找回密码
 立即注册→加入我们

QQ登录

只需一步,快速开始

搜索
热搜: 下载 VB C 实现 编写
查看: 8060|回复: 5

NtQuerySystemInformation用法详解

[复制链接]

307

主题

228

回帖

7319

积分

用户组: 真·技术宅

UID
2
精华
76
威望
291 点
宅币
5569 个
贡献
253 次
宅之契约
0 份
在线时间
945 小时
注册时间
2014-1-25
发表于 2015-4-29 15:54:20 | 显示全部楼层 |阅读模式

欢迎访问技术宅的结界,请注册或者登录吧。

您需要 登录 才可以下载或查看,没有账号?立即注册→加入我们

×
花了好几天才弄出来这个东东,照着wrk源码弄得
20150719011619.png
ntdefs.h (29.86 KB, 下载次数: 27)
NtQuerySystemInforamtion.cpp (48.24 KB, 下载次数: 32)
回复

使用道具 举报

0

主题

76

回帖

6758

积分

用户组: 真·技术宅

UID
604
精华
0
威望
2 点
宅币
825 个
贡献
5853 次
宅之契约
0 份
在线时间
101 小时
注册时间
2014-12-20
发表于 2015-4-30 13:37:20 | 显示全部楼层
赞一个....
回复

使用道具 举报

1109

主题

1649

回帖

7万

积分

用户组: 管理员

一只技术宅

UID
1
精华
244
威望
743 点
宅币
24180 个
贡献
46222 次
宅之契约
0 份
在线时间
2294 小时
注册时间
2014-1-26
发表于 2015-7-19 01:18:13 | 显示全部楼层
ntdefs.h
  1. #include <basetsd.h>

  2. #define IN
  3. #define OUT
  4. #define OPTIONAL
  5. #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
  6. #define MAX_STACK_DEPTH 32
  7. #define MAXIMUM_NUMA_NODES 16
  8. #define STATUS_SUCCESS                   ((NTSTATUS)0x00000000L)    // ntsubauth

  9. typedef unsigned long ULONG;
  10. typedef unsigned int DWORD;
  11. typedef unsigned short WORD;
  12. typedef unsigned char UCHAR;
  13. typedef unsigned short USHORT;
  14. typedef long LONG;
  15. typedef LONG NTSTATUS;
  16. typedef void *PVOID;
  17. typedef ULONG *PULONG;
  18. typedef ULONG_PTR KAFFINITY;
  19. typedef char CCHAR;
  20. typedef void * HANDLE;
  21. typedef UCHAR *PUCHAR;
  22. typedef unsigned int UINT;
  23. typedef void *LPVOID;
  24. typedef SIZE_T SYSINF_PAGE_COUNT;
  25. typedef LONG KPRIORITY;
  26. typedef wchar_t WCHAR;
  27. typedef WCHAR *NWPSTR, *LPWSTR, *PWSTR;
  28. typedef char CHAR;
  29. typedef CHAR *PCHAR, *LPCH, *PCH;
  30. typedef DWORD ACCESS_MASK;

  31. typedef struct _UNICODE_STRING {
  32.         USHORT Length;
  33.         USHORT MaximumLength;
  34. #ifdef MIDL_PASS
  35.         [size_is(MaximumLength / 2), length_is((Length) / 2)] USHORT * Buffer;
  36. #else // MIDL_PASS
  37.         PWSTR  Buffer;
  38. #endif // MIDL_PASS
  39. } UNICODE_STRING;
  40. typedef UNICODE_STRING *PUNICODE_STRING;

  41. #if (!defined (_MAC) && (!defined(MIDL_PASS) || defined(__midl)) && (!defined(_M_IX86) || (defined(_INTEGRAL_MAX_BITS) && _INTEGRAL_MAX_BITS >= 64)))
  42. typedef __int64 LONGLONG;
  43. typedef unsigned __int64 ULONGLONG;
  44. #define MAXLONGLONG                         (0x7fffffffffffffff)
  45. #else
  46. #if defined(_MAC) && defined(_MAC_INT_64)
  47. typedef __int64 LONGLONG;
  48. typedef unsigned __int64 ULONGLONG;
  49. #define MAXLONGLONG                      (0x7fffffffffffffff)
  50. #else
  51. typedef double LONGLONG;
  52. typedef double ULONGLONG;
  53. #endif //_MAC and int64
  54. #endif

  55. #if defined(MIDL_PASS)
  56. typedef struct _LARGE_INTEGER
  57. {
  58. #else // MIDL_PASS
  59. typedef union _LARGE_INTEGER
  60. {
  61.         struct
  62.         {
  63.                 DWORD LowPart;
  64.                 LONG HighPart;
  65.         } DUMMYSTRUCTNAME;
  66.         struct
  67.         {
  68.                 DWORD LowPart;
  69.                 LONG HighPart;
  70.         } u;
  71. #endif //MIDL_PASS
  72.         LONGLONG QuadPart;
  73. } LARGE_INTEGER;

  74. typedef unsigned char BYTE;
  75. typedef BYTE BOOLEAN;

  76. #define FLG_STOP_ON_EXCEPTION           0x00000001      // user and kernel mode
  77. #define FLG_SHOW_LDR_SNAPS              0x00000002      // user and kernel mode
  78. #define FLG_DEBUG_INITIAL_COMMAND       0x00000004      // kernel mode only up until WINLOGON started
  79. #define FLG_STOP_ON_HUNG_GUI            0x00000008      // kernel mode only while running

  80. #define FLG_HEAP_ENABLE_TAIL_CHECK      0x00000010      // user mode only
  81. #define FLG_HEAP_ENABLE_FREE_CHECK      0x00000020      // user mode only
  82. #define FLG_HEAP_VALIDATE_PARAMETERS    0x00000040      // user mode only
  83. #define FLG_HEAP_VALIDATE_ALL           0x00000080      // user mode only

  84. #define FLG_APPLICATION_VERIFIER        0x00000100      // user mode only
  85. #define FLG_POOL_ENABLE_TAGGING         0x00000400      // kernel mode only
  86. #define FLG_HEAP_ENABLE_TAGGING         0x00000800      // user mode only

  87. #define FLG_USER_STACK_TRACE_DB         0x00001000      // x86 user mode only
  88. #define FLG_KERNEL_STACK_TRACE_DB       0x00002000      // x86 kernel mode only at boot time
  89. #define FLG_MAINTAIN_OBJECT_TYPELIST    0x00004000      // kernel mode only at boot time
  90. #define FLG_HEAP_ENABLE_TAG_BY_DLL      0x00008000      // user mode only

  91. #define FLG_DISABLE_STACK_EXTENSION     0x00010000      // user mode only
  92. #define FLG_ENABLE_CSRDEBUG             0x00020000      // kernel mode only at boot time
  93. #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD   0x00040000      // kernel mode only
  94. #define FLG_DISABLE_PAGE_KERNEL_STACKS  0x00080000      // kernel mode only at boot time

  95. #define FLG_ENABLE_SYSTEM_CRIT_BREAKS   0x00100000      // user mode only
  96. #define FLG_HEAP_DISABLE_COALESCING     0x00200000      // user mode only
  97. #define FLG_ENABLE_CLOSE_EXCEPTIONS     0x00400000      // kernel mode only
  98. #define FLG_ENABLE_EXCEPTION_LOGGING    0x00800000      // kernel mode only

  99. #define FLG_ENABLE_HANDLE_TYPE_TAGGING  0x01000000      // kernel mode only
  100. #define FLG_HEAP_PAGE_ALLOCS            0x02000000      // user mode only
  101. #define FLG_DEBUG_INITIAL_COMMAND_EX    0x04000000      // kernel mode only up until WINLOGON started
  102. #define FLG_DISABLE_DBGPRINT            0x08000000      // kernel mode only

  103. #define FLG_CRITSEC_EVENT_CREATION      0x10000000      // user mode only, Force early creation of resource events
  104. #define FLG_LDR_TOP_DOWN                0x20000000      // user mode only, win64 only
  105. #define FLG_ENABLE_HANDLE_EXCEPTIONS    0x40000000      // kernel mode only
  106. #define FLG_DISABLE_PROTDLLS            0x80000000      // user mode only (smss/winlogon)

  107. #define PROCESSOR_ARCHITECTURE_INTEL            0
  108. #define PROCESSOR_ARCHITECTURE_MIPS             1
  109. #define PROCESSOR_ARCHITECTURE_ALPHA            2
  110. #define PROCESSOR_ARCHITECTURE_PPC              3
  111. #define PROCESSOR_ARCHITECTURE_SHX              4
  112. #define PROCESSOR_ARCHITECTURE_ARM              5
  113. #define PROCESSOR_ARCHITECTURE_IA64             6
  114. #define PROCESSOR_ARCHITECTURE_ALPHA64          7
  115. #define PROCESSOR_ARCHITECTURE_MSIL             8
  116. #define PROCESSOR_ARCHITECTURE_AMD64            9
  117. #define PROCESSOR_ARCHITECTURE_IA32_ON_WIN64    10

  118. #define STATUS_INFO_LENGTH_MISMATCH      ((NTSTATUS)0xC0000004L)
  119. #define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003L)
  120. #define STATUS_ACCESS_VIOLATION ((DWORD )0xC0000005L)
  121. #define STATUS_INSUFFICIENT_RESOURCES ((NTSTATUS)0xC000009AL)
  122. #define STATUS_WORKING_SET_QUOTA ((NTSTATUS)0xC00000A1L)
  123. #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)

  124. typedef enum _SYSTEM_INFORMATION_CLASS
  125. {
  126.         SystemBasicInformation,
  127.         SystemProcessorInformation,              // obsolete...delete
  128.         SystemPerformanceInformation,
  129.         SystemTimeOfDayInformation,
  130.         SystemPathInformation,
  131.         SystemProcessInformation,                //系统进程信息
  132.         SystemCallCountInformation,
  133.         SystemDeviceInformation,
  134.         SystemProcessorPerformanceInformation,
  135.         SystemFlagsInformation,
  136.         SystemCallTimeInformation,
  137.         SystemModuleInformation,     //系统模块
  138.         SystemLocksInformation,
  139.         SystemStackTraceInformation,
  140.         SystemPagedPoolInformation,
  141.         SystemNonPagedPoolInformation,
  142.         SystemHandleInformation,
  143.         SystemObjectInformation,
  144.         SystemPageFileInformation,
  145.         SystemVdmInstemulInformation,
  146.         SystemVdmBopInformation,
  147.         SystemFileCacheInformation,
  148.         SystemPoolTagInformation,
  149.         SystemInterruptInformation,
  150.         SystemDpcBehaviorInformation,
  151.         SystemFullMemoryInformation,
  152.         SystemLoadGdiDriverInformation,
  153.         SystemUnloadGdiDriverInformation,
  154.         SystemTimeAdjustmentInformation,
  155.         SystemSummaryMemoryInformation,
  156.         SystemMirrorMemoryInformation,
  157.         SystemPerformanceTraceInformation,
  158.         SystemObsolete0,
  159.         SystemExceptionInformation,
  160.         SystemCrashDumpStateInformation,
  161.         SystemKernelDebuggerInformation,
  162.         SystemContextSwitchInformation,
  163.         SystemRegistryQuotaInformation,
  164.         SystemExtendServiceTableInformation,
  165.         SystemPrioritySeperation,
  166.         SystemVerifierAddDriverInformation,
  167.         SystemVerifierRemoveDriverInformation,
  168.         SystemProcessorIdleInformation,
  169.         SystemLegacyDriverInformation,
  170.         SystemCurrentTimeZoneInformation,
  171.         SystemLookasideInformation,
  172.         SystemTimeSlipNotification,
  173.         SystemSessionCreate,
  174.         SystemSessionDetach,
  175.         SystemSessionInformation,
  176.         SystemRangeStartInformation,
  177.         SystemVerifierInformation,
  178.         SystemVerifierThunkExtend,
  179.         SystemSessionProcessInformation,
  180.         SystemLoadGdiDriverInSystemSpace,
  181.         SystemNumaProcessorMap,
  182.         SystemPrefetcherInformation,
  183.         SystemExtendedProcessInformation,
  184.         SystemRecommendedSharedDataAlignment,
  185.         SystemComPlusPackage,
  186.         SystemNumaAvailableMemory,
  187.         SystemProcessorPowerInformation,
  188.         SystemEmulationBasicInformation,//=SystemBasicInformation
  189.         SystemEmulationProcessorInformation,//=SystemProcessorInformation
  190.         SystemExtendedHandleInformation,
  191.         SystemLostDelayedWriteInformation,
  192.         SystemBigPoolInformation,
  193.         SystemSessionPoolTagInformation,
  194.         SystemSessionMappedViewInformation,
  195.         SystemHotpatchInformation,
  196.         SystemObjectSecurityMode,
  197.         SystemWatchdogTimerHandler,
  198.         SystemWatchdogTimerInformation,
  199.         SystemLogicalProcessorInformation,
  200.         SystemWow64SharedInformation,
  201.         SystemRegisterFirmwareTableInformationHandler,
  202.         SystemFirmwareTableInformation,
  203.         SystemModuleInformationEx,
  204.         SystemVerifierTriageInformation,
  205.         SystemSuperfetchInformation,
  206.         SystemMemoryListInformation,
  207.         SystemFileCacheInformationEx,

  208.         //100?
  209.         SystemPageMemoryInformation = 123,//自定义
  210.         SystemPolicyInformation = 134,

  211. } SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;

  212. typedef struct _SYSTEM_BASIC_INFORMATION
  213. {
  214.         ULONG Reserved;
  215.         ULONG TimerResolution;
  216.         ULONG PageSize;
  217.         SYSINF_PAGE_COUNT NumberOfPhysicalPages;
  218.         SYSINF_PAGE_COUNT LowestPhysicalPageNumber;
  219.         SYSINF_PAGE_COUNT HighestPhysicalPageNumber;
  220.         ULONG AllocationGranularity;
  221.         ULONG_PTR MinimumUserModeAddress;
  222.         ULONG_PTR MaximumUserModeAddress;
  223.         ULONG_PTR ActiveProcessorsAffinityMask;
  224.         CCHAR NumberOfProcessors;
  225. } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;

  226. typedef struct _SYSTEM_PROCESSOR_INFORMATION
  227. {
  228.         USHORT ProcessorArchitecture;
  229.         USHORT ProcessorLevel;
  230.         USHORT ProcessorRevision;
  231.         USHORT Reserved;
  232.         ULONG ProcessorFeatureBits;
  233. } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;

  234. typedef struct _SYSTEM_PERFORMANCE_INFORMATION
  235. {
  236.         LARGE_INTEGER IdleProcessTime;
  237.         LARGE_INTEGER IoReadTransferCount;
  238.         LARGE_INTEGER IoWriteTransferCount;
  239.         LARGE_INTEGER IoOtherTransferCount;
  240.         ULONG IoReadOperationCount;
  241.         ULONG IoWriteOperationCount;
  242.         ULONG IoOtherOperationCount;
  243.         ULONG AvailablePages;
  244.         SYSINF_PAGE_COUNT CommittedPages;
  245.         SYSINF_PAGE_COUNT CommitLimit;
  246.         SYSINF_PAGE_COUNT PeakCommitment;
  247.         ULONG PageFaultCount;
  248.         ULONG CopyOnWriteCount;
  249.         ULONG TransitionCount;
  250.         ULONG CacheTransitionCount;
  251.         ULONG DemandZeroCount;
  252.         ULONG PageReadCount;
  253.         ULONG PageReadIoCount;
  254.         ULONG CacheReadCount;
  255.         ULONG CacheIoCount;
  256.         ULONG DirtyPagesWriteCount;
  257.         ULONG DirtyWriteIoCount;
  258.         ULONG MappedPagesWriteCount;
  259.         ULONG MappedWriteIoCount;
  260.         ULONG PagedPoolPages;
  261.         ULONG NonPagedPoolPages;
  262.         ULONG PagedPoolAllocs;
  263.         ULONG PagedPoolFrees;
  264.         ULONG NonPagedPoolAllocs;
  265.         ULONG NonPagedPoolFrees;
  266.         ULONG FreeSystemPtes;
  267.         ULONG ResidentSystemCodePage;
  268.         ULONG TotalSystemDriverPages;
  269.         ULONG TotalSystemCodePages;
  270.         ULONG NonPagedPoolLookasideHits;
  271.         ULONG PagedPoolLookasideHits;
  272.         ULONG AvailablePagedPoolPages;
  273.         ULONG ResidentSystemCachePage;
  274.         ULONG ResidentPagedPoolPage;
  275.         ULONG ResidentSystemDriverPage;
  276.         ULONG CcFastReadNoWait;
  277.         ULONG CcFastReadWait;
  278.         ULONG CcFastReadResourceMiss;
  279.         ULONG CcFastReadNotPossible;
  280.         ULONG CcFastMdlReadNoWait;
  281.         ULONG CcFastMdlReadWait;
  282.         ULONG CcFastMdlReadResourceMiss;
  283.         ULONG CcFastMdlReadNotPossible;
  284.         ULONG CcMapDataNoWait;
  285.         ULONG CcMapDataWait;
  286.         ULONG CcMapDataNoWaitMiss;
  287.         ULONG CcMapDataWaitMiss;
  288.         ULONG CcPinMappedDataCount;
  289.         ULONG CcPinReadNoWait;
  290.         ULONG CcPinReadWait;
  291.         ULONG CcPinReadNoWaitMiss;
  292.         ULONG CcPinReadWaitMiss;
  293.         ULONG CcCopyReadNoWait;
  294.         ULONG CcCopyReadWait;
  295.         ULONG CcCopyReadNoWaitMiss;
  296.         ULONG CcCopyReadWaitMiss;
  297.         ULONG CcMdlReadNoWait;
  298.         ULONG CcMdlReadWait;
  299.         ULONG CcMdlReadNoWaitMiss;
  300.         ULONG CcMdlReadWaitMiss;
  301.         ULONG CcReadAheadIos;
  302.         ULONG CcLazyWriteIos;
  303.         ULONG CcLazyWritePages;
  304.         ULONG CcDataFlushes;
  305.         ULONG CcDataPages;
  306.         ULONG ContextSwitches;
  307.         ULONG FirstLevelTbFills;
  308.         ULONG SecondLevelTbFills;
  309.         ULONG SystemCalls;
  310. } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;

  311. typedef struct _SYSTEM_TIMEOFDAY_INFORMATION
  312. {
  313.         LARGE_INTEGER BootTime;
  314.         LARGE_INTEGER CurrentTime;
  315.         LARGE_INTEGER TimeZoneBias;
  316.         ULONG TimeZoneId;
  317.         ULONG Reserved;
  318.         ULONGLONG BootTimeBias;
  319.         ULONGLONG SleepTimeBias;
  320. } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;

  321. typedef struct _SYSTEM_PROCESS_INFORMATION
  322. {
  323.         ULONG NextEntryOffset;
  324.         ULONG NumberOfThreads;
  325.         LARGE_INTEGER SpareLi1;
  326.         LARGE_INTEGER SpareLi2;
  327.         LARGE_INTEGER SpareLi3;
  328.         LARGE_INTEGER CreateTime;
  329.         LARGE_INTEGER UserTime;
  330.         LARGE_INTEGER KernelTime;
  331.         UNICODE_STRING ImageName;
  332.         KPRIORITY BasePriority;
  333.         HANDLE UniqueProcessId;
  334.         HANDLE InheritedFromUniqueProcessId;
  335.         ULONG HandleCount;
  336.         ULONG SessionId;
  337.         ULONG_PTR PageDirectoryBase;
  338.         SIZE_T PeakVirtualSize;
  339.         SIZE_T VirtualSize;
  340.         ULONG PageFaultCount;
  341.         SIZE_T PeakWorkingSetSize;
  342.         SIZE_T WorkingSetSize;
  343.         SIZE_T QuotaPeakPagedPoolUsage;
  344.         SIZE_T QuotaPagedPoolUsage;
  345.         SIZE_T QuotaPeakNonPagedPoolUsage;
  346.         SIZE_T QuotaNonPagedPoolUsage;
  347.         SIZE_T PagefileUsage;
  348.         SIZE_T PeakPagefileUsage;
  349.         SIZE_T PrivatePageCount;
  350.         LARGE_INTEGER ReadOperationCount;
  351.         LARGE_INTEGER WriteOperationCount;
  352.         LARGE_INTEGER OtherOperationCount;
  353.         LARGE_INTEGER ReadTransferCount;
  354.         LARGE_INTEGER WriteTransferCount;
  355.         LARGE_INTEGER OtherTransferCount;
  356. } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;

  357. typedef struct _SYSTEM_CALL_COUNT_INFORMATION
  358. {
  359.         ULONG Length;
  360.         ULONG NumberOfTables;
  361. } SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION;

  362. typedef struct _SYSTEM_DEVICE_INFORMATION
  363. {
  364.         ULONG NumberOfDisks;
  365.         ULONG NumberOfFloppies;
  366.         ULONG NumberOfCdRoms;
  367.         ULONG NumberOfTapes;
  368.         ULONG NumberOfSerialPorts;
  369.         ULONG NumberOfParallelPorts;
  370. } SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;

  371. typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
  372. {
  373.         LARGE_INTEGER IdleTime;
  374.         LARGE_INTEGER KernelTime;
  375.         LARGE_INTEGER UserTime;
  376.         LARGE_INTEGER DpcTime;          // DEVL only
  377.         LARGE_INTEGER InterruptTime;    // DEVL only
  378.         ULONG InterruptCount;
  379. } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;

  380. typedef struct _SYSTEM_FLAGS_INFORMATION
  381. {
  382.         ULONG Flags;
  383. } SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION;

  384. typedef struct _RTL_PROCESS_MODULE_INFORMATION
  385. {
  386.         HANDLE Section;                 // Not filled in
  387.         PVOID MappedBase;
  388.         PVOID ImageBase;
  389.         ULONG ImageSize;
  390.         ULONG Flags;
  391.         USHORT LoadOrderIndex;
  392.         USHORT InitOrderIndex;
  393.         USHORT LoadCount;
  394.         USHORT OffsetToFileName;
  395.         UCHAR  FullPathName[256];
  396. } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;

  397. typedef struct _RTL_PROCESS_MODULES
  398. {
  399.         ULONG NumberOfModules;
  400.         RTL_PROCESS_MODULE_INFORMATION Modules[1];
  401. } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;

  402. typedef struct _RTL_PROCESS_LOCK_INFORMATION
  403. {
  404.         PVOID Address;
  405.         USHORT Type;
  406.         USHORT CreatorBackTraceIndex;
  407.         HANDLE OwningThread;        // from the thread's ClientId->UniqueThread
  408.         LONG LockCount;
  409.         ULONG ContentionCount;
  410.         ULONG EntryCount;
  411.         LONG RecursionCount;
  412.         ULONG NumberOfWaitingShared;
  413.         ULONG NumberOfWaitingExclusive;
  414. } RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION;

  415. typedef struct _RTL_PROCESS_LOCKS
  416. {
  417.         ULONG NumberOfLocks;
  418.         RTL_PROCESS_LOCK_INFORMATION Locks[1];
  419. } RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS;


  420. typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION
  421. {
  422.         PCHAR SymbolicBackTrace;        // Not filled in
  423.         ULONG TraceCount;
  424.         USHORT Index;
  425.         USHORT Depth;
  426.         PVOID BackTrace[MAX_STACK_DEPTH];
  427. } RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION;

  428. typedef struct _RTL_PROCESS_BACKTRACES
  429. {
  430.         ULONG CommittedMemory;
  431.         ULONG ReservedMemory;
  432.         ULONG NumberOfBackTraceLookups;
  433.         ULONG NumberOfBackTraces;
  434.         RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1];
  435. } RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES;

  436. typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
  437. {
  438.         USHORT UniqueProcessId;
  439.         USHORT CreatorBackTraceIndex;
  440.         UCHAR ObjectTypeIndex;
  441.         UCHAR HandleAttributes;
  442.         USHORT HandleValue;
  443.         PVOID Object;
  444.         ULONG GrantedAccess;
  445. } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;

  446. typedef struct _SYSTEM_HANDLE_INFORMATION
  447. {
  448.         ULONG NumberOfHandles;
  449.         SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
  450. } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;

  451. typedef struct _GENERIC_MAPPING
  452. {
  453.         ACCESS_MASK GenericRead;
  454.         ACCESS_MASK GenericWrite;
  455.         ACCESS_MASK GenericExecute;
  456.         ACCESS_MASK GenericAll;
  457. } GENERIC_MAPPING;
  458. typedef GENERIC_MAPPING *PGENERIC_MAPPING;

  459. typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
  460. {
  461.         ULONG NextEntryOffset;
  462.         ULONG NumberOfObjects;
  463.         ULONG NumberOfHandles;
  464.         ULONG TypeIndex;
  465.         ULONG InvalidAttributes;
  466.         GENERIC_MAPPING GenericMapping;
  467.         ULONG ValidAccessMask;
  468.         ULONG PoolType;
  469.         BOOLEAN SecurityRequired;
  470.         BOOLEAN WaitableObject;
  471.         UNICODE_STRING TypeName;
  472. } SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;

  473. typedef struct _OBJECT_NAME_INFORMATION
  474. {
  475.         UNICODE_STRING Name;
  476. } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;

  477. typedef struct _SYSTEM_OBJECT_INFORMATION
  478. {
  479.         ULONG NextEntryOffset;
  480.         PVOID Object;
  481.         HANDLE CreatorUniqueProcess;
  482.         USHORT CreatorBackTraceIndex;
  483.         USHORT Flags;
  484.         LONG PointerCount;
  485.         LONG HandleCount;
  486.         ULONG PagedPoolCharge;
  487.         ULONG NonPagedPoolCharge;
  488.         HANDLE ExclusiveProcessId;
  489.         PVOID SecurityDescriptor;
  490.         OBJECT_NAME_INFORMATION NameInfo;
  491. } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;

  492. typedef struct _SYSTEM_PAGEFILE_INFORMATION
  493. {
  494.         ULONG NextEntryOffset;
  495.         ULONG TotalSize;
  496.         ULONG TotalInUse;
  497.         ULONG PeakUsage;
  498.         UNICODE_STRING PageFileName;
  499. } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;

  500. typedef struct _SYSTEM_VDM_INSTEMUL_INFO
  501. {
  502.         ULONG SegmentNotPresent;
  503.         ULONG VdmOpcode0F;
  504.         ULONG OpcodeESPrefix;
  505.         ULONG OpcodeCSPrefix;
  506.         ULONG OpcodeSSPrefix;
  507.         ULONG OpcodeDSPrefix;
  508.         ULONG OpcodeFSPrefix;
  509.         ULONG OpcodeGSPrefix;
  510.         ULONG OpcodeOPER32Prefix;
  511.         ULONG OpcodeADDR32Prefix;
  512.         ULONG OpcodeINSB;
  513.         ULONG OpcodeINSW;
  514.         ULONG OpcodeOUTSB;
  515.         ULONG OpcodeOUTSW;
  516.         ULONG OpcodePUSHF;
  517.         ULONG OpcodePOPF;
  518.         ULONG OpcodeINTnn;
  519.         ULONG OpcodeINTO;
  520.         ULONG OpcodeIRET;
  521.         ULONG OpcodeINBimm;
  522.         ULONG OpcodeINWimm;
  523.         ULONG OpcodeOUTBimm;
  524.         ULONG OpcodeOUTWimm;
  525.         ULONG OpcodeINB;
  526.         ULONG OpcodeINW;
  527.         ULONG OpcodeOUTB;
  528.         ULONG OpcodeOUTW;
  529.         ULONG OpcodeLOCKPrefix;
  530.         ULONG OpcodeREPNEPrefix;
  531.         ULONG OpcodeREPPrefix;
  532.         ULONG OpcodeHLT;
  533.         ULONG OpcodeCLI;
  534.         ULONG OpcodeSTI;
  535.         ULONG BopCount;
  536. } SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;

  537. typedef struct _SYSTEM_FILECACHE_INFORMATION
  538. {
  539.         SIZE_T CurrentSize;
  540.         SIZE_T PeakSize;
  541.         ULONG PageFaultCount;
  542.         SIZE_T MinimumWorkingSet;
  543.         SIZE_T MaximumWorkingSet;
  544.         SIZE_T CurrentSizeIncludingTransitionInPages;
  545.         SIZE_T PeakSizeIncludingTransitionInPages;
  546.         ULONG TransitionRePurposeCount;
  547.         ULONG Flags;
  548. } SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION;

  549. typedef struct _SYSTEM_POOLTAG
  550. {
  551.         union
  552.         {
  553.                 UCHAR Tag[4];
  554.                 ULONG TagUlong;
  555.         };
  556.         ULONG PagedAllocs;
  557.         ULONG PagedFrees;
  558.         SIZE_T PagedUsed;
  559.         ULONG NonPagedAllocs;
  560.         ULONG NonPagedFrees;
  561.         SIZE_T NonPagedUsed;
  562. } SYSTEM_POOLTAG, *PSYSTEM_POOLTAG;

  563. typedef struct _SYSTEM_POOLTAG_INFORMATION
  564. {
  565.         ULONG Count;
  566.         SYSTEM_POOLTAG TagInfo[1];
  567. } SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION;

  568. typedef struct _SYSTEM_INTERRUPT_INFORMATION
  569. {
  570.         ULONG ContextSwitches;
  571.         ULONG DpcCount;
  572.         ULONG DpcRate;
  573.         ULONG TimeIncrement;
  574.         ULONG DpcBypassCount;
  575.         ULONG ApcBypassCount;
  576. } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;

  577. typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION
  578. {
  579.         ULONG Spare;
  580.         ULONG DpcQueueDepth;
  581.         ULONG MinimumDpcRate;
  582.         ULONG AdjustDpcThreshold;
  583.         ULONG IdealDpcRate;
  584. } SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION;

  585. typedef struct _SYSTEM_MEMORY_INFO
  586. {
  587.         PUCHAR StringOffset;
  588.         USHORT ValidCount;
  589.         USHORT TransitionCount;
  590.         USHORT ModifiedCount;
  591.         USHORT PageTableCount;
  592. } SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;

  593. typedef struct _SYSTEM_MEMORY_INFORMATION
  594. {
  595.         ULONG InfoSize;
  596.         ULONG_PTR StringStart;
  597.         SYSTEM_MEMORY_INFO Memory[1];
  598. } SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION;

  599. typedef struct _IMAGE_EXPORT_DIRECTORY
  600. {
  601.         DWORD   Characteristics;
  602.         DWORD   TimeDateStamp;
  603.         WORD    MajorVersion;
  604.         WORD    MinorVersion;
  605.         DWORD   Name;
  606.         DWORD   Base;
  607.         DWORD   NumberOfFunctions;
  608.         DWORD   NumberOfNames;
  609.         DWORD   AddressOfFunctions;     // RVA from base of image
  610.         DWORD   AddressOfNames;         // RVA from base of image
  611.         DWORD   AddressOfNameOrdinals;  // RVA from base of image
  612. } IMAGE_EXPORT_DIRECTORY, *PIMAGE_EXPORT_DIRECTORY;

  613. typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
  614. {
  615.         UNICODE_STRING DriverName;
  616.         PVOID ImageAddress;
  617.         PVOID SectionPointer;
  618.         PVOID EntryPoint;
  619.         PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
  620.         ULONG ImageLength;
  621. } SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;

  622. typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION
  623. {
  624.         ULONG TimeAdjustment;
  625.         BOOLEAN Enable;
  626. } SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION;










  627. typedef struct _KSERVICE_TABLE_DESCRIPTOR
  628. {
  629.         PULONG_PTR Base;
  630.         PULONG Count;
  631.         ULONG Limit;
  632.         PUCHAR Number;
  633. } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR;

  634. typedef struct _CLIENT_ID
  635. {
  636.         HANDLE UniqueProcess;
  637.         HANDLE UniqueThread;
  638. } CLIENT_ID;
  639. typedef CLIENT_ID *PCLIENT_ID;

  640. typedef struct _SYSTEM_THREAD_INFORMATION
  641. {
  642.         LARGE_INTEGER KernelTime;
  643.         LARGE_INTEGER UserTime;
  644.         LARGE_INTEGER CreateTime;
  645.         ULONG WaitTime;
  646.         PVOID StartAddress;
  647.         CLIENT_ID ClientId;
  648.         KPRIORITY Priority;
  649.         LONG BasePriority;
  650.         ULONG ContextSwitches;
  651.         ULONG ThreadState;
  652.         ULONG WaitReason;
  653. } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;

  654. typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION
  655. {
  656.         SYSTEM_THREAD_INFORMATION ThreadInfo;
  657.         PVOID StackBase;
  658.         PVOID StackLimit;
  659.         PVOID Win32StartAddress;
  660.         ULONG_PTR Reserved1;
  661.         ULONG_PTR Reserved2;
  662.         ULONG_PTR Reserved3;
  663.         ULONG_PTR Reserved4;
  664. } SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION;

  665. typedef struct _SYSTEM_EXCEPTION_INFORMATION
  666. {
  667.         ULONG AlignmentFixupCount;
  668.         ULONG ExceptionDispatchCount;
  669.         ULONG FloatingEmulationCount;
  670.         ULONG ByteWordEmulationCount;
  671. } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;

  672. typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION
  673. {
  674.         BOOLEAN KernelDebuggerEnabled;
  675.         BOOLEAN KernelDebuggerNotPresent;
  676. } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;

  677. typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION
  678. {
  679.         ULONG ContextSwitches;
  680.         ULONG FindAny;
  681.         ULONG FindLast;
  682.         ULONG FindIdeal;
  683.         ULONG IdleAny;
  684.         ULONG IdleCurrent;
  685.         ULONG IdleLast;
  686.         ULONG IdleIdeal;
  687.         ULONG PreemptAny;
  688.         ULONG PreemptCurrent;
  689.         ULONG PreemptLast;
  690.         ULONG SwitchToIdle;
  691. } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;

  692. typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
  693. {
  694.         ULONG  RegistryQuotaAllowed;
  695.         ULONG  RegistryQuotaUsed;
  696.         SIZE_T PagedPoolSize;
  697. } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;

  698. typedef struct _SYSTEM_PROCESSOR_IDLE_INFORMATION
  699. {
  700.         ULONGLONG IdleTime;
  701.         ULONGLONG C1Time;
  702.         ULONGLONG C2Time;
  703.         ULONGLONG C3Time;
  704.         ULONG     C1Transitions;
  705.         ULONG     C2Transitions;
  706.         ULONG     C3Transitions;
  707.         ULONG     Padding;
  708. } SYSTEM_PROCESSOR_IDLE_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_INFORMATION;

  709. typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION
  710. {
  711.         ULONG VetoType;
  712.         UNICODE_STRING VetoList;
  713. } SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION;

  714. typedef short CSHORT;

  715. typedef struct _TIME_FIELDS
  716. {
  717.         CSHORT Year;        // range [1601...]
  718.         CSHORT Month;       // range [1..12]
  719.         CSHORT Day;         // range [1..31]
  720.         CSHORT Hour;        // range [0..23]
  721.         CSHORT Minute;      // range [0..59]
  722.         CSHORT Second;      // range [0..59]
  723.         CSHORT Milliseconds;// range [0..999]
  724.         CSHORT Weekday;     // range [0..6] == [Sunday..Saturday]
  725. } TIME_FIELDS;

  726. typedef struct _RTL_TIME_ZONE_INFORMATION
  727. {
  728.         LONG Bias;
  729.         WCHAR StandardName[32];
  730.         TIME_FIELDS StandardStart;
  731.         LONG StandardBias;
  732.         WCHAR DaylightName[32];
  733.         TIME_FIELDS DaylightStart;
  734.         LONG DaylightBias;
  735. } RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION;

  736. typedef struct _SYSTEM_LOOKASIDE_INFORMATION
  737. {
  738.         USHORT CurrentDepth;
  739.         USHORT MaximumDepth;
  740.         ULONG TotalAllocates;
  741.         ULONG AllocateMisses;
  742.         ULONG TotalFrees;
  743.         ULONG FreeMisses;
  744.         ULONG Type;
  745.         ULONG Tag;
  746.         ULONG Size;
  747. } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;

  748. typedef struct _SYSTEM_VERIFIER_INFORMATION
  749. {
  750.         ULONG NextEntryOffset;
  751.         ULONG Level;
  752.         UNICODE_STRING DriverName;
  753.         ULONG RaiseIrqls;
  754.         ULONG AcquireSpinLocks;
  755.         ULONG SynchronizeExecutions;
  756.         ULONG AllocationsAttempted;
  757.         ULONG AllocationsSucceeded;
  758.         ULONG AllocationsSucceededSpecialPool;
  759.         ULONG AllocationsWithNoTag;
  760.         ULONG TrimRequests;
  761.         ULONG Trims;
  762.         ULONG AllocationsFailed;
  763.         ULONG AllocationsFailedDeliberately;
  764.         ULONG Loads;
  765.         ULONG Unloads;
  766.         ULONG UnTrackedPool;
  767.         ULONG CurrentPagedPoolAllocations;
  768.         ULONG CurrentNonPagedPoolAllocations;
  769.         ULONG PeakPagedPoolAllocations;
  770.         ULONG PeakNonPagedPoolAllocations;
  771.         SIZE_T PagedPoolUsageInBytes;
  772.         SIZE_T NonPagedPoolUsageInBytes;
  773.         SIZE_T PeakPagedPoolUsageInBytes;
  774.         SIZE_T PeakNonPagedPoolUsageInBytes;
  775. } SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION;

  776. typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
  777. {
  778.         ULONG SessionId;
  779.         ULONG SizeOfBuf;
  780.         PVOID Buffer;
  781. } SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;

  782. typedef struct _SYSTEM_SESSION_POOLTAG_INFORMATION
  783. {
  784.         SIZE_T NextEntryOffset;
  785.         ULONG SessionId;
  786.         ULONG Count;
  787.         SYSTEM_POOLTAG TagInfo[1];
  788. } SYSTEM_SESSION_POOLTAG_INFORMATION, *PSYSTEM_SESSION_POOLTAG_INFORMATION;

  789. typedef struct _SYSTEM_NUMA_INFORMATION
  790. {
  791.         ULONG       HighestNodeNumber;
  792.         ULONG       Reserved;
  793.         union
  794.         {
  795.                 ULONGLONG   ActiveProcessorsAffinityMask[MAXIMUM_NUMA_NODES];
  796.                 ULONGLONG   AvailableMemory[MAXIMUM_NUMA_NODES];
  797.         };
  798. } SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION;

  799. typedef struct _SYSTEM_PROCESSOR_POWER_INFORMATION
  800. {
  801.         UCHAR       CurrentFrequency;
  802.         UCHAR       ThermalLimitFrequency;
  803.         UCHAR       ConstantThrottleFrequency;
  804.         UCHAR       DegradedThrottleFrequency;
  805.         UCHAR       LastBusyFrequency;
  806.         UCHAR       LastC3Frequency;
  807.         UCHAR       LastAdjustedBusyFrequency;
  808.         UCHAR       ProcessorMinThrottle;
  809.         UCHAR       ProcessorMaxThrottle;
  810.         ULONG       NumberOfFrequencies;
  811.         ULONG       PromotionCount;
  812.         ULONG       DemotionCount;
  813.         ULONG       ErrorCount;
  814.         ULONG       RetryCount;
  815.         ULONGLONG   CurrentFrequencyTime;
  816.         ULONGLONG   CurrentProcessorTime;
  817.         ULONGLONG   CurrentProcessorIdleTime;
  818.         ULONGLONG   LastProcessorTime;
  819.         ULONGLONG   LastProcessorIdleTime;
  820. } SYSTEM_PROCESSOR_POWER_INFORMATION, *PSYSTEM_PROCESSOR_POWER_INFORMATION;

  821. typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
  822. {
  823.         PVOID Object;
  824.         ULONG_PTR UniqueProcessId;
  825.         ULONG_PTR HandleValue;
  826.         ULONG GrantedAccess;
  827.         USHORT CreatorBackTraceIndex;
  828.         USHORT ObjectTypeIndex;
  829.         ULONG  HandleAttributes;
  830.         ULONG  Reserved;
  831. } SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;

  832. typedef struct _SYSTEM_HANDLE_INFORMATION_EX
  833. {
  834.         ULONG_PTR NumberOfHandles;
  835.         ULONG_PTR Reserved;
  836.         SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];
  837. } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;

  838. typedef struct _SYSTEM_BIGPOOL_ENTRY
  839. {
  840.         union
  841.         {
  842.                 PVOID VirtualAddress;
  843.                 ULONG_PTR NonPaged : 1;     // Set to 1 if entry is nonpaged.
  844.         };
  845.         SIZE_T SizeInBytes;
  846.         union
  847.         {
  848.                 UCHAR Tag[4];
  849.                 ULONG TagUlong;
  850.         };
  851. } SYSTEM_BIGPOOL_ENTRY, *PSYSTEM_BIGPOOL_ENTRY;

  852. typedef struct _SYSTEM_BIGPOOL_INFORMATION
  853. {
  854.         ULONG Count;
  855.         SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1];
  856. } SYSTEM_BIGPOOL_INFORMATION, *PSYSTEM_BIGPOOL_INFORMATION;

  857. typedef struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION
  858. {
  859.         SIZE_T NextEntryOffset;
  860.         ULONG SessionId;
  861.         ULONG ViewFailures;
  862.         SIZE_T NumberOfBytesAvailable;
  863.         SIZE_T NumberOfBytesAvailableContiguous;
  864. } SYSTEM_SESSION_MAPPED_VIEW_INFORMATION, *PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION;

  865. typedef enum _WATCHDOG_HANDLER_ACTION
  866. {
  867.         WdActionSetTimeoutValue,
  868.         WdActionQueryTimeoutValue,
  869.         WdActionResetTimer,
  870.         WdActionStopTimer,
  871.         WdActionStartTimer,
  872.         WdActionSetTriggerAction,
  873.         WdActionQueryTriggerAction,
  874.         WdActionQueryState
  875. } WATCHDOG_HANDLER_ACTION;

  876. typedef enum _WATCHDOG_INFORMATION_CLASS
  877. {
  878.         WdInfoTimeoutValue,
  879.         WdInfoResetTimer,
  880.         WdInfoStopTimer,
  881.         WdInfoStartTimer,
  882.         WdInfoTriggerAction,
  883.         WdInfoState
  884. } WATCHDOG_INFORMATION_CLASS;

  885. typedef NTSTATUS (*PWD_HANDLER)(IN WATCHDOG_HANDLER_ACTION Action, IN PVOID Context, IN OUT PULONG DataValue, IN BOOLEAN NoLocks);

  886. typedef struct _SYSTEM_WATCHDOG_HANDLER_INFORMATION
  887. {
  888.         PWD_HANDLER WdHandler;
  889.         PVOID       Context;
  890. } SYSTEM_WATCHDOG_HANDLER_INFORMATION, *PSYSTEM_WATCHDOG_HANDLER_INFORMATION;

  891. typedef struct _SYSTEM_WATCHDOG_TIMER_INFORMATION
  892. {
  893.         WATCHDOG_INFORMATION_CLASS  WdInfoClass;
  894.         ULONG                       DataValue;
  895. } SYSTEM_WATCHDOG_TIMER_INFORMATION, *PSYSTEM_WATCHDOG_TIMER_INFORMATION;

  896. typedef enum _LOGICAL_PROCESSOR_RELATIONSHIP
  897. {
  898.         RelationProcessorCore,
  899.         RelationNumaNode,
  900.         RelationCache,
  901.         RelationProcessorPackage,
  902.         RelationGroup,
  903.         RelationAll = 0xffff
  904. } LOGICAL_PROCESSOR_RELATIONSHIP;

  905. typedef enum _PROCESSOR_CACHE_TYPE
  906. {
  907.         CacheUnified,
  908.         CacheInstruction,
  909.         CacheData,
  910.         CacheTrace
  911. } PROCESSOR_CACHE_TYPE;

  912. typedef struct _CACHE_DESCRIPTOR
  913. {
  914.         BYTE   Level;
  915.         BYTE   Associativity;
  916.         WORD   LineSize;
  917.         DWORD  Size;
  918.         PROCESSOR_CACHE_TYPE Type;
  919. } CACHE_DESCRIPTOR, *PCACHE_DESCRIPTOR;

  920. typedef struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION
  921. {
  922.         ULONG_PTR   ProcessorMask;
  923.         LOGICAL_PROCESSOR_RELATIONSHIP Relationship;
  924.         union
  925.         {
  926.                 struct
  927.                 {
  928.                         BYTE  Flags;
  929.                 } ProcessorCore;
  930.                 struct
  931.                 {
  932.                         DWORD NodeNumber;
  933.                 } NumaNode;
  934.                 CACHE_DESCRIPTOR Cache;
  935.                 ULONGLONG  Reserved[2];
  936.         } DUMMYUNIONNAME;
  937. } SYSTEM_LOGICAL_PROCESSOR_INFORMATION, *PSYSTEM_LOGICAL_PROCESSOR_INFORMATION;

  938. typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
  939. {
  940.         SystemFirmwareTable_Enumerate,
  941.         SystemFirmwareTable_Get
  942. } SYSTEM_FIRMWARE_TABLE_ACTION;

  943. #ifndef ANYSIZE_ARRAY
  944. #define ANYSIZE_ARRAY 1       // winnt
  945. #endif

  946. typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
  947. {
  948.         ULONG                           ProviderSignature;
  949.         SYSTEM_FIRMWARE_TABLE_ACTION    Action;
  950.         ULONG                           TableID;
  951.         ULONG                           TableBufferLength;
  952.         UCHAR                           TableBuffer[ANYSIZE_ARRAY];
  953. } SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;

  954. typedef NTSTATUS(__cdecl *PFNFTH)(PSYSTEM_FIRMWARE_TABLE_INFORMATION);

  955. typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER
  956. {
  957.         ULONG       ProviderSignature;
  958.         BOOLEAN     Register;
  959.         PFNFTH      FirmwareTableHandler;
  960.         PVOID       DriverObject;
  961. } SYSTEM_FIRMWARE_TABLE_HANDLER, *PSYSTEM_FIRMWARE_TABLE_HANDLER;
复制代码
回复 赞! 靠!

使用道具 举报

1109

主题

1649

回帖

7万

积分

用户组: 管理员

一只技术宅

UID
1
精华
244
威望
743 点
宅币
24180 个
贡献
46222 次
宅之契约
0 份
在线时间
2294 小时
注册时间
2014-1-26
发表于 2015-7-19 01:18:57 | 显示全部楼层
NtQuerySystemInforamtion.cpp:
  1. #include "NtDefs.h"
  2. #include <iostream>
  3. #include <string>

  4. #pragma comment(lib,"ntdll.lib")
  5. using namespace std;
  6. #define printseg(x) cout<<"\t"###x##":"<<x<<endl

  7. typedef HANDLE HLOCAL;

  8. extern "C"
  9. {
  10.         KSERVICE_TABLE_DESCRIPTOR* KeServiceDescriptorTableShadow;
  11.         NTSTATUS __stdcall NtQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL);
  12.         HLOCAL __stdcall LocalAlloc(IN UINT uFlags, SIZE_T uBytes);
  13.         LPVOID __stdcall LocalLock(IN HLOCAL hMem);
  14.         HLOCAL __stdcall LocalFree(IN HLOCAL hMem);
  15. }

  16. template<typename systeminfo>
  17. void GetInformationTemplate(IN SYSTEM_INFORMATION_CLASS SystemInformationClass,IN void (*GetCallBack)(systeminfo* si))
  18. {
  19.         ULONG retlen = 2;
  20.         NTSTATUS status = STATUS_SUCCESS;
  21.         HLOCAL hMem = NULL;

  22.         status = NtQuerySystemInformation(SystemInformationClass, &status, sizeof(status), &retlen);
  23.         switch (status)
  24.         {
  25.         case STATUS_INVALID_INFO_CLASS:
  26.                 cout << "INVALID_INFO_CLASS" << endl;
  27.                 return;
  28.         case STATUS_ACCESS_VIOLATION:
  29.                 cout << "ACCESS_VIOLATION" << endl;
  30.                 return;
  31.         case STATUS_INSUFFICIENT_RESOURCES:
  32.                 cout << "INSUFFICIENT_RESOURCES" << endl;
  33.                 return;
  34.         case STATUS_WORKING_SET_QUOTA:
  35.                 cout << "WORKING_SET_QUOTA" << endl;
  36.                 return;
  37.         case STATUS_NOT_IMPLEMENTED:
  38.                 cout << "NOT_IMPLEMENTED" << endl;
  39.                 return;
  40.         case STATUS_INFO_LENGTH_MISMATCH:
  41.                 do
  42.                 {
  43.                         hMem = LocalAlloc(0, retlen);
  44.                         if (hMem)
  45.                         {
  46.                                 systeminfo* si = (systeminfo*)LocalLock(hMem);
  47.                                 if (si)
  48.                                 {
  49.                                         memset(si, 0, retlen);
  50.                                         status = NtQuerySystemInformation(SystemInformationClass, si, retlen, &retlen);
  51.                                         if (NT_SUCCESS(status))
  52.                                         {
  53.                                                 GetCallBack(si);
  54.                                         }
  55.                                 }
  56.                                 LocalFree(hMem);
  57.                         }
  58.                 } while (status == STATUS_INFO_LENGTH_MISMATCH);
  59.                 return;
  60.         case STATUS_SUCCESS:
  61.                 break;
  62.         default:
  63.                 cout << "UNKNOWN ERROR" << endl;
  64.                 return;
  65.         }
  66.        
  67.         if (retlen < sizeof(systeminfo))
  68.                 retlen = sizeof(systeminfo);
  69.         cout << "structsize:" << sizeof(systeminfo) << " realsize:" << retlen << endl;
  70.         hMem = LocalAlloc(0, retlen);
  71.         if (hMem)
  72.         {
  73.                 systeminfo* si = (systeminfo*)LocalLock(hMem);
  74.                 if (si)
  75.                 {
  76.                         memset(si, 0, retlen);
  77.                         status = NtQuerySystemInformation(SystemInformationClass, si, retlen, &retlen);
  78.                         if (NT_SUCCESS(status))
  79.                         {
  80.                                 GetCallBack(si);
  81.                         }
  82.                         else
  83.                         {
  84.                                 cout << "ERROR" << endl;
  85.                         }
  86.                 }
  87.                 LocalFree(hMem);
  88.         }
  89. }

  90. void GetSystemBasicInformation(SYSTEM_BASIC_INFORMATION* psbi)//0
  91. {
  92.         cout << "\t\t0 SystemBasicInformation" << endl;
  93.         cout << "\t时间解析度ms:" << psbi->TimerResolution << endl;
  94.         cout << "\t物理页大小:" << psbi->PageSize << endl;
  95.         cout << "\t物理页个数:" << psbi->NumberOfPhysicalPages << endl;
  96.         cout << "\t最小物理页个数:" << psbi->LowestPhysicalPageNumber << endl;
  97.         cout << "\t最大物理页个数:" << psbi->HighestPhysicalPageNumber << endl;
  98.         cout << "\t逻辑页大小:" << psbi->AllocationGranularity << endl;
  99.         cout << "\t最小用户地址:" << psbi->MinimumUserModeAddress << endl;
  100.         cout << "\t最大用户地址:" << psbi->MaximumUserModeAddress << endl;
  101.         cout << "\t处理器个数:" << (int)psbi->NumberOfProcessors << endl;
  102. }

  103. void GetSystemProcessorInformation(SYSTEM_PROCESSOR_INFORMATION* pspri)//1
  104. {        //                1 SystemProcessorInformation
  105.         cout << "\t\t1 SystemProcessorInformation" << endl;
  106.         switch (pspri->ProcessorArchitecture)
  107.         {
  108.         case PROCESSOR_ARCHITECTURE_INTEL:
  109.                 cout << "\tINTEL ";
  110.                 if (pspri->ProcessorLevel == 3)
  111.                         cout << "386 ";
  112.                 else if (pspri->ProcessorLevel == 4)
  113.                         cout << "486 ";
  114.                 else if (pspri->ProcessorLevel == 5)
  115.                         cout << "586 or Pentium ";
  116.                 break;
  117.         case PROCESSOR_ARCHITECTURE_IA64:
  118.                 cout << "\tIA64 ";
  119.                 if (pspri->ProcessorLevel == 7)
  120.                         cout << "Itanium ";
  121.                 else if (pspri->ProcessorLevel == 31)
  122.                         cout << "Itanium 2 ";
  123.                 break;
  124.         }
  125.         cout << pspri->ProcessorRevision << " " << pspri->ProcessorFeatureBits<<endl;
  126. }

  127. void GetSystemPerformanceInformation(SYSTEM_PERFORMANCE_INFORMATION* pspei)//2
  128. {
  129.         cout << "\t\t2 SystemPerformanceInformation" << endl;
  130.         cout << "\tIdle进程时间:" << pspei->IdleProcessTime.QuadPart << endl;
  131.         cout << "\tIO读字节" << pspei->IoReadTransferCount.QuadPart << endl;
  132.         cout << "\tIO写字节" << pspei->IoWriteTransferCount.QuadPart << endl;
  133.         cout << "\tIO其他字节" << pspei->IoOtherTransferCount.QuadPart <<endl;
  134.         cout << "\tIO读次数" << pspei->IoReadOperationCount << endl;
  135.         cout << "\tIO写次数" << pspei->IoWriteOperationCount << endl;
  136.         cout << "\tIO其他次数" << pspei->IoOtherOperationCount << endl;
  137.         cout << "\t未用页" << pspei->AvailablePages << endl;
  138.         cout << "\t已用页" << pspei->CommittedPages << endl;
  139.         cout << "\t最多使用页" << pspei->CommitLimit << endl;
  140.         cout << "\t已用页峰值" << pspei->PeakCommitment << endl;
  141.         cout << "\t页错误数" << pspei->PageFaultCount << endl;
  142.         cout << "\tCopyOnWrite数" << pspei->CopyOnWriteCount << endl;
  143.         printseg(pspei->TransitionCount);
  144.         printseg(pspei->CacheTransitionCount);
  145.         printseg(pspei->DemandZeroCount);
  146.         printseg(pspei->PageReadCount);
  147.         printseg(pspei->PageReadIoCount);
  148.         printseg(pspei->CacheReadCount);
  149.         printseg(pspei->CacheIoCount);
  150.         printseg(pspei->DirtyPagesWriteCount);
  151.         printseg(pspei->DirtyWriteIoCount);
  152.         printseg(pspei->MappedPagesWriteCount);
  153.         printseg(pspei->MappedWriteIoCount);
  154.         printseg(pspei->PagedPoolPages);
  155.         printseg(pspei->NonPagedPoolPages);
  156.         printseg(pspei->PagedPoolAllocs);
  157.         printseg(pspei->PagedPoolFrees);
  158.         printseg(pspei->NonPagedPoolAllocs);
  159.         printseg(pspei->NonPagedPoolFrees);
  160.         printseg(pspei->FreeSystemPtes);
  161.         printseg(pspei->ResidentSystemCodePage);
  162.         printseg(pspei->TotalSystemDriverPages);
  163.         printseg(pspei->TotalSystemCodePages);
  164.         printseg(pspei->NonPagedPoolLookasideHits);
  165.         printseg(pspei->PagedPoolLookasideHits);
  166.         printseg(pspei->AvailablePagedPoolPages);
  167.         printseg(pspei->ResidentSystemCachePage);
  168.         printseg(pspei->ResidentPagedPoolPage);
  169.         printseg(pspei->ResidentSystemDriverPage);
  170.         printseg(pspei->CcFastReadNoWait);
  171.         printseg(pspei->CcFastReadWait);
  172.         printseg(pspei->CcFastReadResourceMiss);
  173.         printseg(pspei->CcFastReadNotPossible);
  174.         printseg(pspei->CcFastMdlReadNoWait);
  175.         printseg(pspei->CcFastMdlReadWait);
  176.         printseg(pspei->CcFastMdlReadResourceMiss);
  177.         printseg(pspei->CcFastMdlReadNotPossible);
  178.         printseg(pspei->CcMapDataNoWait);
  179.         printseg(pspei->CcMapDataWait);
  180.         printseg(pspei->CcMapDataNoWaitMiss);
  181.         printseg(pspei->CcMapDataWaitMiss);
  182.         printseg(pspei->CcPinMappedDataCount);
  183.         printseg(pspei->CcPinReadNoWait);
  184.         printseg(pspei->CcPinReadWait);
  185.         printseg(pspei->CcPinReadNoWaitMiss);
  186.         printseg(pspei->CcPinReadWaitMiss);
  187.         printseg(pspei->CcCopyReadNoWait);
  188.         printseg(pspei->CcCopyReadWait);
  189.         printseg(pspei->CcCopyReadNoWaitMiss);
  190.         printseg(pspei->CcCopyReadWaitMiss);
  191.         printseg(pspei->CcMdlReadNoWait);
  192.         printseg(pspei->CcMdlReadWait);
  193.         printseg(pspei->CcMdlReadNoWaitMiss);
  194.         printseg(pspei->CcMdlReadWaitMiss);
  195.         printseg(pspei->CcReadAheadIos);
  196.         printseg(pspei->CcLazyWriteIos);
  197.         printseg(pspei->CcLazyWritePages);
  198.         printseg(pspei->CcDataFlushes);
  199.         printseg(pspei->CcDataPages);
  200.         printseg(pspei->ContextSwitches);
  201.         printseg(pspei->FirstLevelTbFills);
  202.         printseg(pspei->SecondLevelTbFills);
  203.         printseg(pspei->SystemCalls);
  204. }

  205. void GetSystemTimeOfDayInformation(SYSTEM_TIMEOFDAY_INFORMATION* psti)//3
  206. {
  207.         cout << "\t\t3 SystemTimeOfDayInformation" << endl;
  208.         cout << "\t启动时间:" << psti->BootTime.QuadPart << endl;
  209.         cout << "\t当前时间:" << psti->CurrentTime.QuadPart << endl;
  210.         printseg(psti->TimeZoneBias.QuadPart);
  211.         printseg(psti->TimeZoneId);
  212.         printseg(psti->BootTimeBias);
  213.         printseg(psti->SleepTimeBias);
  214. }

  215. // void GetSystemPathInformation(SYSTEM_PATH_INFORMATION* pspi)//4
  216. // {
  217. // }

  218. void GetSystemProcessInformation(SYSTEM_PROCESS_INFORMATION* pspri1)//5
  219. {
  220.         cout << "\t\t5 SystemProcessInformation" << endl;
  221.         do
  222.         {
  223.                 if (pspri1->ImageName.Buffer)
  224.                         wcout << "\tImageName:" << wstring((wchar_t*)pspri1->ImageName.Buffer) << endl;
  225.                 else
  226.                         wcout << "\tno name" << endl;
  227.                 cout << "\t线程数:" << pspri1->NumberOfThreads << endl;
  228.                 printseg(pspri1->SpareLi1.QuadPart);
  229.                 printseg(pspri1->SpareLi2.QuadPart);
  230.                 printseg(pspri1->SpareLi3.QuadPart);
  231.                 cout << "\t创建时间:" << pspri1->CreateTime.QuadPart << endl;
  232.                 cout << "\t用户态时间:" << pspri1->UserTime.QuadPart << endl;
  233.                 cout << "\t内核态时间:" << pspri1->KernelTime.QuadPart << endl;
  234.                 cout << "\t基础优先级:" << pspri1->BasePriority << endl;
  235.                 cout << "\t进程Id:" << (int)pspri1->UniqueProcessId << endl;
  236.                 cout << "\t父进程Id:" << (int)pspri1->InheritedFromUniqueProcessId << endl;
  237.                 cout << "\t句柄数:" << pspri1->HandleCount << endl;
  238.                 cout << "\t会话Id:" << pspri1->SessionId << endl;
  239.                 cout << "\t页目录机制:" << pspri1->PageDirectoryBase << endl;
  240.                 cout << "\t虚拟内存峰值:" << pspri1->PeakVirtualSize << endl;
  241.                 cout << "\t虚拟内存大小:" << pspri1->VirtualSize << endl;
  242.                 cout << "\t页错误数:" << pspri1->PageFaultCount << endl;
  243.                 cout << "\t物理内存峰值:" << pspri1->PeakWorkingSetSize << endl;
  244.                 cout << "\t物理内存大小:" << pspri1->WorkingSetSize << endl;
  245.                 cout << "\t分页池配额峰值:" << pspri1->QuotaPeakPagedPoolUsage << endl;
  246.                 cout << "\t分页池配额:" << pspri1->QuotaPagedPoolUsage << endl;
  247.                 cout << "\t非分页池配额峰值:" << pspri1->QuotaPeakNonPagedPoolUsage << endl;
  248.                 cout << "\t非分页池配额:" << pspri1->QuotaNonPagedPoolUsage << endl;
  249.                 cout << "\t页面文件使用:" << pspri1->PagefileUsage << endl;
  250.                 cout << "\t页面文件使用峰值:" << pspri1->PeakPagefileUsage << endl;
  251.                 cout << "\t私有页面数:" << pspri1->PrivatePageCount << endl;
  252.                 cout << "\t读操作数:" << pspri1->ReadOperationCount.QuadPart << endl;
  253.                 cout << "\t写操作数:" << pspri1->WriteOperationCount.QuadPart << endl;
  254.                 cout << "\t其他操作数:" << pspri1->OtherOperationCount.QuadPart << endl;
  255.                 cout << "\t读字节数:" << pspri1->ReadTransferCount.QuadPart << endl;
  256.                 cout << "\t写字节数:" << pspri1->WriteTransferCount.QuadPart << endl;
  257.                 cout << "\t其他字节数:" << pspri1->OtherTransferCount.QuadPart << endl;
  258.                 SYSTEM_PROCESS_INFORMATION* newpspri1 = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pspri1 + pspri1->NextEntryOffset);
  259.                 SYSTEM_THREAD_INFORMATION* pesti = (SYSTEM_THREAD_INFORMATION*)(pspri1 + 1);
  260.                 int threadindex = 0;
  261.                 while ((LPVOID)pesti < (LPVOID)newpspri1)
  262.                 {
  263.                         ++threadindex;
  264.                         cout << "\t内核态时间:" << pesti->KernelTime.QuadPart << endl;
  265.                         cout << "\t用户态时间:" << pesti->UserTime.QuadPart << endl;
  266.                         cout << "\t创建时间:" << pesti->CreateTime.QuadPart << endl;
  267.                         cout << "\t等待时间:" << pesti->WaitTime << endl;
  268.                         cout << "\t起始地址:" << hex << pesti->StartAddress << endl;
  269.                         cout << "\tUniqueProcess:" << hex << pesti->ClientId.UniqueProcess << endl;
  270.                         cout << "\tUniqueThread:" << hex << pesti->ClientId.UniqueThread << endl;
  271.                         cout << dec;
  272.                         cout << "\t优先级:" << pesti->Priority << endl;
  273.                         cout << "\t基础优先级:" << pesti->BasePriority << endl;
  274.                         cout << "\t模式切换次数:" << pesti->ContextSwitches << endl;
  275.                         cout << "\t线程状态:" << pesti->ThreadState << endl;
  276.                         cout << "\t等待原因:" << pesti->WaitReason << endl;
  277.                         cout << dec;
  278.                         pesti++;
  279.                 }
  280.                 pspri1 = newpspri1;
  281.         } while (pspri1->NextEntryOffset);
  282. }

  283. void GetSystemCallCountInformation(SYSTEM_CALL_COUNT_INFORMATION* pscci)//6
  284. {
  285.         cout << "\t\t6 SystemCallCountInformation" << endl;
  286.         printseg(pscci->Length);
  287.         printseg(pscci->NumberOfTables);
  288.         ULONG* limits = (ULONG*)((BYTE*)pscci + sizeof(SYSTEM_CALL_COUNT_INFORMATION));
  289.         ULONG* tables = (ULONG*)((BYTE*)pscci + sizeof(SYSTEM_CALL_COUNT_INFORMATION)+pscci->NumberOfTables*sizeof(PULONG));
  290.         int index = 0;
  291.         for (int i = 0; i < pscci->NumberOfTables; i++)
  292.         {
  293.                 for (int j = 0; j < limits[i]; j++)
  294.                 {
  295.                         cout << "tablecount" << index << ":" << tables[index] << endl;
  296.                         ++index;
  297.                 }
  298.         }
  299. }

  300. void GetSystemDeviceInformation(SYSTEM_DEVICE_INFORMATION* psdi)//7
  301. {
  302.         cout << "\t\t7 SystemDeviceInformation" << endl;
  303.         cout << "\t磁盘数:" << psdi->NumberOfDisks << endl;
  304.         cout << "\t软盘数:" << psdi->NumberOfFloppies << endl;
  305.         cout << "\t光驱数:" << psdi->NumberOfCdRoms << endl;
  306.         cout << "\t磁带数:" << psdi->NumberOfTapes << endl;
  307.         cout << "\t串行端口数:" << psdi->NumberOfSerialPorts << endl;
  308.         cout << "\t并行端口数:" << psdi->NumberOfParallelPorts << endl;
  309. }

  310. void GetSystemProcessorPerformanceInformation(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION* psppei)//8
  311. {
  312.         cout << "\t\t8 SystemProcessorPerformanceInformation" << endl;
  313.         cout << "\t空闲时间:" << psppei->IdleTime.QuadPart << endl;
  314.         cout << "\t内核态时间:" << psppei->KernelTime.QuadPart << endl;
  315.         cout << "\t用户态时间:" << psppei->UserTime.QuadPart << endl;
  316.         cout << "\tDPC时间:" << psppei->DpcTime.QuadPart << endl;
  317.         cout << "\t中断时间:" << psppei->InterruptTime.QuadPart << endl;
  318.         cout << "\t中断次数:" << psppei->InterruptCount << endl;
  319. }

  320. void GetSystemFlagsInformation(SYSTEM_FLAGS_INFORMATION* psfi)//9
  321. {
  322.                 cout << "\t\t9 SystemFlagsInformation" << endl;
  323.                 if (psfi->Flags&FLG_STOP_ON_EXCEPTION)
  324.                         cout << "FLG_STOP_ON_EXCEPTION" << endl;
  325.                 if (psfi->Flags&FLG_SHOW_LDR_SNAPS)
  326.                         cout << "FLG_SHOW_LDR_SNAPS" << endl;
  327.                 if (psfi->Flags&FLG_DEBUG_INITIAL_COMMAND)
  328.                         cout << "FLG_DEBUG_INITIAL_COMMAND" << endl;
  329.                 if (psfi->Flags&FLG_STOP_ON_HUNG_GUI)
  330.                         cout << "FLG_STOP_ON_HUNG_GUI" << endl;

  331.                 if (psfi->Flags&FLG_HEAP_ENABLE_TAIL_CHECK)
  332.                         cout << "FLG_HEAP_ENABLE_TAIL_CHECK" << endl;
  333.                 if (psfi->Flags&FLG_HEAP_ENABLE_FREE_CHECK)
  334.                         cout << "FLG_HEAP_ENABLE_FREE_CHECK" << endl;
  335.                 if (psfi->Flags&FLG_HEAP_VALIDATE_PARAMETERS)
  336.                         cout << "FLG_HEAP_VALIDATE_PARAMETERS" << endl;
  337.                 if (psfi->Flags&FLG_HEAP_VALIDATE_ALL)
  338.                         cout << "FLG_HEAP_VALIDATE_ALL" << endl;

  339.                 if (psfi->Flags&FLG_APPLICATION_VERIFIER)
  340.                         cout << "FLG_APPLICATION_VERIFIER" << endl;
  341.                 if (psfi->Flags&FLG_POOL_ENABLE_TAGGING)
  342.                         cout << "FLG_POOL_ENABLE_TAGGING" << endl;
  343.                 if (psfi->Flags&FLG_HEAP_ENABLE_TAGGING)
  344.                         cout << "FLG_HEAP_ENABLE_TAGGING" << endl;

  345.                 if (psfi->Flags&FLG_USER_STACK_TRACE_DB)
  346.                         cout << "FLG_USER_STACK_TRACE_DB" << endl;
  347.                 if (psfi->Flags&FLG_KERNEL_STACK_TRACE_DB)
  348.                         cout << "FLG_KERNEL_STACK_TRACE_DB" << endl;
  349.                 if (psfi->Flags&FLG_MAINTAIN_OBJECT_TYPELIST)
  350.                         cout << "FLG_MAINTAIN_OBJECT_TYPELIST" << endl;
  351.                 if (psfi->Flags&FLG_HEAP_ENABLE_TAG_BY_DLL)
  352.                         cout << "FLG_HEAP_ENABLE_TAG_BY_DLL" << endl;

  353.                 if (psfi->Flags&FLG_DISABLE_STACK_EXTENSION)
  354.                         cout << "FLG_DISABLE_STACK_EXTENSION" << endl;
  355.                 if (psfi->Flags&FLG_ENABLE_CSRDEBUG)
  356.                         cout << "FLG_ENABLE_CSRDEBUG" << endl;
  357.                 if (psfi->Flags&FLG_ENABLE_KDEBUG_SYMBOL_LOAD)
  358.                         cout << "FLG_ENABLE_KDEBUG_SYMBOL_LOAD" << endl;
  359.                 if (psfi->Flags&FLG_DISABLE_PAGE_KERNEL_STACKS)
  360.                         cout << "FLG_DISABLE_PAGE_KERNEL_STACKS" << endl;

  361.                 if (psfi->Flags&FLG_ENABLE_SYSTEM_CRIT_BREAKS)
  362.                         cout << "FLG_ENABLE_SYSTEM_CRIT_BREAKS" << endl;
  363.                 if (psfi->Flags&FLG_HEAP_DISABLE_COALESCING)
  364.                         cout << "FLG_HEAP_DISABLE_COALESCING" << endl;
  365.                 if (psfi->Flags&FLG_ENABLE_CLOSE_EXCEPTIONS)
  366.                         cout << "FLG_ENABLE_CLOSE_EXCEPTIONS" << endl;
  367.                 if (psfi->Flags&FLG_ENABLE_EXCEPTION_LOGGING)
  368.                         cout << "FLG_ENABLE_EXCEPTION_LOGGING" << endl;

  369.                 if (psfi->Flags&FLG_ENABLE_HANDLE_TYPE_TAGGING)
  370.                         cout << "FLG_ENABLE_HANDLE_TYPE_TAGGING" << endl;
  371.                 if (psfi->Flags&FLG_HEAP_PAGE_ALLOCS)
  372.                         cout << "FLG_HEAP_PAGE_ALLOCS" << endl;
  373.                 if (psfi->Flags&FLG_DEBUG_INITIAL_COMMAND_EX)
  374.                         cout << "FLG_DEBUG_INITIAL_COMMAND_EX" << endl;
  375.                 if (psfi->Flags&FLG_DISABLE_DBGPRINT)
  376.                         cout << "FLG_DISABLE_DBGPRINT" << endl;

  377.                 if (psfi->Flags&FLG_CRITSEC_EVENT_CREATION)
  378.                         cout << "FLG_CRITSEC_EVENT_CREATION" << endl;
  379.                 if (psfi->Flags&FLG_LDR_TOP_DOWN)
  380.                         cout << "FLG_LDR_TOP_DOWN" << endl;
  381.                 if (psfi->Flags&FLG_ENABLE_HANDLE_EXCEPTIONS)
  382.                         cout << "FLG_ENABLE_HANDLE_EXCEPTIONS" << endl;
  383.                 if (psfi->Flags&FLG_DISABLE_PROTDLLS)
  384.                         cout << "FLG_DISABLE_PROTDLLS" << endl;
  385. }

  386. // void GetSystemCallTimeInformation(SYSTEM_CALLTIME_INFORMATION* pscti)
  387. // {
  388. // }

  389. void GetSystemModuleInformation(RTL_PROCESS_MODULES* prpm)//11
  390. {
  391.         cout << "\t\t11 SystemModuleInformation" << endl;
  392.         for (int i = 0; i < prpm->NumberOfModules; i++)
  393.         {
  394.                 cout << "module" << i << " FullPathName:" << (char*)prpm->Modules[i].FullPathName << endl;
  395.                 cout << "\tSection:" << hex << prpm->Modules[i].Section << endl;
  396.                 cout << "\tMappedBase:" << hex << prpm->Modules[i].MappedBase << endl;
  397.                 cout << "\tImageBase:" << hex << prpm->Modules[i].ImageBase << endl;
  398.                 cout << "\tImageSize:" << hex << prpm->Modules[i].ImageSize << endl;
  399.                 cout << "\tFlags:" << hex << prpm->Modules[i].Flags << endl;
  400.                 cout << dec;
  401.                 cout << "\tLoadOrderIndex:" << (int)prpm->Modules[i].LoadOrderIndex << endl;
  402.                 cout << "\tInitOrderIndex:" << (int)prpm->Modules[i].InitOrderIndex << endl;
  403.                 cout << "\tLoadCount:" << (int)prpm->Modules[i].LoadCount << endl;
  404.                 cout << "\tOffsetToFile:" << prpm->Modules[i].OffsetToFileName << endl;//距离文件名偏移(取最后一个\之后的部分)       
  405.         }
  406. }

  407. void GetSystemLocksInformation(RTL_PROCESS_LOCKS* prpl)//12
  408. {
  409.         cout << "\t\t12 SystemLocksInformation" << endl;
  410.         for (int i = 0; i < prpl->NumberOfLocks; i++)
  411.         {
  412.                 cout << "\tlock" << i << ":" << endl;
  413.                 cout << "\tAddress:" << hex << prpl->Locks[i].Address << endl;
  414.                 cout << "\tOwningThread:" << hex << prpl->Locks[i].OwningThread << endl;
  415.                 cout << dec;
  416.                 cout << "\tType:" << (int)prpl->Locks[i].Type << endl;
  417.                 cout << "\tCreatorBackTraceIndex:" << (int)prpl->Locks[i].CreatorBackTraceIndex << endl;
  418.                 cout << "\tLockCount:" << prpl->Locks[i].LockCount << endl;
  419.                 cout << "\tContentionCount:" << prpl->Locks[i].ContentionCount << endl;
  420.                 cout << "\tEntryCount:" << prpl->Locks[i].EntryCount << endl;
  421.                 cout << "\tRecursionCount:" << prpl->Locks[i].RecursionCount << endl;
  422.                 cout << "\tNumberOfWaitingShared:" << prpl->Locks[i].NumberOfWaitingShared << endl;
  423.                 cout << "\tNumberOfWaitingExclusive:" << prpl->Locks[i].NumberOfWaitingExclusive << endl;
  424.         }
  425. }

  426. void GetSystemStackTraceInformation(RTL_PROCESS_BACKTRACES* prpb)//13
  427. {
  428.         cout << "\t\t13 SystemStackTraceInformation" << endl;
  429.         cout << "\tCommittedMemory:" << prpb->CommittedMemory << endl;
  430.         cout << "\tReservedMemory:" << prpb->ReservedMemory << endl;
  431.         cout << "\tNumberOfBackTraceLookups:" << prpb->NumberOfBackTraceLookups << endl;
  432.         for (int i = 0; i < prpb->NumberOfBackTraces; i++)
  433.         {
  434.                 cout << "\tTraceCount:" << prpb->BackTraces[i].TraceCount << endl;
  435.                 cout << "\tIndex:" << prpb->BackTraces[i].Index << endl;
  436.                 cout << "\tDepth:" << prpb->BackTraces[i].Depth << endl;
  437.                 for (int j = 0; j < MAX_STACK_DEPTH; j++)
  438.                 {
  439.                         cout << "\t" << hex << prpb->BackTraces[i].BackTrace[i] << endl;
  440.                 }
  441.         }
  442. }

  443. // void GetSystemPagedPoolInformation(SYSTEM_POOL_INFORMATION* pspi)//14
  444. // {
  445. // }

  446. // void GetSystemNonPagedPoolInformation(SYSTEM_POOL_INFORMATION* pspi)//15
  447. // {
  448. // }

  449. void GetSystemHandleInformation(SYSTEM_HANDLE_INFORMATION* pshi)//16
  450. {
  451.         cout << "\t\t16 SystemHandleInformation" << endl;
  452.         for (int i = 0; i < pshi->NumberOfHandles; i++)
  453.         {
  454.                 cout << "\t" << i + 1 << endl;
  455.                 cout << "\tUniqueProcessId:" << (int)pshi->Handles[i].UniqueProcessId << endl;
  456.                 cout << "\tCreatorBackTraceIndex:" << (int)pshi->Handles[i].CreatorBackTraceIndex << endl;
  457.                 cout << "\tObjectTypeIndex:" << (int)pshi->Handles[i].ObjectTypeIndex << endl;
  458.                 cout << "\tHandleAttributes:" << (int)pshi->Handles[i].HandleAttributes << endl;
  459.                 cout << "\tHandleValue:" << (int)pshi->Handles[i].HandleValue << endl;
  460.                 cout << "\tObject:" << hex << (int)pshi->Handles[i].Object << endl;
  461.                 cout << "\tGrantedAccess:" << hex << (int)pshi->Handles[i].GrantedAccess << endl;
  462.         }
  463. }

  464. void GetSystemObjectInformation(SYSTEM_OBJECTTYPE_INFORMATION* pstoi)//17
  465. {
  466.         cout << "\t\t17 SystemObjectInformation" << endl;
  467.         int nextpos = pstoi->NextEntryOffset;
  468.         SYSTEM_OBJECT_INFORMATION* curpsoi = NULL;
  469.         do
  470.         {
  471.                 cout << "\tNumberOfObjects:" << pstoi->NumberOfObjects << endl;
  472.                 cout << "\tNumberOfHandles:" << pstoi->NumberOfHandles << endl;
  473.                 cout << "\tTypeIndex:" << pstoi->TypeIndex << endl;
  474.                 cout << "\tInvalidAttributes:" << hex << pstoi->InvalidAttributes << endl;
  475.                 cout << "\tValidAccessMask:" << hex << pstoi->ValidAccessMask << endl;
  476.                 cout << dec;
  477.                 cout << "\tPoolType:" << pstoi->PoolType << endl;
  478.                 cout << "\tSecurityRequired:" << pstoi->SecurityRequired << endl;
  479.                 cout << "\tWaitableObject:" << pstoi->WaitableObject << endl;
  480.                 wcout << "\tTypeName:" << (wchar_t*)pstoi->TypeName.Buffer << endl;
  481.                 curpsoi = (SYSTEM_OBJECT_INFORMATION*)((PWSTR)(pstoi + 1) + pstoi->TypeName.MaximumLength);
  482.                 cout << "\tObject:" << hex << curpsoi->Object << endl;
  483.                 cout << "\tCreatorUniqueProcess:" << hex << curpsoi->CreatorUniqueProcess << endl;
  484.                 cout << "\tCreatorBackTraceIndex:" << hex << curpsoi->CreatorBackTraceIndex << endl;
  485.                 cout << "\tFlags" << hex << curpsoi->Flags << endl;
  486.                 cout << "\tExclusiveProcessId:" << hex << curpsoi->ExclusiveProcessId << endl;
  487.                 cout << "\tSecurityDescriptor:" << hex << curpsoi->SecurityDescriptor << endl;
  488.                 cout << dec;
  489.                 cout << "\tPointerCount:" << curpsoi->PointerCount << endl;
  490.                 cout << "\tHandleCount:" << curpsoi->HandleCount << endl;
  491.                 cout << "\tPagedPoolCharge:" << curpsoi->PagedPoolCharge << endl;
  492.                 cout << "\tNonPagedPoolCharge:" << curpsoi->NonPagedPoolCharge << endl;
  493.                 wcout << "\tNameInfo:" << (wchar_t*)curpsoi->NameInfo.Name.Buffer << endl;
  494.                 pstoi = (SYSTEM_OBJECTTYPE_INFORMATION*)((BYTE*)pstoi + pstoi->NextEntryOffset);
  495.         } while (nextpos);
  496. }

  497. void GetSystemPageFileInformation(SYSTEM_PAGEFILE_INFORMATION* pspi)//18
  498. {
  499.         cout << "\t\t18 SystemPageFileInformation" << endl;
  500.         ULONG nextoffset = 0;
  501.         int index = 0;
  502.         do
  503.         {
  504.                 cout << "PAGEFILE" << index + 1 << ":" << endl;
  505.                 nextoffset = pspi->NextEntryOffset;
  506.                 cout << "\tTotalSize:" << pspi->TotalSize << endl;
  507.                 cout << "\tTotalInUse:" << pspi->TotalInUse << endl;
  508.                 cout << "\tPeakUsage:" << pspi->PeakUsage << endl;
  509.                 cout << "\tPageFileName:" << (wchar_t*)pspi->PageFileName.Buffer << endl;
  510.                 pspi = (SYSTEM_PAGEFILE_INFORMATION*)((BYTE*)pspi + pspi->NextEntryOffset);
  511.         } while (nextoffset);
  512. }

  513. void GetSystemVdmInstemulInformation(SYSTEM_VDM_INSTEMUL_INFO* psvii)//19
  514. {
  515.         cout << "\t\t19 SystemVdmInstemulInformation" << endl;
  516.         printseg(psvii->SegmentNotPresent);
  517.         printseg(psvii->VdmOpcode0F);
  518.         printseg(psvii->OpcodeESPrefix);
  519.         printseg(psvii->OpcodeCSPrefix);
  520.         printseg(psvii->OpcodeSSPrefix);
  521.         printseg(psvii->OpcodeDSPrefix);
  522.         printseg(psvii->OpcodeFSPrefix);
  523.         printseg(psvii->OpcodeGSPrefix);
  524.         printseg(psvii->OpcodeOPER32Prefix);
  525.         printseg(psvii->OpcodeADDR32Prefix);
  526.         printseg(psvii->OpcodeINSB);
  527.         printseg(psvii->OpcodeINSW);
  528.         printseg(psvii->OpcodeOUTSB);
  529.         printseg(psvii->OpcodeOUTSW);
  530.         printseg(psvii->OpcodePUSHF);
  531.         printseg(psvii->OpcodePOPF);
  532.         printseg(psvii->OpcodeINTnn);
  533.         printseg(psvii->OpcodeINTO);
  534.         printseg(psvii->OpcodeIRET);
  535.         printseg(psvii->OpcodeINBimm);
  536.         printseg(psvii->OpcodeINWimm);
  537.         printseg(psvii->OpcodeOUTBimm);
  538.         printseg(psvii->OpcodeOUTWimm);
  539.         printseg(psvii->OpcodeINB);
  540.         printseg(psvii->OpcodeINW);
  541.         printseg(psvii->OpcodeOUTB);
  542.         printseg(psvii->OpcodeOUTW);
  543.         printseg(psvii->OpcodeLOCKPrefix);
  544.         printseg(psvii->OpcodeREPPrefix);
  545.         printseg(psvii->OpcodeREPPrefix);
  546.         printseg(psvii->OpcodeHLT);
  547.         printseg(psvii->OpcodeCLI);
  548.         printseg(psvii->OpcodeSTI);
  549.         printseg(psvii->BopCount);
  550. }

  551. // void GetSystemVdmBopInformation(SYSTEM_VDM_BOP_INFO* psvbi)//20
  552. // {
  553. //
  554. // }

  555. void GetSystemFileCacheInformation(SYSTEM_FILECACHE_INFORMATION* psfci)//21
  556. {
  557.         cout << "\t\t21 SystemFileCacheInformation" << endl;
  558.         printseg(psfci->CurrentSize);
  559.         printseg(psfci->PeakSize);
  560.         printseg(psfci->PageFaultCount);
  561.         printseg(psfci->MinimumWorkingSet);
  562.         printseg(psfci->MaximumWorkingSet);
  563.         printseg(psfci->CurrentSizeIncludingTransitionInPages);
  564.         printseg(psfci->PeakSizeIncludingTransitionInPages);
  565.         printseg(psfci->TransitionRePurposeCount);
  566.         printseg(psfci->Flags);
  567. }

  568. void GetSystemPoolTagInformation(SYSTEM_POOLTAG_INFORMATION* pspti)//22
  569. {
  570.         cout << "\t\t22 SystemPoolTagInformation" << endl;
  571.         for (int i = 0; i < pspti->Count; i++)
  572.         {
  573.                 cout << pspti->TagInfo[i].TagUlong << endl;
  574.                 cout << pspti->TagInfo[i].PagedAllocs << endl;
  575.                 cout << pspti->TagInfo[i].PagedFrees << endl;
  576.                 cout << pspti->TagInfo[i].PagedUsed << endl;
  577.                 cout << pspti->TagInfo[i].NonPagedAllocs << endl;
  578.                 cout << pspti->TagInfo[i].NonPagedFrees << endl;
  579.                 cout << pspti->TagInfo[i].NonPagedUsed << endl;
  580.         }
  581. }

  582. void GetSystemInterruptInformation(SYSTEM_INTERRUPT_INFORMATION* psii)//23
  583. {
  584.         cout << "\t\t23 SystemInterruptInformation" << endl;
  585.         printseg(psii->ContextSwitches);
  586.         printseg(psii->DpcCount);
  587.         printseg(psii->DpcRate);
  588.         printseg(psii->TimeIncrement);
  589.         printseg(psii->DpcBypassCount);
  590.         printseg(psii->ApcBypassCount);
  591. }

  592. void GetSystemDpcBehaviorInformation(SYSTEM_DPC_BEHAVIOR_INFORMATION* psdbi)//24
  593. {
  594.         cout << "\t\t24 SystemDpcBehaviorInformation" << endl;
  595.         printseg(psdbi->Spare);
  596.         printseg(psdbi->DpcQueueDepth);
  597.         printseg(psdbi->MinimumDpcRate);
  598.         printseg(psdbi->AdjustDpcThreshold);
  599.         printseg(psdbi->IdealDpcRate);
  600. }

  601. void GetSystemFullMemoryInformation(SYSTEM_MEMORY_INFORMATION* psmi)//25
  602. {
  603.         cout << "\t\t25 SystemFullMemoryInformation" << endl;
  604.         printseg(psmi->StringStart);
  605.         for (int i = 0; i < psmi->InfoSize; i++)
  606.         {
  607.                 cout << (char*)psmi->Memory[i].StringOffset << endl;
  608.                 printseg((int)psmi->Memory[i].ValidCount);
  609.                 printseg((int)psmi->Memory[i].TransitionCount);
  610.                 printseg((int)psmi->Memory[i].ModifiedCount);
  611.                 printseg((int)psmi->Memory[i].PageTableCount);
  612.         }
  613. }

  614. void GetSystemLoadGdiDriverInformation(SYSTEM_GDI_DRIVER_INFORMATION* psgdi)//26
  615. {
  616.         cout << "\t\t26 SystemLoadGdiDriverInformation" << endl;
  617.         wcout << psgdi->DriverName.Buffer << endl;
  618.         cout << "\tImageLength:" << psgdi->ImageLength << endl;
  619.         cout << "\tImageAddress:" << hex << psgdi->ImageAddress << endl;
  620.         cout << "\tSectionPointer:" << hex << psgdi->SectionPointer << endl;
  621.         cout << "\tEntryPoint:" << hex << psgdi->EntryPoint << endl;
  622. }

  623. // void GetSystemUnloadGdiDriverInformation(SYSTEM_UNLOAD_GDIDRIVER_INFORMATION)//27
  624. // {
  625. //
  626. // }

  627. void GetSystemTimeAdjustmentInformation(SYSTEM_SET_TIME_ADJUST_INFORMATION* psstai)//28
  628. {
  629.         cout << "\t\t28 SystemTimeAdjustmentInformation" << endl;
  630.         cout << "\tTimeAdjustment:" << psstai->TimeAdjustment << endl;
  631.         cout << "\tEnable:" << psstai->Enable << endl;
  632. }

  633. void GetSystemSummaryMemoryInformation(SYSTEM_MEMORY_INFORMATION* psmi)//29
  634. {
  635.         cout << "\t\t29 SystemSummaryMemoryInformation" << endl;
  636.         printseg(psmi->StringStart);
  637.         for (int i = 0; i < psmi->InfoSize; i++)
  638.         {
  639.                 cout << (char*)psmi->Memory[i].StringOffset << endl;
  640.                 printseg((int)psmi->Memory[i].ValidCount);
  641.                 printseg((int)psmi->Memory[i].TransitionCount);
  642.                 printseg((int)psmi->Memory[i].ModifiedCount);
  643.                 printseg((int)psmi->Memory[i].PageTableCount);
  644.         }
  645. }

  646. // void GetSystemMirrorMemoryInformation(SYSTEM_MEMORY_INFORMATION* psmi)//30
  647. // {
  648. // }

  649. // void GetSystemPerformanceTraceInformation(SYSTEM_PERFORMANCE_TRANCE_INFORMATION* pspti)//31
  650. // {
  651. // }

  652. void GetSystemExceptionInformation(SYSTEM_EXCEPTION_INFORMATION* psei)//32
  653. {
  654.         cout << "\t\t32 SystemExceptionInformation" << endl;
  655.         printseg(psei->AlignmentFixupCount);
  656.         printseg(psei->ExceptionDispatchCount);
  657.         printseg(psei->FloatingEmulationCount);
  658.         printseg(psei->ByteWordEmulationCount);
  659. }

  660. // void GetSystemCrashDumpStateInformation(SYSTEM_CRASHDUMP_STATE_INFORMATION* pscsi)//33
  661. // {
  662. // }

  663. //SystemCrashDumpStateInformation 34
  664. void GetSystemKernelDebuggerInformation(SYSTEM_KERNEL_DEBUGGER_INFORMATION* pskdi)//35
  665. {
  666.         cout << "\t\t35 SystemKernelDebuggerInformation" << endl;
  667.         printseg(pskdi->KernelDebuggerEnabled);
  668.         printseg(pskdi->KernelDebuggerNotPresent);
  669. }

  670. void GetSystemContextSwitchInformation(SYSTEM_CONTEXT_SWITCH_INFORMATION* pscsi)//36
  671. {
  672.         cout << "\t\t36 SystemContextSwitchInformation" << endl;
  673.         printseg(pscsi->ContextSwitches);
  674.         printseg(pscsi->FindAny);
  675.         printseg(pscsi->FindLast);
  676.         printseg(pscsi->FindIdeal);
  677.         printseg(pscsi->IdleAny);
  678.         printseg(pscsi->IdleCurrent);
  679.         printseg(pscsi->IdleLast);
  680.         printseg(pscsi->IdleIdeal);
  681.         printseg(pscsi->PreemptAny);
  682.         printseg(pscsi->PreemptCurrent);
  683.         printseg(pscsi->PreemptLast);
  684.         printseg(pscsi->SwitchToIdle);
  685. }
复制代码
回复 赞! 靠!

使用道具 举报

1109

主题

1649

回帖

7万

积分

用户组: 管理员

一只技术宅

UID
1
精华
244
威望
743 点
宅币
24180 个
贡献
46222 次
宅之契约
0 份
在线时间
2294 小时
注册时间
2014-1-26
发表于 2015-7-19 01:19:59 | 显示全部楼层
  1. void GetSystemRegistryQuotaInformation(SYSTEM_REGISTRY_QUOTA_INFORMATION* psrqi)//37
  2. {
  3.         cout << "\t\t37 SystemRegistryQuotaInformation" << endl;
  4.         printseg(psrqi->RegistryQuotaAllowed);
  5.         printseg(psrqi->RegistryQuotaUsed);
  6.         printseg(psrqi->PagedPoolSize);
  7. }

  8. // void GetSystemExtendServiceTableInformation(SYSTEM_EXTEND_SERVICE_TABLE_INFORAMTION* psesti)//38
  9. // {
  10. // }

  11. // void GetSystemPrioritySeperation(SYSTEM_PRIORITY_SEPERATION* psps)// 39
  12. // {
  13. // }

  14. // void GetSystemVerifierAddDriverInformation(SYSTEM_VERIFIER_ADDDRIVER_INFORAMTION* psvai) //40
  15. // {
  16. // }

  17. // void GetSystemVerifierRemoveDriverInformation(SYSTEM_VERIFIER_REMOVE_DRIVER_INFORMATION* psvrdi) //41
  18. // {
  19. // }

  20. void GetSystemProcessorIdleInformation(SYSTEM_PROCESSOR_IDLE_INFORMATION* pspii)//42
  21. {
  22.         cout << "\t\t42 SystemProcessorIdleInformation" << endl;
  23.         printseg(pspii->IdleTime);
  24.         printseg(pspii->C1Time);
  25.         printseg(pspii->C2Time);
  26.         printseg(pspii->C3Time);
  27.         printseg(pspii->C1Transitions);
  28.         printseg(pspii->C2Transitions);
  29.         printseg(pspii->C3Transitions);
  30.         printseg(pspii->Padding);
  31. }

  32. void GetSystemLegacyDriverInformation(SYSTEM_LEGACY_DRIVER_INFORMATION* psldi)
  33. {
  34.         cout << "\t\t43 SystemLegacyDriverInformation" << endl;
  35.         printseg(psldi->VetoType);
  36.         cout << (wchar_t*)psldi->VetoList.Buffer << endl;
  37. }

  38. void GetSystemCurrentTimeZoneInformation(RTL_TIME_ZONE_INFORMATION* prtzi)
  39. {
  40.         cout << "\t\t44 SystemCurrentTimeZoneInformation" << endl;
  41.         printseg(prtzi->Bias);
  42.         cout << "Standard:" << endl;
  43.         wcout << (wchar_t*)prtzi->StandardName << endl;
  44.         cout << "\tYear:" << prtzi->StandardStart.Year << endl;
  45.         cout << "\tMonth:" << prtzi->StandardStart.Month << endl;
  46.         cout << "\tDay:" << prtzi->StandardStart.Day << endl;
  47.         cout << "\tHour:" << prtzi->StandardStart.Hour << endl;
  48.         cout << "\tMinute:" << prtzi->StandardStart.Minute << endl;
  49.         cout << "\tSecond:" << prtzi->StandardStart.Second << endl;
  50.         cout << "\tMilliseconds:" << prtzi->StandardStart.Milliseconds << endl;
  51.         cout << "\tWeekday:" << prtzi->StandardStart.Weekday << endl;
  52.         printseg(prtzi->StandardBias);

  53.         cout << "Daylight:" << endl;
  54.         wcout << (wchar_t*)prtzi->DaylightName << endl;
  55.         cout << "\tYear:" << prtzi->DaylightStart.Year << endl;
  56.         cout << "\tMonth:" << prtzi->DaylightStart.Month << endl;
  57.         cout << "\tDay:" << prtzi->DaylightStart.Day << endl;
  58.         cout << "\tHour:" << prtzi->DaylightStart.Hour << endl;
  59.         cout << "\tMinute:" << prtzi->DaylightStart.Minute << endl;
  60.         cout << "\tSecond:" << prtzi->DaylightStart.Second << endl;
  61.         cout << "\tMilliseconds:" << prtzi->DaylightStart.Milliseconds << endl;
  62.         cout << "\tWeekday:" << prtzi->DaylightStart.Weekday << endl;
  63.         printseg(prtzi->DaylightBias);
  64. }

  65. void GetSystemLookasideInformation(SYSTEM_LOOKASIDE_INFORMATION* psli, int length)
  66. {
  67.         cout << "\t\t45 SystemLookasideInformation" << endl;
  68.         int num = length / sizeof(SYSTEM_LOOKASIDE_INFORMATION);
  69.         for (int i = 0; i < num;i++)
  70.         {
  71.                 printseg((int)psli->CurrentDepth);
  72.                 printseg((int)psli->MaximumDepth);
  73.                 printseg(psli->TotalAllocates);
  74.                 printseg(psli->AllocateMisses);
  75.                 printseg(psli->TotalFrees);
  76.                 printseg(psli->FreeMisses);
  77.                 printseg(psli->Type);
  78.                 printseg(psli->Tag);
  79.                 printseg(psli->Size);
  80.         }
  81. }

  82. // void GetSystemTimeSlipNotification(SYSTEM_TIME_SLIP_NOTIFICATION* pstsn)// 46
  83. // {
  84. // }

  85. void GetSystemSessionCreate(ULONG* SessionId)//SystemSessionCreate 47
  86. {
  87.         cout << "\t\t47 SystemSessionCreate" << endl;
  88.         cout << "SessionId" << endl;
  89. }

  90. // void GetSystemSessionDetach(SYSTEM_SESSION_DETACH* pssd)// 48
  91. // {
  92. // }

  93. //void GetSystemSessionInformation(SYSTEM_SESSION_INFORMATION* pssi)// 49
  94. // {
  95. // }

  96. void GetSystemRangeStartInformation(ULONG_PTR* data)//50
  97. {
  98.         cout << "\t\t50 SystemRangeStartInformation" << endl;
  99.         cout << hex << data << endl;
  100.         cout << dec;
  101. }

  102. void GetSystemVerifierInformation(SYSTEM_VERIFIER_INFORMATION* psvi)// 51
  103. {
  104.         cout << "\t\t51 SystemVerifierInformation" << endl;
  105.         ULONG offset = 0;
  106.         int index = 0;
  107.         do
  108.         {
  109.                 offset = psvi->NextEntryOffset;
  110.                 cout << index + 1 << ":" << endl;
  111.                 printseg(psvi->Level);
  112.                 wcout << (wchar_t*)psvi->DriverName.Buffer << endl;
  113.                 printseg(psvi->RaiseIrqls);
  114.                 printseg(psvi->AcquireSpinLocks);
  115.                 printseg(psvi->SynchronizeExecutions);
  116.                 printseg(psvi->AllocationsAttempted);
  117.                 printseg(psvi->AllocationsSucceeded);
  118.                 printseg(psvi->AllocationsSucceededSpecialPool);
  119.                 printseg(psvi->AllocationsWithNoTag);
  120.                 printseg(psvi->TrimRequests);
  121.                 printseg(psvi->Trims);
  122.                 printseg(psvi->AllocationsFailed);
  123.                 printseg(psvi->AllocationsFailedDeliberately);
  124.                 printseg(psvi->Loads);
  125.                 printseg(psvi->Unloads);
  126.                 printseg(psvi->UnTrackedPool);
  127.                 printseg(psvi->CurrentPagedPoolAllocations);
  128.                 printseg(psvi->CurrentNonPagedPoolAllocations);
  129.                 printseg(psvi->PeakPagedPoolAllocations);
  130.                 printseg(psvi->PeakNonPagedPoolAllocations);
  131.                 printseg(psvi->PagedPoolUsageInBytes);
  132.                 printseg(psvi->NonPagedPoolUsageInBytes);
  133.                 printseg(psvi->PeakPagedPoolUsageInBytes);
  134.                 printseg(psvi->PeakNonPagedPoolUsageInBytes);
  135.                 psvi = (SYSTEM_VERIFIER_INFORMATION*)((BYTE*)psvi + offset);
  136.         } while (offset);
  137. }

  138. // void GetSystemVerifierThunkExtend(SYSTEM_VERIFIER_THUNK_EX* psvie)//52
  139. // {
  140. // }

  141. void GetSystemSessionProcessInformation(SYSTEM_SESSION_PROCESS_INFORMATION* psspi)//53
  142. {
  143.         cout << "\t\t53 SystemSessionProcessInformation" << endl;
  144.         printseg(psspi->SessionId);
  145.         printseg(psspi->SizeOfBuf);
  146. //        SYSTEM_SESSION_POOLTAG_INFORMATION* psspti = (SYSTEM_SESSION_POOLTAG_INFORMATION*)psspi->Buffer
  147. }

  148. //54 SystemLoadGdiDriverInSystemSpace
  149. void GetSystemNumaProcessorMap(SYSTEM_NUMA_INFORMATION* psni)
  150. {
  151.         cout << "\t\t55 SystemLoadGdiDriverInSystemSpace" << endl;
  152.         printseg(psni->HighestNodeNumber);
  153.         for (int i = 0; i < MAXIMUM_NUMA_NODES; i++)
  154.         {
  155.                 cout << "\tActiveProcessorsAffinityMask" << i << psni->ActiveProcessorsAffinityMask [i] << endl;
  156.                 cout << "\tAvailableMemory" << i << psni->AvailableMemory[i] << endl;
  157.         }
  158. }

  159. //56 SystemPrefetcherInformation

  160. void GetSystemExtendedProcessInformation(SYSTEM_PROCESS_INFORMATION* pspri1)//57
  161. {
  162.         cout << "\t\t57 SystemExtendedProcessInformation" << endl;
  163.         do
  164.         {
  165.                 if (pspri1->ImageName.Buffer)
  166.                         wcout << "\tImageName:" << wstring((wchar_t*)pspri1->ImageName.Buffer) << endl;
  167.                 else
  168.                         wcout << "no name" << endl;
  169.                 cout << "\t线程数:" << pspri1->NumberOfThreads << endl;
  170.                 printseg(pspri1->SpareLi1.QuadPart);
  171.                 printseg(pspri1->SpareLi2.QuadPart);
  172.                 printseg(pspri1->SpareLi3.QuadPart);
  173.                 cout << "\t创建时间:" << pspri1->CreateTime.QuadPart << endl;
  174.                 cout << "\t用户态时间:" << pspri1->UserTime.QuadPart << endl;
  175.                 cout << "\t内核态时间:" << pspri1->KernelTime.QuadPart << endl;
  176.                 cout << "\t基础优先级:" << pspri1->BasePriority << endl;
  177.                 cout << "\t进程Id:" << (int)pspri1->UniqueProcessId << endl;
  178.                 cout << "\t父进程Id:" << (int)pspri1->InheritedFromUniqueProcessId << endl;
  179.                 cout << "\t句柄数:" << pspri1->HandleCount << endl;
  180.                 cout << "\t会话Id:" << pspri1->SessionId << endl;
  181.                 cout << "\t页目录机制:" << pspri1->PageDirectoryBase << endl;
  182.                 cout << "\t虚拟内存峰值:" << pspri1->PeakVirtualSize << endl;
  183.                 cout << "\t虚拟内存大小:" << pspri1->VirtualSize << endl;
  184.                 cout << "\t页错误数:" << pspri1->PageFaultCount << endl;
  185.                 cout << "\t物理内存峰值:" << pspri1->PeakWorkingSetSize << endl;
  186.                 cout << "\t物理内存大小:" << pspri1->WorkingSetSize << endl;
  187.                 cout << "\t分页池配额峰值:" << pspri1->QuotaPeakPagedPoolUsage << endl;
  188.                 cout << "\t分页池配额:" << pspri1->QuotaPagedPoolUsage << endl;
  189.                 cout << "\t非分页池配额峰值:" << pspri1->QuotaPeakNonPagedPoolUsage << endl;
  190.                 cout << "\t非分页池配额:" << pspri1->QuotaNonPagedPoolUsage << endl;
  191.                 cout << "\t页面文件使用:" << pspri1->PagefileUsage << endl;
  192.                 cout << "\t页面文件使用峰值:" << pspri1->PeakPagefileUsage << endl;
  193.                 cout << "\t私有页面数:" << pspri1->PrivatePageCount << endl;
  194.                 cout << "\t读操作数:" << pspri1->ReadOperationCount.QuadPart << endl;
  195.                 cout << "\t写操作数:" << pspri1->WriteOperationCount.QuadPart << endl;
  196.                 cout << "\t其他操作数:" << pspri1->OtherOperationCount.QuadPart << endl;
  197.                 cout << "\t读字节数:" << pspri1->ReadTransferCount.QuadPart << endl;
  198.                 cout << "\t写字节数:" << pspri1->WriteTransferCount.QuadPart << endl;
  199.                 cout << "\t其他字节数:" << pspri1->OtherTransferCount.QuadPart << endl;
  200.                 SYSTEM_PROCESS_INFORMATION* newpspri1 = (SYSTEM_PROCESS_INFORMATION*)((BYTE*)pspri1 + pspri1->NextEntryOffset);
  201.                 SYSTEM_EXTENDED_THREAD_INFORMATION* pesti = (SYSTEM_EXTENDED_THREAD_INFORMATION*)(pspri1 + 1);
  202.                 int threadindex = 0;
  203.                 while ((LPVOID)pesti < (LPVOID)newpspri1)
  204.                 {
  205.                         ++threadindex;
  206.                         cout << "\t内核态时间:" << pesti->ThreadInfo.KernelTime.QuadPart << endl;
  207.                         cout << "\t用户态时间:" << pesti->ThreadInfo.UserTime.QuadPart << endl;
  208.                         cout << "\t创建时间:" << pesti->ThreadInfo.CreateTime.QuadPart << endl;
  209.                         cout << "\t等待时间:" << pesti->ThreadInfo.WaitTime << endl;
  210.                         cout << "\t起始地址:" << hex << pesti->ThreadInfo.StartAddress << endl;
  211.                         cout << "\tUniqueProcess:" << hex << pesti->ThreadInfo.ClientId.UniqueProcess << endl;
  212.                         cout << "\tUniqueThread:" << hex << pesti->ThreadInfo.ClientId.UniqueThread << endl;
  213.                         cout << dec;
  214.                         cout << "\t优先级:" << pesti->ThreadInfo.Priority << endl;
  215.                         cout << "\t基础优先级:" << pesti->ThreadInfo.BasePriority << endl;
  216.                         cout << "\t模式切换次数:" << pesti->ThreadInfo.ContextSwitches << endl;
  217.                         cout << "\t线程状态:" << pesti->ThreadInfo.ThreadState << endl;
  218.                         cout << "\t等待原因:" << pesti->ThreadInfo.WaitReason << endl;
  219.                         cout << "\t栈基址:" << hex << pesti->StackBase << endl;
  220.                         cout << "\t栈范围:" << hex << pesti->StackLimit << endl;
  221.                         cout << "\tWin32StartAddress" << hex << pesti->Win32StartAddress << endl;
  222.                         cout << dec;
  223.                         pesti++;
  224.                 }
  225.                 pspri1 = newpspri1;
  226.         } while (pspri1->NextEntryOffset);
  227. }

  228. void GetSystemRecommendedSharedDataAlignment(ULONG* data)//58
  229. {
  230.         cout << "\t\t`58 SystemRecommendedSharedDataAlignment" << endl;
  231.         cout << *data << endl;
  232. }

  233. void GetSystemComPlusPackage(ULONG* data)//59
  234. {
  235.         cout << "\t\t 59 SystemComPlusPackage" << endl;
  236.         cout << *data << endl;
  237. }

  238. void GetSystemNumaAvailableMemory(SYSTEM_NUMA_INFORMATION* psni)//60
  239. {
  240.         cout << "\t\t60 SystemNumaAvailableMemory" << endl;
  241.         printseg(psni->HighestNodeNumber);
  242.         for (int i = 0; i < MAXIMUM_NUMA_NODES; i++)
  243.         {
  244.                 cout << "\tActiveProcessorsAffinityMask" << i << psni->ActiveProcessorsAffinityMask[i] << endl;
  245.                 cout << "\tAvailableMemory" << i << psni->AvailableMemory[i] << endl;
  246.         }
  247. }

  248. void GetSystemProcessorPowerInformation(SYSTEM_PROCESSOR_POWER_INFORMATION* psppi)//61
  249. {
  250.         cout << "\t\t61 SystemProcessorPowerInformation" << endl;
  251.         printseg((int)psppi->CurrentFrequency);
  252.         printseg((int)psppi->ThermalLimitFrequency);
  253.         printseg((int)psppi->ConstantThrottleFrequency);
  254.         printseg((int)psppi->DegradedThrottleFrequency);
  255.         printseg((int)psppi->LastBusyFrequency);
  256.         printseg((int)psppi->LastC3Frequency);
  257.         printseg((int)psppi->LastAdjustedBusyFrequency);
  258.         printseg((int)psppi->ProcessorMinThrottle);
  259.         printseg((int)psppi->ProcessorMaxThrottle);
  260.         printseg(psppi->NumberOfFrequencies);
  261.         printseg(psppi->PromotionCount);
  262.         printseg(psppi->DemotionCount);
  263.         printseg(psppi->ErrorCount);
  264.         printseg(psppi->RetryCount);
  265.         printseg(psppi->CurrentFrequencyTime);
  266.         printseg(psppi->CurrentProcessorTime);
  267.         printseg(psppi->CurrentProcessorIdleTime);
  268.         printseg(psppi->LastProcessorTime);
  269.         printseg(psppi->LastProcessorIdleTime);
  270. }

  271. void GetSystemEmulationBasicInformation(SYSTEM_BASIC_INFORMATION* psbi)//62
  272. {
  273.         cout << "\t\t62 SystemEmulationBasicInformation" << endl;
  274.         cout << "\t时间解析度ms:" << psbi->TimerResolution << endl;
  275.         cout << "\t物理页大小:" << psbi->PageSize << endl;
  276.         cout << "\t物理页个数:" << psbi->NumberOfPhysicalPages << endl;
  277.         cout << "\t最小物理页个数:" << psbi->LowestPhysicalPageNumber << endl;
  278.         cout << "\t最大物理页个数:" << psbi->HighestPhysicalPageNumber << endl;
  279.         cout << "\t逻辑页大小:" << psbi->AllocationGranularity << endl;
  280.         cout << "\t最小用户地址:" << psbi->MinimumUserModeAddress << endl;
  281.         cout << "\t最大用户地址:" << psbi->MaximumUserModeAddress << endl;
  282.         cout << "\t处理器个数:" << (int)psbi->NumberOfProcessors << endl;
  283. }

  284. void GetSystemEmulationProcessorInformation(SYSTEM_PROCESSOR_INFORMATION* pspri)//63
  285. {
  286.         cout << "\t\t63 SystemEmulationProcessorInformation" << endl;
  287.         switch (pspri->ProcessorArchitecture)
  288.         {
  289.         case PROCESSOR_ARCHITECTURE_INTEL:
  290.                 cout << "\tINTEL ";
  291.                 if (pspri->ProcessorLevel == 3)
  292.                         cout << "386 ";
  293.                 else if (pspri->ProcessorLevel == 4)
  294.                         cout << "486 ";
  295.                 else if (pspri->ProcessorLevel == 5)
  296.                         cout << "586 or Pentium ";
  297.                 break;
  298.         case PROCESSOR_ARCHITECTURE_IA64:
  299.                 cout << "IA64 ";
  300.                 if (pspri->ProcessorLevel == 7)
  301.                         cout << "Itanium ";
  302.                 else if (pspri->ProcessorLevel == 31)
  303.                         cout << "Itanium 2 ";
  304.                 break;
  305.         }
  306.         cout << pspri->ProcessorRevision << " " << pspri->ProcessorFeatureBits << endl;
  307. }

  308. //64 SystemExtendedHandleInformation
  309. //65 SystemLostDelayedWriteInformation
  310. void GetSystemBigPoolInformation(SYSTEM_BIGPOOL_INFORMATION* psbi)//66
  311. {
  312.         cout << "\t\t63 SystemEmulationProcessorInformation" << endl;
  313.         for (int i = 0; i < psbi->Count; i++)
  314.         {
  315.                 cout << hex << "\tVirutalAddress:" << psbi->AllocatedInfo[i].VirtualAddress;
  316.                 cout << dec;
  317.                 cout << "\tSizeInBytes:" << psbi->AllocatedInfo[i].SizeInBytes;
  318.                 cout << "\tTagUlong:" << psbi->AllocatedInfo[i].TagUlong << endl;
  319.         }
  320. }

  321. void GetSystemSessionPoolTagInformation(SYSTEM_SESSION_PROCESS_INFORMATION* psspi)//67
  322. {
  323.         cout << "\t\t67 SystemSessionPoolTagInformation" << endl;
  324.         printseg(psspi->SessionId);
  325.         printseg(psspi->SizeOfBuf);
  326. }

  327. void GetSystemSessionMappedViewInformation(SYSTEM_SESSION_MAPPED_VIEW_INFORMATION* pssmvi)//68
  328. {
  329.         cout << "\t\t68 SystemSessionMappedViewInformation" << endl;
  330.         SIZE_T nextoffset = 0;
  331.         do
  332.         {
  333.                 pssmvi = (SYSTEM_SESSION_MAPPED_VIEW_INFORMATION*)((BYTE*)pssmvi + (pssmvi->NextEntryOffset));
  334.         } while (nextoffset);
  335. }

  336. //69 SystemHotpatchInformation

  337. void GetSystemObjectSecurityMode(ULONG* data)//70
  338. {
  339.         cout << "\t\t69 SystemObjectSecurityMode" << endl;
  340.         cout << *data << endl;
  341. }

  342. void GetSystemWatchdogTimerHandler(SYSTEM_WATCHDOG_HANDLER_INFORMATION* pswhi)//71
  343. {
  344. }

  345. void GetSystemWatchdogTimerInformation(SYSTEM_WATCHDOG_TIMER_INFORMATION* pswti)//72
  346. {
  347. }

  348. void GetSystemLogicalProcessorInformation(SYSTEM_LOGICAL_PROCESSOR_INFORMATION* pslpi)//73
  349. {
  350.         cout << "\t\t73 SystemLogicalProcessorInformation" << endl;
  351. }

  352. //74 SystemWow64SharedInformation
  353. void GetSystemRegisterFirmwareTableInformationHandler(SYSTEM_FIRMWARE_TABLE_HANDLER* psfth)//75
  354. {
  355.         cout << "\t\t75 SystemRegisterFirmwareTableInformationHandler" << endl;
  356. }

  357. void GetSystemFirmwareTableInformation(SYSTEM_FIRMWARE_TABLE_HANDLER* psfth)//76
  358. {
  359.         cout << "\t\t76 SystemFirmwareTableInformation" << endl;
  360. }

  361. // void GetSystemExtendedHandleInformation(SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX* pshteie)
  362. // {
  363. //         cout << "\t\t64 SystemExtendedHandleInformation" << endl;
  364. //         for (int i = 0; i < pshteie->NumberOfHandles; i++)
  365. //         {
  366. //                 cout << "\t" << i + 1 << endl;
  367. //                 cout << "\tUniqueProcessId:" << (int)pshteie->Handles[i].UniqueProcessId << endl;
  368. //                 cout << "\tCreatorBackTraceIndex:" << (int)pshteie->Handles[i].CreatorBackTraceIndex << endl;
  369. //                 cout << "\tObjectTypeIndex:" << (int)pshteie->Handles[i].ObjectTypeIndex << endl;
  370. //                 cout << "\tHandleAttributes:" << (int)pshteie->Handles[i].HandleAttributes << endl;
  371. //                 cout << "\tHandleValue:" << (int)pshteie->Handles[i].HandleValue << endl;
  372. //                 cout << "\tObject:" << hex << (int)pshteie->Handles[i].Object << endl;
  373. //                 cout << "\tGrantedAccess:" << hex << (int)pshteie->Handles[i].GrantedAccess << endl;
  374. //         }
  375. // }

  376. //77 SystemModuleInformationEx
  377. //78 SystemVerifierTriageInformation
  378. //79 SystemSuperfetchInformation
  379. //80 SystemMemoryListInformation

  380. void GetSystemFileCacheInformationEx(SYSTEM_FILECACHE_INFORMATION* psfci)//81
  381. {
  382.         cout << "\t\t81 SystemFileCacheInformationEx" << endl;
  383.         printseg(psfci->CurrentSize);
  384.         printseg(psfci->PeakSize);
  385.         printseg(psfci->PageFaultCount);
  386.         printseg(psfci->MinimumWorkingSet);
  387.         printseg(psfci->MaximumWorkingSet);
  388.         printseg(psfci->CurrentSizeIncludingTransitionInPages);
  389.         printseg(psfci->PeakSizeIncludingTransitionInPages);
  390.         printseg(psfci->TransitionRePurposeCount);
  391.         printseg(psfci->Flags);
  392. }

  393. #define do(x) GetInformationTemplate(x,Get##x)

  394. void main()
  395. {
  396. //         do(SystemBasicInformation);//0
  397. //         do(SystemProcessorInformation);//1
  398. //         do(SystemPerformanceInformation);//2
  399. //         do(SystemTimeOfDayInformation);//3
  400. //        do(SystemPathInformation);//4
  401. //         do(SystemProcessInformation);//5
  402. //         do(SystemCallCountInformation);//6
  403. //         do(SystemDeviceInformation);//7
  404. //         do(SystemProcessorPerformanceInformation);//8
  405. //         do(SystemFlagsInformation);//9
  406. //        do(SystemCallTimeInformation);//10
  407. //        do(SystemModuleInformation);//11
  408. //        do(SystemLocksInformation);//12
  409. //        do(SystemStackTraceInformation);//13
  410. //        do(SystemPagedPoolInformation);//14
  411. //        do(SystemNonPagedPoolInformation);//15
  412. //        do(SystemHandleInformation);//16
  413. //        do(SystemObjectInformation);//17
  414. //        do(SystemPageFileInformation);//18
  415. //        do(SystemVdmInstemulInformation);//19
  416. //        do(SystemVdmBopInformation);//20
  417. //        do(SystemFileCacheInformatio);//21
  418. //         do(SystemPoolTagInformation);//22
  419. //         do(SystemInterruptInformation);//23
  420. //         do(SystemDpcBehaviorInformation);//24
  421. //         do(SystemFullMemoryInformation);//25
  422. //         do(SystemLoadGdiDriverInformation);//26
  423. //        do(SystemUnloadGdiDriverInformation);//27
  424. //        do(SystemTimeAdjustmentInformation);//28
  425. //        do(SystemSummaryMemoryInformation);//29
  426. //        do(SystemMirrorMemoryInformation);//30
  427. //        do(SystemPerformanceTraceInformation);//31
  428. //        do(SystemObsolete0);//32
  429. //        do(SystemExceptionInformation);//33
  430. //        do(SystemCrashDumpStateInformation);//34
  431. //         do(SystemKernelDebuggerInformation);//35
  432. //         do(SystemContextSwitchInformation);//36
  433. //         do(SystemRegistryQuotaInformation);//37
  434. //        do(SystemExtendServiceTableInformation);//38
  435. //        do(SystemPrioritySeperation);//39
  436. //        do(SystemVerifierAddDriverInformation);//40
  437. //        do(SystemVerifierRemoveDriverInformation);//41
  438. //        do(SystemProcessorIdleInformation);//42
  439. //        do(SystemLegacyDriverInformation);//43
  440. //        do(SystemCurrentTimeZoneInformation);//44
  441. //        do(SystemLookasideInformation);//45
  442. //        do(SystemTimeSlipNotification);//46
  443. //        do(SystemSessionCreate);//47
  444. //        do(SystemSessionDetach);//48
  445. //        do(SystemSessionInformation);//49
  446. //        do(SystemRangeStartInformation);//50
  447. //        do(SystemVerifierInformation);//51
  448. //        do(SystemVerifierThunkExtend);//52
  449. //        do(SystemSessionProcessInformation);//53
  450. //        do(SystemLoadGdiDriverInSystemSpace);//54
  451. //        do(SystemNumaProcessorMap);//55
  452. //        do(SystemPrefetcherInformation);//56
  453. //        do(SystemExtendedProcessInformation);//57
  454. //         do(SystemRecommendedSharedDataAlignment);//58
  455. //         do(SystemComPlusPackage);//59
  456. //         do(SystemNumaAvailableMemory);//60
  457. //         do(SystemProcessorPowerInformation);//61
  458. //         do(SystemEmulationBasicInformation);//62
  459. //         do(SystemEmulationProcessorInformation);//63
  460. //        do(SystemExtendedHandleInformation);//64
  461. //        do(SystemLostDelayedWriteInformation);//65
  462. //        do(SystemBigPoolInformation);//66
  463. //        do(SystemSessionPoolTagInformation);//67
  464. //        do(SystemSessionMappedViewInformation);//68
  465. //        do(SystemHotpatchInformation);//69
  466. //         do(SystemObjectSecurityMode);//70
  467. //         do(SystemWatchdogTimerHandler);//71
  468. //         do(SystemWatchdogTimerInformation);//72
  469. //         do(SystemLogicalProcessorInformation);//73
  470. //        do(SystemWow64SharedInformation);//74
  471. //        do(SystemRegisterFirmwareTableInformationHandler);//75
  472. //        do(SystemFirmwareTableInformation);//76
  473. //        do(SystemModuleInformationEx);//77
  474. //        do(SystemBigPoolInformation);//78
  475. //        do(SystemSessionPoolTagInformation);//79
  476. //        do(SystemSessionMappedViewInformation);//80
  477. //        do(SystemHotpatchInformation);//81
  478. //         do(SystemObjectSecurityMode);//82
  479. //         do(SystemWatchdogTimerHandler);//82
  480. //         do(SystemWatchdogTimerInformation);//83
  481.         do(SystemLogicalProcessorInformation);//84
  482. //        do(SystemWow64SharedInformation);//85
  483. //         do(SystemRegisterFirmwareTableInformationHandler);//86
  484. //         do(SystemFirmwareTableInformation);//87
  485. //        do(SystemModuleInformationEx);//88
  486. //        do(SystemVerifierTriageInformation);//89
  487. //        do(SystemSuperfetchInformation);//90
  488. //        do(SystemMemoryListInformation);//91
  489. //        do(SystemFileCacheInformationEx);//92
  490. }
复制代码
回复 赞! 靠!

使用道具 举报

0

主题

10

回帖

64

积分

用户组: 小·技术宅

UID
914
精华
0
威望
0 点
宅币
54 个
贡献
0 次
宅之契约
0 份
在线时间
6 小时
注册时间
2015-6-15
发表于 2015-7-21 17:33:32 | 显示全部楼层
下载了 赞一个
回复 赞! 靠!

使用道具 举报

QQ|Archiver|小黑屋|技术宅的结界 ( 滇ICP备16008837号 )|网站地图

GMT+8, 2024-3-29 01:13 , Processed in 0.047131 second(s), 35 queries , Gzip On.

Powered by Discuz! X3.5

© 2001-2024 Discuz! Team.

快速回复 返回顶部 返回列表