Pnig0s1992:
列出當前系統信息,當前系統內存狀況。
枚舉進程,列出每個進程所有內存塊的頁面類型,頁面屬性,保護屬性等信息
//Code by Pnig0s1992
//Date:2012,3,15
#include <stdio.h>
#include <Windows.h>
#include <TlHelp32.h>
VOID getMemoryInfo(SYSTEM_INFO si,HANDLE hProcess);
int main(void)
{
SYSTEM_INFO si;
MEMORYSTATUS ms;
ms.dwLength = sizeof(ms);
GetSystemInfo(&si);
printf("\n當前內存頁大小%uKB",si.dwPageSize/1024);
printf("\n小於0x%x為系統保留區.",si.lpMinimumApplicationAddress);
printf("\n大於0x%x為系統內核區.",si.lpMaximumApplicationAddress);
printf("\nCPU數量:%u",si.dwNumberOfProcessors);
GlobalMemoryStatus(&ms);
printf("\n當前系統內存使用率:%u%%:",ms.dwMemoryLoad);
printf("\n當前系統總物理內存:%uM",ms.dwTotalPhys/1024/1024);
printf("\n當前系統可用物理內存:%uM",ms.dwAvailPhys/1024/1024);
printf("\n當前系統總虛擬內存:%uM",ms.dwTotalVirtual/1024/1024);
printf("\n當前系統可用虛擬內存:%uM",ms.dwAvailVirtual/1024/1024);
printf("\n當前系統總頁文件:%uM",ms.dwTotalPageFile/1024/1024);
printf("\n當前系統可用頁文件:%uM",ms.dwAvailPageFile/1024/1024);
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(pe32);
HANDLE hProcessSnap;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
printf("\n獲取進程快照失敗");
return -1;
}else
{
Process32First(hProcessSnap,&pe32);
do
{
printf("\n當前進程名:%S PID:%u",pe32.szExeFile,pe32.th32ProcessID);
if(pe32.th32ProcessID != GetCurrentProcessId())
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ,FALSE,pe32.th32ProcessID);
getMemoryInfo(si,hProcess);
}
} while (Process32Next(hProcessSnap,&pe32));
}
system("pause");
return 0;
}
VOID getMemoryInfo(SYSTEM_INFO si,HANDLE hProcess)
{
printf("\n內存地址 保護屬性 頁面類型");
DWORD dwCurPos = (DWORD)si.lpMinimumApplicationAddress;//第一次查詢位置為可訪問的最小內存地址
while(dwCurPos <(DWORD)si.lpMaximumApplicationAddress) //結束條件為最大內存地址
{
MEMORY_BASIC_INFORMATION mbi;
DWORD dwRc = VirtualQueryEx(hProcess,(LPVOID)dwCurPos,&mbi,sizeof(mbi));
printf("\n0x%x %u %u",mbi.BaseAddress,mbi.AllocationProtect,mbi.Type);
dwCurPos = (DWORD)mbi.BaseAddress+mbi.RegionSize;//當前塊兒基址加塊兒大小
}
}
本文出自 “About:Blank H4cking” 博客,請務必保留此出處http://pnig0s1992.blog.51cto.com/393390/807029
