📄 structures.h
字号:
/************************************************************************
* 文件名称:Structures.h
* 作 者:李骥
*************************************************************************/
///////////////////定义本地结构体//////////////////////////////////////////
////////////////////进程线程结构体////////////////////////////////////////
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientID;
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitchCount;
ULONG ThreadState;
KWAIT_REASON WaitReason;
ULONG ReverseBit;
}SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
typedef struct _SYSTEM_PROCESS_INFORMATION
{
//ULONG NextEntryDelta;
//ULONG dThreadCount;
//ULONG dReserved01;
//ULONG dReserved02;
//ULONG dReserved03;
//ULONG dReserved04;
//ULONG dReserved05;
//ULONG dReserved06;
//LARGE_INTEGER ftCreateTime; /* relative to 01-01-1601 */
//LARGE_INTEGER ftUserTime; /* 100 nsec units */
//LARGE_INTEGER ftKernelTime; /* 100 nsec units */
//LARGE_INTEGER ProcessName; //这就是进程名
//ULONG BasePriority;
//ULONG dUniqueProcessId; //进程ID
//ULONG dParentProcessID;
//ULONG dHandleCount;
//ULONG dReserved07;
//ULONG dReserved08;
//ULONG VmCounters;
//ULONG dCommitCharge;
//PVOID ThreadInfos[1];
ULONG NextEntryDelta;
ULONG dThreadCount;
LARGE_INTEGER SpareLi1;
LARGE_INTEGER SpareLi2;
LARGE_INTEGER SpareLi3;
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
ULONG dUniqueProcessId;
ULONG dParentProcessID;
ULONG HandleCount;
ULONG SessionId;
ULONG PageDirectoryFrame;
//
// This part corresponds to VM_COUNTERS_EX.
// NOTE: *NOT* THE SAME AS VM_COUNTERS!
//
ULONG PeakVirtualSize;
ULONG VirtualSize;
ULONG PageFaultCount;
ULONG PeakWorkingSetSize;
ULONG WorkingSetSize;
ULONG QuotaPeakPagedPoolUsage;
ULONG QuotaPagedPoolUsage;
ULONG QuotaPeakNonPagedPoolUsage;
ULONG QuotaNonPagedPoolUsage;
ULONG PagefileUsage;
ULONG PeakPagefileUsage;
ULONG PrivateUsage;
// This part corresponds to IO_COUNTERS
//
LARGE_INTEGER ReadOperationCount;
LARGE_INTEGER WriteOperationCount;
LARGE_INTEGER OtherOperationCount;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
PVOID ThreadInfos[1];
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
/////////////////定义ntoskrnl.exe的服务表结构////////////////////////////////////////////////
typedef struct _ServiceDescriptorEntry {
unsigned int *ServiceTableBase;
unsigned int *ServiceCounterTableBase;
unsigned int NumberOfServices;
unsigned char *ParamTableBase;
}ServiceDescriptorTableEntry, *PServiceDescriptorTableEntry;
typedef struct _tagSSDT {
PVOID pvSSDTBase;
PVOID pvServiceCounterTable;
ULONG ulNumberOfServices;
PVOID pvParamTableBase;
} SSDT, *PSSDT;
////////////////////////////////////////////////
/////////////////////////应用结构体//////////////////////////////
typedef struct _MY_PROCESS_INFO
{
ULONG ProcessID;
ULONG InheritedFromProcessID;
WCHAR ProcessName[256];
ULONG dThreadCount;
//HANDLE hProcess;
PVOID ThreadInfos;
}MY_PROCESS_INFO,*PMY_PROCESS_INFO;
typedef struct _MY_THREAD_INFO
{
ULONG ProcessID;
ULONG ThreadID;
//HANDLE hThread;
ULONG CpuRate;
ULONG CpuMask;
ULONG ThreadCnt;
}MY_THREAD_INFO,*PMY_THREAD_INFO;
///////////////////////////////枚举常量/////////////////////////
typedef enum _SYSTEMINFOCLASS
{
SystemBasicInformation, //0
SystemProcessorInformation, // 1
SystemPerformanceInformation, //2
SystemTimeOfDayInformation, //3
SystemPathInformation, //4 SystemNotImplemented1
SystemProcessInformation, //5 per process SystemProcessesAndThreadsInformation
SystemCallCountInformation, //6 SystemCallInformation
SystemConfigurationInformation, //7 SystemDeviceInformation
SystemProcessorPerformanceInformation, //8 per cpu SystemProcessorCounters
SystemGlobalFlag, //SystemFlagsInformation
SystemCallTimeInformation, //10
SystemModuleInformation, //11
SystemLockInformation, //12
SystemStackTraceInformation, //13 SystemNotImplemented2
SystemPagedPoolInformation, //14 checked build only
SystemNonPagedPoolInformation, //15 checked build only
SystemHandleInformation, //16
SystemObjectInformation, //17 SystemObjectTypeInformation
SystemPageFileInformation, //18 per page file
SystemVdmInstemulInformation, //19 SystemVdmInstemulInformation
SystemVdmBopInformation, //20
SystemFileCacheInformation, //21
SystemPoolTagInformation, //22
SystemInterruptInformation, //23
SystemDpcBehaviorInformation, //24
SystemFullMemoryInformation, //25 checked build only
SystemLoadGdiDriverInformation, //26 set mode only
SystemUnloadGdiDriverInformation, //27 set mode only
SystemTimeAdjustmentInformation, //28 writeable
SystemSummaryMemoryInformation, //29 checked build only
SystemNextEventIdInformation, //30 checked build only
SystemEventIdsInformation, //31 checked build only
SystemCrashDumpInformation, //32
SystemExceptionInformation, //33
SystemCrashDumpStateInformation, //34
SystemKernelDebuggerInformation, //35
SystemContextSwitchInformation, //36
SystemRegistryQuotaInformation, //37
SystemExtendServiceTableInformation, //38 set mode only SystemAddDriver
SystemPrioritySeperation, //39 set mode only SystemPrioritySeparationInformation
SystemPlugPlayBusInformation, //40 not implemented
SystemDockInformation, //41 not implemented
SystemPowerInformation_XP, //42 XP only
SystemProcessorSpeedInformation, //43 XP only
SystemCurrentTimeZoneInformation, //44
SystemLookasideInformation, //45
SystemSetTimeSlipEvent, //46
SystemCreateSession, // set mode only
SystemDeleteSession, // set mode only
SystemInvalidInfoClass1, // invalid info class
SystemRangeStartInformation, // 0x0004 (fails if size != 4)
SystemVerifierInformation,
SystemAddVerifier,
SystemSessionProcessesInformation, // checked build only
MaxSystemInfoClass
} SYSTEMINFOCLASS, *PSYSTEMINFOCLASS;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -