NtQuerySystemInformation
2011-04-13 19:13
344 查看
我花了很长时间找到的资料
NtQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL );
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemPathInformation,
SystemProcessInformation,
SystemCallCountInformation,
SystemDeviceInformation,
SystemProcessorPerformanceInformation,
SystemFlagsInformation,
SystemCallTimeInformation,
SystemModuleInformation,
SystemLocksInformation,
SystemStackTraceInformation,
SystemPagedPoolInformation,
SystemNonPagedPoolInformation,
SystemHandleInformation,
SystemObjectInformation,
SystemPageFileInformation,
SystemVdmInstemulInformation,
SystemVdmBopInformation,
SystemFileCacheInformation,
SystemPoolTagInformation,
SystemInterruptInformation,
SystemDpcBehaviorInformation,
SystemFullMemoryInformation,
SystemLoadGdiDriverInformation,
SystemUnloadGdiDriverInformation,
SystemTimeAdjustmentInformation,
SystemSummaryMemoryInformation,
SystemNextEventIdInformation,
SystemEventIdsInformation,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemExtendServiceTableInformation,
SystemPrioritySeperation,
SystemPlugPlayBusInformation,
SystemDockInformation,
SystemPowerInformation,
SystemProcessorSpeedInformation,
SystemCurrentTimeZoneInformation,
SystemLookasideInformation
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
SystemBasicInformation
Action : Query
Buffer size : 0x02C
Structure : SYSTEM_BASIC_INFORMATION
SystemProcessorInformation
Action : Query
Buffer size : 0x00C
Structure : SYSTEM_PROCESSOR_INFORMATION
SystemPerformanceInformation
0x138 GET
SystemTimeOfDayInformation
0x020 GET
SystemPathInformation
Action : Query
Buffer size : ???
Structure : STATUS_NOT_IMPLEMENTED
System path is avaiable via structure KUSER_SHARED_DATA
SystemProcessInformation
Action : Query
Buffer size : 0x088+
Structure : SYSTEM_PROCESS_INFORMATION
SystemCallCountInformation
Action : Query
Buffer size : 0x018+
Structure : SYSTEM_CALL_COUNT_INFORMATION
SystemDeviceInformation
0x018 GET SystemConfigurationInformation
SystemProcessorPerformanceInformation
Action : Query
Buffer size : 0x030
Structure : SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
SystemFlagsInformation
0x004 GET SET
SystemCallTimeInformation
NOT_IMPLEMENTED
SystemModuleInformation
Action : Query
Buffer size : 0x106+
Structure : SYSTEM_MODULE_INFORMATION
SystemLocksInformation
0x028+ GET
SystemStackTraceInformation
0x05C GET
SystemPagedPoolInformation
0x01C GET checked build only
SystemNonPagedPoolInformation
0x01C GET checked build only
SystemHandleInformation
Action : Query
Buffer size : 0x014+
Structure : SYSTEM_HANDLE_INFORMATION
SystemObjectInformation
Action : Query
Buffer size : 0x038+
Structure : SYSTEM_OBJECT_INFORMATION
SystemPageFileInformation
Action : Query
Buffer size : 0x018+
Structure : SYSTEM_PAGEFILE_INFORMATION
SystemVdmInstemulInformation
0x088 GET
SystemVdmBopInformation
INVALID_INFO_CLASS
SystemFileCacheInformation
0x00C, 0x024 GET SET
SystemPoolTagInformation
0x020+ GET
SystemInterruptInformation
0x018 GET
SystemDpcBehaviorInformation
0x014 GET SET
SystemFullMemoryInformation
0x014 GET checked build only
SystemLoadGdiDriverInformation
0x018 SET
SystemUnloadGdiDriverInformation
0x004 SET
SystemTimeAdjustmentInformation
Action : Query
Buffer size : 0x00C
Structure : SYSTEM_QUERY_TIME_ADJUST_INFORMATION
Action : Set
Buffer size : 0x008
Structure : SYSTEM_SET_TIME_ADJUST_INFORMATION
SystemSummaryMemoryInformation
0x014 GET checked build only
SystemNextEventIdInformation
???? (C0000005) GET checked build only
SystemEventIdsInformation
0xB66 GET checked build only
SystemCrashDumpInformation
0x004 GET
SystemExceptionInformation
0x010 GET
SystemCrashDumpStateInformation
0x004 GET
SystemKernelDebuggerInformation
0x002 GET
SystemContextSwitchInformation
0x030 GET
SystemRegistryQuotaInformation
Action : Query
Buffer size : 0x00C
Structure : SYSTEM_REGISTRY_QUOTA_INFORMATION
Action : Set
Buffer size : 0x00C
Structure : SYSTEM_REGISTRY_QUOTA_INFORMATION
SystemExtendServiceTableInformation
Action : Set
Buffer size : 0x008
Structure : SYSTEM_LOAD_IMAGE_INFORMATION
SystemPrioritySeperation
0x004 SET
SystemPlugPlayBusInformation
NOT_IMPLEMENTED, GET
SystemDockInformation
NOT_IMPLEMENTED, GET
SystemPowerInformation
INVALID_INFO_CLASS
SystemProcessorSpeedInformation
INVALID_INFO_CLASS
SystemCurrentTimeZoneInformation
0x0AC GET
SystemLookasideInformation
0x000 GET
NtQuerySystemInformation(
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
OUT PVOID SystemInformation,
IN ULONG SystemInformationLength,
OUT PULONG ReturnLength OPTIONAL );
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemPathInformation,
SystemProcessInformation,
SystemCallCountInformation,
SystemDeviceInformation,
SystemProcessorPerformanceInformation,
SystemFlagsInformation,
SystemCallTimeInformation,
SystemModuleInformation,
SystemLocksInformation,
SystemStackTraceInformation,
SystemPagedPoolInformation,
SystemNonPagedPoolInformation,
SystemHandleInformation,
SystemObjectInformation,
SystemPageFileInformation,
SystemVdmInstemulInformation,
SystemVdmBopInformation,
SystemFileCacheInformation,
SystemPoolTagInformation,
SystemInterruptInformation,
SystemDpcBehaviorInformation,
SystemFullMemoryInformation,
SystemLoadGdiDriverInformation,
SystemUnloadGdiDriverInformation,
SystemTimeAdjustmentInformation,
SystemSummaryMemoryInformation,
SystemNextEventIdInformation,
SystemEventIdsInformation,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemExtendServiceTableInformation,
SystemPrioritySeperation,
SystemPlugPlayBusInformation,
SystemDockInformation,
SystemPowerInformation,
SystemProcessorSpeedInformation,
SystemCurrentTimeZoneInformation,
SystemLookasideInformation
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
SystemBasicInformation
Action : Query
Buffer size : 0x02C
Structure : SYSTEM_BASIC_INFORMATION
SystemProcessorInformation
Action : Query
Buffer size : 0x00C
Structure : SYSTEM_PROCESSOR_INFORMATION
SystemPerformanceInformation
0x138 GET
SystemTimeOfDayInformation
0x020 GET
SystemPathInformation
Action : Query
Buffer size : ???
Structure : STATUS_NOT_IMPLEMENTED
System path is avaiable via structure KUSER_SHARED_DATA
SystemProcessInformation
Action : Query
Buffer size : 0x088+
Structure : SYSTEM_PROCESS_INFORMATION
SystemCallCountInformation
Action : Query
Buffer size : 0x018+
Structure : SYSTEM_CALL_COUNT_INFORMATION
SystemDeviceInformation
0x018 GET SystemConfigurationInformation
SystemProcessorPerformanceInformation
Action : Query
Buffer size : 0x030
Structure : SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
SystemFlagsInformation
0x004 GET SET
SystemCallTimeInformation
NOT_IMPLEMENTED
SystemModuleInformation
Action : Query
Buffer size : 0x106+
Structure : SYSTEM_MODULE_INFORMATION
SystemLocksInformation
0x028+ GET
SystemStackTraceInformation
0x05C GET
SystemPagedPoolInformation
0x01C GET checked build only
SystemNonPagedPoolInformation
0x01C GET checked build only
SystemHandleInformation
Action : Query
Buffer size : 0x014+
Structure : SYSTEM_HANDLE_INFORMATION
SystemObjectInformation
Action : Query
Buffer size : 0x038+
Structure : SYSTEM_OBJECT_INFORMATION
SystemPageFileInformation
Action : Query
Buffer size : 0x018+
Structure : SYSTEM_PAGEFILE_INFORMATION
SystemVdmInstemulInformation
0x088 GET
SystemVdmBopInformation
INVALID_INFO_CLASS
SystemFileCacheInformation
0x00C, 0x024 GET SET
SystemPoolTagInformation
0x020+ GET
SystemInterruptInformation
0x018 GET
SystemDpcBehaviorInformation
0x014 GET SET
SystemFullMemoryInformation
0x014 GET checked build only
SystemLoadGdiDriverInformation
0x018 SET
SystemUnloadGdiDriverInformation
0x004 SET
SystemTimeAdjustmentInformation
Action : Query
Buffer size : 0x00C
Structure : SYSTEM_QUERY_TIME_ADJUST_INFORMATION
Action : Set
Buffer size : 0x008
Structure : SYSTEM_SET_TIME_ADJUST_INFORMATION
SystemSummaryMemoryInformation
0x014 GET checked build only
SystemNextEventIdInformation
???? (C0000005) GET checked build only
SystemEventIdsInformation
0xB66 GET checked build only
SystemCrashDumpInformation
0x004 GET
SystemExceptionInformation
0x010 GET
SystemCrashDumpStateInformation
0x004 GET
SystemKernelDebuggerInformation
0x002 GET
SystemContextSwitchInformation
0x030 GET
SystemRegistryQuotaInformation
Action : Query
Buffer size : 0x00C
Structure : SYSTEM_REGISTRY_QUOTA_INFORMATION
Action : Set
Buffer size : 0x00C
Structure : SYSTEM_REGISTRY_QUOTA_INFORMATION
SystemExtendServiceTableInformation
Action : Set
Buffer size : 0x008
Structure : SYSTEM_LOAD_IMAGE_INFORMATION
SystemPrioritySeperation
0x004 SET
SystemPlugPlayBusInformation
NOT_IMPLEMENTED, GET
SystemDockInformation
NOT_IMPLEMENTED, GET
SystemPowerInformation
INVALID_INFO_CLASS
SystemProcessorSpeedInformation
INVALID_INFO_CLASS
SystemCurrentTimeZoneInformation
0x0AC GET
SystemLookasideInformation
0x000 GET
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 获取进程CPU占用率 -- NtQuerySystemInformation
- NtQuerySystemInformation的使用(提供50余种信息)
- NtQuerySystemInformation参数详解
- 查看文件被占用的进程 NtQueryObject NtQueryInformationFile NtQuerySystemInformation
- NtQuerySystemInformation参数详解
- 关于msdn中NtQuerySystemInformation函数说明
- 利用NtQuerySystemInformation函数遍历进程,遍历线程,获取线程挂起或运行状态
- NtQuerySystemInformation的使用
- 转自“看雪论坛”--NtQuerySystemInformation
- NtQuerySystemInformation的使用
- NtQuerySystemInformation ——做个标记限于了解
- 利用NtQuerySystemInformation函数遍历进程,遍历线程,获取线程挂起或运行状态
- NtQuerySystemInformation判断线程是否被挂起/判断线程状态
- 查看文件被占用的进程 NtQueryObject NtQueryInformationFile NtQuerySystemInformation
- NtQuerySystemInformation
- 关于msdn中NtQuerySystemInformation函数说明
- NtQuerySystemInformation函数
- <转>内核层 进程列举 NtQuerySystemInformation
- NtQuerySystemInformation的使用
- NtQuerySystemInformation 函数简单解析