NtQuerySystemInformation

/*#include <stdio.h> #include <windows.h> #include <tchar.h> */ #include "ntQuery.h" int MyMain(TStringList *strPID, TStringList *strBasePriority, TStringList *strProName, int &iCount) { //size_t blocklen = 0; PSYSTEM_PROCESSES bufForProcessesInfo = NULL, bufNext = NULL; NTSTATUS ns = 0; DWORD dwPcount = 0; HANDLE hHeap; int i = 2; HMODULE hNtdll = LoadLibrary(TEXT("NTDLL.DLL")); if(hNtdll == NULL) { ShowMessage("LaodLibrary ntddl.dll error...\n"); return -1; } NTQUERYSYSTEMINformATION NtQuerySystemInformation = (NTQUERYSYSTEMINformATION)GetProcAddress(hNtdll, TEXT("NtQuerySystemInformation")); if(NtQuerySystemInformation == NULL) { ShowMessage("GetProcAddress error...\n"); return -1; } hHeap = GetProcessHeap(); if(hHeap == NULL) { ShowMessage("Get heap error...\n"); FreeLibrary(hNtdll); return -1; } /*HeapAlloc分配内在,且保证这段内存是不动的,HEAP_ZERO_MEMORY表示分配完,那段内存上的值都为0 BLOCK_SIZE是分配的长度*/ bufForProcessesInfo = (PSYSTEM_PROCESSES)HeapAlloc(hHeap, HEAP_ZERO_MEMORY, BLOCK_SIZE); if(bufForProcessesInfo == NULL) { ShowMessage("HeapAlloc error...\n"); FreeLibrary(hNtdll); return -1; } bufNext = bufForProcessesInfo; ns = NtQuerySystemInformation(NT_PROCESS_LIST, bufForProcessesInfo, BLOCK_SIZE, NULL); while(ns == STATUS_INFO_LEN_MISMATCH) { bufNext = (PSYSTEM_PROCESSES)HeapReAlloc(hHeap, HEAP_ZERO_MEMORY, bufNext, BLOCK_SIZE * i); if(bufForProcessesInfo == NULL) { ShowMessage("Relloc error..\n"); HeapFree(hHeap, HEAP_ZERO_MEMORY, bufForProcessesInfo); FreeLibrary(hNtdll); return -1; } /*类似于从网上下载东西,一共有多少不确定,但可以控制一次下载多少*/ ns = NtQuerySystemInformation(NT_PROCESS_LIST, bufNext, BLOCK_SIZE * i, NULL); i++; } AnsiString strTemp; while(bufNext->NextEntryDelta != 0) { // strLine.sprintf("PID:%.4d\tBasePriority:%.2d\t%S", bufNext->ProcessId, bufNext->BasePriority, bufNext->ProcessName.Buffer); //wprintf(L"PID:%.4d\tBasePriority:%.2d\t%s\n", bufNext->ProcessId, bufNext->BasePriority, bufNext->ProcessName.Buffer); strTemp.sprintf("%.4d", bufNext->ProcessId); strPID->Add(strTemp); strTemp.sprintf("%.2d", bufNext->BasePriority); strBasePriority->Add(strTemp); strTemp = (wchar_t*)bufNext->ProcessName.Buffer; strProName->Add(strTemp); bufNext = (PSYSTEM_PROCESSES)((BYTE*)bufNext + bufNext->NextEntryDelta); dwPcount ++; } /*_tprintf(TEXT("------------------------------------------------"\ "\nAll %d processes running...\n"), dwPcount);*/ iCount = dwPcount; HeapFree(hHeap, HEAP_ZERO_MEMORY, bufForProcessesInfo); FreeLibrary(hNtdll); //Sleep(10000); return 0; }