32位和64位下,SYSTEM_THREADS与SYSTEM_PROCESSES结构体
2017-08-01 19:04
489 查看
32位的没有什么好说的,关键是64位的资料比较少。这个结构体,网上有说,但是不太准确,测试发现前半部分对了,后半部分不对(获取线程信息的时候不对)。最后结合一些例子和计算,整出来了.
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientID;
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitchCount;
ULONG ThreadState;
KWAIT_REASON WaitReason;
#ifdef _WIN64
ULONG Reserved; //Add
#else
#endif
}SYSTEM_THREADS,*PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES
{
ULONG NextEntryDelta;
ULONG ThreadCount;
ULONG Reserved[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
HANDLE ProcessId; //Modify
HANDLE InheritedFromProcessId;//Modify
ULONG HandleCount;
ULONG SessionId;
ULONG_PTR PageDirectoryBase;
VM_COUNTERS VmCounters;
SIZE_T PrivatePageCount;//Add
IO_COUNTERS IoCounters; //windows 2000 only
struct _SYSTEM_THREADS Threads[1];
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
//还有关键的一个结构体,之前看到某些资料上的也不对,关键是32位下网上用的是ULONG,这是不对的,应该用SIZE_T(32位下4字节,64位下8字节),导致了原数据的偏移错误。
typedef struct _VM_COUNTERS
{
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
} VM_COUNTERS, *PVM_COUNTERS;
typedef struct _SYSTEM_THREADS
{
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER CreateTime;
ULONG WaitTime;
PVOID StartAddress;
CLIENT_ID ClientID;
KPRIORITY Priority;
KPRIORITY BasePriority;
ULONG ContextSwitchCount;
ULONG ThreadState;
KWAIT_REASON WaitReason;
#ifdef _WIN64
ULONG Reserved; //Add
#else
#endif
}SYSTEM_THREADS,*PSYSTEM_THREADS;
typedef struct _SYSTEM_PROCESSES
{
ULONG NextEntryDelta;
ULONG ThreadCount;
ULONG Reserved[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
KPRIORITY BasePriority;
HANDLE ProcessId; //Modify
HANDLE InheritedFromProcessId;//Modify
ULONG HandleCount;
ULONG SessionId;
ULONG_PTR PageDirectoryBase;
VM_COUNTERS VmCounters;
SIZE_T PrivatePageCount;//Add
IO_COUNTERS IoCounters; //windows 2000 only
struct _SYSTEM_THREADS Threads[1];
}SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
//还有关键的一个结构体,之前看到某些资料上的也不对,关键是32位下网上用的是ULONG,这是不对的,应该用SIZE_T(32位下4字节,64位下8字节),导致了原数据的偏移错误。
typedef struct _VM_COUNTERS
{
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
} VM_COUNTERS, *PVM_COUNTERS;
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 修正后的SYSTEM_THREADS与SYSTEM_PROCESSES结构体
- 修正后的SYSTEM_THREADS与SYSTEM_PROCESSES结构体
- 32位和64位下结构体内存对齐问题
- System.Data.SQLite使用,静态与动态链接的区别,Bundle与非Bundle区别,同时兼容32位与64位,加密
- [置顶] iOS开发之32位与64位,以及结构体对齐访问的问题
- 有如下CAT_s结构体定义,回答: 1) 在一台64位的机器上,使用32位编译,Garfield变量占用多少内存空间?64位编译又是如何?
- 查看自己的cpu,system是32位还是64位的
- 32位和64位操作系统与System,System32,Syswow64的区别
- (转)SystemProcessesAndThreadsInformation
- _SYSTEM_PROCESS 32位与64位的结构
- 如何判断操作系统是64位还是32位(GetNativeSystemInfo和IsWow64Process两种方法)
- System.Data.SQLite兼容32位和64位问题
- 32位和64位下结构体内存对齐问题
- 32位和64位下结构体内存对齐问题
- 在64位系统下安装32位ODBC驱动问题How to install and configure a 32 bit ODBC driver on a 64 bit Operating System?
- struct结构体在32位系统和64位系统的存储空间的不同
- 如果使用32位整型会溢出,那么是否可以使用一个40位结构体代替64位长整型?
- 32位和64位下结构体内存对齐问题