for(ulIndex = 0; ulIndex < pSystemProc->ThreadCount; ulIndex ){pSystemThre = &pSystemProc->Threads[ulIndex];printf("%-5d",pSystemProc->Threads[ulIndex].ClientId.UniqueThread); printf("=",pSystemProc->Threads[ulIndex].Priority);printf("M",pSystemProc->Threads[ulIndex].BasePriority); printf("M%%",(pSystemProc->Threads[ulIndex].KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart pSystemProc->UserTime.QuadPart)); printf("M%%",(pSystemProc->Threads[ulIndex].UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart pSystemProc->UserTime.QuadPart));llTempTime = pSystemProc->Threads[ulIndex].KernelTime.QuadPart;llTempTime /= 10000;printf("-:",llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf("%.2d.",llTempTime/(60*1000));llTempTime %= 60*1000;printf("%.2d.",llTempTime/1000);llTempTime %= 100;printf("%.2d ",llTempTime);llTempTime = pSystemProc->Threads[ulIndex].UserTime.QuadPart;llTempTime /= 10000;printf("-:",llTempTime/(60*60*1000));llTempTime %= 60*60*1000;printf("%.2d.",llTempTime/(60*1000));llTempTime %= 60*1000;printf("%.2d.",llTempTime/1000);llTempTime %= 100;printf("%.2d ",llTempTime);printf(" 0x%.8X",pSystemProc->Threads[ulIndex].StartAddress);printf("}",pSystemProc->Threads[ulIndex].ContextSwitchCount);switch(pSystemProc->Threads[ulIndex].State){case StateInitialized:printf("%6s","Init.");break;case StateReady:printf("%6s","Ready");break;case StateRunning:printf("%6s","Run");break;case StateStandby:printf("%6s","StBy.");break;case StateTerminated:printf("%6s","Term.");break;case StateWait:printf("%6s","Wait");break;case StateTransition:printf("%6s","Tran.");break;case StateUnknown:printf("%6s","Unkn.");break;default:printf("%6s","Unkn.");break;}switch(pSystemProc->Threads[ulIndex].WaitReason){case Executive:printf(" %-8s","Executi.");break;case FreePage:printf(" %-8s","FreePag.");break;case PageIn:printf(" %-8s","PageIn");break;case PoolAllocation:printf(" %-8s","PoolAll.");break;case DelayExecution:printf(" %-8s","DelayEx.");break;case Suspended:printf(" %-8s","Suspend.");break;case UserRequest:printf(" %-8s","UserReq.");break;case WrExecutive:printf(" %-8s","WrExect.");break;case WrFreePage:printf(" %-8s","WrFrePg.");break;case WrPageIn:printf(" %-8s","WrPageIn");break;case WrPoolAllocation:printf(" %-8s","WrPoolA.");break;case WrSuspended:printf(" %-8s","WrSuspe.");break;case WrUserRequest:printf(" %-8s","WrUsReq.");break;case WrEventPair:printf(" %-8s","WrEvent.");break;case WrQueue:printf(" %-8s","WrQueue");break;case WrLpcReceive:printf(" %-8s","WrLpcRv.");break;case WrLpcReply:printf(" %-8s","WrLpcRp.");break;case WrVertualMemory:printf(" %-8s","WrVerMm.");break;case WrPageOut:printf(" %-8s","WrPgOut.");break;case WrRendezvous:printf(" %-8s","WrRende.");break;case WrKernel:printf(" %-8s","WrKernel");break;default:printf(" %-8s","Unknown");break;} printf("\n");} printf("----------------------------\n\n"); printf("Total %d Thread(s) !\n\n",ulIndex);dwTotalProcess ;break;}pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc pSystemProc->NextEntryDelta);}}__finally{if(dwTotalProcess == 0){printf("Could not found the %d Process !\n",dwPID);}else{printf("TID:\t\t====>\tThread Identification\n");printf("Pri:\t\t====>\tPriority\n");printf("BPr:\t\t====>\tBase Priority\n");printf("Priv:\t\t====>\tPrivilege\n");printf("StartAddr:\t====>\tThread Start Address\n");printf("CSwitC:\t\t====>\tContext Switch Count\n");printf("WtReason:\t====>\tWait Reason\n");}if(lpSystemInfo != NULL){free(lpSystemInfo);}if(hNtDll != NULL){ FreeLibrary(hNtDll);}}return 0;}VOID Start(){printf("T-PMList, by TOo2y\n");printf("E-mail:
[email protected]\n");printf("HomePage: www.safechina.net\n");printf("Date: 05-10-2003\n\n");return ;}VOID Usage(){printf("Usage:\tT-PMList [-e] │ [-s PID]\n"); printf(" -e\t Enumerate All Processes\n");printf(" -s PID Show Special Process Information with PID\n\n");
return ;}#endif2.T-PMPerf的头文件源代码:#ifndef T_PMPERF_H#define T_PMPERF_H#include "windows.h"#include "stdio.h"#define SYSTEM_PERF_INFO 0x02#define SYSTEM_PROC_TIME 0x08#define SYSTEM_PAGE_INFO 0x12#define SYSTEM_CACHE_INFO 0x15#define MAX_INFO_BUF_LEN 0x500000#define STATUS_SUCCESS ((NTSTATUS)0x00000000L)typedef LONG NTSTATUS;typedef DWORD SYSTEM_INFORMATION_CLASS;typedef struct _LSA_UNICODE_STRING{USHORT Length;USHORT MaximumLength;PWSTR Buffer;}LSA_UNICODE_STRING,*PLSA_UNICODE_STRING;typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;typedef struct _SYSTEM_PERFORMANCE_INFORMATION{LARGE_INTEGER IdleTime;LARGE_INTEGER ReadTransferCount;LARGE_INTEGER WriteTransferCount;LARGE_INTEGER OtherTransferCount;ULONG ReadOperationCount;ULONG WriteOperationCount;ULONG OtherOperationCount;ULONG AvailablePages;ULONG TotalCommittedPages;ULONG TotalCommitLimit;ULONG PeakCommitment;ULONG PageFaults;ULONG WriteCopyFaults;ULONG TransitionFaults;ULONG Reserved1;ULONG DemandZeroFaults;ULONG PagesRead;ULONG PageReadIos;ULONG Reserved2[2];ULONG PagefilePagesWritten;ULONG PagefilePageWriteIos;ULONG MappedFilePagesWritten;ULONG MappedFileWriteIos;ULONG PagedPoolUsage;ULONG NonPagedPoolUsage;ULONG PagedPoolAllocs;ULONG PagedPoolFrees;ULONG NonPagedPoolAllocs;ULONG NonPagedPoolFress;ULONG TotalFreeSystemPtes;ULONG SystemCodePage;ULONG TotalSystemDriverPages;ULONG TotalSystemCodePages;ULONG SmallNonPagedLookasideListAllocateHits;ULONG SmallPagedLookasideListAllocateHits;ULONG Reserved3;ULONG MmSystemCachePage;ULONG PagedPoolPage;ULONG SystemDriverPage;ULONG FastReadNoWait;ULONG FastReadWait;ULONG FastReadResourceMiss;ULONG FastReadNotPossible;ULONG FastMdlReadNoWait;ULONG FastMdlReadWait;ULONG FastMdlReadResourceMiss;ULONG FastMdlReadNotPossible;ULONG MapDataNoWait;ULONG MapDataWait;ULONG MapDataNoWaitMiss;ULONG MapDataWaitMiss;ULONG PinMappedDataCount;ULONG PinReadNoWait;ULONG PinReadWait;ULONG PinReadNoWaitMiss;ULONG PinReadWaitMiss;ULONG CopyReadNoWait;ULONG CopyReadWait;ULONG CopyReadNoWaitMiss;ULONG CopyReadWaitMiss;ULONG MdlReadNoWait;ULONG MdlReadWait;ULONG MdlReadNoWaitMiss;ULONG MdlReadWaitMiss;ULONG ReadAheadIos;ULONG LazyWriteIos;ULONG LazyWritePages;ULONG DataFlushes;ULONG DataPages;ULONG ContextSwitches;ULONG FirstLevelTbFills;ULONG SecondLevelTbFills;ULONG SystemCall;}SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION;typedef struct __SYSTEM_PROCESSOR_TIMES{LARGE_INTEGER IdleTime;LARGE_INTEGER KernelTime;LARGE_INTEGER UserTime;LARGE_INTEGER DpcTime;LARGE_INTEGER InterruptTime;ULONG InterruptCount;}SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES;typedef struct _SYSTEM_PAGEFILE_INFORMATION{ULONG NetxEntryOffset;ULONG CurrentSize;ULONG TotalUsed;ULONG PeakUsed;UNICODE_STRING FileName;}SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION;typedef struct _SYSTEM_CACHE_INFORMATION{ULONG SystemCacheWsSize;ULONG SystemCacheWsPeakSize;ULONG SystemCacheWsFaults;ULONG SystemCacheWsMinimum;ULONG SystemCacheWsMaximum;ULONG TransitionSharedPages;ULONG TransitionSharedPagesPeak;ULONG Reserved[2];}SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION;typedef NTSTATUS (__stdcall * NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS, IN OUT PVOID, INT ULONG, OUT PULONG OPTION);NTQUERYSYSTEMINFORMATION NtQuerySystemInformation;DWORD PerfInfo(){SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo;HMODULE hNtDll = NULL;DWORD dwNumberBytes;DWORD dwReturnLength;NTSTATUS Status;
LONGLONG llTempTime;__try{hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL){ printf("LoadLibrary Error: %d\n",GetLastError()); __leave;}NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation");if(NtQuerySystemInformation == NULL){printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError());__leave;}