sysinfo.c
来自「Undocumented Windows NT 经典书籍的源码」· C语言 代码 · 共 869 行 · 第 1/3 页
C
869 行
if (pSystemPageFileInfo->RelativeOffset==0) {
break;
}
pSystemPageFileInfo=(PSYSTEMPAGEFILEINFO)((ULONG)pSystemPageFileInfo+pSystemPageFileInfo->RelativeOffset);
}
printf("%x\n", sizeof(SYSTEMINSTRUCTIONEMULATIONCOUNTINFO));
}
void InfoInstructionEmulationCounts()
{
SYSTEMINSTRUCTIONEMULATIONCOUNTINFO InstEmulationCountInfo;
NTSTATUS rc;
memset(&InstEmulationCountInfo, 0, sizeof(InstEmulationCountInfo));
rc=NtQuerySystemInformation(SystemInstructionEmulationInfo,
&InstEmulationCountInfo,
sizeof(InstEmulationCountInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemInstructionEmulationInfo', rc=%x\n", rc);
return;
}
printf("InstEmulationCountInfo.VdmSegmentNotPresentCount = %x\n", InstEmulationCountInfo.VdmSegmentNotPresentCount);
printf("InstEmulationCountInfo.VdmINSWCount = %x\n", InstEmulationCountInfo.VdmINSWCount);
printf("InstEmulationCountInfo.VdmESPREFIXCount = %x\n", InstEmulationCountInfo.VdmESPREFIXCount);
printf("InstEmulationCountInfo.VdmCSPREFIXCount = %x\n", InstEmulationCountInfo.VdmCSPREFIXCount);
printf("InstEmulationCountInfo.VdmSSPREFIXCount = %x\n", InstEmulationCountInfo.VdmSSPREFIXCount);
printf("InstEmulationCountInfo.VdmDSPREFIXCount = %x\n", InstEmulationCountInfo.VdmDSPREFIXCount);
printf("InstEmulationCountInfo.VdmFSPREFIXCount = %x\n", InstEmulationCountInfo.VdmFSPREFIXCount);
printf("InstEmulationCountInfo.VdmGSPREFIXCount = %x\n", InstEmulationCountInfo.VdmGSPREFIXCount);
printf("InstEmulationCountInfo.VdmOPER32PREFIXCount = %x\n", InstEmulationCountInfo.VdmOPER32PREFIXCount);
printf("InstEmulationCountInfo.VdmADDR32PREFIXCount = %x\n", InstEmulationCountInfo.VdmADDR32PREFIXCount);
printf("InstEmulationCountInfo.VdmINSBCount = %x\n", InstEmulationCountInfo.VdmINSBCount);
printf("InstEmulationCountInfo.VdmINSWV86Count = %x\n", InstEmulationCountInfo.VdmINSWV86Count);
printf("InstEmulationCountInfo.VdmOUTSBCount = %x\n", InstEmulationCountInfo.VdmOUTSBCount);
printf("InstEmulationCountInfo.VdmOUTSWCount = %x\n", InstEmulationCountInfo.VdmOUTSWCount);
printf("InstEmulationCountInfo.VdmPUSHFCount = %x\n", InstEmulationCountInfo.VdmPUSHFCount);
printf("InstEmulationCountInfo.VdmPOPFCount = %x\n", InstEmulationCountInfo.VdmPOPFCount);
printf("InstEmulationCountInfo.VdmINTNNCount = %x\n", InstEmulationCountInfo.VdmINTNNCount);
printf("InstEmulationCountInfo.VdmINTOCount = %x\n", InstEmulationCountInfo.VdmINTOCount);
printf("InstEmulationCountInfo.VdmIRETCount = %x\n", InstEmulationCountInfo.VdmIRETCount);
printf("InstEmulationCountInfo.VdmINBIMMCount = %x\n", InstEmulationCountInfo.VdmINBIMMCount);
printf("InstEmulationCountInfo.VdmINWIMMCount = %x\n", InstEmulationCountInfo.VdmINWIMMCount);
printf("InstEmulationCountInfo.VdmOUTBIMMCount = %x\n", InstEmulationCountInfo.VdmOUTBIMMCount);
printf("InstEmulationCountInfo.VdmOUTWIMMCount = %x\n", InstEmulationCountInfo.VdmOUTWIMMCount);
printf("InstEmulationCountInfo.VdmINBCount = %x\n", InstEmulationCountInfo.VdmINBCount);
printf("InstEmulationCountInfo.VdmINWCount = %x\n", InstEmulationCountInfo.VdmINWCount);
printf("InstEmulationCountInfo.VdmOUTBCount = %x\n", InstEmulationCountInfo.VdmOUTBCount);
printf("InstEmulationCountInfo.VdmOUTWCount = %x\n", InstEmulationCountInfo.VdmOUTWCount);
printf("InstEmulationCountInfo.VdmLOCKPREFIXCount = %x\n", InstEmulationCountInfo.VdmLOCKPREFIXCount);
printf("InstEmulationCountInfo.VdmREPNEPREFIXCount = %x\n", InstEmulationCountInfo.VdmREPNEPREFIXCount);
printf("InstEmulationCountInfo.VdmREPPREFIXCount = %x\n", InstEmulationCountInfo.VdmREPPREFIXCount);
printf("InstEmulationCountInfo.VdmHLTCount = %x\n", InstEmulationCountInfo.VdmHLTCount);
printf("InstEmulationCountInfo.VdmCLICount = %x\n", InstEmulationCountInfo.VdmCLICount);
printf("InstEmulationCountInfo.VdmSTICount = %x\n", InstEmulationCountInfo.VdmSTICount);
printf("InstEmulationCountInfo.VdmBopCount = %x\n", InstEmulationCountInfo.VdmBopCount);
}
//Information class 20 returns STATUS_INVALID_INFO_CLASS
void InfoSystemCacheInformation()
{
SYSTEMCACHEINFO SystemCacheInformation;
ULONG i;
NTSTATUS rc;
memset(&SystemCacheInformation, 'A', sizeof(SystemCacheInformation));
rc=NtQuerySystemInformation(SystemCacheInfo,
&SystemCacheInformation,
sizeof(SystemCacheInformation),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemCacheInfo', rc=%x\n", rc);
return;
}
printf("SystemCacheInformation.TotalSize = %x\n", SystemCacheInformation.TotalSize);
printf("SystemCacheInformation.PeakSize = %x\n", SystemCacheInformation.PeakSize);
printf("SystemCacheInformation.TotalPageFaultCount = %x\n", SystemCacheInformation.TotalPageFaultCount);
printf("SystemCacheInformation.MinWorkingSet = %x\n", SystemCacheInformation.MinWorkingSet);
printf("SystemCacheInformation.MaxWorkingSet = %x\n", SystemCacheInformation.MaxWorkingSet);
for (i=0; i<4; i++) {
printf("SystemCacheInformation.Unused[%d] = %x\n", i, SystemCacheInformation.Unused[i]);
}
}
void InfoPoolTagSystemInfo()
{
/* This information class will work only if Pool tracking is enabled in the system. Pool
tracking is enabled by default in checked build of the operating system. For free
builds one can use the GFLAGS utility shipped with resource kit to enable pool tagging.
If Pool tagging is not enabled, this information class returns STATUS_NOT_IMPLEMENTED*/
PPOOLTAGSYSTEMINFO pPoolTagSystemInfo;
char Buffer[90000];
ULONG i;
NTSTATUS rc;
memset(Buffer, 'A', sizeof(Buffer));
rc=NtQuerySystemInformation(SystemPoolTagInfo,
Buffer,
sizeof(Buffer),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemPoolTagInfo', rc=%x\n", rc);
return;
}
pPoolTagSystemInfo=(PPOOLTAGSYSTEMINFO)Buffer;
printf("Tag PagedAllocs PagedFrees PagedBytes NPagedAllocs NPagedFrees NPagedBytes\n");
for (i=0; i<pPoolTagSystemInfo->nTags; i++) {
ULONG j;
char *p=(char *)(&pPoolTagSystemInfo->PoolTagInfo[i].PoolTag);
for (j=0; j<4; j++) {
printf("%c", isprint(p[j])?p[j]:' ');
}
printf(" %08d %08d %08d %08d %08d %08d\n", pPoolTagSystemInfo->PoolTagInfo[i].PagedAllocs,
pPoolTagSystemInfo->PoolTagInfo[i].PagedFrees,
pPoolTagSystemInfo->PoolTagInfo[i].PagedBytes,
pPoolTagSystemInfo->PoolTagInfo[i].NonPagedAllocs,
pPoolTagSystemInfo->PoolTagInfo[i].NonPagedFrees,
pPoolTagSystemInfo->PoolTagInfo[i].NonPagedBytes);
}
}
void InfoSystemProcessorScheduleInfo()
{
PROCESSORSCHEDULEINFO ProcessorScheduleInfo;
NTSTATUS rc;
memset(&ProcessorScheduleInfo, 'A', sizeof(ProcessorScheduleInfo));
rc=NtQuerySystemInformation(SystemProcessorScheduleInfo,
&ProcessorScheduleInfo,
sizeof(ProcessorScheduleInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemProcessorScheduleInfo', rc=%x\n", rc);
return;
}
printf("ProcessorScheduleInfo.nContextSwitches = %x\n", ProcessorScheduleInfo.nContextSwitches);
printf("ProcessorScheduleInfo.nDPCQueued = %x\n", ProcessorScheduleInfo.nDPCQueued);
printf("ProcessorScheduleInfo.nDPCRate = %x\n", ProcessorScheduleInfo.nDPCRate);
printf("ProcessorScheduleInfo.TimerResolution = %x\n", ProcessorScheduleInfo.TimerResolution);
printf("ProcessorScheduleInfo.nDPCBypasses = %x\n", ProcessorScheduleInfo.nDPCBypasses);
printf("ProcessorScheduleInfo.nAPCBypasses = %x\n", ProcessorScheduleInfo.nAPCBypasses);
}
void InfoSystemDPCInfo()
{
DPCSYSTEMINFO DPCSystemInfo;
NTSTATUS rc;
memset(&DPCSystemInfo, 'A', sizeof(DPCSystemInfo));
rc=NtQuerySystemInformation(SystemDpcInfo,
&DPCSystemInfo,
sizeof(DPCSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemDpcInfo', rc=%x\n", rc);
return;
}
printf("DPCSystemInfo.Unused = %x\n", DPCSystemInfo.Unused);
printf("DPCSystemInfo.KiMaximumDpcQueueDepth = %x\n", DPCSystemInfo.KiMaximumDpcQueueDepth);
printf("DPCSystemInfo.KiMinimumDpcRate = %x\n", DPCSystemInfo.KiMinimumDpcRate);
printf("DPCSystemInfo.KiAdjustDpcThreshold = %x\n", DPCSystemInfo.KiAdjustDpcThreshold);
printf("DPCSystemInfo.KiIdealDpcRate = %x\n", DPCSystemInfo.KiIdealDpcRate);
}
void InfoSystemTimerInfo()
{
TIMERSYSTEMINFO TimerSystemInfo;
NTSTATUS rc;
memset(&TimerSystemInfo, 'A', sizeof(TimerSystemInfo));
rc=NtQuerySystemInformation(SystemTimerInfo,
&TimerSystemInfo,
sizeof(TimerSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemTimerInfo', rc=%x\n", rc);
return;
}
printf("TimerSystemInfo.KeTimeAdjustment = %x\n", TimerSystemInfo.KeTimeAdjustment);
printf("TimerSystemInfo.KeMaximumIncrement = %x\n", TimerSystemInfo.KeMaximumIncrement);
printf("TimerSystemInfo.KeTimeSynchronization = %x\n", TimerSystemInfo.KeTimeSynchronization);
}
void InfoSystemProcessorFaultCountInfo()
{
PROCESSORSYSTEMFAULTCOUNTINFO ProcessorSystemFaultCountInfo;
NTSTATUS rc;
memset(&ProcessorSystemFaultCountInfo, 'A', sizeof(ProcessorSystemFaultCountInfo));
rc=NtQuerySystemInformation(SystemProcessorFaultCountInfo,
&ProcessorSystemFaultCountInfo,
sizeof(ProcessorSystemFaultCountInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemProcessorFaultCountInfo', rc=%x\n", rc);
return;
}
printf("ProcessorSystemFaultCountInfo.nAlignmentFixup = %x\n", ProcessorSystemFaultCountInfo.nAlignmentFixup);
printf("ProcessorSystemFaultCountInfo.nExceptionDispatches = %x\n", ProcessorSystemFaultCountInfo.nExceptionDispatches);
printf("ProcessorSystemFaultCountInfo.nFloatingEmulation = %x\n", ProcessorSystemFaultCountInfo.nFloatingEmulation);
printf("ProcessorSystemFaultCountInfo.Unknown = %x\n", ProcessorSystemFaultCountInfo.Unknown);
}
void InfoSystemDebugger()
{
DEBUGGERSYSTEMINFO DebuggerSystemInfo;
NTSTATUS rc;
memset(&DebuggerSystemInfo, 'A', sizeof(DebuggerSystemInfo));
rc=NtQuerySystemInformation(SystemDebuggerInfo,
&DebuggerSystemInfo,
sizeof(DebuggerSystemInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemDebuggerInfo', rc=%x\n", rc);
return;
}
printf("DebuggerSystemInfo.bKdDebuggerEnabled = %x\n", DebuggerSystemInfo.bKdDebuggerEnabled);
printf("DebuggerSystemInfo.bKdDebuggerPresent = %x\n", DebuggerSystemInfo.bKdDebuggerPresent);
}
void InfoSystemQuota()
{
QUOTAINFO QuotaInfo;
NTSTATUS rc;
rc=NtQuerySystemInformation(SystemQuotaInfo,
&QuotaInfo,
sizeof(QuotaInfo),
NULL);
if (rc!=STATUS_SUCCESS) {
printf("NtQuerySystemInformation failed with Information class 'SystemQuotaInfo', rc=%x\n", rc);
return;
}
printf("CmpGlobalQuota = %x\n", QuotaInfo.CmpGlobalQuota);
printf("CmpGlobalQuotaUsed = %x\n", QuotaInfo.CmpGlobalQuotaUsed);
printf("MmSizeofPagedPoolInBytes = %x\n", QuotaInfo.MmSizeofPagedPoolInBytes);
printf("\n\n");
}
main()
{
InfoBasicSystemInfo();
InfoProcessorSystemInfo();
InfoPerformanceSystemInfo();
InfoTimeSystemInfo();
InfoSystemPathSystemInfo();
InfoProcessListSystemInfo();
InfoSystemServiceDescriptorTables();
InfoSystemIoConfig();
InfoSystemProcessorInfo();
InfoSystemNtGlobalFlagInfo();
InfoSystemModuleInformation();
InfoSystemLockInformation();
InfoSystemHandleInformation();
InfoSystemObjectInformation();
InfoPageFileInformation();
InfoInstructionEmulationCounts();
InfoSystemCacheInformation();
InfoPoolTagSystemInfo();
InfoSystemProcessorScheduleInfo();
InfoSystemDPCInfo();
InfoSystemTimerInfo();
InfoSystemProcessorFaultCountInfo();
InfoSystemDebugger();
InfoSystemQuota();
return 0;
}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?