📄 ntinfo.c
字号:
DisplaySeparator (NULL, 79, TRUE);
psh = NtlTableFirst (&nt);
for (i = 0; i < nt.dCount; i++)
{
if (TestIds (pncd, gdIdProcess, 1,
psh->dIdProcess))
{
printf (T("\r\n%3lu "), psh->dIdProcess);
ptName = NtlNameObjectType (psh->bObjectType,
&dSize, &dMaxSize);
if (ptName [0])
{
printf (ptName);
}
else
{
printf (T("#%02lu"), psh->bObjectType);
dSize = 3;
}
for (j = dSize; j < dMaxSize+3; j++)
{
printf (atSpace);
}
printf (T("0x%04lX 0x%04X 0x%08lX 0x%08lX"),
psh->bFlags,
psh->wValue,
psh->pObject,
psh->GrantedAccess);
n++;
}
psh = NtlTableNext (&nt, psh);
}
NtlTableUnload (&nt);
}
else
{
printf (atListError, T("handle"));
}
printf (atNewLine);
DisplaySummary (atSummary, n);
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI Object (PNTL_CMD_DATA pncd)
{
NTL_TABLE nt, ntSub;
PSYSTEM_OBJECT_INFORMATION psoi;
PSYSTEM_OBJECT pso;
DWORD i, j;
DWORD n = 0;
DisplayCommand (pncd);
if (NtlTableObject (&nt) == STATUS_SUCCESS)
{
DisplayHeader (atObject, nt.dCount, nt.dData);
psoi = NtlTableFirst (&nt);
for (i = 0; i < nt.dCount; i++)
{
printf (T("\r\n")
T("Object type: \"%ls\" (%lu)\r\n")
T("Object count: %lu\r\n")
T("Handle count: %lu\r\n")
T("Invalid attributes: 0x%08lX\r\n")
T("Valid access mask: 0x%08lX\r\n")
T("Generic mapping: ")
T("R=0x%08lX W=0x%08lX X=0x%08lX A=0x%08lX\r\n")
T("Pool type: \"%s\" (%lu)\r\n")
T("Security required: %s\r\n"),
psoi->usTypeName.Buffer,
psoi->dObjectTypeCode,
psoi->dObjectCount,
psoi->dHandleCount,
psoi->dInvalidAttributes,
psoi->ValidAccessMask,
psoi->GenericMapping.GenericRead,
psoi->GenericMapping.GenericWrite,
psoi->GenericMapping.GenericExecute,
psoi->GenericMapping.GenericAll,
NtlNamePoolType (psoi->PoolType, NULL, NULL),
psoi->PoolType,
(psoi->bSecurityRequired ? atYes : atNo));
printf (T("\r\n")
T("PID Ptr Hdl Flags ")
T("ObjectBody SecDescrpt")
T(" Name\r\n"));
DisplaySeparator (NULL, 79, TRUE);
pso = NtlTableObjectFirst (&ntSub, &nt, psoi);
for (j = 0; j < ntSub.dCount; j++)
{
if ((pncd->dCount &&
TestIds (pncd, gdIdProcess, 1,
pso->dUniqueProcessId))
||
((!pncd->dCount) &&
(pso->usObjectName.Buffer != NULL)))
{
printf (T("\r\n%3lu %3lu %3lu 0x%02X ")
T("0x%08lX 0x%08lX"),
pso->dUniqueProcessId,
pso->dPointerCount,
pso->dHandleCount,
pso->wObjectFlags,
pso->pObject,
pso->pSecurityDescriptor);
if (pso->usObjectName.Buffer != NULL)
{
printf (T(" \"%ls\""),
pso->usObjectName.Buffer);
}
n++;
}
pso = NtlTableObjectNext (&ntSub, pso);
}
printf (atNewLine);
psoi = NtlTableNext (&nt, psoi);
}
NtlTableUnload (&nt);
}
else
{
printf (atListError, T("object type"));
printf (atNewLine);
}
DisplaySummary (atSummary, n);
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI Process (PNTL_CMD_DATA pncd)
{
NTL_TABLE nt;
PSYSTEM_PROCESS_INFORMATION pspi;
TIME_FIELDS tfC, tfK, tfU;
QWORD qKernelTime, qUserTime;
DWORD i;
DWORD n = 0;
DisplayCommand (pncd);
if (NtlTableProcess (&nt) == STATUS_SUCCESS)
{
DisplayHeader (atProcess, nt.dCount, nt.dData);
printf (T("\r\n")
T("PID Org BP Th Hdls CommChrg WSetSize ")
T("PFCount Start date and time Name\r\n"));
DisplaySeparator (NULL, 79, TRUE);
pspi = NtlTableFirst (&nt);
NtlTimeReset (&qKernelTime);
NtlTimeReset (&qUserTime);
for (i = 0; i < nt.dCount; i++)
{
if (TestIds (pncd, gdIdProcess, 1,
pspi->dUniqueProcessId))
{
NtlTimeUnpack (&pspi->qCreateTime, &tfC);
printf (T("\r\n")
T("%3lu %3lu %2lu %2lu %4lu %8lu %8lu ")
T("%7lu %02u-%02u-%04u %02u:%02u:%02u ")
T("\"%ls\""),
pspi->dUniqueProcessId,
pspi->dInheritedFromUniqueProcessId,
pspi->BasePriority,
pspi->dThreadCount,
pspi->dHandleCount,
pspi->dCommitCharge,
pspi->VmCounters.WorkingSetSize,
pspi->VmCounters.PageFaultCount,
tfC.Month, tfC.Day, tfC.Year,
tfC.Hour, tfC.Minute, tfC.Second,
(pspi->usName.Buffer != NULL
? pspi->usName.Buffer
: L"Idle"));
NtlTimeExtend (&qKernelTime,
&pspi->qKernelTime, 1);
NtlTimeExtend (&qUserTime,
&pspi->qUserTime, 1);
n++;
}
pspi = NtlTableNext (&nt, pspi);
}
NtlTimeUnpack (&qKernelTime, &tfK);
NtlTimeUnpack (&qUserTime, &tfU);
printf (T("\r\n")
T("\r\nTotal kernel time: %02u:%02u:%02u")
T("\r\nTotal user time: %02u:%02u:%02u"),
tfK.Hour, tfK.Minute, tfK.Second,
tfU.Hour, tfU.Minute, tfU.Second);
NtlTableUnload (&nt);
}
else
{
printf (atListError, T("process"));
}
printf (atNewLine);
DisplaySummary (atSummary, n);
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI Thread (PNTL_CMD_DATA pncd)
{
NTL_TABLE nt;
PSYSTEM_PROCESS_INFORMATION pspi;
TIME_FIELDS tfC, tfK, tfU;
QWORD qKernelTime, qUserTime;
DWORD dThreads, i, j;
DWORD n = 0;
DisplayCommand (pncd);
if (NtlTableProcess (&nt) == STATUS_SUCCESS)
{
pspi = NtlTableFirst (&nt);
for (dThreads = i = 0; i < nt.dCount; i++)
{
dThreads += pspi->dThreadCount;
pspi = NtlTableNext (&nt, pspi);
}
DisplayHeader (atThread, dThreads, nt.dData);
printf (T("\r\n")
T("TID PID BP DP Switches TS WR ")
T("Start Addr ")
T("Start date and time ")
T("Kernel User\r\n"));
DisplaySeparator (NULL, 79, TRUE);
pspi = NtlTableFirst (&nt);
NtlTimeReset (&qKernelTime);
NtlTimeReset (&qUserTime);
for (i = 0; i < nt.dCount; i++)
{
for (j = 0; j < pspi->dThreadCount; j++)
{
if (TestIds (pncd, gdIdProcess, 2,
pspi->ast [j].Cid.UniqueProcess,
pspi->ast [j].Cid.UniqueThread))
{
NtlTimeUnpack (&pspi->ast [j].qCreateTime,
&tfC);
NtlTimeUnpack (&pspi->ast [j].qKernelTime,
&tfK);
NtlTimeUnpack (&pspi->ast [j].qUserTime,
&tfU);
printf (T("\r\n")
T("%3lu %3lu %2lu %2lu %8lu %2lu %2lu ")
T("0x%08lX ")
T("%02u-%02u-%04u %02u:%02u:%02u ")
T("%02u:%02u:%02u %02u:%02u:%02u"),
pspi->ast [j].Cid.UniqueThread,
pspi->ast [j].Cid.UniqueProcess,
pspi->ast [j].dBasePriority,
pspi->ast [j].dPriority,
pspi->ast [j].dContextSwitches,
pspi->ast [j].dThreadState,
pspi->ast [j].WaitReason,
pspi->ast [j].pStartAddress,
tfC.Month, tfC.Day, tfC.Year,
tfC.Hour, tfC.Minute, tfC.Second,
tfK.Hour, tfK.Minute, tfK.Second,
tfU.Hour, tfU.Minute, tfU.Second);
NtlTimeExtend (&qKernelTime,
&pspi->ast [j].qKernelTime, 1);
NtlTimeExtend (&qUserTime,
&pspi->ast [j].qUserTime, 1);
n++;
}
}
pspi = NtlTableNext (&nt, pspi);
}
NtlTimeUnpack (&qKernelTime, &tfK);
NtlTimeUnpack (&qUserTime, &tfU);
printf (T("\r\n")
T("\r\nTotal kernel time: %02u:%02u:%02u")
T("\r\nTotal user time: %02u:%02u:%02u"),
tfK.Hour, tfK.Minute, tfK.Second,
tfU.Hour, tfU.Minute, tfU.Second);
NtlTableUnload (&nt);
}
else
{
printf (atListError, T("thread"));
}
printf (atNewLine);
DisplaySummary (atSummary, n);
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI Lookaside (PNTL_CMD_DATA pncd)
{
NTL_TABLE nt;
PSYSTEM_LOOKASIDE psla;
DWORD i;
DWORD n = 0;
if (NtlTableLookaside (&nt) == STATUS_SUCCESS)
{
DisplayHeader (atLookaside, nt.dCount, nt.dData);
printf (T("\r\n")
T("Tag Depth Size Allocs ")
T(" No Miss Frees No Miss ")
T("Pool Type\r\n"));
DisplaySeparator (NULL, 79, TRUE);
psla = NtlTableFirst (&nt);
for (i = 0; i < nt.dCount; i++)
{
if (TestTag (pncd, psla->dPoolTag))
{
printf (T("\r\n")
T("\"%hc%hc%hc%hc\" %4lu %5lu %8lu ")
T("%8lu %8lu %8lu ")
T("%s"),
((PBYTE) &psla->dPoolTag) [0],
((PBYTE) &psla->dPoolTag) [1],
((PBYTE) &psla->dPoolTag) [2],
((PBYTE) &psla->dPoolTag) [3],
psla->wDepth,
psla->dSize,
psla->dTotalAllocates,
psla->dAllocateNoMisses,
psla->dTotalFrees,
psla->dFreeNoMisses,
NtlNamePoolType (psla->PoolType,
NULL, NULL));
n++;
}
psla = NtlTableNext (&nt, psla);
}
NtlTableUnload (&nt);
}
else
{
printf (atListError, T("lookaside"));
}
printf (atNewLine);
DisplaySummary (atSummary, n);
return n;
}
// -----------------------------------------------------------------
DWORD WINAPI Help (PNTL_CMD_DATA pncd)
{
TBYTE tPrefix = (pncd != NULL ? pncd->tPrefix
: atOptionPrefixes [0]);
printf (atUsage, atArguments);
CommandInfo (anco, tPrefix, atOptionPrefixes,
atOptionInfo, TRUE);
return 0;
}
// =================================================================
// MAIN PROGRAM
// =================================================================
DWORD Main (DWORD argc, TBYTE *argv [], TBYTE *envp [])
{
CONSOLE_SCREEN_BUFFER_INFO csbi;
DWORD dCodePage;
gdIdProcess = GetCurrentProcessId ();
dCodePage = GetConsoleOutputCP ();
SetConsoleOutputCP (GetACP ());
GetConsoleScreenBufferInfo (hStdOut, &csbi);
gdLine = csbi.dwSize.X;
printf (atAbout);
if (argc < 2)
{
Help (NULL);
}
else
{
CommandParser (anco, ancf, atOptionPrefixes,
argv+1, argc-1);
}
SetConsoleOutputCP (dCodePage);
return 0;
}
// =================================================================
// END OF PROGRAM
// =================================================================
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -