NtQuerySystemInformation Traversal Process

Tag:win    traversal process    

ConsoleApplication1.cpp: Defines the entry point of the console application. Enumeration constants #include "stdafx.h" #include <windows.h>//thread state typedef enum _thread_state{stateinitialized,//Initialize state Stateready,//Readiness status Staterunning,//Run status Statestandby,//stateterminated,//close statewait,//wait for statetransition,//toggle?? ? Enumeration constants for the reason that the stateunknown}thread_state;//thread is waiting for the typedef enum _kwait_reason{Executive, Freepage, Pagein, Poolallocation, Delayexecution, Suspended, Userrequest, Wrexecutive, Wrfreepage, Wrpagein, Wrpoolallocation, Wrdelayexecution, wrsuspended, Wruserrequest, Wreventpair, Wrqueue, Wrlpcreceive, wrlpcreply, Wrvirtualmemory, WrPageOut, WrRendezvous, Spare2, Spare3, Spare4, Spare5, Spare6, Wrkernel, Maximumwaitreason}kwait_reason;typedef long Ntstatus;typedef long kpriority;typedef struct _client_id{DWORD uniqueprocess; DWORD Uniquethread;} client_id, *pclient_id;typedef struct _vm_counters{size_t peakvirtualsize; size_t VirtualSize; ULONG Pagefaultcount; size_t PeakWorkingSetSize; size_t WorkingSetSize; size_t QuotaPeakpagedpoolusage; size_t QuotaPagedPoolUsage; size_t QuotaPeakNonPagedPoolUsage; size_t Quotanonpagedpoolusage; size_t PageFileUsage; size_t PeakPageFileUsage;} vm_counters;//thread Information structure typedef struct _system_thread_information{large_integer kerneltime; Large_integer Usertime; Large_integer Createtime; ULONG WaitTime; PVOID startaddress; client_id ClientId; Kpriority priority; Kpriority basepriority; ULONG Contextswitchcount; A long state;//state, which is a value in the Thread_state enumeration type long waitreason;//wait reason, a value in Kwait_reason} system_thread_information, * psystem_thread_information;typedef struct _unicode_string{USHORT Length; USHORT MaximumLength; Pwstr Buffer;} Unicode_string, *punicode_string;//process information structure typedef struct _system_process_information{ULONG Nextentrydelta; Pointer to the next struct, ULONG threadcount; The number of bus threads in this process is ULONG reserved1[6]; Keep Large_integer createtime; The creation time of the process Large_integer usertime; Use time at user level large_integer kerneltime; The use time of the kernel layer unicode_string ProcessName; Process name Kpriority Basepriority; ULONG ProcessId; Process ID ULONG inheritedfromprocessid; ULONG Handlecount; Total number of handles for the process ULONG reserved2[2]; Keep Vm_counters vmcounters; Io_counters iocounters; System_thread_information Threads[5]; Sub-thread information array}system_process_information, *psystem_process_information;int main () {typedef long (_stdcall*fun) (UINT Systeminformationclass, PVOID systeminformation, ULONG systeminformationlength, Pulong returnlength); Fun and fun; Hmodule hntdll= LoadLibrary (L "Ntdll.dll"); fun= (Fun) GetProcAddress (Hntdll, "ntquerysysteminformation"); ULONG dwneedsize = 0; int status = Fun (5, NULL, 0, &dwneedsize); BYTE *buf = new Byte[dwneedsize]; Psystem_process_information p = (psystem_process_information) buf; Status = Fun (5, (PVOID) buf, dwneedsize, NULL); Do {printf ("%d%s\n", P->processid, P->processname.buffer); p= (Psystem_process_information) (((Puchar) p) + P- >nextentrydelta); } while (P->nextentrydelta! = 0); return 0;}

NtQuerySystemInformation Traversal Process