizeof (token_privileges), null, null );
// Escalate process permissions to support debugging (Debug );

Createconlhelp32snapshot (th32cs_snapprocess, 0 );
// Create a process snapshot;

Process32first (hprocesssnap, & processentry32 );
Process32first (hprocesssnap, & processentry32 );
// Enumerate all processes;

OpenProcess (process_query_information, false, processentry32.th32processid );
// Open a specific process to query process-related information;

Getprocesstimes (hprocess, & createtime, & exittime, & kerneltime, & usertime );
// Obtain the time information of the process;

Getprocessmemoryinfo (hprocess, & pmcounter, sizeof (pmcounter ));
// Obtain the stored area information of a process;

Getpriorityclass (hprocess );
// Obtain the priority of a process;

Getprocessiocounters (hprocess, & iocounters );
// Obtain the IO usage of the process;

Createconlhelp32snapshot (th32cs_snapmodule, dwprocessid );
// Create a module snapshot;

Module32first (hmodulesnap, & moduleentry32 );
Module32next (hmodulesnap, & moduleentry32 );
// Enumerate process module information;

Createconlhelp32snapshot (th32cs_snapthread, 0 );
// Create a thread snapshot;

Thread32first (hthreadsnap, & threadentry32 );
Thread32next (hthreadsnap, & threadentry32 );
// Enumerate thread information;

Openthread (thread_all_access, false, threadentry32.th32threadid );
// Open the thread and obtain the function address by yourself;

Terminateprocess (hprocess, 0 );
// Terminate the process;

Suspendthread (hthread );
// Suspension thread;

Resumethread (hthread );
// Activate the thread;

 

10. Shutdown

 

Adjusttokenprivileges (htoken, false, & tokenprivileges, sizeof (token_privileges), null, null );
// Adjust the process token to enable shutdown;

Exitwindowsex (ewx_logoff, 0 );
// Log out of the system;

Lockworkstation ();
// Lock the system;

Initiatesystemshutdown (null, szmessage, dwtimeout, false, bsig );
// Supports shutdown/restart when the message is recorded and displayed;

Setsystempowerstate (bsig, false );
// System sleep/hibernation;

 

11. User Information

Netuserenum (null, dwlevel, filter_normal_account, (lpbyte *) & pbuf,
Dwprefmaxlen, & dwentriesread, & dwtotalentries, & dwresumehandle );
// Enumerate system user information;

Netuserdel (null, lpusernamew );
// Delete a specified user;

 

12. Other System Information

Getversionex (lposversioninfo) & osviex );
// Obtain the version information of the operating system;
You can also obtain related information through the registry (HKEY_LOCAL_MACHINE/software/Microsoft/Windows NT/CurrentVersion:

Gettickcount ();
// Obtain the start time;

Getcomputername (szinfo, & dwinfo );
// Obtain the computer name;

GetUserName (szinfo, & dwinfo );
// Obtain the computer user name;

Getwindowsdirectory (szinfo, max_path 1 );
// Obtain the Windows directory;

Getsystemdirectory (szinfo, max_path 1 );
// Obtain the system directory;