📄 sysinfo.c
字号:
for (i=0; i<pProcessThreadSystemInfo->nThreads; i++) {
printf("\t\tThreadKernelTime = %I64x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].ThreadKernelTime);
printf("\t\tThreadUserTime = %I64x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].ThreadUserTime);
printf("\t\tThreadCreateTime = %I64x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].ThreadCreateTime);
printf("\t\tStartEIP = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].StartEIP);
printf("\t\tThread Id = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].ClientId.UniqueThread);
printf("\t\tProcess Id = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].ClientId.UniqueProcess);
printf("\t\tDynamicPriority = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].DynamicPriority);
printf("\t\tBasePriority = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].BasePriority);
printf("\t\tnSwitches = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].nSwitches);
printf("\t\tUnknown = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].Unknown);
printf("\t\tWaitReason = %x\n", pProcessThreadSystemInfo->ThreadSysInfo[i].WaitReason);
printf("\n");
}
printf("\n\n");
if (pProcessThreadSystemInfo->RelativeOffset==0) {
break;
}
pProcessThreadSystemInfo=(PPROCESSTHREADSYSTEMINFO)((ULONG)pProcessThreadSystemInfo+pProcessThreadSystemInfo->RelativeOffset);
}
printf("\n\n");
}
void InfoSystemServiceDescriptorTables()
{
/* The system service ONLY returns NumberOfSystemServiceTables field of
PSERVICEDESCRIPTORTABLESYSTEMINFO in return buffer in Free Build of the
operating system. In Checked build, the system service returns all the
data in return buffer */
char Buffer[4000];
PSERVICEDESCRIPTORTABLESYSTEMINFO pServiceDescriptorTableSystemInfo;
ULONG BytesReturned;
NTSTATUS rc;
ULONG i,j;
ULONG *Counter;
rc=NtQuerySystemInformation(SystemServiceDescriptorTableInfo,
Buffer,
sizeof(Buffer),
&BytesReturned);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemServiceDescriptorTableInfo', rc=%x\n", rc);
return;
}
pServiceDescriptorTableSystemInfo=(PSERVICEDESCRIPTORTABLESYSTEMINFO)Buffer;
printf("NumberOfSystemServiceTables = %x\n", pServiceDescriptorTableSystemInfo->NumberOfSystemServiceTables);
Counter=(ULONG *)(&pServiceDescriptorTableSystemInfo->NumberOfServices[pServiceDescriptorTableSystemInfo->NumberOfSystemServiceTables]);
for (i=0; i<pServiceDescriptorTableSystemInfo->NumberOfSystemServiceTables; i++) {
printf("\tService Descriptor #%d, Services #%d\n", i, pServiceDescriptorTableSystemInfo->NumberOfServices[i]);
printf("\t\tService Id Number of times called\n");
for (j=0; j<pServiceDescriptorTableSystemInfo->NumberOfServices[i]; j++) {
printf("\t\t%03x %08x\n", j, *Counter);
Counter++;
}
}
printf("\n\n");
}
void InfoSystemIoConfig()
{
IOCONFIGSYSTEMINFO IoConfigSystemInfo;
NTSTATUS rc;
rc=NtQuerySystemInformation(SystemIoConfigInfo,
&IoConfigSystemInfo,
sizeof(IoConfigSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemIoConfigInfo', rc=%x\n", rc);
return;
}
printf("DiskCount = %d\n", IoConfigSystemInfo.DiskCount);
printf("FloppyCount = %d\n", IoConfigSystemInfo.FloppyCount);
printf("CdRomCount = %d\n", IoConfigSystemInfo.CdRomCount);
printf("TapeCount = %d\n", IoConfigSystemInfo.TapeCount);
printf("SerialCount = %d\n", IoConfigSystemInfo.SerialCount);
printf("ParallelCount = %d\n", IoConfigSystemInfo.ParallelCount);
printf("\n\n");
}
void InfoSystemProcessorInfo()
{
/* Following code is written assuming Uniprocessor system, For multiprocessor
system, one needs to pass array of PROCESSORTIMESYSTEMINFO containing
number of elements based on number of processors in the system. One can
get the number of processors using 'SystemBasicInfo' information class */
PROCESSORTIMESYSTEMINFO ProcessorTimeSystemInfo;
NTSTATUS rc;
memset(&ProcessorTimeSystemInfo, 'A', sizeof(ProcessorTimeSystemInfo));
rc=NtQuerySystemInformation(SystemProcessorTimeInfo,
&ProcessorTimeSystemInfo,
sizeof(ProcessorTimeSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemProcessorTimeInfo', rc=%x\n", rc);
return;
}
printf("TotalProcessorTime = %I64X\n", ProcessorTimeSystemInfo.TotalProcessorTime);
printf("TotalProcessorRunTime = %I64X\n", ProcessorTimeSystemInfo.TotalProcessorRunTime);
printf("TotalProcessorUserTime = %I64X\n", ProcessorTimeSystemInfo.TotalProcessorUserTime);
printf("TotalDPCTime = %I64X\n", ProcessorTimeSystemInfo.TotalDPCTime);
printf("TotalInterruptTime = %I64X\n", ProcessorTimeSystemInfo.TotalInterruptTime);
printf("TotalInterrupts = %x\n", ProcessorTimeSystemInfo.TotalInterrupts);
printf("Unused = %x\n", ProcessorTimeSystemInfo.Unused);
printf("\n\n");
}
void InfoSystemNtGlobalFlagInfo()
{
NTSTATUS rc;
NTGLOBALFLAGSYSTEMINFO NtGlobalFlagSystemInfo;
rc=NtQuerySystemInformation(SystemNtGlobalFlagInfo,
&NtGlobalFlagSystemInfo,
sizeof(NtGlobalFlagSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemNtGlobalFlagInfo', rc=%x\n", rc);
return;
}
printf("NtGlobalFlag = %x\n", NtGlobalFlagSystemInfo.NtGlobalFlag);
if (!EnableOrDisablePrivilege(SE_DEBUG_PRIVILEGE, FALSE)) {
DbgPrint("Unable to enable SE_DEBUG_PRIVILEGE\n");
return;
}
rc=NtSetSystemInformation(SystemNtGlobalFlagInfo,
&NtGlobalFlagSystemInfo,
sizeof(NtGlobalFlagSystemInfo));
EnableOrDisablePrivilege(SE_DEBUG_PRIVILEGE, TRUE);
if (rc!=STATUS_SUCCESS) {
printf("NtSetSystemInformation failed with Information class 'SystemNtGlobalFlagInfo', rc=%x\n", rc);
return;
}
printf("\n\n");
}
//Information class 10 returns STATUS_NOT_IMPLEMENTED
void InfoSystemModuleInformation()
{
PDRIVERMODULESYSTEMINFO pDriverModuleSystemInfo;
char Buffer[80000];
NTSTATUS rc;
ULONG i;
ULONG BytesReturned;
memset(Buffer, 'A', sizeof(Buffer));
rc=NtQuerySystemInformation(SystemModuleInfo,
Buffer,
sizeof(Buffer),
&BytesReturned);
printf("BytesReturned=%x\n", BytesReturned);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemModuleInfo', rc=%x\n", rc);
return;
}
pDriverModuleSystemInfo=(PDRIVERMODULESYSTEMINFO)Buffer;
printf("Number of driver modules = %d\n", pDriverModuleSystemInfo->nDriverModules);
for (i=0; i<pDriverModuleSystemInfo->nDriverModules; i++) {
printf("Unused = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].Unused);
printf("Always0 = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].Always0);
printf("ModuleBaseAddress = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].ModuleBaseAddress);
printf("ModuleSize = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].ModuleSize);
printf("Unknown = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].Unknown);
printf("ModuleEntryIndex = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].ModuleEntryIndex);
printf("ModuleNameLength = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].ModuleNameLength);
printf("ModulePathLength = %x\n", pDriverModuleSystemInfo->DriverModuleInfo[i].ModulePathLength);
printf("ModuleName = %s\n", pDriverModuleSystemInfo->DriverModuleInfo[i].ModuleName);
printf("\n");
}
printf("\n\n");
}
void InfoSystemLockInformation()
{
char Buffer[90000];
PSYSTEMRESOURCELOCKINFO pSystemResourceLockInfo;
NTSTATUS rc;
ULONG i;
ULONG _stdcall RtlAcquirePebLock(void);
ULONG _stdcall RtlReleasePebLock(void);
memset(Buffer, 'A', sizeof(Buffer));
RtlAcquirePebLock();
rc=NtQuerySystemInformation(SystemResourceLockInfo,
Buffer,
sizeof(Buffer),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemResourceLockInfo', rc=%x\n", rc);
return;
}
RtlReleasePebLock();
pSystemResourceLockInfo=(PSYSTEMRESOURCELOCKINFO)Buffer;
printf("Number of System resources = %x\n", pSystemResourceLockInfo->nSystemResourceLocks);
for (i=0; i<pSystemResourceLockInfo->nSystemResourceLocks; i++) {
printf("%x %x\n", pSystemResourceLockInfo->ResourceLockInfo[i].ResourceAddress, pSystemResourceLockInfo->ResourceLockInfo[i].Unknown);
}
}
//Information class 13,14,15 returns STATUS_NOT_IMPLEMENTED
void InfoSystemHandleInformation()
{
PSYSTEMHANDLEINFO pSystemHandleInfo;
NTSTATUS rc;
char Buffer[100000];
ULONG i;
memset(Buffer, 'A', sizeof(Buffer));
rc=NtQuerySystemInformation(SystemHandleInfo,
&Buffer,
sizeof(Buffer),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemHandleInfo', rc=%x\n", rc);
return;
}
pSystemHandleInfo=(PSYSTEMHANDLEINFO)Buffer;
printf("Number of Handle Entries = %x\n", pSystemHandleInfo->nHandleEntries);
printf("Pid ObjType ObjHnd ObjPtr AccessMask\n");
for (i=0; i<pSystemHandleInfo->nHandleEntries; i++) {
printf("%-8x %-8x %-8x %-8x %-8x\n", pSystemHandleInfo->HandleInfo[i].Pid,
pSystemHandleInfo->HandleInfo[i].ObjectType,
pSystemHandleInfo->HandleInfo[i].HandleValue,
pSystemHandleInfo->HandleInfo[i].ObjectPointer,
pSystemHandleInfo->HandleInfo[i].AccessMask);
}
printf("\n\n");
}
void InfoSystemObjectInformation()
{
//TODO Info. Class 17 (SystemObjectInformation)
}
void InfoPageFileInformation()
{
char Buffer[1000];
NTSTATUS rc;
PSYSTEMPAGEFILEINFO pSystemPageFileInfo;
memset(Buffer, 'A', sizeof(Buffer));
rc=NtQuerySystemInformation(SystemPageFileInformation,
Buffer,
sizeof(Buffer),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemPageFileInformation', rc=%x\n", rc);
return;
}
pSystemPageFileInfo=(PSYSTEMPAGEFILEINFO)Buffer;
while (1) {
printf("pSystemPageFileInfo->CurrentSizePages = %x\n", pSystemPageFileInfo->CurrentSizePages);
printf("pSystemPageFileInfo->TotalUsedPages = %x\n", pSystemPageFileInfo->TotalUsedPages);
printf("pSystemPageFileInfo->PeakUsedPages = %x\n", pSystemPageFileInfo->PeakUsedPages);
printf("pSystemPageFileInfo->uPagefileFileName = %S\n", pSystemPageFileInfo->uPagefileFileName.Buffer);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -