1.列举当前主机中的进程,包括进程PID,句柄,程序映像路径等.
2.列举当前进程的线程,包括TID,句柄等
3.列举进程加载的模块,包括模块映像路径,句柄,位置等.
4.获取进程的内存使用情况,包括模块映象路径,句柄,位置等.
5.获取进程的堆分配信息,包括进程的堆,在堆上分配的内存块,内存块起始地址,大小等.
6.查询工作集信息
7.查询设置驱动信息
8.获取主机运行性能数据
主要用到进程状态帮助(Process Status Helper,PSAPI)和工具帮助(Tool helper)两类API
PS API与Tool help API
PS API是获取进程状态信息的一系列API合称,这些API在Psapi.h头文件中定义由Psapi.dll导出
PSAPI Functions
The following are the PSAPI functions:
EmptyWorkingSet
EnumDeviceDrivers
EnumPageFiles
EnumProcesses
EnumProcessModules
EnumProcessModulesEx
GetDeviceDriverBaseName
GetDeviceDriverFileName
GetMappedFileName
GetModuleBaseName
GetModuleFileNameEx
GetModuleInformation
GetPerformanceInfo
GetProcessImageFileName
GetProcessMemoryInfo
GetWsChanges
GetWsChangesEx
InitializeProcessForWsWatch
QueryWorkingSet
QueryWorkingSetEx
PSAPI Structures
The following are the PSAPI structures:
ENUM_PAGE_FILE_INFORMATION
MODULEINFO
PERFORMANCE_INFORMATION
PROCESS_MEMORY_COUNTERS
PROCESS_MEMORY_COUNTERS_EX
PSAPI_WORKING_SET_BLOCK
PSAPI_WORKING_SET_EX_BLOCK
PSAPI_WORKING_SET_EX_INFORMATION
PSAPI_WORKING_SET_INFORMATION
PSAPI_WS_WATCH_INFORMATION
PSAPI_WS_WATCH_INFORMATION_EX
Tool help API提供一系列API用于获取执行中应用程序的信息,一般情况下可以与PS API配合使用.
Tool help API由Tlhelp32.h头文件定义,Kernel32.dll导出
The following functions are part of the tool help library.
Function Description
CreateToolhelp32Snapshot Takes a snapshot of the specified processes, as well as the heaps, modules, and threads used by these processes.
Heap32First Retrieves information about the first block of a heap that has been allocated by a process.
Heap32ListFirst Retrieves information about the first heap that has been allocated by a specified process.
Heap32ListNext Retrieves information about the next heap that has been allocated by a process.
Heap32Next Retrieves information about the next block of a heap that has been allocated by a process.
Module32First Retrieves information about the first module associated with a process.
Module32Next Retrieves information about the next module associated with a process or thread.
Process32First Retrieves information about the first process encountered in a system snapshot.
Process32Next Retrieves information about the next process recorded in a system snapshot.
Thread32First Retrieves information about the first thread of any process encountered in a system snapshot.
Thread32Next Retrieves information about the next thread of any process encountered in the system memory snapshot.
Toolhelp32ReadProcessMemory Copies memory allocated to another process into an application-supplied buffer.
使用Tool help API需要先使用CreateToolhelp32Snapshot获取快照,然后使用*First函数和*Next函数从快照中
获取信息,一般代码都会是以下结构.
handle = CreateToolhelp32Snapshot(...);
...
entry.dwSize=sizeof(xx entry);
if(!调用First函数(handle,&entry))
{
处理出错信息
}
do
{
相关信息处理
}while(调用Next函数(handle,&entry));
closehandle(handle);
500
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
