note.h

驱动枚举进程,控制线程AFFINITY,通过修改EPROCESS,ETHREAD ,KTHREAD 等结构,修改AFFINITY

//有许多方法，我比较喜欢使用的是：
//NtQuerySystemInformation函数，其中SystemBasicInformation(0号功能)返回的结果是一个SYSTEM_BASIC_INFORMATION结构，其中的域bKeNumberProcessors将返回系统CPU的个数。
//
//下面是该函数的具体说明：
//
//代码:
///×-------------------------------------------------------------
//NtQuerySystemInformation is used to check some system informations
//avaiable only in KernelMode (above 0x80000000).
//All avaiable (or all known) information classes are described
//in SYSTEM_INFORMATION_CLASS.
//Requirements
//Client: Requires Windows XP or Windows 2000 Professional.
//Server: Requires Windows 2000 Server.
//Header: Declared in Winternl.h.
//DLL: Requires Ntdll.dll.
//	 [NtQuerySystemInformation is available for use in Windows 2000 and
//	 Windows XP. It may be altered or unavailable in subsequent versions.
//	 Applications should use the alternate functions listed in this topic.]
//*/
//
//注：NtQuerySystemInformation底层使用中写为ZwQuerySystemInformation，两个函数完全相同，只是入口不同。
//
//NTSYSAPI
//NTSTATUS
//NTAPI
//NtQuerySystemInformation(
//
//						 //SystemInformationClass
//						 //[in] One of the values enumerated in SYSTEM_INFORMATION_CLASS,
//						 //indicating the kind of system information to be retrieved.
//						 IN SYSTEMINFOCLASS SystemInformationClass,
//
//						 // SystemInformation
//						 // [in, out] Points to a buffer where the requested information is
//						 // to be returned. The size and structure of this information varies
//						 // depending on the value of the SystemInformationClass parameter:
//						 OUT PVOID pSystemInformation,
//
//						 //  SystemInformationLength
//						 //  [in] Size of the buffer pointed to by the SystemInformation parameter,
//						 //  in bytes.
//						 IN ULONG uSystemInformationLength,
//
//						 //  ReturnLength
//						 //  [out, optional] Optional pointer to a location where the function
//						 //  writes the actual size of the information requested.
//						 //  If that size is less than or equal to the SystemInformationLength
//						 //  parameter, the function copies the information into the
//						 //  SystemInformation buffer; otherwise, it returns an NTSTATUS error code
//						 //  and returns in ReturnLength the size of buffer required to receive
//						 //  the requested information.
//						 OUT PULONG puReturnLength OPTIONAL
//						 );
//
////  Return Values
////  Returns an NTSTATUS success or error code.
////  The forms and significance of NTSTATUS error codes are listed
////  in the Ntstatus.h header file available in the Windows Device
////  Driver Kit (DDK), and are described in the DDK documentation
////  under Kernel-Mode Driver Architecture / Design Guide / Driver
////  Programming Techniques / Logging Errors.
//

//
//typedef struct _SYSTEM_BASIC_INFORMATION
//{
//	DWORD dwUnknown1; // 0
//	ULONG uKeMaximumIncrement; // x86: 0x0002625A or 0x00018730
//	ULONG uPageSize; // bytes
//	ULONG uMmNumberOfPhysicalPages;
//	ULONG uMmLowestPhysicalPage;
//	ULONG uMmHighestPhysicalPage;
//	ULONG uAllocationGranularity; // bytes
//	PVOID pLowestUserAddress;
//	PVOID pMmHighestUserAddress;
//	KAFFINITY uKeActiveProcessors;
//	BYTE bKeNumberProcessors;
//	BYTE bUnknown2;
//	WORD wUnknown3;
//} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
//
//typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
//{
//	LARGE_INTEGER IdleTime;
//	LARGE_INTEGER KernelTime;
//	LARGE_INTEGER UserTime;
//	LARGE_INTEGER DpcTime;
//	LARGE_INTEGER InterruptTime;
//	DWORD InterruptCount;
//	DWORD dwUnknown1;
//} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
//
//typedef struct _SYSTEM_PERFORMANCE_INFORMATION
//{
//	LARGE_INTEGER liIdleTime;
//	LARGE_INTEGER IoReadTransferCount;
//	LARGE_INTEGER IoWriteTransferCount;
//	LARGE_INTEGER IoOtherTransferCount;
//	ULONG IoReadOperationCount;
//	ULONG IoWriteOperationCount;
//	ULONG IoOtherOperationCount;
//	ULONG AvailablePages;
//	ULONG CommittedPages;
//	ULONG CommitLimit;
//	ULONG PeakCommitment;
//	ULONG PageFaultCount;
//	ULONG CopyOnWriteCount;
//	ULONG TransitionCount;
//	ULONG CacheTransitionCount;
//	ULONG DemandZeroCount;
//	ULONG PageReadCount;
//	ULONG PageReadIoCount;
//	ULONG CacheReadCount;
//	ULONG CacheIoCount;
//	ULONG DirtyPagesWriteCount;
//	ULONG DirtyWriteIoCount;
//	ULONG MappedPagesWriteCount;
//	ULONG MappedWriteIoCount;
//	ULONG PagedPoolPages;
//	ULONG NonPagedPoolPages;
//	ULONG PagedPoolAllocs;
//	ULONG PagedPoolFrees;
//	ULONG NonPagedPoolAllocs;
//	ULONG NonPagedPoolFrees;
//	ULONG FreeSystemPtes;
//	ULONG ResidentSystemCodePage;
//	ULONG TotalSystemDriverPages;
//	ULONG TotalSystemCodePages;
//	ULONG NonPagedPoolLookasideHits;
//	ULONG PagedPoolLookasideHits;
//	ULONG Spare3Count;
//	ULONG ResidentSystemCachePage;
//	ULONG ResidentPagedPoolPage;
//	ULONG ResidentSystemDriverPage;
//	ULONG CcFastReadNoWait;
//	ULONG CcFastReadWait;
//	ULONG CcFastReadResourceMiss;
//	ULONG CcFastReadNotPossible;
//	ULONG CcFastMdlReadNoWait;
//	ULONG CcFastMdlReadWait;
//	ULONG CcFastMdlReadResourceMiss;
//	ULONG CcFastMdlReadNotPossible;
//	ULONG CcMapDataNoWait;
//	ULONG CcMapDataWait;
//	ULONG CcMapDataNoWaitMiss;
//	ULONG CcMapDataWaitMiss;
//	ULONG CcPinMappedDataCount;
//	ULONG CcPinReadNoWait;
//	ULONG CcPinReadWait;
//	ULONG CcPinReadNoWaitMiss;
//	ULONG CcPinReadWaitMiss;
//	ULONG CcCopyReadNoWait;
//	ULONG CcCopyReadWait;
//	ULONG CcCopyReadNoWaitMiss;
//	ULONG CcCopyReadWaitMiss;
//	ULONG CcMdlReadNoWait;
//	ULONG CcMdlReadWait;
//	ULONG CcMdlReadNoWaitMiss;
//	ULONG CcMdlReadWaitMiss;
//	ULONG CcReadAheadIos;
//	ULONG CcLazyWriteIos;
//	ULONG CcLazyWritePages;
//	ULONG CcDataFlushes;
//	ULONG CcDataPages;
//	ULONG ContextSwitches;
//	ULONG FirstLevelTbFills;
//	ULONG SecondLevelTbFills;
//	ULONG SystemCalls;
//}
//我们在任务管理器中所见到的所有信息只使用了下面5个调用：
//0    SystemBasicInformation
//2    SystemPerformanceInformation
//5    SystemProcessInformation
//8    SystemProcessorPerformanceInformation
//21   SystemFileCacheInformation 
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////结构们

//www.pudn.com > TaskMgr.exe.rar > Sysinfo.h
//
//
//
//#pragma once 
//#define WIN32_LEAN_AND_MEAN 
//#include  
//
//typedef LONG KPRIORITY; 
//typedef LONG NTSTATUS; 
//
//typedef struct _UNICODE_STRING { 
//	USHORT Length; 
//	USHORT MaximumLength; 
//	PWSTR  Buffer; 
//} UNICODE_STRING; 
//typedef UNICODE_STRING *PUNICODE_STRING; 
//typedef const UNICODE_STRING *PCUNICODE_STRING; 
//
//typedef enum _SYSTEM_INFORMATION_CLASS 
//{ 
//	SystemBasicInformation, 
//	SystemProcessorInformation, 
//	SystemPerformanceInformation, 
//	SystemTimeOfDayInformation, 
//	SystemPathInformation, /// Obsolete: Use KUSER_SHARED_DATA 
//	SystemProcessInformation, 
//	SystemCallCountInformation, 
//	SystemDeviceInformation, 
//	SystemProcessorPerformanceInformation, 
//	SystemFlagsInformation, 
//	SystemCallTimeInformation, 
//	SystemModuleInformation, 
//	SystemLocksInformation, 
//	SystemStackTraceInformation, 
//	SystemPagedPoolInformation, 
//	SystemNonPagedPoolInformation, 
//	SystemHandleInformation, 
//	SystemObjectInformation, 
//	SystemPageFileInformation, 
//	SystemVdmInstemulInformation, 
//	SystemVdmBopInformation, 
//	SystemFileCacheInformation, 
//	SystemPoolTagInformation, 
//	SystemInterruptInformation, 
//	SystemDpcBehaviorInformation, 
//	SystemFullMemoryInformation, 
//	SystemLoadGdiDriverInformation, 
//	SystemUnloadGdiDriverInformation, 
//	SystemTimeAdjustmentInformation, 
//	SystemSummaryMemoryInformation, 
//	SystemNextEventIdInformation, 
//	SystemEventIdsInformation, 
//	SystemCrashDumpInformation, 
//	SystemExceptionInformation, 
//	SystemCrashDumpStateInformation, 
//	SystemKernelDebuggerInformation, 
//	SystemContextSwitchInformation, 
//	SystemRegistryQuotaInformation, 
//	SystemExtendServiceTableInformation, 
//	SystemPrioritySeperation, 
//	SystemPlugPlayBusInformation, 
//	SystemDockInformation, 
//	SystemPowerInformationNative,