;Native API乃Windows用戶模式中為上層Win32 API提供接口的本機系統服務。平常我們總是調用MS為我們提供的公用的Win32 API函數來實現來實現我們系統的功能。今天我們要談的是如何通過本機系統服務(Native API）來探測本機系統信息。當然，微軟沒有為我們提供關于本機系統服務的文檔 (Undocumented)，也就是不會為對它的使用提供任何的保證，所以我們不提倡使用Native API來開發軟件。不過在特殊情況下，本機系統服務卻為我們提供了通向“秘密”的捷徑。本文提到的信息僅在Windows2000/XP/2003上測試過。

今天，我們主要討論的是一個函數NtQuerySystemInformation(ZwQuerySystemInformation)。當然，你不要小看這么一個函數，它卻為我們提供了豐富的系統信息，同時還包括對某些信息的控制和設置。以下是這個函數的原型：

typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION) (IN; SYSTEM_INFORMATION_CLASS SystemInformationClass,IN OUT; PVOIDSystemInformation,IN; ULONGSystemInformationLength,OUT PULONGReturnLength; OPTIONAL)；NTQUERYSYSTEMINFORMATION NtQuerySystemInformation；

從中可以看到，SystemInformationClass是一個類型信息，它大概提供了50余種信息，也就是我們可以通過這個函數對大約50多種的系統信息進行探測或設置。SystemInformation是一個LPVOID型的指針，它為我們提供需要獲得的信息，或是我們需要設置的系統信息。SystemInformationLength是SystemInformation的長度，它根據探測的信息類型來決定。至于ReturnLength則是系統返回的需要的長度，通?？梢栽O置為空指針(NULL)。

首先，我們來看看大家比較熟悉的系統進程/線程相關的信息。這個題目在網上已經討論了N多年了，所以我就不在老生常談了，呵呵。那么就提出這個結構類型的定義：

typedef struct _SYSTEM_PROCESSES{ULONG; NextEntryDelta；; //構成結構序列的偏移量；ULONG; ThreadCount； //線程數目；ULONG; Reserved1[6]；LARGE_INTEGER; CreateTime；; //創建時間；LARGE_INTEGER; UserTime；//用戶模式(Ring 3)的CPU時間；LARGE_INTEGER; KernelTime；; //內核模式(Ring 0)的CPU時間；UNICODE_STRING ProcessName； //進程名稱；KPRIORITY; BasePriority；//進程優先權；ULONG; ProcessId；//進程標識符；ULONG; InheritedFromProcessId；; //父進程的標識符；ULONG; HandleCount； //句柄數目；ULONG; Reserved2[2]；VM_COUNTERSVmCounters；; //虛擬存儲器的結構，見下；IO_COUNTERSIoCounters；; //IO計數結構，見下；SYSTEM_THREADS Threads[1]；; //進程相關線程的結構數組，見下；}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES；

typedef struct _SYSTEM_THREADS{LARGE_INTEGER KernelTime；//CPU內核模式使用時間；LARGE_INTEGER UserTime； //CPU用戶模式使用時間；LARGE_INTEGER CreateTime；//線程創建時間；ULONG WaitTime； //等待時間；PVOID StartAddress； //線程開始的虛擬地址；CLIENT_ID ClientId； //線程標識符；KPRIORITY Priority； //線程優先級；KPRIORITY BasePriority； //基本優先級；ULONG ContextSwitchCount；//環境切換數目；THREAD_STATE; State；//當前狀態；KWAIT_REASON; WaitReason；//等待原因；}SYSTEM_THREADS,*PSYSTEM_THREADS；

typedef struct _VM_COUNTERS{ULONG PeakVirtualSize；; //虛擬存儲峰值大小；ULONG VirtualSize；; //虛擬存儲大小；ULONG PageFaultCount；//頁故障數目；ULONG PeakWorkingSetSize；//工作集峰值大??；ULONG WorkingSetSize；//工作集大??；ULONG QuotaPeakPagedPoolUsage；; //分頁池使用配額峰值；ULONG QuotaPagedPoolUsage；; //分頁池使用配額；ULONG QuotaPeakNonPagedPoolUsage；//非分頁池使用配額峰值；ULONG QuotaNonPagedPoolUsage；//非分頁池使用配額；ULONG PagefileUsage；//頁文件使用情況；ULONG PeakPagefileUsage；//頁文件使用峰值；}VM_COUNTERS,*PVM_COUNTERS；

typedef struct _IO_COUNTERS{LARGE_INTEGER ReadOperationCount；//I/O讀操作數目；LARGE_INTEGER WriteOperationCount；; //I/O寫操作數目；LARGE_INTEGER OtherOperationCount；; //I/O其他操作數目；LARGE_INTEGER ReadTransferCount；//I/O讀數據數目；LARGE_INTEGER WriteTransferCount；//I/O寫數據數目；LARGE_INTEGER OtherTransferCount；//I/O其他操作數據數目；}IO_COUNTERS,*PIO_COUNTERS；

以上這些信息應該是比較全面的了，在Win32 API里為我們提供了PSAPI(進程狀態)和ToolHelp32這兩種探測系統進程/線程信息的方式，在Windows2K/XP/2003都支持它們。

現在，我們來看看系統的性能信息，性能結構SYSTEM_PERFORMANCE_INFORMATION為我們提供了70余種系統性能方面的信息，真是太豐富了，請慢慢體會~

typedef struct _SYSTEM_PERFORMANCE_INFORMATION{LARGE_INTEGER; IdleTime；//CPU空閑時間；LARGE_INTEGER; ReadTransferCount；//I/O讀操作數目；LARGE_INTEGER; WriteTransferCount；; //I/O寫操作數目；LARGE_INTEGER; OtherTransferCount；; //I/O其他操作數目；ULONG; ReadOperationCount；; //I/O讀數據數目；ULONG; WriteOperationCount； //I/O寫數據數目；ULONG; OtherOperationCount； //I/O其他操作數據數目；ULONG; AvailablePages；; //可獲得的頁數目；ULONG; TotalCommittedPages； //總共提交頁數目；ULONG; TotalCommitLimit；//已提交頁數目；ULONG; PeakCommitment；; //頁提交峰值；ULONG; PageFaults；; //頁故障數目；ULONG; WriteCopyFaults； //Copy-On-Write故障數目；ULONG; TransitionFaults；//軟頁故障數目；ULONG; Reserved1；ULONG; DemandZeroFaults；//需求0故障數；ULONG; PagesRead；//讀頁數目；ULONG; PageReadIos； //讀頁I/O操作數；ULONG; Reserved2[2]；ULONG; PagefilePagesWritten；//已寫頁文件頁數；ULONG; PagefilePageWriteIos；//已寫頁文件操作數；ULONG; MappedFilePagesWritten；; //已寫映射文件頁數；ULONG; MappedFileWriteIos；; //已寫映射文件操作數；ULONG; PagedPoolUsage；; //分頁池使用；ULONG; NonPagedPoolUsage；//非分頁池使用；ULONG; PagedPoolAllocs； //分頁池分配情況；ULONG; PagedPoolFrees；; //分頁池釋放情況；ULONG; NonPagedPoolAllocs；; //非分頁池分配情況；ULONG; NonPagedPoolFress；//非分頁池釋放情況；ULONG; TotalFreeSystemPtes； //系統頁表項釋放總數；ULONG; SystemCodePage；; //操作系統代碼頁數；ULONG; TotalSystemDriverPages；; //可分頁驅動程序頁數；ULONG; TotalSystemCodePages；//操作系統代碼頁總數；ULONG; SmallNonPagedLookasideListAllocateHits； //小非分頁側視列表分配次數；ULONG; SmallPagedLookasideListAllocateHits；//小分頁側視列表分配次數；ULONG; Reserved3；ULONG; MmSystemCachePage；; //系統緩存頁數；ULONG; PagedPoolPage；; //分頁池頁數；ULONG; SystemDriverPage；//可分頁驅動頁數；ULONG; FastReadNoWait； //異步快速讀數目；ULONG; FastReadWait；//同步快速讀數目；ULONG; FastReadResourceMiss；//快速讀資源沖突數；ULONG; FastReadNotPossible；//快速讀失敗數；ULONG; FastMdlReadNoWait；; //異步MDL快速讀數目；ULONG; FastMdlReadWait；//同步MDL快速讀數目；ULONG; FastMdlReadResourceMiss；//MDL讀資源沖突數；ULONG; FastMdlReadNotPossible； //MDL讀失敗數；ULONG; MapDataNoWait；; //異步映射數據次數；ULONG; MapDataWait；//同步映射數據次數；ULONG; MapDataNoWaitMiss；; //異步映射數據沖突次數；ULONG; MapDataWaitMiss；//同步映射數據沖突次數；ULONG; PinMappedDataCount； //牽制映射數據數目；ULONG; PinReadNoWait；; //牽制異步讀數目；ULONG; PinReadWait；//牽制同步讀數目；ULONG; PinReadNoWaitMiss；; //牽制異步讀沖突數目；ULONG; PinReadWaitMiss；//牽制同步讀沖突數目；ULONG; CopyReadNoWait； //異步拷貝讀次數；ULONG; CopyReadWait；//同步拷貝讀次數；ULONG; CopyReadNoWaitMiss； //異步拷貝讀故障次數；ULONG; CopyReadWaitMiss；//同步拷貝讀故障次數；ULONG; MdlReadNoWait；; //異步MDL讀次數；ULONG; MdlReadWait；//同步MDL讀次數；ULONG; MdlReadNoWaitMiss；; //異步MDL讀故障次數；ULONG; MdlReadWaitMiss；//同步MDL讀故障次數；ULONG; ReadAheadIos；//向前讀操作數目；ULONG; LazyWriteIos；//LAZY寫操作數目；ULONG; LazyWritePages； //LAZY寫頁文件數目；ULONG; DataFlushes；//緩存刷新次數；ULONG; DataPages；; //緩存刷新頁數；ULONG; ContextSwitches；//環境切換數目；ULONG; FirstLevelTbFills；; //第一層緩沖區填充次數；ULONG; SecondLevelTbFills； //第二層緩沖區填充次數；ULONG; SystemCall； //系統調用次數；}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION；

現在看到的是結構SYSTEM_PROCESSOR_TIMES提供的系統處理器的使用情況，包括各種情況下的使用時間及中斷數目：

typedef struct __SYSTEM_PROCESSOR_TIMES{LARGE_INTEGER IdleTime；//空閑時間；LARGE_INTEGER KernelTime； //內核模式時間；LARGE_INTEGER UserTime；//用戶模式時間；LARGE_INTEGER DpcTime；//延遲過程調用時間；LARGE_INTEGER InterruptTime；; //中斷時間；ULONG InterruptCount； //中斷次數；}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES；

頁文件的使用情況，SYSTEM_PAGEFILE_INFORMATION提供了所需的相關信息：

typedef struct _SYSTEM_PAGEFILE_INFORMATION{ULONG NetxEntryOffset；//下一個結構的偏移量；ULONG CurrentSize；//當前頁文件大??；ULONG TotalUsed；; //當前使用的頁文件數；ULONG PeakUsed；//當前使用的頁文件峰值數；UNICODE_STRING FileName；; //頁文件的文件名稱；}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION；

系統高速緩存的使用情況參見結構SYSTEM_CACHE_INFORMATION提供的信息：

typedef struct _SYSTEM_CACHE_INFORMATION{ULONG SystemCacheWsSize；; //高速緩存大??；ULONG SystemCacheWsPeakSize；; //高速緩存峰值大??；ULONG SystemCacheWsFaults；//高速緩存頁故障數目；ULONG SystemCacheWsMinimum；//高速緩存最小頁大小；ULONG SystemCacheWsMaximum；//高速緩存最大頁大??；ULONG TransitionSharedPages；; //共享頁數目；ULONG TransitionSharedPagesPeak；; //共享頁峰值數目；ULONG Reserved[2]；}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION；

附錄：(所有完整源代碼，您可以到我們FZ5FZ的主頁下載)。

1.T-PMList的頭文件源代碼：

#ifndef T_PMLIST_H#define T_PMLIST_H

#include <windows.h>#include <stdio.h>

#define NT_PROCESSTHREAD_INFO0x05#define MAX_INFO_BUF_LEN 0x500000#define STATUS_SUCCESS((NTSTATUS)0x00000000L)#define STATUS_INFO_LENGTH_MISMATCH; ((NTSTATUS)0xC0000004L)

typedef LONG NTSTATUS；

typedef struct _LSA_UNICODE_STRING{USHORT; Length；USHORT; MaximumLength；PWSTRBuffer；}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING；typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING；

typedef struct _CLIENT_ID{HANDLE UniqueProcess；HANDLE UniqueThread；}CLIENT_ID；typedef CLIENT_ID *PCLIENT_ID；

typedef LONG KPRIORITY；

typedef struct _VM_COUNTERS{ULONG PeakVirtualSize；ULONG VirtualSize；ULONG PageFaultCount；ULONG PeakWorkingSetSize；ULONG WorkingSetSize；ULONG QuotaPeakPagedPoolUsage；ULONG QuotaPagedPoolUsage；ULONG QuotaPeakNonPagedPoolUsage；ULONG QuotaNonPagedPoolUsage；ULONG PagefileUsage；ULONG PeakPagefileUsage；}VM_COUNTERS,*PVM_COUNTERS；

typedef struct _IO_COUNTERS{LARGE_INTEGER ReadOperationCount；LARGE_INTEGER WriteOperationCount；LARGE_INTEGER OtherOperationCount；LARGE_INTEGER ReadTransferCount；LARGE_INTEGER WriteTransferCount；LARGE_INTEGER OtherTransferCount；}IO_COUNTERS,*PIO_COUNTERS；

typedef enum _THREAD_STATE{StateInitialized,StateReady,StateRunning,StateStandby,StateTerminated,StateWait,StateTransition,StateUnknown}THREAD_STATE；

typedef enum _KWAIT_REASON{Executive,FreePage,PageIn,PoolAllocation,DelayExecution,Suspended,UserRequest,WrExecutive,WrFreePage,WrPageIn,WrPoolAllocation,WrDelayExecution,WrSuspended,WrUserRequest,WrEventPair,WrQueue,WrLpcReceive,WrLpcReply,WrVertualMemory,WrPageOut,WrRendezvous,Spare2,Spare3,Spare4,Spare5,Spare6,WrKernel}KWAIT_REASON；

typedef struct _SYSTEM_THREADS{LARGE_INTEGER KernelTime；LARGE_INTEGER UserTime；LARGE_INTEGER CreateTime；ULONG WaitTime；PVOID StartAddress；CLIENT_ID ClientId；KPRIORITY Priority；KPRIORITY BasePriority；ULONG ContextSwitchCount；THREAD_STATE; State；KWAIT_REASON; WaitReason；}SYSTEM_THREADS,*PSYSTEM_THREADS；

typedef struct _SYSTEM_PROCESSES{ULONG; NextEntryDelta；ULONG; ThreadCount；ULONG; Reserved1[6]；LARGE_INTEGER; CreateTime；LARGE_INTEGER; UserTime；LARGE_INTEGER; KernelTime；UNICODE_STRING ProcessName；KPRIORITY; BasePriority；ULONG; ProcessId；ULONG; InheritedFromProcessId；ULONG; HandleCount；ULONG; Reserved2[2]；VM_COUNTERSVmCounters；IO_COUNTERSIoCounters；SYSTEM_THREADS Threads[1]；}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES；

typedef DWordSYSTEM_INFORMATION_CLASS；typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS,IN OUT PVOID,IN ULONG,OUTPULONG OPTIONAL)；NTQUERYSYSTEMINFORMATION NtQuerySystemInformation；

DWORD EnumProcess(){PSYSTEM_PROCESSES; pSystemProc；HMODULEhNtDll = NULL；LPVOID lpSystemInfo= NULL；DWORD; dwNumberBytes; = MAX_INFO_BUF_LEN；DWORD; dwTotalProcess = 0；DWORD; dwReturnLength；NTSTATUSStatus； LONGLONGllTempTime；

__try{hNtDll = LoadLibrary('NtDll.dll')；if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError())；__leave；}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProCADdress(hNtDll,'NtQuerySystemInformation')；; if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

lpSystemInfo = (LPVOID)malloc(dwNumberBytes)；Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,lpSystemInfo,dwNumberBytes,&dwReturnLength)；if(Status == STATUS_INFO_LENGTH_MISMATCH){printf('STATUS_INFO_LENGTH_MISMATCHn')；__leave；}else if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

printf('%-20s%6s%7s%8s%6s%7s%7s%13sn','ProcessName','PID','PPID','WsSize','Prio.','Thread','Handle','CPU Time')；printf('--------------------------------------------------------------------------n')；pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo；while(pSystemProc->NextEntryDelta != 0){if(pSystemProc->ProcessId != 0){wprintf(L'%-20s',pSystemProc->ProcessName.Buffer)；}else{wprintf(L'%-20s',L'System Idle Process')；}printf('%6d',pSystemProc->ProcessId)；printf('%7d',pSystemProc->InheritedFromProcessId)；printf('%7dK',pSystemProc->VmCounters.WorkingSetSize/1024)；printf('%6d',pSystemProc->BasePriority)；printf('%7d',pSystemProc->ThreadCount)；printf('%7d',pSystemProc->HandleCount)；llTempTime; = pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart；llTempTime /= 10000；printf('%3d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3d',llTempTime)；

printf('n')；dwTotalProcess ++；pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta)；}printf('--------------------------------------------------------------------------n')；printf('nTotal %d Process(es) !nn',dwTotalProcess)；printf('PIDt ==> Process Identificationn')；printf('PPIDt ==> Parent Process Identificationn')；printf('WsSizet ==> Working Set Sizen')；printf('Prio.t ==> Base Priorityn')；printf('Threadt ==> Thread Countn')；printf('Handlet ==> Handle Countn')；printf('CPU Time ==> Processor Timen')；}__finally{if(lpSystemInfo != NULL){free(lpSystemInfo)；}if(hNtDll != NULL){FreeLibrary(hNtDll)；}}

return 0；}

DWORD SpeciProcess(DWORD dwPID){PSYSTEM_PROCESSES; pSystemProc= NULL；PSYSTEM_THREADSpSystemThre= NULL；; HMODULEhNtDll = NULL；LPVOID lpSystemInfo= NULL；DWORD; dwNumberBytes; = MAX_INFO_BUF_LEN；DWORD; dwTotalProcess = 0；DWORD; dwReturnLength；NTSTATUSStatus； LONGLONGllTempTime；ULONG; ulIndex；

__try{hNtDll = LoadLibrary('NtDll.dll')；if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError())； __leave；}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation')； if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

lpSystemInfo = (LPVOID)malloc(dwNumberBytes)；Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO,lpSystemInfo,dwNumberBytes,&dwReturnLength)；if(Status == STATUS_INFO_LENGTH_MISMATCH){printf('STATUS_INFO_LENGTH_MISMATCHn')；__leave；}else if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo；while(pSystemProc->NextEntryDelta != 0){if(pSystemProc->ProcessId == dwPID){printf('ProcessName:tt ')；if(pSystemProc->ProcessId != 0){wprintf(L'%-20sn',pSystemProc->ProcessName.Buffer)；}else{wprintf(L'%-20sn',L'System Idle Process')；}printf('ProcessID:tt %dtt',pSystemProc->ProcessId)；printf('ParentProcessID:t%dn',pSystemProc->InheritedFromProcessId)；

printf('KernelTime:tt ')；llTempTime; = pSystemProc->KernelTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dt',llTempTime)；

printf('UserTime:tt')；llTempTime; = pSystemProc->UserTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('Privilege:tt %d%%tt',(pSystemProc->KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart))；printf('User:ttt%d%%n',(pSystemProc->UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart))；

printf('ThreadCount:tt %dtt',pSystemProc->ThreadCount)；printf('HandleCount:tt%dn',pSystemProc->HandleCount)；

printf('BasePriority:tt %-2dtt',pSystemProc->BasePriority)；printf('PageFaultCount:tt%dnn',pSystemProc->VmCounters.PageFaultCount)；

printf('PeakWorkingSetSize(K):t %-8dt',pSystemProc->VmCounters.PeakWorkingSetSize/1024)；printf('WorkingSetSize(K):t%-8dn',pSystemProc->VmCounters.WorkingSetSize/1024)；

printf('PeakPagedPool(K):t %-8dt',pSystemProc->VmCounters.QuotaPeakPagedPoolUsage/1024)；printf('PagedPool(K):tt%-8dn',pSystemProc->VmCounters.QuotaPagedPoolUsage/1024)；

printf('PeakNonPagedPook(K):t %-8dt',pSystemProc->VmCounters.QuotaPeakNonPagedPoolUsage/1024)；printf('NonePagedPook(K):t%-8dn',pSystemProc->VmCounters.QuotaNonPagedPoolUsage/1024)；

printf('PeakPagefile(K):t %-8dt',pSystemProc->VmCounters.PeakPagefileUsage/1024)；printf('Pagefile(K):tt%-8dn',pSystemProc->VmCounters.PagefileUsage/1024)；

printf('PeakVirtualSize(K):t %-8dt',pSystemProc->VmCounters.PeakVirtualSize/1024)；printf('VirtualSize(K):tt%-8dnn',pSystemProc->VmCounters.VirtualSize/1024)；

printf('ReadTransfer:tt %-8dt',pSystemProc->IoCounters.ReadTransferCount)；printf('ReadOperationCount:t%-8dn',pSystemProc->IoCounters.ReadOperationCount)；

printf('WriteTransfer:tt %-8dt',pSystemProc->IoCounters.WriteTransferCount)；printf('WriteOperationCount:t%-8dn',pSystemProc->IoCounters.WriteOperationCount)；

printf('OtherTransfer:tt %-8dt',pSystemProc->IoCounters.OtherTransferCount)；printf('OtherOperationCount:t%-8dnn',pSystemProc->IoCounters.OtherOperationCount)；

printf('%-5s%3s%4s%5s%5s%11s%12s%12s%7s%6s%9sn','TID','Pri','BPr','Priv','User','KernelTime','UserTime','StartAddr','CSwitC','State','WtReason')；printf('-------------------------------------------------------------------------------n')；

for(ulIndex = 0； ulIndex < pSystemProc->ThreadCount； ulIndex++){pSystemThre = &pSystemProc->Threads[ulIndex]；printf('%-5d',pSystemProc->Threads[ulIndex].ClientId.UniqueThread)；

printf('%3d',pSystemProc->Threads[ulIndex].Priority)；printf('%4d',pSystemProc->Threads[ulIndex].BasePriority)；

printf('%4d%%',(pSystemProc->Threads[ulIndex].KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart))； printf('%4d%%',(pSystemProc->Threads[ulIndex].UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart))；

llTempTime; = pSystemProc->Threads[ulIndex].KernelTime.QuadPart；llTempTime /= 10000；printf('%2d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d.',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 100；printf('%.2d ',llTempTime)；

llTempTime; = pSystemProc->Threads[ulIndex].UserTime.QuadPart；llTempTime /= 10000；printf('%2d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d.',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 100；printf('%.2d ',llTempTime)；

printf(' 0x%.8X',pSystemProc->Threads[ulIndex].StartAddress)；printf('%7d',pSystemProc->Threads[ulIndex].ContextSwitchCount)；

switch(pSystemProc->Threads[ulIndex].State){case StateInitialized:printf('%6s','Init.')；break；case StateReady:printf('%6s','Ready')；break；case StateRunning:printf('%6s','Run')；break；case StateStandby:printf('%6s','StBy.')；break；case StateTerminated:printf('%6s','Term.')；break；case StateWait:printf('%6s','Wait')；break；case StateTransition:printf('%6s','Tran.')；break；case StateUnknown:printf('%6s','Unkn.')；break；default:printf('%6s','Unkn.')；break；}

switch(pSystemProc->Threads[ulIndex].WaitReason){case Executive:printf(' %-8s','Executi.')；break；case FreePage:printf(' %-8s','FreePag.')；break；case PageIn:printf(' %-8s','PageIn')；break；case PoolAllocation:printf(' %-8s','PoolAll.')；break；case DelayExecution:printf(' %-8s','DelayEx.')；break；case Suspended:printf(' %-8s','Suspend.')；break；case UserRequest:printf(' %-8s','UserReq.')；break；case WrExecutive:printf(' %-8s','WrExect.')；break；case WrFreePage:printf(' %-8s','WrFrePg.')；break；case WrPageIn:printf(' %-8s','WrPageIn')；break；case WrPoolAllocation:printf(' %-8s','WrPoolA.')；break；case WrSuspended:printf(' %-8s','WrSuspe.')；break；case WrUserRequest:printf(' %-8s','WrUsReq.')；break；case WrEventPair:printf(' %-8s','WrEvent.')；break；case WrQueue:printf(' %-8s','WrQueue')；break；case WrLpcReceive:printf(' %-8s','WrLpcRv.')；break；case WrLpcReply:printf(' %-8s','WrLpcRp.')；break；case WrVertualMemory:printf(' %-8s','WrVerMm.')；break；case WrPageOut:printf(' %-8s','WrPgOut.')；break；case WrRendezvous:printf(' %-8s','WrRende.')；break；case WrKernel:printf(' %-8s','WrKernel')；break；default:printf(' %-8s','Unknown')；break；}printf('n')；}printf('-------------------------------------------------------------------------------nn')；; printf('Total %d Thread(s) !nn',ulIndex)；

dwTotalProcess ++；break；}pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta)；}}__finally{if(dwTotalProcess == 0){printf('Could not found the %d Process !n',dwPID)；}else{printf('TID:tt====>tThread Identificationn')；printf('Pri:tt====>tPriorityn')；printf('BPr:tt====>tBase Priorityn')；printf('Priv:tt====>tPrivilegen')；printf('StartAddr:t====>tThread Start Addressn')；printf('CSwitC:tt====>tContext Switch Countn')；printf('WtReason:t====>tWait Reasonn')；}if(lpSystemInfo != NULL){free(lpSystemInfo)；}if(hNtDll != NULL){FreeLibrary(hNtDll)；}}

return 0；}

VOID Start(){printf('T-PMList, by TOo2yn')；printf('E-mail: [email protected]')；printf('HomePage: www.safechina.netn')；printf('Date: 05-10-2003nn')；return ；}

VOID Usage(){printf('Usage:tT-PMList; [-e] │ [-s PID]n')； printf('; -et; Enumerate All Processesn')；printf('; -s PID; Show Special Process Information with PIDnn')；return ；}

#endif

2.T-PMPerf的頭文件源代碼：

#ifndef T_PMPERF_H#define T_PMPERF_H

#include 'windows.h'#include 'stdio.h'

#define SYSTEM_PERF_INFO 0x02#define SYSTEM_PROC_TIME 0x08#define SYSTEM_PAGE_INFO 0x12#define SYSTEM_CACHE_INFO0x15#define MAX_INFO_BUF_LEN 0x500000#define STATUS_SUCCESS((NTSTATUS)0x00000000L)

typedef LONG; NTSTATUS；typedef DWORD SYSTEM_INFORMATION_CLASS；

typedef struct _LSA_UNICODE_STRING{USHORT; Length；USHORT; MaximumLength；PWSTRBuffer；}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING；typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING；

typedef struct _SYSTEM_PERFORMANCE_INFORMATION{LARGE_INTEGER; IdleTime；LARGE_INTEGER; ReadTransferCount；LARGE_INTEGER; WriteTransferCount；LARGE_INTEGER; OtherTransferCount；ULONG; ReadOperationCount；ULONG; WriteOperationCount；ULONG; OtherOperationCount；ULONG; AvailablePages；ULONG; TotalCommittedPages；ULONG; TotalCommitLimit；ULONG; PeakCommitment；ULONG; PageFaults；ULONG; WriteCopyFaults；ULONG; TransitionFaults；ULONG; Reserved1；ULONG; DemandZeroFaults；ULONG; PagesRead；ULONG; PageReadIos；ULONG; Reserved2[2]；ULONG; PagefilePagesWritten；ULONG; PagefilePageWriteIos；ULONG; MappedFilePagesWritten；ULONG; MappedFileWriteIos；ULONG; PagedPoolUsage；ULONG; NonPagedPoolUsage；ULONG; PagedPoolAllocs；ULONG; PagedPoolFrees；ULONG; NonPagedPoolAllocs；ULONG; NonPagedPoolFress；ULONG; TotalFreeSystemPtes；ULONG; SystemCodePage；ULONG; TotalSystemDriverPages；ULONG; TotalSystemCodePages；ULONG; SmallNonPagedLookasideListAllocateHits；ULONG; SmallPagedLookasideListAllocateHits；ULONG; Reserved3；ULONG; MmSystemCachePage；ULONG; PagedPoolPage；ULONG; SystemDriverPage；ULONG; FastReadNoWait；ULONG; FastReadWait；ULONG; FastReadResourceMiss；ULONG; FastReadNotPossible；ULONG; FastMdlReadNoWait；ULONG; FastMdlReadWait；ULONG; FastMdlReadResourceMiss；ULONG; FastMdlReadNotPossible；ULONG; MapDataNoWait；ULONG; MapDataWait；ULONG; MapDataNoWaitMiss；ULONG; MapDataWaitMiss；ULONG; PinMappedDataCount；ULONG; PinReadNoWait；ULONG; PinReadWait；ULONG; PinReadNoWaitMiss；ULONG; PinReadWaitMiss；ULONG; CopyReadNoWait；ULONG; CopyReadWait；ULONG; CopyReadNoWaitMiss；ULONG; CopyReadWaitMiss；ULONG; MdlReadNoWait；ULONG; MdlReadWait；ULONG; MdlReadNoWaitMiss；ULONG; MdlReadWaitMiss；ULONG; ReadAheadIos；ULONG; LazyWriteIos；ULONG; LazyWritePages；ULONG; DataFlushes；ULONG; DataPages；ULONG; ContextSwitches；ULONG; FirstLevelTbFills；ULONG; SecondLevelTbFills；ULONG; SystemCall；}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION；

typedef struct __SYSTEM_PROCESSOR_TIMES{LARGE_INTEGER IdleTime；LARGE_INTEGER KernelTime；LARGE_INTEGER UserTime；LARGE_INTEGER DpcTime；LARGE_INTEGER InterruptTime；ULONG InterruptCount；}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES；

typedef struct _SYSTEM_PAGEFILE_INFORMATION{ULONG NetxEntryOffset；ULONG CurrentSize；ULONG TotalUsed；ULONG PeakUsed；UNICODE_STRING FileName；}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION；

typedef struct _SYSTEM_CACHE_INFORMATION{ULONG SystemCacheWsSize；ULONG SystemCacheWsPeakSize；ULONG SystemCacheWsFaults；ULONG SystemCacheWsMinimum；ULONG SystemCacheWsMaximum；ULONG TransitionSharedPages；ULONG TransitionSharedPagesPeak；ULONG Reserved[2]；}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION；

typedef NTSTATUS (__stdcall * NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS,IN OUT PVOID,INTULONG,OUTPULONG OPTION)；NTQUERYSYSTEMINFORMATION NtQuerySystemInformation；

DWORD PerfInfo(){SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo；HMODULE hNtDll = NULL；DWORDdwNumberBytes；DWORDdwReturnLength；NTSTATUSStatus；LONGLONGllTempTime；

__try{hNtDll = LoadLibrary('NtDll.dll')；if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError())；; __leave；}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation')；if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

dwNumberBytes = sizeof(SYSTEM_PERFORMANCE_INFORMATION)；Status = NtQuerySystemInformation(SYSTEM_PERF_INFO,&SystemPerfInfo,dwNumberBytes,&dwReturnLength)；if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Performance Error: %dn',GetLastError())；__leave；}

printf('IdleTime:tt')；llTempTime; = SystemPerfInfo.IdleTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('ReadOperationCount:t%-10dt',SystemPerfInfo.ReadOperationCount)；printf('ReadTransferCount:t%dn',SystemPerfInfo.ReadTransferCount)；printf('WriteOperationCount:t%-10dt',SystemPerfInfo.WriteOperationCount)；printf('WriteTransferCount:t%dn',SystemPerfInfo.WriteTransferCount)；printf('OtherOperationCount:t%-10dt',SystemPerfInfo.OtherOperationCount)；printf('OtherTransferCount:t%dn',SystemPerfInfo.OtherTransferCount)；

printf('AvailablePages:tt%-10dt',SystemPerfInfo.AvailablePages)；printf('TotalCommittedPage:t%dn',SystemPerfInfo.TotalCommittedPages)；printf('CommitLimit:tt%-10dt',SystemPerfInfo.TotalCommitLimit)；printf('PeakCommitment:tt%dn',SystemPerfInfo.PeakCommitment)；

printf('PageFault:tt%-10dt',SystemPerfInfo.PageFaults)；printf('WriteCopyFault:tt%dn',SystemPerfInfo.WriteCopyFaults)；printf('TransitionFault:t%-10dt',SystemPerfInfo.TransitionFaults)；printf('DemandZeroFault:t%dn',SystemPerfInfo.DemandZeroFaults)；

printf('PagesRead:tt%-10dt',SystemPerfInfo.PagesRead)；printf('PageReadIos:tt%dn',SystemPerfInfo.PageReadIos)；printf('PagesWritten:tt%-10dt',SystemPerfInfo.PagefilePagesWritten)；printf('PageWriteIos:tt%dn',SystemPerfInfo.PagefilePageWriteIos)；printf('MappedFilePagesWritten:t%-10dt',SystemPerfInfo.MappedFilePagesWritten)；printf('MappedFileWriteIos:t%dn',SystemPerfInfo.MappedFileWriteIos)；

printf('PagedPoolUsage:tt%-10dt',SystemPerfInfo.PagedPoolUsage)；printf('NonPagedPoolUsage:t%dn',SystemPerfInfo.NonPagedPoolUsage)；printf('PagedPoolAllocs:t%-10dt',SystemPerfInfo.PagedPoolAllocs)；printf('NonPagedPoolAllocs:t%dn',SystemPerfInfo.NonPagedPoolAllocs)；printf('PagedPoolFrees:tt%-10dt',SystemPerfInfo.PagedPoolFrees)；printf('NonPagedPoolFrees:t%dn',SystemPerfInfo.NonPagedPoolFress)；

printf('SystemCodePage:tt%-10dt',SystemPerfInfo.SystemCodePage)；printf('TotalSystemCodePage:t%dn',SystemPerfInfo.TotalSystemCodePages)；printf('TotalFreeSysPTE:t%-10dt',SystemPerfInfo.TotalFreeSystemPtes)；printf('TotalSystemDriverPages:t%dn',SystemPerfInfo.TotalSystemDriverPages)；printf('PagedPoolPage:tt%-10dt',SystemPerfInfo.PagedPoolPage)；printf('SystemDriverPage:t%dn',SystemPerfInfo.SystemDriverPage)；

printf('FastReadWait:tt%-10dt',SystemPerfInfo.FastReadWait)；printf('FastReadNoWait:tt%dn',SystemPerfInfo.FastReadNoWait)；printf('FastReadNoPossible:t%-10dt',SystemPerfInfo.FastReadNotPossible)；printf('FastReadResourceMiss:t%dn',SystemPerfInfo.FastReadResourceMiss)；printf('FastMdlReadWait:t%-10dt',SystemPerfInfo.FastMdlReadWait)；printf('FastMdlReadNoWait:t%dn',SystemPerfInfo.FastMdlReadNoWait)；printf('FastMdlReadNotPossible:t%-10dt',SystemPerfInfo.FastMdlReadNotPossible)；printf('FastMdlReadResourceMiss:%dn',SystemPerfInfo.FastMdlReadResourceMiss)；

printf('MapDataWait:tt%-10dt',SystemPerfInfo.MapDataWait)；printf('MapDataNoWait:tt%dn',SystemPerfInfo.MapDataNoWait)；printf('MapDataWaitMiss:t%-10dt',SystemPerfInfo.MapDataWaitMiss)；printf('MapDataNoWaitMiss:t%dn',SystemPerfInfo.MapDataNoWaitMiss)；

printf('ReadAheadIos:tt%-10dt',SystemPerfInfo.ReadAheadIos)；printf('PinMappedDataCount:t%dn',SystemPerfInfo.PinMappedDataCount)；printf('PinReadWait:tt%-10dt',SystemPerfInfo.PinReadWait)；printf('PinReadNoWait:tt%dn',SystemPerfInfo.PinReadNoWait)；printf('PinReadWaitMiss:t%-10dt',SystemPerfInfo.PinReadWaitMiss)；printf('PinReadNoWaitMiss:t%dn',SystemPerfInfo.PinReadNoWaitMiss)；

printf('CopyReadWait:tt%-10dt',SystemPerfInfo.CopyReadWait)；printf('CopyReadNoWait:tt%dn',SystemPerfInfo.CopyReadNoWait)；printf('CopyReadWaitMiss:t%-10dt',SystemPerfInfo.CopyReadWaitMiss)；printf('CopyReadNoWaitMiss:t%-10dn',SystemPerfInfo.CopyReadNoWaitMiss)；printf('MdlReadWait:tt%-10dt',SystemPerfInfo.MdlReadWait)；printf('MdlReadNoWait:tt%dn',SystemPerfInfo.MdlReadNoWait)；printf('MdlReadWaitMiss:t%-10dt',SystemPerfInfo.MdlReadWaitMiss)；printf('MdlReadNoWaitMiss:t%dn',SystemPerfInfo.MdlReadNoWaitMiss)；

printf('LazyWriteIos:tt%-10dt',SystemPerfInfo.LazyWriteIos)；printf('LazyWritePages:tt%dn',SystemPerfInfo.LazyWritePages)；printf('DataPages:tt%-10dt',SystemPerfInfo.DataPages)；printf('DataFlushes:tt%dn',SystemPerfInfo.DataFlushes)；printf('FirstLevelTbFills:t%-10dt',SystemPerfInfo.FirstLevelTbFills)；printf('SecondLevelTbFills:t%dn',SystemPerfInfo.SecondLevelTbFills)；printf('ContextSwitches:t%-10dt',SystemPerfInfo.ContextSwitches)；printf('SytemCall:tt%dn',SystemPerfInfo.SystemCall)；

printf('MemorySystemCachePage:ttt%dn',SystemPerfInfo.MmSystemCachePage)；printf('SmallPagedLookasideListAllocateHits:t%dn',SystemPerfInfo.SmallPagedLookasideListAllocateHits)；printf('SmallNonPagedLookasideListAllocateHits:t%dn',SystemPerfInfo.SmallNonPagedLookasideListAllocateHits)；

}__finally{if(hNtDll != NULL){FreeLibrary(hNtDll)；}}

return 0；}

DWORD ProcTime(){SYSTEM_PROCESSOR_TIMES; SystemProcTime；HMODULE hNtDll = NULL；DWORDdwNumberBytes；DWORDdwReturnLength；NTSTATUSStatus；LONGLONGllTempTime；

__try{hNtDll = LoadLibrary('NtDll.dll')；if(hNtDll == NULL){ printf('LoadLibrary Error: %dn',GetLastError())；__leave；}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation')；if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

dwNumberBytes = sizeof(SYSTEM_PROCESSOR_TIMES)；NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation')；if(NtQuerySystemInformation == NULL){printf('GetProcAddress Error: %dn',GetLastError())；__leave；}

Status = NtQuerySystemInformation(SYSTEM_PROC_TIME,&SystemProcTime,dwNumberBytes,&dwReturnLength)；if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Processor Time Error: %dn',GetLastError())；__leave；}

printf('IdleTime:tt')；llTempTime; = SystemProcTime.IdleTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('KernelTime:tt')；llTempTime; = SystemProcTime.KernelTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('UserTime:tt')；llTempTime; = SystemProcTime.UserTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('DpcTime:tt')；llTempTime; = SystemProcTime.DpcTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('InterruptTime:tt')；llTempTime; = SystemProcTime.InterruptTime.QuadPart；llTempTime /= 10000；printf('%d:',llTempTime/(60*60*1000))；llTempTime %= 60*60*1000；printf('%.2d:',llTempTime/(60*1000))；llTempTime %= 60*1000；printf('%.2d.',llTempTime/1000)；llTempTime %= 1000；printf('%.3dn',llTempTime)；

printf('InterruptCount:tt%dn',SystemProcTime.InterruptCount)；

}__finally{if(hNtDll != NULL){FreeLibrary(hNtDll)；}}

return 0；}

DWORD PagefileInfo(){PSYSTEM_PAGEFILE_INFORMATIONpSystemPagefileInfo；PVOID; pBuffer；HMODULEhNtDll = NULL；DWORD; dwNumberBytes；DWORD; dwReturnLength；NTSTATUSStatus；

__try{hNtDll = LoadLibrary('NtDll.dll')；if(hNtDll == NULL){ printf('LoadLibrary Error: %dn',GetLastError())；__leave；}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation')；if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

dwNumberBytes = MAX_INFO_BUF_LEN；pBuffer = (LPVOID)malloc(dwNumberBytes)；Status; = NtQuerySystemInformation(SYSTEM_PAGE_INFO,pBuffer,dwNumberBytes,&dwReturnLength)；if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Pagefile Error: %dn',GetLastError())；__leave；}

pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)pBuffer；do{printf('CurrentPagefileSize:t%dn',pSystemPagefileInfo->CurrentSize)；printf('TotalPagefileUsed:t%dn',pSystemPagefileInfo->TotalUsed)；printf('PeakPagefileUsed:t%dn',pSystemPagefileInfo->PeakUsed)；wprintf(L'PagefileFileName:t%sn',pSystemPagefileInfo->FileName.Buffer)；

pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)((char *)pBuffer + pSystemPagefileInfo->NetxEntryOffset)；}while(pSystemPagefileInfo->NetxEntryOffset != 0)；}__finally{if(pBuffer != NULL){free(pBuffer)；} if(hNtDll; != NULL){FreeLibrary(hNtDll)；}}

return 0；}

DWORD CacheInfo(){SYSTEM_CACHE_INFORMATIONSystemCacheInfo；HMODULEhNtDll = NULL；DWORD; dwNumberBytes；DWORD; dwReturnLength；NTSTATUSStatus；

__try{hNtDll = LoadLibrary('NtDll.dll')；if(hNtDll == NULL){printf('LoadLibrary Error: %dn',GetLastError())；__leave；}

NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,'NtQuerySystemInformation')；if(NtQuerySystemInformation == NULL){printf('GetProcAddress for NtQuerySystemInformation Error: %dn',GetLastError())；__leave；}

dwNumberBytes = sizeof(SYSTEM_CACHE_INFORMATION)；Status; = NtQuerySystemInformation(SYSTEM_CACHE_INFO,;&SystemCacheInfo,dwNumberBytes,&dwReturnLength)；if(Status != STATUS_SUCCESS){printf('NtQuerySystemInformation for Cache Error: %dn',GetLastError())；__leave；}

printf('CacheWorkingSetSize:tt%d(KB)n',SystemCacheInfo.SystemCacheWsSize/1024)；printf('CacheWorkingSetPeakSize:t%d(KB)n',SystemCacheInfo.SystemCacheWsPeakSize/1024)；printf('CacheWorkingSetFaults:tt%dn',SystemCacheInfo.SystemCacheWsFaults)；printf('CacheWorkingSetMinimum:tt%dn',SystemCacheInfo.SystemCacheWsMinimum)；printf('CacheWorkingSetMaximum:tt%dn',SystemCacheInfo.SystemCacheWsMaximum)；printf('TransitionSharedPages:tt%dn',SystemCacheInfo.TransitionSharedPages)；printf('TransitionSharedPagesPeak:t%dn',SystemCacheInfo.TransitionSharedPagesPeak)；

}__finally{if(hNtDll != NULL){FreeLibrary(hNtDll)；}}

return 0；}

VOID Start(){printf('T-PMPerf, by TOo2yn')；printf('E-mail: [email protected]')；printf('HomePage: www.safechina.netn')；printf('Date: 05-09-2003nn')；return ；}

VOID Usage(){printf('Usage:tT-PMPerf <Option>n')；printf('Option:n')；printf('; -PerfSystem Performance Informationn')；printf('; -ProcSystem Processor Informationn')；printf('; -PageSystem Pagefile Informationn')；printf('; -Cache; System Cache Informationn')；return ；}

#endif

Reference: