📄 sysinfo.c
字号:
if (pSystemPageFileInfo->RelativeOffset==0) {
break;
}
pSystemPageFileInfo=(PSYSTEMPAGEFILEINFO)((ULONG)pSystemPageFileInfo+pSystemPageFileInfo->RelativeOffset);
}
printf("%x\n", sizeof(SYSTEMINSTRUCTIONEMULATIONCOUNTINFO));
}
void InfoInstructionEmulationCounts()
{
SYSTEMINSTRUCTIONEMULATIONCOUNTINFO InstEmulationCountInfo;
NTSTATUS rc;
memset(&InstEmulationCountInfo, 0, sizeof(InstEmulationCountInfo));
rc=NtQuerySystemInformation(SystemInstructionEmulationInfo,
&InstEmulationCountInfo,
sizeof(InstEmulationCountInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemInstructionEmulationInfo', rc=%x\n", rc);
return;
}
printf("InstEmulationCountInfo.VdmSegmentNotPresentCount = %x\n", InstEmulationCountInfo.VdmSegmentNotPresentCount);
printf("InstEmulationCountInfo.VdmINSWCount = %x\n", InstEmulationCountInfo.VdmINSWCount);
printf("InstEmulationCountInfo.VdmESPREFIXCount = %x\n", InstEmulationCountInfo.VdmESPREFIXCount);
printf("InstEmulationCountInfo.VdmCSPREFIXCount = %x\n", InstEmulationCountInfo.VdmCSPREFIXCount);
printf("InstEmulationCountInfo.VdmSSPREFIXCount = %x\n", InstEmulationCountInfo.VdmSSPREFIXCount);
printf("InstEmulationCountInfo.VdmDSPREFIXCount = %x\n", InstEmulationCountInfo.VdmDSPREFIXCount);
printf("InstEmulationCountInfo.VdmFSPREFIXCount = %x\n", InstEmulationCountInfo.VdmFSPREFIXCount);
printf("InstEmulationCountInfo.VdmGSPREFIXCount = %x\n", InstEmulationCountInfo.VdmGSPREFIXCount);
printf("InstEmulationCountInfo.VdmOPER32PREFIXCount = %x\n", InstEmulationCountInfo.VdmOPER32PREFIXCount);
printf("InstEmulationCountInfo.VdmADDR32PREFIXCount = %x\n", InstEmulationCountInfo.VdmADDR32PREFIXCount);
printf("InstEmulationCountInfo.VdmINSBCount = %x\n", InstEmulationCountInfo.VdmINSBCount);
printf("InstEmulationCountInfo.VdmINSWV86Count = %x\n", InstEmulationCountInfo.VdmINSWV86Count);
printf("InstEmulationCountInfo.VdmOUTSBCount = %x\n", InstEmulationCountInfo.VdmOUTSBCount);
printf("InstEmulationCountInfo.VdmOUTSWCount = %x\n", InstEmulationCountInfo.VdmOUTSWCount);
printf("InstEmulationCountInfo.VdmPUSHFCount = %x\n", InstEmulationCountInfo.VdmPUSHFCount);
printf("InstEmulationCountInfo.VdmPOPFCount = %x\n", InstEmulationCountInfo.VdmPOPFCount);
printf("InstEmulationCountInfo.VdmINTNNCount = %x\n", InstEmulationCountInfo.VdmINTNNCount);
printf("InstEmulationCountInfo.VdmINTOCount = %x\n", InstEmulationCountInfo.VdmINTOCount);
printf("InstEmulationCountInfo.VdmIRETCount = %x\n", InstEmulationCountInfo.VdmIRETCount);
printf("InstEmulationCountInfo.VdmINBIMMCount = %x\n", InstEmulationCountInfo.VdmINBIMMCount);
printf("InstEmulationCountInfo.VdmINWIMMCount = %x\n", InstEmulationCountInfo.VdmINWIMMCount);
printf("InstEmulationCountInfo.VdmOUTBIMMCount = %x\n", InstEmulationCountInfo.VdmOUTBIMMCount);
printf("InstEmulationCountInfo.VdmOUTWIMMCount = %x\n", InstEmulationCountInfo.VdmOUTWIMMCount);
printf("InstEmulationCountInfo.VdmINBCount = %x\n", InstEmulationCountInfo.VdmINBCount);
printf("InstEmulationCountInfo.VdmINWCount = %x\n", InstEmulationCountInfo.VdmINWCount);
printf("InstEmulationCountInfo.VdmOUTBCount = %x\n", InstEmulationCountInfo.VdmOUTBCount);
printf("InstEmulationCountInfo.VdmOUTWCount = %x\n", InstEmulationCountInfo.VdmOUTWCount);
printf("InstEmulationCountInfo.VdmLOCKPREFIXCount = %x\n", InstEmulationCountInfo.VdmLOCKPREFIXCount);
printf("InstEmulationCountInfo.VdmREPNEPREFIXCount = %x\n", InstEmulationCountInfo.VdmREPNEPREFIXCount);
printf("InstEmulationCountInfo.VdmREPPREFIXCount = %x\n", InstEmulationCountInfo.VdmREPPREFIXCount);
printf("InstEmulationCountInfo.VdmHLTCount = %x\n", InstEmulationCountInfo.VdmHLTCount);
printf("InstEmulationCountInfo.VdmCLICount = %x\n", InstEmulationCountInfo.VdmCLICount);
printf("InstEmulationCountInfo.VdmSTICount = %x\n", InstEmulationCountInfo.VdmSTICount);
printf("InstEmulationCountInfo.VdmBopCount = %x\n", InstEmulationCountInfo.VdmBopCount);
}
//Information class 20 returns STATUS_INVALID_INFO_CLASS
void InfoSystemCacheInformation()
{
SYSTEMCACHEINFO SystemCacheInformation;
ULONG i;
NTSTATUS rc;
memset(&SystemCacheInformation, 'A', sizeof(SystemCacheInformation));
rc=NtQuerySystemInformation(SystemCacheInfo,
&SystemCacheInformation,
sizeof(SystemCacheInformation),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemCacheInfo', rc=%x\n", rc);
return;
}
printf("SystemCacheInformation.TotalSize = %x\n", SystemCacheInformation.TotalSize);
printf("SystemCacheInformation.PeakSize = %x\n", SystemCacheInformation.PeakSize);
printf("SystemCacheInformation.TotalPageFaultCount = %x\n", SystemCacheInformation.TotalPageFaultCount);
printf("SystemCacheInformation.MinWorkingSet = %x\n", SystemCacheInformation.MinWorkingSet);
printf("SystemCacheInformation.MaxWorkingSet = %x\n", SystemCacheInformation.MaxWorkingSet);
for (i=0; i<4; i++) {
printf("SystemCacheInformation.Unused[%d] = %x\n", i, SystemCacheInformation.Unused[i]);
}
}
void InfoPoolTagSystemInfo()
{
/* This information class will work only if Pool tracking is enabled in the system. Pool
tracking is enabled by default in checked build of the operating system. For free
builds one can use the GFLAGS utility shipped with resource kit to enable pool tagging.
If Pool tagging is not enabled, this information class returns STATUS_NOT_IMPLEMENTED*/
PPOOLTAGSYSTEMINFO pPoolTagSystemInfo;
char Buffer[90000];
ULONG i;
NTSTATUS rc;
memset(Buffer, 'A', sizeof(Buffer));
rc=NtQuerySystemInformation(SystemPoolTagInfo,
Buffer,
sizeof(Buffer),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemPoolTagInfo', rc=%x\n", rc);
return;
}
pPoolTagSystemInfo=(PPOOLTAGSYSTEMINFO)Buffer;
printf("Tag PagedAllocs PagedFrees PagedBytes NPagedAllocs NPagedFrees NPagedBytes\n");
for (i=0; i<pPoolTagSystemInfo->nTags; i++) {
ULONG j;
char *p=(char *)(&pPoolTagSystemInfo->PoolTagInfo[i].PoolTag);
for (j=0; j<4; j++) {
printf("%c", isprint(p[j])?p[j]:' ');
}
printf(" %08d %08d %08d %08d %08d %08d\n", pPoolTagSystemInfo->PoolTagInfo[i].PagedAllocs,
pPoolTagSystemInfo->PoolTagInfo[i].PagedFrees,
pPoolTagSystemInfo->PoolTagInfo[i].PagedBytes,
pPoolTagSystemInfo->PoolTagInfo[i].NonPagedAllocs,
pPoolTagSystemInfo->PoolTagInfo[i].NonPagedFrees,
pPoolTagSystemInfo->PoolTagInfo[i].NonPagedBytes);
}
}
void InfoSystemProcessorScheduleInfo()
{
PROCESSORSCHEDULEINFO ProcessorScheduleInfo;
NTSTATUS rc;
memset(&ProcessorScheduleInfo, 'A', sizeof(ProcessorScheduleInfo));
rc=NtQuerySystemInformation(SystemProcessorScheduleInfo,
&ProcessorScheduleInfo,
sizeof(ProcessorScheduleInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemProcessorScheduleInfo', rc=%x\n", rc);
return;
}
printf("ProcessorScheduleInfo.nContextSwitches = %x\n", ProcessorScheduleInfo.nContextSwitches);
printf("ProcessorScheduleInfo.nDPCQueued = %x\n", ProcessorScheduleInfo.nDPCQueued);
printf("ProcessorScheduleInfo.nDPCRate = %x\n", ProcessorScheduleInfo.nDPCRate);
printf("ProcessorScheduleInfo.TimerResolution = %x\n", ProcessorScheduleInfo.TimerResolution);
printf("ProcessorScheduleInfo.nDPCBypasses = %x\n", ProcessorScheduleInfo.nDPCBypasses);
printf("ProcessorScheduleInfo.nAPCBypasses = %x\n", ProcessorScheduleInfo.nAPCBypasses);
}
void InfoSystemDPCInfo()
{
DPCSYSTEMINFO DPCSystemInfo;
NTSTATUS rc;
memset(&DPCSystemInfo, 'A', sizeof(DPCSystemInfo));
rc=NtQuerySystemInformation(SystemDpcInfo,
&DPCSystemInfo,
sizeof(DPCSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemDpcInfo', rc=%x\n", rc);
return;
}
printf("DPCSystemInfo.Unused = %x\n", DPCSystemInfo.Unused);
printf("DPCSystemInfo.KiMaximumDpcQueueDepth = %x\n", DPCSystemInfo.KiMaximumDpcQueueDepth);
printf("DPCSystemInfo.KiMinimumDpcRate = %x\n", DPCSystemInfo.KiMinimumDpcRate);
printf("DPCSystemInfo.KiAdjustDpcThreshold = %x\n", DPCSystemInfo.KiAdjustDpcThreshold);
printf("DPCSystemInfo.KiIdealDpcRate = %x\n", DPCSystemInfo.KiIdealDpcRate);
}
void InfoSystemTimerInfo()
{
TIMERSYSTEMINFO TimerSystemInfo;
NTSTATUS rc;
memset(&TimerSystemInfo, 'A', sizeof(TimerSystemInfo));
rc=NtQuerySystemInformation(SystemTimerInfo,
&TimerSystemInfo,
sizeof(TimerSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemTimerInfo', rc=%x\n", rc);
return;
}
printf("TimerSystemInfo.KeTimeAdjustment = %x\n", TimerSystemInfo.KeTimeAdjustment);
printf("TimerSystemInfo.KeMaximumIncrement = %x\n", TimerSystemInfo.KeMaximumIncrement);
printf("TimerSystemInfo.KeTimeSynchronization = %x\n", TimerSystemInfo.KeTimeSynchronization);
}
void InfoSystemProcessorFaultCountInfo()
{
PROCESSORSYSTEMFAULTCOUNTINFO ProcessorSystemFaultCountInfo;
NTSTATUS rc;
memset(&ProcessorSystemFaultCountInfo, 'A', sizeof(ProcessorSystemFaultCountInfo));
rc=NtQuerySystemInformation(SystemProcessorFaultCountInfo,
&ProcessorSystemFaultCountInfo,
sizeof(ProcessorSystemFaultCountInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemProcessorFaultCountInfo', rc=%x\n", rc);
return;
}
printf("ProcessorSystemFaultCountInfo.nAlignmentFixup = %x\n", ProcessorSystemFaultCountInfo.nAlignmentFixup);
printf("ProcessorSystemFaultCountInfo.nExceptionDispatches = %x\n", ProcessorSystemFaultCountInfo.nExceptionDispatches);
printf("ProcessorSystemFaultCountInfo.nFloatingEmulation = %x\n", ProcessorSystemFaultCountInfo.nFloatingEmulation);
printf("ProcessorSystemFaultCountInfo.Unknown = %x\n", ProcessorSystemFaultCountInfo.Unknown);
}
void InfoSystemDebugger()
{
DEBUGGERSYSTEMINFO DebuggerSystemInfo;
NTSTATUS rc;
memset(&DebuggerSystemInfo, 'A', sizeof(DebuggerSystemInfo));
rc=NtQuerySystemInformation(SystemDebuggerInfo,
&DebuggerSystemInfo,
sizeof(DebuggerSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemDebuggerInfo', rc=%x\n", rc);
return;
}
printf("DebuggerSystemInfo.bKdDebuggerEnabled = %x\n", DebuggerSystemInfo.bKdDebuggerEnabled);
printf("DebuggerSystemInfo.bKdDebuggerPresent = %x\n", DebuggerSystemInfo.bKdDebuggerPresent);
}
void InfoSystemQuota()
{
QUOTAINFO QuotaInfo;
NTSTATUS rc;
rc=NtQuerySystemInformation(SystemQuotaInfo,
&QuotaInfo,
sizeof(QuotaInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemQuotaInfo', rc=%x\n", rc);
return;
}
printf("CmpGlobalQuota = %x\n", QuotaInfo.CmpGlobalQuota);
printf("CmpGlobalQuotaUsed = %x\n", QuotaInfo.CmpGlobalQuotaUsed);
printf("MmSizeofPagedPoolInBytes = %x\n", QuotaInfo.MmSizeofPagedPoolInBytes);
printf("\n\n");
}
main()
{
InfoBasicSystemInfo();
InfoProcessorSystemInfo();
InfoPerformanceSystemInfo();
InfoTimeSystemInfo();
InfoSystemPathSystemInfo();
InfoProcessListSystemInfo();
InfoSystemServiceDescriptorTables();
InfoSystemIoConfig();
InfoSystemProcessorInfo();
InfoSystemNtGlobalFlagInfo();
InfoSystemModuleInformation();
InfoSystemLockInformation();
InfoSystemHandleInformation();
InfoSystemObjectInformation();
InfoPageFileInformation();
InfoInstructionEmulationCounts();
InfoSystemCacheInformation();
InfoPoolTagSystemInfo();
InfoSystemProcessorScheduleInfo();
InfoSystemDPCInfo();
InfoSystemTimerInfo();
InfoSystemProcessorFaultCountInfo();
InfoSystemDebugger();
InfoSystemQuota();
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -