Code
1
VOID ShowProcessInfo(HWND hwnd, DWORD dwProcessID) 
{2
3
SetWindowText(hwnd, TEXT("")); // Clear the output box4
5
CToolhelp th(TH32CS_SNAPALL, dwProcessID);6
7
// Show Process details8
PROCESSENTRY32 pe = { sizeof(pe) };9
BOOL fOk = th.ProcessFirst(&pe);10
for (; fOk; fOk = th.ProcessNext(&pe)) {11
if (pe.th32ProcessID == dwProcessID) {12
AddText(hwnd, TEXT("Filename: %s\r\n"), pe.szExeFile);13
AddText(hwnd, TEXT(" PID=%08X, ParentPID=%08X, ")14
TEXT("PriorityClass=%d, Threads=%d, Heaps=%d\r\n"),15
pe.th32ProcessID, pe.th32ParentProcessID,16
pe.pcPriClassBase, pe.cntThreads,17
th.HowManyHeaps());18
break; // No need to continue looping19
}20
}21
22
23
// Show Modules in the Process24
// Number of characters to display an address25
const int cchAddress = sizeof(PVOID) * 2;26
AddText(hwnd, TEXT("\r\nModules Information:\r\n")27
TEXT(" Usage %-*s(%-*s) %8s Module\r\n"),28
cchAddress, TEXT("BaseAddr"),29
cchAddress, TEXT("ImagAddr"), TEXT("Size"));30
//啊困了好久不知道怎么解释了就是%多少S嘿嘿很蛋疼吧31
32
MODULEENTRY32 me = { sizeof(me) };33
fOk = th.ModuleFirst(&me);34
for (; fOk; fOk = th.ModuleNext(&me)) {35
if (me.ProccntUsage == 65535) {36
// Module was implicitly loaded and cannot be unloaded37
//加载方式为隐式加载不能被卸载38
AddText(hwnd, TEXT(" Fixed"));39
} else {40
AddText(hwnd, TEXT(" %5d"), me.ProccntUsage);41
}42
//首选的加载地址和现实的加载地址43
//首选的放在PE结构中也就是硬盘上44
//实际的呢要看加入内存之后的了45
PVOID pvPreferredBaseAddr =46
GetModulePreferredBaseAddr(pe.th32ProcessID, me.modBaseAddr);47
if (me.modBaseAddr == pvPreferredBaseAddr) {48
AddText(hwnd, TEXT(" %p %*s %8u %s\r\n"),49
me.modBaseAddr, cchAddress, TEXT(""),50
me.modBaseSize, me.szExePath);51
} else {52
AddText(hwnd, TEXT(" %p(%p) %8u %s\r\n"),53
me.modBaseAddr, pvPreferredBaseAddr, me.modBaseSize, me.szExePath);54
}55
}56
57
58
// Show threads in the process59
//现实进程中的线程信息ID和优先级60
AddText(hwnd, TEXT("\r\nThread Information:\r\n")61
TEXT(" TID Priority\r\n"));62
THREADENTRY32 te = { sizeof(te) };63
fOk = th.ThreadFirst(&te);64
for (; fOk; fOk = th.ThreadNext(&te)) {65
//获取线程的时候并不指定进程ID66
//下面是一段线程优先级的算法67
if (te.th32OwnerProcessID == dwProcessID) {68
int nPriority = te.tpBasePri + te.tpDeltaPri;69
if ((te.tpBasePri < 16) && (nPriority > 15)) nPriority = 15;70
if ((te.tpBasePri > 15) && (nPriority > 31)) nPriority = 31;71
if ((te.tpBasePri < 16) && (nPriority < 1)) nPriority = 1;72
if ((te.tpBasePri > 15) && (nPriority < 16)) nPriority = 16;73
AddText(hwnd, TEXT(" %08X %2d\r\n"),74
te.th32ThreadID, nPriority);75
}76
}77
}
PROCESSENTRY32
Describes an entry from a list that enumerates the processes residing in the system address space when a snapshot was taken.
//在系统快照生成时,通过一个列举进程在内存中存储情况的列表描述一个入口点信息
typedef struct tagPROCESSENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
ULONG_PTR th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID;
LONG pcPriClassBase;
DWORD dwFlags;
TCHAR szExeFile[MAX_PATH];} PROCESSENTRY32,
*PPROCESSENTRY32;
Members
Size of the structure, in bytes. Before calling the Process32First function, set this member to sizeof(PROCESSENTRY32). If you do not initialize dwSize, Process32First fails.//这个结构体的大小以bytes为单位,在调用Process32First方法前把这个成员参数设置成sizeof(PROCESSENTRY32)如果你不定义dwSize,Process32First将失败
This member is no longer used and is always set to zero.//这个成员不常使用通常置0( 用法数量 )
Process identifier.//进程标示
This member is no longer used and is always set to zero.//这个成员不常使用通常置0(默认堆栈ID)
This member is no longer used and is always set to zero.//这个成员不常使用通常置0(模块标示)
Number of execution threads started by the process.//进程启动的活动线程数
Process identifier of the process that created this process (its parent process).//父进程的标示
Base priority of any threads created by this process.//这个进程创建的线程首选基地址
This member is no longer used, and is always set to zero.//这个成员不常使用通常置(0标志位)
Pointer to a null-terminated string that specifies the name of the executable file for the process.//指向一个以0结尾的字符串用于指明这个进程的可执行程序名
Heap32ListFirst
The Heap32ListFirst function retrieves information about the first heap that has been allocated by a specified process.
//Heap32ListFirst方法返回被指定进程创建的第一个堆栈信息
BOOL WINAPI Heap32ListFirst( HANDLE hSnapshot, LPHEAPLIST32 lphl);
Parameters
[in] Handle to the snapshot returned from a previous call to the CreateToolhelp32Snapshot function.//CreateToolhelp32Snapshot方法返回的系统快照句柄
[in, out] Pointer to a HEAPLIST32 structure.// 指向HEAPLIST32结构的指针
Return Values
Returns TRUE if the first entry of the heap list has been copied to the buffer or FALSE otherwise. The ERROR_NO_MORE_FILES error value is returned by the GetLastError function when no heap list exists or the snapshot does not contain heap list information.
//如果第一个入口信息被填充到缓存返回TRUE,否则返回FALSE。当堆栈列表不存在或者系统快照不包含堆栈列表信息的时候返回ERROR_NO_MORE_FILES
Remarks
The calling application must set the dwSize member of HEAPLIST32 to the size, in bytes, of the structure. Heap32ListFirst changes dwSize to the number of bytes written to the structure. This will never be greater than the initial value of dwSize, but it may be smaller. If the value is smaller, do not rely on the values of any members whose offsets are greater than this value.
//调用者必须以bytes为单位初始化HEAPLIST32结构体的大小,Heap32ListFirst方法用写入结构体的字节数改变dwSize,这个值永远不会大于dwSize的初始值,
//但是可能小于。如果初始值比较小不要指望成员的偏移量能比它大
To retrieve information about other heaps in the heap list, use the Heap32ListNext function.
//获取其他堆栈信息应调用Heap32ListNext方法。
CreateToolhelp32Snapshot
The CreateToolhelp32Snapshot function takes a snapshot of the specified processes, as well as the heaps, modules, and threads used by these processes.
HANDLE WINAPI CreateToolhelp32Snapshot( DWORD dwFlags, DWORD th32ProcessID);
Parameters
[in] Portions of the system to include in the snapshot. This parameter can be one of the following values.
Value Meaning TH32CS_INHERIT Indicates that the snapshot handle is to be inheritable. TH32CS_SNAPALL Includes all processes and threads in the system, plus the heaps and modules of the process specified in th32ProcessID. Equivalent to specifying the TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, TH32CS_SNAPPROCESS, and TH32CS_SNAPTHREAD values. TH32CS_SNAPHEAPLIST Includes all heaps of the process specified in th32ProcessID in the snapshot. To enumerate the heaps, see Heap32ListFirst. TH32CS_SNAPMODULE Includes all modules of the process specified in th32ProcessID in the snapshot. To enumerate the modules, see Module32First. TH32CS_SNAPPROCESS Includes all processes in the system in the snapshot. To enumerate the processes, see Process32First. TH32CS_SNAPTHREAD To identify the threads that belong to a specific process, compare its process identifier to the th32OwnerProcessID member of the THREADENTRY32 structure when enumerating the threads.
[in] Process identifier of the process to be included in the snapshot. This parameter can be zero to indicate the current process. This parameter is used when the TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, or TH32CS_SNAPALL value is specified. Otherwise, it is ignored and all processes are included in the snapshot.
Return Values
If the function succeeds, it returns an open handle to the specified snapshot.
If the function fails, it returns INVALID_HANDLE_VALUE. To get extended error information, call GetLastError.
Remarks
The snapshot taken by this function is examined by the other tool help functions to provide their results. Access to the snapshot is read only. The snapshot handle acts as an object handle and is subject to the same rules regarding which processes and threads it is valid in.
To enumerate the heap or module states for all processes, specify TH32CS_SNAPALL and set th32ProcessID to zero. Then, for each additional process in the snapshot, call CreateToolhelp32Snapshot again, specifying its process identifier and the TH32CS_SNAPHEAPLIST or TH32_SNAPMODULE value.
To destroy the snapshot, use the CloseHandle function.
扫一扫
148
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
