📄 qssi.c
字号:
/*
* Obtain required buffer size
*/
Status = NtQuerySystemInformation (
5,
pInfo,
BUFFER_SIZE_DEFAULT,
& Length
);
if (STATUS_SUCCESS != Status)
{
if (STATUS_INFO_LENGTH_MISMATCH == Status)
{
/*
* Allocate buffer
*/
pInfo = GlobalReAlloc (pInfo, Length, GMEM_ZEROINIT);
if (NULL == pInfo)
{
printf ("\tCould not allocate memory.\n");
return EXIT_FAILURE;
}
}
else
{
PrintStatus (Status);
GlobalFree (pInfo);
return EXIT_FAILURE;
}
}
/*
* Get process+thread list from ntoskrnl.exe
*/
Status = NtQuerySystemInformation (
SystemProcessInformation,
pInfo,
Length,
& Length
);
if (!NT_SUCCESS(Status))
{
PrintStatus (Status);
GlobalFree (pInfo);
return EXIT_FAILURE;
}
while (1)
{
wprintf (L"%s:\n", (pInfo->Name.Length ? pInfo->Name.Buffer : L"*idle*") );
if (Application.Flag.Verbose)
{
wprintf (L"\tRelativeOffset = 0x%08x\n", pInfo->RelativeOffset);
}
wprintf (L"\tThreads = %ld\n", pInfo->ThreadCount);
wprintf (L"\tHandles = %ld\n", pInfo->HandleCount);
wprintf (L"\tBasePriority = %ld\n", pInfo->BasePriority);
wprintf (L"\tPID = %ld\n", pInfo->ProcessId);
wprintf (L"\tPPID = %ld\n", pInfo->ParentProcessId);
wprintf (L"\tVirtualSize:\t\tWorkingSetSize:\n");
wprintf (L"\t\tPeak : %ld\t\t\tPeak : %ld\n",
pInfo->PeakVirtualSizeBytes,
pInfo->PeakWorkingSetSizeBytes
);
wprintf (L"\t\tTotal: %ld\t\t\tTotal: %ld\n",
pInfo->TotalVirtualSizeBytes,
pInfo->TotalWorkingSetSizeBytes
);
wprintf (L"\tPagedPoolUsage:\t\tNonPagedPoolUsage:\n");
wprintf (L"\t\tPeak : %ld\t\t\tPeak : %ld\n",
pInfo->PeakPagedPoolUsagePages,
pInfo->TotalPagedPoolUsagePages
);
wprintf (L"\t\tTotal: %ld\t\t\tTotal: %ld\n",
pInfo->PeakNonPagedPoolUsagePages,
pInfo->TotalNonPagedPoolUsagePages
);
wprintf (L"\tPageFileUsage:\n");
wprintf (L"\t\tPeak : %ld\n", pInfo->PeakPageFileUsageBytes);
wprintf (L"\t\tTotal: %ld\n", pInfo->TotalPageFileUsageBytes);
wprintf (L"\tPageFaultCount = %ld\n", pInfo->PageFaultCount);
wprintf (L"\tTotalPrivateBytes = %ld\n", pInfo->TotalPrivateBytes);
/* Threads */
for ( ThreadIndex = 0;
(ThreadIndex < pInfo->ThreadCount);
ThreadIndex ++
)
{
wprintf (L"\t%x in %x:\n",
pInfo->ThreadSysInfo[ThreadIndex].ClientId.UniqueThread,
pInfo->ThreadSysInfo[ThreadIndex].ClientId.UniqueProcess
);
PrintUtcDateTime (
"\t\tKernelTime = %s\n",
& (pInfo->ThreadSysInfo[ThreadIndex].KernelTime)
);
PrintUtcDateTime (
"\t\tUserTime = %s\n",
& (pInfo->ThreadSysInfo[ThreadIndex].UserTime)
);
PrintUtcDateTime (
"\t\tCreateTime = %s\n",
& (pInfo->ThreadSysInfo[ThreadIndex].CreateTime)
);
wprintf (L"\t\tTickCount = %ld\n",
pInfo->ThreadSysInfo[ThreadIndex].TickCount
);
wprintf (L"\t\tStartEIP = 0x%08x\n",
pInfo->ThreadSysInfo[ThreadIndex].StartEIP
);
/* CLIENT_ID ClientId; */
wprintf (L"\t\tDynamicPriority = %d\n",
pInfo->ThreadSysInfo[ThreadIndex].DynamicPriority
);
wprintf (L"\t\tBasePriority = %d\n",
pInfo->ThreadSysInfo[ThreadIndex].BasePriority
);
wprintf (L"\t\tnSwitches = %ld\n",
pInfo->ThreadSysInfo[ThreadIndex].nSwitches
);
wprintf (L"\t\tState = 0x%08x\n",
pInfo->ThreadSysInfo[ThreadIndex].State
);
wprintf (L"\t\tWaitReason = %ld\n",
pInfo->ThreadSysInfo[ThreadIndex].WaitReason
);
}
/* Next */
if (0 == pInfo->RelativeOffset)
{
break;
}
(ULONG) pInfo += pInfo->RelativeOffset;
}
DumpData (Length, pInfo);
GlobalFree (pInfo);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 6.
*/
CMD_DEF(6)
{
NTSTATUS Status;
SYSTEM_SDT_INFORMATION Info;
ULONG Length = 0;
/* FIXME */
RtlZeroMemory (& Info, sizeof Info);
Status = NtQuerySystemInformation (
6,
& Info,
sizeof Info,
& Length
);
if (STATUS_SUCCESS != Status)
{
PrintStatus (Status);
DumpData (Length, & Info);
return EXIT_FAILURE;
}
printf (" BufferLength = %ld\n", Info.BufferLength);
printf (" NumberOfSystemServiceTables = %ld\n", Info.NumberOfSystemServiceTables);
printf (" NumberOfServices = %ld\n", Info.NumberOfServices [0]);
printf (" ServiceCounters = %ld\n", Info.ServiceCounters [0]);
DumpData (Length, & Info);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 7.
*/
CMD_DEF(7)
{
NTSTATUS Status = STATUS_SUCCESS;
SYSTEM_DEVICE_INFORMATION Info;
ULONG Length = 0;
Status = NtQuerySystemInformation (
7,
& Info,
sizeof Info,
& Length
);
if (STATUS_SUCCESS != Status)
{
PrintStatus (Status);
return EXIT_FAILURE;
}
printf (" Number Of Disks %ld\n", Info.NumberOfDisks);
printf (" Number Of Floppies %ld\n", Info.NumberOfFloppies);
printf (" Number Of CD-ROMs %ld\n", Info.NumberOfCdRoms);
printf (" Number Of Tapes %ld\n", Info.NumberOfTapes);
printf (" Number Of Serial Ports %ld\n", Info.NumberOfSerialPorts);
printf (" Number Of Parallel Ports %ld\n", Info.NumberOfParallelPorts);
DumpData (Length, & Info);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 8.
*/
CMD_DEF(8)
{
NTSTATUS Status;
SYSTEM_PROCESSORTIME_INFO Info;
ULONG Length = 0;
Status = NtQuerySystemInformation (
8,
& Info,
sizeof Info,
& Length
);
if (STATUS_SUCCESS != Status)
{
PrintStatus (Status);
return EXIT_FAILURE;
}
PrintUtcDateTime (" TotalProcessorRunTime : %s\n", & Info.TotalProcessorRunTime);
PrintUtcDateTime (" TotalProcessorTime : %s\n", & Info.TotalProcessorTime);
PrintUtcDateTime (" TotalProcessorUserTime: %s\n", & Info.TotalProcessorUserTime);
PrintUtcDateTime (" TotalDPCTime : %s\n", & Info.TotalDPCTime);
PrintUtcDateTime (" TotalInterruptTime : %s\n", & Info.TotalInterruptTime);
printf (" TotalInterrupts : %ld\n", Info.TotalInterrupts);
printf (" Unused : %08lx\n", Info.Unused);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 9.
*/
CMD_DEF(9)
{
NTSTATUS Status;
SYSTEM_FLAGS_INFORMATION Info;
ULONG Length = 0;
Status = NtQuerySystemInformation (
9,
& Info,
sizeof Info,
& Length
);
if (STATUS_SUCCESS != Status)
{
PrintStatus (Status);
return EXIT_FAILURE;
}
printf (" NtGlobalFlag: %08lx\n", Info.Flags);
if (FLG_STOP_ON_EXCEPTION & Info.Flags) printf ("\tSTOP_ON_EXCEPTION\n");
if (FLG_STOP_ON_HANG_GUI & Info.Flags) printf ("\tSTOP_ON_HANG_GUI\n");
if (FLG_SHOW_LDR_SNAPS & Info.Flags) printf ("\tSHOW_LDR_SNAPS\n");
if (FLG_DEBUG_INITIAL_COMMAND & Info.Flags) printf ("\tDEBUG_INITIAL_COMMAND\n");
if (FLG_HEAP_ENABLE_TAIL_CHECK & Info.Flags) printf ("\tHEAP_ENABLE_TAIL_CHECK\n");
if (FLG_HEAP_ENABLE_FREE_CHECK & Info.Flags) printf ("\tHEAP_ENABLE_FREE_CHECK\n");
if (FLG_HEAP_ENABLE_TAGGING & Info.Flags) printf ("\tHEAP_ENABLE_TAGGING\n");
if (FLG_HEAP_ENABLE_TAG_BY_DLL & Info.Flags) printf ("\tHEAP_ENABLE_TAG_BY_DLL\n");
if (FLG_HEAP_ENABLE_CALL_TRACING & Info.Flags) printf ("\tHEAP_ENABLE_CALL_TRACING\n");
if (FLG_HEAP_DISABLE_COALESCING & Info.Flags) printf ("\tHEAP_DISABLE_COALESCING\n");
if (FLG_HEAP_VALIDATE_PARAMETERS & Info.Flags) printf ("\tHEAP_VALIDATE_PARAMETERS\n");
if (FLG_HEAP_VALIDATE_ALL & Info.Flags) printf ("\tHEAP_VALIDATE_ALL\n");
if (FLG_POOL_ENABLE_TAIL_CHECK & Info.Flags) printf ("\tPOOL_ENABLE_TAIL_CHECK\n");
if (FLG_POOL_ENABLE_FREE_CHECK & Info.Flags) printf ("\tPOOL_ENABLE_FREE_CHECK\n");
if (FLG_POOL_ENABLE_TAGGING & Info.Flags) printf ("\tPOOL_ENABLE_TAGGING\n");
if (FLG_USER_STACK_TRACE_DB & Info.Flags) printf ("\tUSER_STACK_TRACE_DB\n");
if (FLG_KERNEL_STACK_TRACE_DB & Info.Flags) printf ("\tKERNEL_STACK_TRACE_DB\n");
if (FLG_MAINTAIN_OBJECT_TYPELIST & Info.Flags) printf ("\tMAINTAIN_OBJECT_TYPELIST\n");
if (FLG_IGNORE_DEBUG_PRIV & Info.Flags) printf ("\tIGNORE_DEBUG_PRIV\n");
if (FLG_ENABLE_CSRDEBUG & Info.Flags) printf ("\tENABLE_CSRDEBUG\n");
if (FLG_ENABLE_KDEBUG_SYMBOL_LOAD & Info.Flags) printf ("\tENABLE_KDEBUG_SYMBOL_LOAD\n");
if (FLG_DISABLE_PAGE_KERNEL_STACKS & Info.Flags) printf ("\tDISABLE_PAGE_KERNEL_STACKS\n");
if (FLG_ENABLE_CLOSE_EXCEPTION & Info.Flags) printf ("\tENABLE_CLOSE_EXCEPTION\n");
if (FLG_ENABLE_EXCEPTION_LOGGING & Info.Flags) printf ("\tENABLE_EXCEPTION_LOGGING\n");
if (FLG_ENABLE_DBGPRINT_BUFFERING & Info.Flags) printf ("\tENABLE_DBGPRINT_BUFFERING\n");
if (FLG_UNKNOWN_01000000 & Info.Flags) printf ("\tUNKNOWN_01000000\n");
if (FLG_UNKNOWN_02000000 & Info.Flags) printf ("\tUNKNOWN_02000000\n");
if (FLG_UNKNOWN_04000000 & Info.Flags) printf ("\tUNKNOWN_04000000\n");
if (FLG_UNKNOWN_10000000 & Info.Flags) printf ("\tUNKNOWN_10000000\n");
if (FLG_UNKNOWN_20000000 & Info.Flags) printf ("\tUNKNOWN_20000000\n");
if (FLG_UNKNOWN_40000000 & Info.Flags) printf ("\tUNKNOWN_40000000\n");
if (FLG_UNKNOWN_80000000 & Info.Flags) printf ("\tUNKNOWN_80000000\n");
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 10.
*/
CMD_DEF(10)
CMD_NOT_IMPLEMENTED
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 11.
*
* NOTE
* Code originally in Yariv Kaplan's NtDriverList,
* at http://www.internals.com/, adapted to ReactOS
* structures layout.
*/
CMD_DEF(11)
{
NTSTATUS Status = STATUS_SUCCESS;
PSYSTEM_MODULE_INFORMATION pInfo = NULL;
LONG Length = 0;
INT Index;
const PCHAR hr =
"-------- -------- -------- ---------------------------------------\n";
/*
* Obtain required buffer size
*/
Status = NtQuerySystemInformation (
11,
& pInfo,
0, /* query size */
& Length
);
if (STATUS_INFO_LENGTH_MISMATCH == Status)
{
/*
* Allocate buffer
*/
pInfo = GlobalAlloc (GMEM_ZEROINIT, Length);
if (NULL == pInfo)
{
printf ("Could not allocate memory.\n");
return EXIT_FAILURE;
}
}
else
{
PrintStatus (Status);
return EXIT_FAILURE;
}
/*
* Get module list from ntoskrnl.exe
*/
Status = NtQuerySystemInformation (
11,
pInfo,
Length,
& Length
);
if (!NT_SUCCESS(Status))
{
PrintStatus (Status);
return EXIT_FAILURE;
}
printf ("Index Address Size Name\n");
printf (hr);
for ( Index = 0;
(Index < (int) pInfo->Count);
Index ++
)
{
printf (
"%8lx %8p %8lx %s\n",
pInfo->Module[Index].EntryIndex,
pInfo->Module[Index].BaseAddress,
pInfo->Module[Index].Size,
pInfo->Module[Index].Name
);
}
printf (hr);
GlobalFree (pInfo);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 12.
*/
CMD_DEF(12)
{
NTSTATUS Status = STATUS_SUCCESS;
PSYSTEM_RESOURCE_LOCK_INFO pInfo = NULL;
LONG Length = 0;
INT Index;
const PCHAR hr =
"-------- -------- -------- -------- -------- -------- ------------\n";
pInfo = GlobalAlloc (GMEM_ZEROINIT, BUFFER_SIZE_DEFAULT);
/* FIXME: check NULL==pInfo */
/*
* Obtain required buffer size
*/
Status = NtQuerySystemInformation (
12,
pInfo,
BUFFER_SIZE_DEFAULT, /* query size */
& Length
);
if (STATUS_SUCCESS != Status)
{
if (STATUS_INFO_LENGTH_MISMATCH == Status)
{
/*
* Allocate buffer
*/
pInfo = GlobalReAlloc (pInfo, Length, GMEM_ZEROINIT);
if (NULL == pInfo)
{
printf ("Could not allocate memory.\n");
return EXIT_FAILURE;
}
}
else
{
PrintStatus (Status);
GlobalFree (pInfo);
return EXIT_FAILURE;
}
}
/*
* Get locked resource list from ntoskrnl.exe
*/
Status = NtQuerySystemInformation (
12,
pInfo,
Length,
& Length
);
if (!NT_SUCCESS(Status))
{
PrintStatus (Status);
GlobalFree (pInfo);
return EXIT_FAILURE;
}
printf ("Address Active # Content# Sh/Wait Exc/Wait\n");
printf (hr);
for ( Index = 0;
(Index < (int) pInfo->Count);
Index ++
)
{
printf (
"%08lx %8ld %8ld %8ld %8ld %08lx\n",
pInfo->Lock[Index].ResourceAddress,
pInfo->Lock[Index].ActiveCount,
pInfo->Lock[Index].ContentionCount,
pInfo->Lock[Index].NumberOfSharedWaiters,
pInfo->Lock[Index].NumberOfExclusiveWaiters,
pInfo->Lock[Index].Unknown
);
}
printf (hr);
GlobalFree (pInfo);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 13.
*/
CMD_DEF(13)
CMD_NOT_IMPLEMENTED
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 14.
*/
CMD_DEF(14)
CMD_NOT_IMPLEMENTED
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 15.
*/
CMD_DEF(15)
CMD_NOT_IMPLEMENTED
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 16. You can not pass 0 as the initial output buffer's
* size to get back the needed buffer size.
*/
CMD_DEF(16)
{
NTSTATUS Status = STATUS_SUCCESS;
PSYSTEM_HANDLE_INFORMATION pInfo = NULL;
LONG Length = 0;
INT Index;
const PCHAR hr =
"-------- -------- -------- -------- -------- ----------\n";
CHAR FlagsString [9] = {0};
pInfo = GlobalAlloc (GMEM_ZEROINIT, BUFFER_SIZE_DEFAULT);
/*
* Obtain required buffer size
*/
Status = NtQuerySystemInformation (
16,
pInfo,
BUFFER_SIZE_DEFAULT,
& Length
);
if (STATUS_SUCCESS != Status)
{
if (STATUS_INFO_LENGTH_MISMATCH == Status)
{
/*
* Allocate buffer
*/
pInfo = GlobalReAlloc (pInfo, Length, GMEM_ZEROINIT);
if (NULL == pInfo)
{
printf ("\tCould not allocate memory.\n");
return EXIT_FAILURE;
}
}
else
{
PrintStatus (Status);
GlobalFree (pInfo);
return EXIT_FAILURE;
}
}
/*
* Get handle table from ntoskrnl.exe
*/
Status = NtQuerySystemInformation (
16,
pInfo,
Length,
& Length
);
if (!NT_SUCCESS(Status))
{
PrintStatus (Status);
GlobalFree (pInfo);
return EXIT_FAILURE;
}
printf ("Handle OwnerPID ObjPtr Access Flags Type\n");
printf (hr);
for ( Index = 0;
(Index < (int) pInfo->Count);
Index ++
)
{
printf (
"%8x %8lx %8p %8lx %s %s\n",
pInfo->Handle[Index].HandleValue,
pInfo->Handle[Index].OwnerPid,
pInfo->Handle[Index].ObjectPointer,
pInfo->Handle[Index].AccessMask,
ByteToBinaryString (
pInfo->Handle[Index].HandleFlags,
FlagsString
),
HandleTypeToObjectName (pInfo->Handle[Index].ObjectType)
);
}
printf (hr);
DumpData (Length, pInfo);
GlobalFree (pInfo);
return EXIT_SUCCESS;
}
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 17.
*/
CMD_DEF(17)
CMD_NOT_IMPLEMENTED
/**********************************************************************
*
* DESCRIPTION
*
* NOTE
* Class 18.
*/
CMD_DEF(18)
{
NTSTATUS Status;
PSYSTEM_PAGEFILE_INFORMATION pInfo = NULL;
LONG Length = 0;
pInfo = GlobalAlloc (GMEM_ZEROINIT, BUFFER_SIZE_DEFAULT);
/* FIXME: check pInfo */
Status = NtQuerySystemInformation(
18,
pInfo,
BUFFER_SIZE_DEFAULT,
& Length
);
if (STATUS_SUCCESS != Status)
{
if (STATUS_INFO_LENGTH_MISMATCH == Status)
{
/*
* Allocate buffer
*/
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -