-
-
[旧帖] [求助]ZwQuerySystemInformation 是调用哪个函数来实现功能的? 0.00雪花
-
发表于: 2013-8-6 19:26 4249
-
赞赏
|
|
|---|---|
|
|
在 sysinfo.c 里面
|
|
|
KPROCESSOR_MODE PreviousMode;
SYSTEM_TIMEOFDAY_INFORMATION LocalTimeOfDayInfo; SYSTEM_PERFORMANCE_INFORMATION LocalPerformanceInfo; PSYSTEM_PERFORMANCE_INFORMATION PerformanceInfo; PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION ProcessorPerformanceInfo; PSYSTEM_CALL_COUNT_INFORMATION CallCountInformation; PSYSTEM_DEVICE_INFORMATION DeviceInformation; PCONFIGURATION_INFORMATION ConfigInfo; PSYSTEM_EXCEPTION_INFORMATION ExceptionInformation; PSYSTEM_FILECACHE_INFORMATION FileCache; PSYSTEM_QUERY_TIME_ADJUST_INFORMATION TimeAdjustmentInformation; PSYSTEM_KERNEL_DEBUGGER_INFORMATION KernelDebuggerInformation; PSYSTEM_CONTEXT_SWITCH_INFORMATION ContextSwitchInformation; PSYSTEM_INTERRUPT_INFORMATION InterruptInformation; PSYSTEM_SESSION_PROCESS_INFORMATION SessionProcessInformation; PVOID ProcessInformation; ULONG ProcessInformationLength; PSYSTEM_SESSION_POOLTAG_INFORMATION SessionPoolTagInformation; PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION SessionMappedViewInformation; ULONG SessionPoolTagInformationLength; NTSTATUS Status; PKPRCB Prcb; ULONG Length = 0; ULONG i; ULONG ContextSwitches; PULONG TableLimit, TableCounts; PKSERVICE_TABLE_DESCRIPTOR Table; ULONG SessionId; ULONG Alignment; PAGED_CODE(); // // Assume successful completion. // Status = STATUS_SUCCESS; try { // // Get previous processor mode and probe output argument if necessary. // PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { Alignment = sizeof(ULONG); if (SystemInformationClass == SystemKernelDebuggerInformation) { Alignment = sizeof(BOOLEAN); } else if (SystemInformationClass == SystemLocksInformation) { Alignment = sizeof(PVOID); } ProbeForWrite(SystemInformation, SystemInformationLength, Alignment); if (ARGUMENT_PRESENT(ReturnLength)) { ProbeForWriteUlong(ReturnLength); } } if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = 0; } switch (SystemInformationClass) { case SystemBasicInformation: if (SystemInformationLength != sizeof( SYSTEM_BASIC_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetSystemBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation); if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( SYSTEM_BASIC_INFORMATION ); } break; case SystemEmulationBasicInformation: if (SystemInformationLength != sizeof( SYSTEM_BASIC_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } #if defined(_WIN64) Status = ExpGetSystemEmulationBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation); #else Status = ExpGetSystemBasicInformation ((PSYSTEM_BASIC_INFORMATION)SystemInformation); #endif if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( SYSTEM_BASIC_INFORMATION ); } break; case SystemProcessorInformation: if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetSystemProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation); if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( SYSTEM_PROCESSOR_INFORMATION ); } break; case SystemEmulationProcessorInformation: if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } #if defined(_WIN64) Status = ExpGetSystemEmulationProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation); #else Status = ExpGetSystemProcessorInformation ((PSYSTEM_PROCESSOR_INFORMATION)SystemInformation); #endif if (NT_SUCCESS (Status) && ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( SYSTEM_PROCESSOR_INFORMATION ); } break; case SystemPerformanceInformation: if (SystemInformationLength < sizeof( SYSTEM_PERFORMANCE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } PerformanceInfo = (PSYSTEM_PERFORMANCE_INFORMATION)SystemInformation; // // Io information. // // These counters are kept on a per processor basis and must // be totaled. // { ULONG OtherOperationCount; LARGE_INTEGER OtherTransferCount; ULONG ReadOperationCount; LARGE_INTEGER ReadTransferCount; ULONG WriteOperationCount; LARGE_INTEGER WriteTransferCount; OtherOperationCount = IoOtherOperationCount; OtherTransferCount.QuadPart = IoOtherTransferCount.QuadPart; ReadOperationCount = IoReadOperationCount; ReadTransferCount.QuadPart = IoReadTransferCount.QuadPart; WriteOperationCount = IoWriteOperationCount; WriteTransferCount.QuadPart = IoWriteTransferCount.QuadPart; for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) { Prcb = KiProcessorBlock[i]; if (Prcb != NULL) { OtherOperationCount += Prcb->IoOtherOperationCount; OtherTransferCount.QuadPart += Prcb->IoOtherTransferCount.QuadPart; ReadOperationCount += Prcb->IoReadOperationCount; ReadTransferCount.QuadPart += Prcb->IoReadTransferCount.QuadPart; WriteOperationCount += Prcb->IoWriteOperationCount; WriteTransferCount.QuadPart += Prcb->IoWriteTransferCount.QuadPart; } } LocalPerformanceInfo.IoReadTransferCount = ReadTransferCount; LocalPerformanceInfo.IoWriteTransferCount = WriteTransferCount; LocalPerformanceInfo.IoOtherTransferCount = OtherTransferCount; LocalPerformanceInfo.IoReadOperationCount = ReadOperationCount; LocalPerformanceInfo.IoWriteOperationCount = WriteOperationCount; LocalPerformanceInfo.IoOtherOperationCount = OtherOperationCount; } // // Ke information. // // These counters are kept on a per processor basis and must // be totaled. // { ULONG FirstLevelTbFills = 0; ULONG SecondLevelTbFills = 0; ULONG SystemCalls = 0; ContextSwitches = 0; for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) { Prcb = KiProcessorBlock[i]; if (Prcb != NULL) { ContextSwitches += KeGetContextSwitches(Prcb); FirstLevelTbFills += Prcb->KeFirstLevelTbFills; SecondLevelTbFills += Prcb->KeSecondLevelTbFills; SystemCalls += Prcb->KeSystemCalls; } } LocalPerformanceInfo.ContextSwitches = ContextSwitches; LocalPerformanceInfo.FirstLevelTbFills = FirstLevelTbFills; LocalPerformanceInfo.SecondLevelTbFills = SecondLevelTbFills; LocalPerformanceInfo.SystemCalls = SystemCalls; } // // Mm information. // // some of these counters are kept on a per processor basis and // must be totaled. // LocalPerformanceInfo.AvailablePages = (ULONG)MmAvailablePages; LocalPerformanceInfo.CommittedPages = (SYSINF_PAGE_COUNT)MmTotalCommittedPages; LocalPerformanceInfo.CommitLimit = (SYSINF_PAGE_COUNT)MmTotalCommitLimit; LocalPerformanceInfo.PeakCommitment = (SYSINF_PAGE_COUNT)MmPeakCommitment; { ULONG PageFaultCount = 0; ULONG CopyOnWriteCount = 0; ULONG TransitionCount = 0; ULONG CacheTransitionCount = 0; ULONG DemandZeroCount = 0; ULONG PageReadCount = 0; ULONG PageReadIoCount = 0; ULONG CacheReadCount = 0; ULONG CacheIoCount = 0; ULONG DirtyPagesWriteCount = 0; ULONG DirtyWriteIoCount = 0; ULONG MappedPagesWriteCount = 0; ULONG MappedWriteIoCount = 0; for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) { Prcb = KiProcessorBlock[i]; if (Prcb != NULL) { PageFaultCount += Prcb->MmPageFaultCount; CopyOnWriteCount += Prcb->MmCopyOnWriteCount; TransitionCount += Prcb->MmTransitionCount; CacheTransitionCount += Prcb->MmCacheTransitionCount; DemandZeroCount += Prcb->MmDemandZeroCount; PageReadCount += Prcb->MmPageReadCount; PageReadIoCount += Prcb->MmPageReadIoCount; CacheReadCount += Prcb->MmCacheReadCount; CacheIoCount += Prcb->MmCacheIoCount; DirtyPagesWriteCount += Prcb->MmDirtyPagesWriteCount; DirtyWriteIoCount += Prcb->MmDirtyWriteIoCount; MappedPagesWriteCount += Prcb->MmMappedPagesWriteCount; MappedWriteIoCount += Prcb->MmMappedWriteIoCount; } } LocalPerformanceInfo.PageFaultCount = PageFaultCount; LocalPerformanceInfo.CopyOnWriteCount = CopyOnWriteCount; LocalPerformanceInfo.TransitionCount = TransitionCount; LocalPerformanceInfo.CacheTransitionCount = CacheTransitionCount; LocalPerformanceInfo.DemandZeroCount = DemandZeroCount; LocalPerformanceInfo.PageReadCount = PageReadCount; LocalPerformanceInfo.PageReadIoCount = PageReadIoCount; LocalPerformanceInfo.CacheReadCount = CacheReadCount; LocalPerformanceInfo.CacheIoCount = CacheIoCount; LocalPerformanceInfo.DirtyPagesWriteCount = DirtyPagesWriteCount; LocalPerformanceInfo.DirtyWriteIoCount = DirtyWriteIoCount; LocalPerformanceInfo.MappedPagesWriteCount = MappedPagesWriteCount; LocalPerformanceInfo.MappedWriteIoCount = MappedWriteIoCount; } LocalPerformanceInfo.FreeSystemPtes = MmGetNumberOfFreeSystemPtes (); LocalPerformanceInfo.ResidentSystemCodePage = MmSystemCodePage; LocalPerformanceInfo.ResidentSystemCachePage = MmSystemCachePage; LocalPerformanceInfo.ResidentPagedPoolPage = MmPagedPoolPage; LocalPerformanceInfo.ResidentSystemDriverPage = MmSystemDriverPage; LocalPerformanceInfo.TotalSystemCodePages = MmTotalSystemCodePages; LocalPerformanceInfo.TotalSystemDriverPages = MmTotalSystemDriverPages; LocalPerformanceInfo.AvailablePagedPoolPages = (ULONG)MmAvailablePoolInPages (PagedPool); // // Idle process information. // { ULONG TotalKernel; ULONG TotalUser; TotalKernel = KeQueryRuntimeProcess(&PsIdleProcess->Pcb, &TotalUser); LocalPerformanceInfo.IdleProcessTime.QuadPart = UInt32x32To64(TotalKernel, KeMaximumIncrement); } // // Pool information. // LocalPerformanceInfo.PagedPoolPages = 0; LocalPerformanceInfo.NonPagedPoolPages = 0; LocalPerformanceInfo.PagedPoolAllocs = 0; LocalPerformanceInfo.PagedPoolFrees = 0; LocalPerformanceInfo.PagedPoolLookasideHits = 0; LocalPerformanceInfo.NonPagedPoolAllocs = 0; LocalPerformanceInfo.NonPagedPoolFrees = 0; LocalPerformanceInfo.NonPagedPoolLookasideHits = 0; ExQueryPoolUsage( &LocalPerformanceInfo.PagedPoolPages, &LocalPerformanceInfo.NonPagedPoolPages, &LocalPerformanceInfo.PagedPoolAllocs, &LocalPerformanceInfo.PagedPoolFrees, &LocalPerformanceInfo.PagedPoolLookasideHits, &LocalPerformanceInfo.NonPagedPoolAllocs, &LocalPerformanceInfo.NonPagedPoolFrees, &LocalPerformanceInfo.NonPagedPoolLookasideHits ); // // Cache Manager information. // LocalPerformanceInfo.CcFastReadNoWait = CcFastReadNoWait; LocalPerformanceInfo.CcFastReadWait = CcFastReadWait; LocalPerformanceInfo.CcFastReadResourceMiss = CcFastReadResourceMiss; LocalPerformanceInfo.CcFastReadNotPossible = CcFastReadNotPossible; LocalPerformanceInfo.CcFastMdlReadNoWait = CcFastMdlReadNoWait; LocalPerformanceInfo.CcFastMdlReadWait = CcFastMdlReadWait; LocalPerformanceInfo.CcFastMdlReadResourceMiss = CcFastMdlReadResourceMiss; LocalPerformanceInfo.CcFastMdlReadNotPossible = CcFastMdlReadNotPossible; LocalPerformanceInfo.CcMapDataNoWait = CcMapDataNoWait; LocalPerformanceInfo.CcMapDataWait = CcMapDataWait; LocalPerformanceInfo.CcMapDataNoWaitMiss = CcMapDataNoWaitMiss; LocalPerformanceInfo.CcMapDataWaitMiss = CcMapDataWaitMiss; LocalPerformanceInfo.CcPinMappedDataCount = CcPinMappedDataCount; LocalPerformanceInfo.CcPinReadNoWait = CcPinReadNoWait; LocalPerformanceInfo.CcPinReadWait = CcPinReadWait; LocalPerformanceInfo.CcPinReadNoWaitMiss = CcPinReadNoWaitMiss; LocalPerformanceInfo.CcPinReadWaitMiss = CcPinReadWaitMiss; LocalPerformanceInfo.CcCopyReadNoWait = CcCopyReadNoWait; LocalPerformanceInfo.CcCopyReadWait = CcCopyReadWait; LocalPerformanceInfo.CcCopyReadNoWaitMiss = CcCopyReadNoWaitMiss; LocalPerformanceInfo.CcCopyReadWaitMiss = CcCopyReadWaitMiss; LocalPerformanceInfo.CcMdlReadNoWait = CcMdlReadNoWait; LocalPerformanceInfo.CcMdlReadWait = CcMdlReadWait; LocalPerformanceInfo.CcMdlReadNoWaitMiss = CcMdlReadNoWaitMiss; LocalPerformanceInfo.CcMdlReadWaitMiss = CcMdlReadWaitMiss; LocalPerformanceInfo.CcReadAheadIos = CcReadAheadIos; LocalPerformanceInfo.CcLazyWriteIos = CcLazyWriteIos; LocalPerformanceInfo.CcLazyWritePages = CcLazyWritePages; LocalPerformanceInfo.CcDataFlushes = CcDataFlushes; LocalPerformanceInfo.CcDataPages = CcDataPages; #if !defined(NT_UP) // // On an MP machines go sum up some other 'hot' cache manager // statistics. // for (i = 0; i < (ULONG)KeNumberProcessors; i++) { Prcb = KiProcessorBlock[i]; LocalPerformanceInfo.CcFastReadNoWait += Prcb->CcFastReadNoWait; LocalPerformanceInfo.CcFastReadWait += Prcb->CcFastReadWait; LocalPerformanceInfo.CcFastReadNotPossible += Prcb->CcFastReadNotPossible; LocalPerformanceInfo.CcCopyReadNoWait += Prcb->CcCopyReadNoWait; LocalPerformanceInfo.CcCopyReadWait += Prcb->CcCopyReadWait; LocalPerformanceInfo.CcCopyReadNoWaitMiss += Prcb->CcCopyReadNoWaitMiss; } #endif *PerformanceInfo = LocalPerformanceInfo; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof(LocalPerformanceInfo); } break; case SystemProcessorPerformanceInformation: if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } ProcessorPerformanceInfo = (PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION) SystemInformation; Length = 0; for (i = 0; i < (ULONG)KeNumberProcessors; i++) { Prcb = KiProcessorBlock[i]; if (Prcb != NULL) { if (SystemInformationLength < Length + sizeof(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION)) break; Length += sizeof(SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION); ProcessorPerformanceInfo->UserTime.QuadPart = UInt32x32To64(Prcb->UserTime, KeMaximumIncrement); ProcessorPerformanceInfo->KernelTime.QuadPart = UInt32x32To64(Prcb->KernelTime, KeMaximumIncrement); ProcessorPerformanceInfo->DpcTime.QuadPart = UInt32x32To64(Prcb->DpcTime, KeMaximumIncrement); ProcessorPerformanceInfo->InterruptTime.QuadPart = UInt32x32To64(Prcb->InterruptTime, KeMaximumIncrement); ProcessorPerformanceInfo->IdleTime.QuadPart = UInt32x32To64(Prcb->IdleThread->KernelTime, KeMaximumIncrement); ProcessorPerformanceInfo->InterruptCount = Prcb->InterruptCount; ProcessorPerformanceInfo++; } } if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemProcessorPowerInformation: if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_POWER_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetProcessorPowerInformation( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT (ReturnLength)) { *ReturnLength = Length; } break; case SystemProcessorIdleInformation: if (SystemInformationLength < sizeof( SYSTEM_PROCESSOR_IDLE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetProcessorIdleInformation( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemTimeOfDayInformation: if (SystemInformationLength > sizeof (SYSTEM_TIMEOFDAY_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } RtlZeroMemory (&LocalTimeOfDayInfo, sizeof(LocalTimeOfDayInfo)); KeQuerySystemTime(&LocalTimeOfDayInfo.CurrentTime); LocalTimeOfDayInfo.BootTime = KeBootTime; LocalTimeOfDayInfo.TimeZoneBias = ExpTimeZoneBias; LocalTimeOfDayInfo.TimeZoneId = ExpCurrentTimeZoneId; LocalTimeOfDayInfo.BootTimeBias = KeBootTimeBias; LocalTimeOfDayInfo.SleepTimeBias = KeInterruptTimeBias; try { RtlCopyMemory ( SystemInformation, &LocalTimeOfDayInfo, SystemInformationLength ); if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = SystemInformationLength; } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); } break; // // Query system time adjustment information. // case SystemTimeAdjustmentInformation: if (SystemInformationLength != sizeof( SYSTEM_QUERY_TIME_ADJUST_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } TimeAdjustmentInformation = (PSYSTEM_QUERY_TIME_ADJUST_INFORMATION)SystemInformation; TimeAdjustmentInformation->TimeAdjustment = KeTimeAdjustment; TimeAdjustmentInformation->TimeIncrement = KeMaximumIncrement; TimeAdjustmentInformation->Enable = KeTimeSynchronization; break; case SystemSummaryMemoryInformation: case SystemFullMemoryInformation: if (SystemInformationLength < sizeof( SYSTEM_MEMORY_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = MmMemoryUsage (SystemInformation, SystemInformationLength, (SystemInformationClass == SystemFullMemoryInformation) ? 0 : 1, &Length); if (NT_SUCCESS(Status) && ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemPathInformation: #if DBG DbgPrint( "EX: SystemPathInformation now available via SharedUserData\n" ); DbgBreakPoint(); #endif return STATUS_NOT_IMPLEMENTED; break; case SystemProcessInformation: case SystemExtendedProcessInformation: { BOOLEAN ExtendedInformation; if (SystemInformationClass == SystemProcessInformation ) { ExtendedInformation = FALSE; } else { ExtendedInformation = TRUE; } Status = ExpGetProcessInformation (SystemInformation, SystemInformationLength, ReturnLength, NULL, ExtendedInformation); } break; case SystemSessionProcessInformation: SessionProcessInformation = (PSYSTEM_SESSION_PROCESS_INFORMATION)SystemInformation; if (SystemInformationLength < sizeof( SYSTEM_SESSION_PROCESS_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } // // The lower level locks the buffer specified below into memory using MmProbeAndLockPages. // We don't need to probe the buffers here. // SessionId = SessionProcessInformation->SessionId; ProcessInformation = SessionProcessInformation->Buffer; ProcessInformationLength = SessionProcessInformation->SizeOfBuf; if (!POINTER_IS_ALIGNED (ProcessInformation, sizeof (ULONG))) { return STATUS_DATATYPE_MISALIGNMENT; } Status = ExpGetProcessInformation (ProcessInformation, ProcessInformationLength, ReturnLength, &SessionId, FALSE); break; case SystemCallCountInformation: Length = sizeof(SYSTEM_CALL_COUNT_INFORMATION) + (NUMBER_SERVICE_TABLES * sizeof(ULONG)); Table = KeServiceDescriptorTableShadow; for (i = 0; i < NUMBER_SERVICE_TABLES; i += 1) { if ((Table->Limit != 0) && (Table->Count != NULL)) { Length += Table->Limit * sizeof(ULONG); } Table += 1; } if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } if (SystemInformationLength < Length) { return STATUS_INFO_LENGTH_MISMATCH; } CallCountInformation = (PSYSTEM_CALL_COUNT_INFORMATION)SystemInformation; CallCountInformation->Length = Length; CallCountInformation->NumberOfTables = NUMBER_SERVICE_TABLES; TableLimit = (PULONG)(CallCountInformation + 1); TableCounts = TableLimit + NUMBER_SERVICE_TABLES; Table = KeServiceDescriptorTableShadow; for (i = 0; i < NUMBER_SERVICE_TABLES; i += 1) { if ((Table->Limit == 0) || (Table->Count == NULL)) { *TableLimit++ = 0; } else { *TableLimit++ = Table->Limit; RtlCopyMemory((PVOID)TableCounts, (PVOID)Table->Count, Table->Limit * sizeof(ULONG)); TableCounts += Table->Limit; } Table += 1; } break; case SystemDeviceInformation: if (SystemInformationLength != sizeof( SYSTEM_DEVICE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } ConfigInfo = IoGetConfigurationInformation(); DeviceInformation = (PSYSTEM_DEVICE_INFORMATION)SystemInformation; DeviceInformation->NumberOfDisks = ConfigInfo->DiskCount; DeviceInformation->NumberOfFloppies = ConfigInfo->FloppyCount; DeviceInformation->NumberOfCdRoms = ConfigInfo->CdRomCount; DeviceInformation->NumberOfTapes = ConfigInfo->TapeCount; DeviceInformation->NumberOfSerialPorts = ConfigInfo->SerialCount; DeviceInformation->NumberOfParallelPorts = ConfigInfo->ParallelCount; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( SYSTEM_DEVICE_INFORMATION ); } break; case SystemFlagsInformation: if (SystemInformationLength != sizeof( SYSTEM_FLAGS_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } ((PSYSTEM_FLAGS_INFORMATION)SystemInformation)->Flags = NtGlobalFlag; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( SYSTEM_FLAGS_INFORMATION ); } break; case SystemCallTimeInformation: return STATUS_NOT_IMPLEMENTED; case SystemModuleInformation: KeEnterCriticalRegion(); ExAcquireResourceExclusiveLite( &PsLoadedModuleResource, TRUE ); try { Status = ExpQueryModuleInformation( &PsLoadedModuleList, &MmLoadedUserImageList, (PRTL_PROCESS_MODULES)SystemInformation, SystemInformationLength, ReturnLength ); } except(EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); } ExReleaseResourceLite (&PsLoadedModuleResource); KeLeaveCriticalRegion(); break; case SystemLocksInformation: if (SystemInformationLength < sizeof( RTL_PROCESS_LOCKS )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetLockInformation (SystemInformation, SystemInformationLength, &Length); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemStackTraceInformation: if (SystemInformationLength < sizeof( RTL_PROCESS_BACKTRACES )) { return STATUS_INFO_LENGTH_MISMATCH; } #if i386 Status = ExpGetStackTraceInformation (SystemInformation, SystemInformationLength, &Length); #else Status = STATUS_NOT_IMPLEMENTED; #endif // i386 if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemPagedPoolInformation: Status = STATUS_NOT_IMPLEMENTED; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = 0; } break; case SystemNonPagedPoolInformation: Status = STATUS_NOT_IMPLEMENTED; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = 0; } break; case SystemHandleInformation: if (SystemInformationLength < sizeof( SYSTEM_HANDLE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } if (!POINTER_IS_ALIGNED (SystemInformation, TYPE_ALIGNMENT (SYSTEM_HANDLE_INFORMATION))) { return STATUS_DATATYPE_MISALIGNMENT; } Status = ExpGetHandleInformation( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemExtendedHandleInformation: if (SystemInformationLength < sizeof( SYSTEM_HANDLE_INFORMATION_EX )) { return STATUS_INFO_LENGTH_MISMATCH; } if (!POINTER_IS_ALIGNED (SystemInformation, TYPE_ALIGNMENT (SYSTEM_HANDLE_INFORMATION_EX))) { return STATUS_DATATYPE_MISALIGNMENT; } Status = ExpGetHandleInformationEx( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemObjectInformation: if (SystemInformationLength < sizeof( SYSTEM_OBJECTTYPE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetObjectInformation( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemPageFileInformation: if (SystemInformationLength < sizeof( SYSTEM_PAGEFILE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = MmGetPageFileInformation( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemFileCacheInformation: case SystemFileCacheInformationEx: { SYSTEM_FILECACHE_INFORMATION CapturedFileCacheInformation; // // This structure was extended in NT 4.0 from 12 bytes. // Use the previous size of 12 bytes for versioning info. // if (SystemInformationLength < 12) { return STATUS_INFO_LENGTH_MISMATCH; } MmQuerySystemCacheWorkingSetInformation (&CapturedFileCacheInformation); FileCache = (PSYSTEM_FILECACHE_INFORMATION)SystemInformation; FileCache->CurrentSize = CapturedFileCacheInformation.CurrentSize; FileCache->PeakSize = CapturedFileCacheInformation.PeakSize; FileCache->PageFaultCount = CapturedFileCacheInformation.PageFaultCount; i = 12; if (SystemInformationLength >= sizeof( SYSTEM_FILECACHE_INFORMATION )) { i = sizeof (SYSTEM_FILECACHE_INFORMATION); FileCache->MinimumWorkingSet = CapturedFileCacheInformation.MinimumWorkingSet; FileCache->MaximumWorkingSet = CapturedFileCacheInformation.MaximumWorkingSet; FileCache->CurrentSizeIncludingTransitionInPages = CapturedFileCacheInformation.CurrentSizeIncludingTransitionInPages; FileCache->PeakSizeIncludingTransitionInPages = CapturedFileCacheInformation.PeakSizeIncludingTransitionInPages; FileCache->TransitionRePurposeCount = CapturedFileCacheInformation.TransitionRePurposeCount; FileCache->Flags = CapturedFileCacheInformation.Flags; } if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = i; } break; } case SystemSessionPoolTagInformation: SessionProcessInformation = (PSYSTEM_SESSION_PROCESS_INFORMATION)SystemInformation; if (SystemInformationLength < sizeof( SYSTEM_SESSION_PROCESS_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } // // The lower level locks the buffer specified below into // memory using MmProbeAndLockPages. // We don't need to probe the buffers here. // SessionId = SessionProcessInformation->SessionId; SessionPoolTagInformation = SessionProcessInformation->Buffer; SessionPoolTagInformationLength = SessionProcessInformation->SizeOfBuf; if (!POINTER_IS_ALIGNED (SessionPoolTagInformation, sizeof (ULONGLONG))) { return STATUS_DATATYPE_MISALIGNMENT; } Status = ExGetSessionPoolTagInformation ( SessionPoolTagInformation, SessionPoolTagInformationLength, &Length, &SessionId); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemPoolTagInformation: if (SystemInformationLength < sizeof( SYSTEM_POOLTAG_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExGetPoolTagInfo (SystemInformation, SystemInformationLength, ReturnLength); break; case SystemBigPoolInformation: if (SystemInformationLength < sizeof( SYSTEM_BIGPOOL_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExGetBigPoolInfo (SystemInformation, SystemInformationLength, ReturnLength); break; case SystemSessionMappedViewInformation: SessionMappedViewInformation = (PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION)SystemInformation; if (SystemInformationLength < sizeof( SYSTEM_SESSION_MAPPED_VIEW_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } // // The lower level locks the buffer specified below into // memory using MmProbeAndLockPages. // We don't need to probe the buffers here. // SessionId = SessionMappedViewInformation->SessionId; if (!POINTER_IS_ALIGNED (SessionMappedViewInformation, sizeof (ULONGLONG))) { return STATUS_DATATYPE_MISALIGNMENT; } Status = MmGetSessionMappedViewInformation ( SessionMappedViewInformation, SystemInformationLength, &Length, &SessionId); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemVdmInstemulInformation: #ifdef i386 if (SystemInformationLength < sizeof( SYSTEM_VDM_INSTEMUL_INFO )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetInstemulInformation( (PSYSTEM_VDM_INSTEMUL_INFO)SystemInformation ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof(SYSTEM_VDM_INSTEMUL_INFO); } #else Status = STATUS_NOT_IMPLEMENTED; #endif break; // // Get system exception information which includes the number // of exceptions that have dispatched, the number of alignment // fixups, and the number of floating emulations that have been // performed. // case SystemExceptionInformation: if (SystemInformationLength < sizeof( SYSTEM_EXCEPTION_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof(SYSTEM_EXCEPTION_INFORMATION); } ExceptionInformation = (PSYSTEM_EXCEPTION_INFORMATION)SystemInformation; // // Ke information. // // These counters are kept on a per processor basis and must // be totaled. // { ULONG AlignmentFixupCount = 0; ULONG ExceptionDispatchCount = 0; ULONG FloatingEmulationCount = 0; ULONG ByteWordEmulationCount = 0; for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) { Prcb = KiProcessorBlock[i]; if (Prcb != NULL) { AlignmentFixupCount += Prcb->KeAlignmentFixupCount; ExceptionDispatchCount += Prcb->KeExceptionDispatchCount; FloatingEmulationCount += Prcb->KeFloatingEmulationCount; } } ExceptionInformation->AlignmentFixupCount = AlignmentFixupCount; ExceptionInformation->ExceptionDispatchCount = ExceptionDispatchCount; ExceptionInformation->FloatingEmulationCount = FloatingEmulationCount; ExceptionInformation->ByteWordEmulationCount = ByteWordEmulationCount; } break; case SystemKernelDebuggerInformation: if (SystemInformationLength < sizeof( SYSTEM_KERNEL_DEBUGGER_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } KernelDebuggerInformation = (PSYSTEM_KERNEL_DEBUGGER_INFORMATION)SystemInformation; KernelDebuggerInformation->KernelDebuggerEnabled = KdDebuggerEnabled; KernelDebuggerInformation->KernelDebuggerNotPresent = KdDebuggerNotPresent; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof(SYSTEM_KERNEL_DEBUGGER_INFORMATION); } break; case SystemContextSwitchInformation: if (SystemInformationLength < sizeof( SYSTEM_CONTEXT_SWITCH_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } ContextSwitchInformation = (PSYSTEM_CONTEXT_SWITCH_INFORMATION)SystemInformation; // // Compute the total number of context switches and fill in the // remainder of the context switch information. // ContextSwitches = 0; for (i = 0; i < (ULONG)KeNumberProcessors; i += 1) { Prcb = KiProcessorBlock[i]; if (Prcb != NULL) { ContextSwitches += KeGetContextSwitches(Prcb); } } ContextSwitchInformation->ContextSwitches = ContextSwitches; ContextSwitchInformation->FindAny = KeThreadSwitchCounters.FindAny; ContextSwitchInformation->FindLast = KeThreadSwitchCounters.FindLast; ContextSwitchInformation->FindIdeal = KeThreadSwitchCounters.FindIdeal; ContextSwitchInformation->IdleAny = KeThreadSwitchCounters.IdleAny; ContextSwitchInformation->IdleCurrent = KeThreadSwitchCounters.IdleCurrent; ContextSwitchInformation->IdleLast = KeThreadSwitchCounters.IdleLast; ContextSwitchInformation->IdleIdeal = KeThreadSwitchCounters.IdleIdeal; ContextSwitchInformation->PreemptAny = KeThreadSwitchCounters.PreemptAny; ContextSwitchInformation->PreemptCurrent = KeThreadSwitchCounters.PreemptCurrent; ContextSwitchInformation->PreemptLast = KeThreadSwitchCounters.PreemptLast; ContextSwitchInformation->SwitchToIdle = KeThreadSwitchCounters.SwitchToIdle; if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof(SYSTEM_CONTEXT_SWITCH_INFORMATION); } break; case SystemRegistryQuotaInformation: if (SystemInformationLength < sizeof( SYSTEM_REGISTRY_QUOTA_INFORMATION)) { return(STATUS_INFO_LENGTH_MISMATCH); } CmQueryRegistryQuotaInformation((PSYSTEM_REGISTRY_QUOTA_INFORMATION)SystemInformation); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof(SYSTEM_REGISTRY_QUOTA_INFORMATION); } break; case SystemDpcBehaviorInformation: { PSYSTEM_DPC_BEHAVIOR_INFORMATION DpcInfo; // // If the system information buffer is not the correct length, // then return an error. // if (SystemInformationLength != sizeof(SYSTEM_DPC_BEHAVIOR_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } DpcInfo = (PSYSTEM_DPC_BEHAVIOR_INFORMATION)SystemInformation; // // Exception handler for this routine will return the correct // error if any of these accesses fail. // // // Return the current DPC behavior variables // DpcInfo->DpcQueueDepth = KiMaximumDpcQueueDepth; DpcInfo->MinimumDpcRate = KiMinimumDpcRate; DpcInfo->AdjustDpcThreshold = KiAdjustDpcThreshold; DpcInfo->IdealDpcRate = KiIdealDpcRate; } break; case SystemInterruptInformation: if (SystemInformationLength < (sizeof(SYSTEM_INTERRUPT_INFORMATION) * KeNumberProcessors)) { return(STATUS_INFO_LENGTH_MISMATCH); } InterruptInformation = (PSYSTEM_INTERRUPT_INFORMATION)SystemInformation; for (i=0; i < (ULONG)KeNumberProcessors; i++) { Prcb = KiProcessorBlock[i]; InterruptInformation->ContextSwitches = KeGetContextSwitches(Prcb); InterruptInformation->DpcCount = Prcb->DpcData[DPC_NORMAL].DpcCount; InterruptInformation->DpcRate = Prcb->DpcRequestRate; InterruptInformation->TimeIncrement = KeTimeIncrement; InterruptInformation->DpcBypassCount = 0; InterruptInformation->ApcBypassCount = 0; ++InterruptInformation; } break; case SystemCurrentTimeZoneInformation: if (SystemInformationLength < sizeof( RTL_TIME_ZONE_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } RtlCopyMemory(SystemInformation,&ExpTimeZoneInformation,sizeof(ExpTimeZoneInformation)); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = sizeof( RTL_TIME_ZONE_INFORMATION ); } Status = STATUS_SUCCESS; break; // // Query pool lookaside list and general lookaside list // information. // case SystemLookasideInformation: Status = ExpGetLookasideInformation(SystemInformation, SystemInformationLength, &Length); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = Length; } break; case SystemRangeStartInformation: if ( SystemInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; } *(PULONG_PTR)SystemInformation = (ULONG_PTR)MmSystemRangeStart; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG_PTR); } break; case SystemVerifierInformation: if (SystemInformationLength < sizeof( SYSTEM_VERIFIER_INFORMATION )) { return STATUS_INFO_LENGTH_MISMATCH; } Status = MmGetVerifierInformation( SystemInformation, SystemInformationLength, &Length ); if (ARGUMENT_PRESENT( ReturnLength )) { *ReturnLength = Length; } break; case SystemLegacyDriverInformation: if (SystemInformationLength < sizeof(SYSTEM_LEGACY_DRIVER_INFORMATION)) { return(STATUS_INFO_LENGTH_MISMATCH); } Length = SystemInformationLength; Status = ExpQueryLegacyDriverInformation((PSYSTEM_LEGACY_DRIVER_INFORMATION)SystemInformation, &Length); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = Length; } break; case SystemPerformanceTraceInformation: Status = STATUS_INVALID_INFO_CLASS; break; case SystemPrefetcherInformation: Status = CcPfQueryPrefetcherInformation(SystemInformationClass, SystemInformation, SystemInformationLength, PreviousMode, &Length ); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = Length; } break; case SystemNumaProcessorMap: Status = ExpQueryNumaProcessorMap(SystemInformation, SystemInformationLength, &Length); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = Length; } break; case SystemNumaAvailableMemory: Status = ExpQueryNumaAvailableMemory(SystemInformation, SystemInformationLength, &Length); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = Length; } break; case SystemRecommendedSharedDataAlignment: if (SystemInformationLength < sizeof(ULONG)) { return(STATUS_INFO_LENGTH_MISMATCH); } // // Alignment is guaranteed by the ProbeForWrite above // so just store the value as a ULONG. // *(PULONG)SystemInformation = KeGetRecommendedSharedDataAlignment(); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = sizeof(ULONG); } break; case SystemComPlusPackage: if (SystemInformationLength != sizeof(ULONG)) { return(STATUS_INFO_LENGTH_MISMATCH); } if (SharedUserData->ComPlusPackage == COMPLUS_PACKAGE_INVALID) { // // The initialization happens one time. // SharedUserData->ComPlusPackage = 0; ExpReadComPlusPackage (); } *(PULONG)SystemInformation = SharedUserData->ComPlusPackage; if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = sizeof(ULONG); } break; case SystemLostDelayedWriteInformation: if (SystemInformationLength < sizeof(ULONG)) { return(STATUS_INFO_LENGTH_MISMATCH); } *(PULONG)SystemInformation = CcLostDelayedWrites; if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = sizeof(ULONG); } break; case SystemObjectSecurityMode: if (SystemInformationLength != sizeof (ULONG)) { return STATUS_INFO_LENGTH_MISMATCH; } *(PULONG)SystemInformation = ObGetSecurityMode (); if (ARGUMENT_PRESENT (ReturnLength)) { *ReturnLength = sizeof (ULONG); } break; case SystemWatchdogTimerInformation: { PSYSTEM_WATCHDOG_TIMER_INFORMATION WdTimerInfo = (PSYSTEM_WATCHDOG_TIMER_INFORMATION) SystemInformation; // // Caller must be kernel mode with the proper parameters // if (PreviousMode != KernelMode || SystemInformation == NULL || SystemInformationLength != sizeof(SYSTEM_WATCHDOG_TIMER_INFORMATION)) { ExRaiseStatus (STATUS_INVALID_PARAMETER); } if (ExpWdHandler == NULL) { Status = STATUS_NOT_IMPLEMENTED; } else { switch (WdTimerInfo->WdInfoClass) { case WdInfoTimeoutValue: Status = ExpWdHandler( WdActionQueryTimeoutValue, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE ); break; case WdInfoTriggerAction: Status = ExpWdHandler( WdActionQueryTriggerAction, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE ); break; case WdInfoState: Status = ExpWdHandler( WdActionQueryState, ExpWdHandlerContext, &WdTimerInfo->DataValue, FALSE ); break; default: Status = STATUS_INVALID_PARAMETER; break; } } } break; case SystemLogicalProcessorInformation: Status = KeQueryLogicalProcessorInformation( SystemInformation, SystemInformationLength, &Length); if (ARGUMENT_PRESENT(ReturnLength)) { *ReturnLength = Length; } break; case SystemFirmwareTableInformation: if (SystemInformationLength < sizeof(SYSTEM_FIRMWARE_TABLE_INFORMATION)) { return STATUS_INFO_LENGTH_MISMATCH; } Status = ExpGetSystemFirmwareTableInformation(SystemInformation, PreviousMode, ReturnLength); break; default: // // Invalid argument. // return STATUS_INVALID_INFO_CLASS; } } except (EXCEPTION_EXECUTE_HANDLER) { Status = GetExceptionCode(); } return Status; } |
|
|
这是win10的还是win7 x64的? |
|
|
他的文章
赞赏
雪币:
留言:
