Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

ProSysLib: Dissecting the Process

, 22 Nov 2010 CPOL
Access detailed information about the current process the easiest way.
ProcessInfo32_bin.zip
ProcessInfo.exe
ProSysLib.dll
Interop.ProSysLib.dll
ProcessInfo64_bin.zip
Interop.ProSysLib.dll
ProcessInfo.exe
ProSysLib.dll
ProcessInfo_bin.zip
PSL64v0.9.dll
Interop.ProSysLib.dll
ProcessInfo.exe
PSL32v0.9.dll
ProSysLib_v0.9.zip
ProSysLib_v0.9
Bin
PSL32v0.9.dll
PSL64v0.9.dll
Help
Samples
C#2008
ProcessInfo
Properties
Settings.settings
ProcessViewer
Properties
Settings.settings
VB6
CPUInfo.exe
CPUInfo.frm
CPUInfo.frx
CPUInfo.vbp
CPUInfo.vbw
VC2008
Deployment
Src
mssccprj.scc
ProSysLib.def
ProSysLib.rgs
ProSysLib.vcproj.vspscc
ProSysLib.vssscc
PSLSystem.rgs
PSLv0.5Setup.zip
PSLv0.5Setup.exe
PSLv0.7Setup.zip
PSLv0.7Setup.exe
#pragma once

typedef LONG NTSTATUS;
typedef LONG KPRIORITY;

#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)

#define STATUS_INFO_LENGTH_MISMATCH      ((NTSTATUS)0xC0000004L)

typedef enum _SYSTEM_INFORMATION_CLASS
{ 
	SystemBasicInformation				 = 0,
	SystemProcessorInformation			 = 1,
	SystemPerformanceInformation		 = 2,
	SystemTimeOfDayInformation			 = 3,
	SystemNotImplemented1				 = 4,
	SystemProcessesAndThreadsInformation = 5,
	SystemCallCounts					 = 6,
	SystemConfigurationInformation		 = 7,
	SystemProcessorTimes				 = 8,
	SystemGlobalFlag					 = 9,
	SystemNotImplemented2				 = 10,
	SystemModuleInformation				 = 11,
	SystemLockInformation				 = 12,
	SystemNotImplemented3				 = 13,
	SystemNotImplemented4				 = 14,
	SystemNotImplemented5				 = 15,
	SystemHandleInformation				 = 16,
	SystemObjectInformation				 = 17,
	SystemPagefileInformation			 = 18,
	SystemInstructionEmulationCounts	 = 19,
	SystemInvalidInfoClass1				 = 20,
	SystemCacheInformation				 = 21,
	SystemPoolTagInformation			 = 22,
	SystemProcessorStatistics			 = 23,
	SystemDpcInformation				 = 24,
	SystemNotImplemented6				 = 25,
	SystemLoadImage						 = 26,
	SystemUnloadImage					 = 27,
	SystemTimeAdjustment				 = 28,
	SystemNotImplemented7				 = 29,
	SystemNotImplemented8				 = 30,
	SystemNotImplemented9				 = 31,
	SystemCrashDumpInformation			 = 32,
	SystemExceptionInformation			 = 33,
	SystemCrashDumpStateInformation		 = 34,
	SystemKernelDebuggerInformation		 = 35,
	SystemContextSwitchInformation		 = 36,
	SystemRegistryQuotaInformation		 = 37,
	SystemLoadAndCallImage				 = 38,
	SystemPrioritySeparation			 = 39,
	SystemNotImplemented10				 = 40,
	SystemNotImplemented11				 = 41,
	SystemInvalidInfoClass2				 = 42,
	SystemInvalidInfoClass3				 = 43,
	SystemTimeZoneInformation			 = 44,
	SystemLookasideInformation			 = 45,
	SystemSetTimeSlipEvent				 = 46,
	SystemCreateSession					 = 47,
	SystemDeleteSession					 = 48,
	SystemInvalidInfoClass4				 = 49,
	SystemRangeStartInformation			 = 50,
	SystemVerifierInformation			 = 51,
	SystemAddVerifier					 = 52,
	SystemSessionProcessesInformation	 = 53
} SYSTEM_INFORMATION_CLASS;

typedef enum _PROCESSINFOCLASS
{
	ProcessBasicInformation = 0,
	ProcessQuotaLimits = 1,
	ProcessIoCounters = 2,
	ProcessVmCounters = 3,
	ProcessTimes = 4,
	ProcessBasePriority = 5,
	ProcessRaisePriority = 6,
	ProcessDebugPort = 7,
	ProcessHandleCount = 20
}PROCESSINFOCLASS;

typedef struct _CLIENT_ID
{
    DWORD         UniqueProcess;
    DWORD         UniqueThread;
}CLIENT_ID;

typedef struct _UNICODE_STRING
{
    USHORT        Length;
    USHORT        MaximumLength;
    PWSTR         Buffer;
} UNICODE_STRING;

typedef struct _VM_COUNTERS
{
    SIZE_T        PeakVirtualSize;
    SIZE_T        VirtualSize;
    ULONG         PageFaultCount;
    SIZE_T        PeakWorkingSetSize;
    SIZE_T        WorkingSetSize;
    SIZE_T        QuotaPeakPagedPoolUsage;
    SIZE_T        QuotaPagedPoolUsage;
    SIZE_T        QuotaPeakNonPagedPoolUsage;
    SIZE_T        QuotaNonPagedPoolUsage;
    SIZE_T        PagefileUsage;
    SIZE_T        PeakPagefileUsage;
} VM_COUNTERS;

typedef struct _SYSTEM_THREAD_INFORMATION
{
	LARGE_INTEGER KernelTime;
	LARGE_INTEGER UserTime;
	LARGE_INTEGER CreateTime;
	ULONG WaitTime;
	PVOID StartAddress;
	CLIENT_ID ClientId;
	KPRIORITY Priority;
	KPRIORITY BasePriority;
	ULONG ContextSwitchCount;
	LONG State;
	LONG WaitReason;
} SYSTEM_THREAD_INFORMATION, * PSYSTEM_THREAD_INFORMATION;

typedef ABIG CProcessID;

typedef struct _SYSTEM_PROCESS_INFORMATION
{
    ULONG             NextEntryDelta;
    ULONG             ThreadCount;
    ULONG             Reserved1[6];
    LARGE_INTEGER     CreateTime;
    LARGE_INTEGER     UserTime;
    LARGE_INTEGER     KernelTime;
    UNICODE_STRING    ProcessName;
    KPRIORITY         BasePriority;
    CProcessID        ProcessId;
    CProcessID        InheritedFromProcessId;
    ULONG             HandleCount;
    ULONG             Reserved2[2];
    VM_COUNTERS       VmCounters;
    IO_COUNTERS       IoCounters;
    SYSTEM_THREAD_INFORMATION Threads[1];
} SYSTEM_PROCESS_INFORMATION, * PSYSTEM_PROCESS_INFORMATION;

typedef struct _RTL_USER_PROCESS_PARAMETERS
{
	ULONG AllocationSize;
	ULONG Size;
	ULONG Flags;
	ULONG DebugFlags;
	HANDLE hConsole;
	ULONG ProcessGroup;
	HANDLE hStdInput;
	HANDLE hStdOutput;
	HANDLE hStdError;
	UNICODE_STRING CurrentDirectoryName;
	HANDLE CurrentDirectoryHandle;
	UNICODE_STRING DllPath;
	UNICODE_STRING ImagePathName;
	UNICODE_STRING CommandLine;
	PWSTR Environment;
	ULONG dwX;
	ULONG dwY;
	ULONG dwXSize;
	ULONG dwYSize;
	ULONG dwXCountChars;
	ULONG dwYCountChars;
	ULONG dwFillAttribute;
	ULONG dwFlags;
	ULONG wShowWindow;
	UNICODE_STRING WindowTitle;
	UNICODE_STRING DesktopInfo;
	UNICODE_STRING ShellInfo;
	UNICODE_STRING RuntimeInfo;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;

typedef struct _PEB_LDR_DATA
{
	ULONG Length;
	BOOLEAN Initialized;
	PVOID SsHandle;
	LIST_ENTRY InLoadOrderModuleList;
	LIST_ENTRY InMemoryOrderModuleList;
	LIST_ENTRY InInitializationOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;

typedef struct _PEB
{
	UCHAR InheritedAddressSpace;
	UCHAR ReadImageFileExecOptions;
	UCHAR BeingDebugged;
	UCHAR Spare;
	PVOID Mutant;
	PVOID ImageBaseAddress;
	PPEB_LDR_DATA Ldr;
	PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
} PEB, *PPEB;

typedef struct _PROCESS_BASIC_INFORMATION
{
	NTSTATUS ExitStatus;
	PPEB PebBaseAddress;
	ULONG_PTR AffinityMask;
	LONG BasePriority;
	ULONG_PTR UniqueProcessId;
	ULONG_PTR InheritedFromUniqueProcessId;
} PBI;

class CSystemInfoAccessor
{
	typedef LONG (WINAPI * ZwQuerySystemInformationType)(ULONG, PVOID, ULONG, PULONG);
	typedef LONG (WINAPI * ZwReadVirtualMemoryType)(HANDLE, PVOID, PVOID, ULONG, PULONG);
	typedef NTSTATUS (WINAPI * NtQueryInformationProcessType)(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
	typedef BOOL (WINAPI * GetProcessHandleCountType)(HANDLE, PDWORD);
	typedef BOOL (WINAPI * CheckRemoteDebuggerPresentType)(HANDLE, PBOOL);

public:

	CSystemInfoAccessor();

	static LONG ZwQuerySystemInformation(ULONG SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength = NULL);
	static LONG ZwReadVirtualMemory(HANDLE ProcessHandle, PVOID BaseAddress, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength);
	static LONG NtQueryInformationProcess(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);
	static BOOL GetProcessHandleCount(HANDLE hProcess, PDWORD pdwHandleCount);
	static BOOL CheckRemoteDebuggerPresent(HANDLE hProcess, PBOOL pbDebuggerPresent);

private:

	ZwQuerySystemInformationType m_pZwQuerySystemInformation;
	ZwReadVirtualMemoryType m_pZwReadVirtualMemory;
	NtQueryInformationProcessType m_pNtQueryInformationProcess;
	GetProcessHandleCountType m_pGetProcessHandleCount;
	CheckRemoteDebuggerPresentType m_pCheckRemoteDebuggerPresent;
};

extern CSystemInfoAccessor g_SIA;

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Vitaly Tomilov
Software Developer (Senior) Sibedge IT
Ireland Ireland
My online CV: cv.vitalytomilov.com

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.141220.1 | Last Updated 22 Nov 2010
Article Copyright 2008 by Vitaly Tomilov
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid