能力值:
( LV13,RANK:1050 )
|
-
-
2 楼
SystemBasicInformation
SystemProcessorInformation
SystemPerformanceInformation
SystemTimeOfDayInformation
SystemNotImplemented1
SystemProcessesAndThreadsInformation
SystemCallCounts
SystemConfigurationInformation
SystemProcessorTimes
SystemGlobalFlag
SystemNotImplemented2
SystemModuleInformation
SystemLockInformation
SystemNotImplemented3
SystemNotImplemented4
SystemNotImplemented5
SystemHandleInformation
SystemObjectInformation
SystemPagefileInformation
SystemInstructionEmulationCounts
SystemInvalidInfoClass1
SystemCacheInformation
SystemPoolTagInformation
SystemProcessorStatistics
SystemDpcInformation
SystemNotImplemented6
SystemLoadImage
SystemUnloadImage
SystemTimeAdjustment
SystemNotImplemented7
SystemNotImplemented8
SystemNotImplemented9
SystemCrashDumpInformation
SystemExceptionInformation
SystemCrashDumpStateInformation
SystemKernelDebuggerInformation
SystemContextSwitchInformation
SystemRegistryQuotaInformation
SystemLoadAndCallImage
SystemPrioritySeparation
SystemNotImplemented10
SystemNotImplemented11
SystemInvalidInfoClass2
SystemInvalidInfoClass3
SystemTimeZoneInformation
SystemLookasideInformation
SystemSetTimeSlipEvent
SystemCreateSession
SystemDeleteSession
SystemInvalidInfoClass4
SystemRangeStartInformation
SystemVerifierInformation
SystemAddVerifier
SystemSessionProcessesInformation
|
能力值:
( LV2,RANK:10 )
|
-
-
3 楼
谢谢LS 应该是从0开始一直顺着往下排吧?
很奇怪目前我只有SystemKernelDebuggerInformation时调用ZwQuerySystemInformation()才成功(返回0) 其他基本失败
我是在一个MFC的基于对话框的程序里调用ZwQuerySystemInformation(),并不是写驱动,请问是这个原因吗?
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
下面是我的代码,该定义的结构体都已经定义,这里就不写出了。EXE文件可以运行(一个MFC的对话框程序),但是ZwQuerySystemInformation()总是调用失败。 请哪位大虾指教一下?
enum SYSTEM_INFORMATION_CLASS {SystemHandleInformation=16};
typedef NTSTATUS(NTAPI *ZW_QUERY_SYSTEM_INFORMATION)
(IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength);
HMODULE hModule=GetModuleHandle("ntdll.dll");
if(hModule==NULL)
{
AfxMessageBox("GetModuleHandle Failed!",MB_OK);
return;
}
ZW_QUERY_SYSTEM_INFORMATION zqsi;
zqsi=(ZW_QUERY_SYSTEM_INFORMATION)GetProcAddress(hModule,"ZwQuerySystemInformation");
if(zqsi==NULL)
{
AfxMessageBox("GetProcAddress Failed!",MB_OK);
return;
}
SYSTEM_HANDLE_INFORMATION info;
ULONG len=sizeof(SYSTEM_HANDLE_INFORMATION);
ULONG needed=0;
if(0==zqsi(SystemHandleInformation,&info,len,&needed))
{
AfxMessageBox("Succeeded!",MB_OK);
}
|
能力值:
( LV8,RANK:130 )
|
-
-
5 楼
SYSTEM_HANDLE_INFORMATION info;
ULONG len=sizeof(SYSTEM_HANDLE_INFORMATION);
ULONG needed=0;
if(0==zqsi(SystemHandleInformation,&info,len,&needed))
{
AfxMessageBox("Succeeded!",MB_OK);
}
要协商缓存的
|
能力值:
( LV8,RANK:130 )
|
-
-
6 楼
%wrk%\public\sdk\inc\ntexapi.h
// // System Information Classes. //
typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation, SystemProcessorInformation, // obsolete...delete SystemPerformanceInformation, SystemTimeOfDayInformation, SystemPathInformation, SystemProcessInformation, SystemCallCountInformation, SystemDeviceInformation, SystemProcessorPerformanceInformation, SystemFlagsInformation, SystemCallTimeInformation, SystemModuleInformation, SystemLocksInformation, SystemStackTraceInformation, SystemPagedPoolInformation, SystemNonPagedPoolInformation, SystemHandleInformation, SystemObjectInformation, SystemPageFileInformation, SystemVdmInstemulInformation, SystemVdmBopInformation, SystemFileCacheInformation, SystemPoolTagInformation, SystemInterruptInformation, SystemDpcBehaviorInformation, SystemFullMemoryInformation, SystemLoadGdiDriverInformation, SystemUnloadGdiDriverInformation, SystemTimeAdjustmentInformation, SystemSummaryMemoryInformation, SystemMirrorMemoryInformation, SystemPerformanceTraceInformation, SystemObsolete0, SystemExceptionInformation, SystemCrashDumpStateInformation, SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation, SystemExtendServiceTableInformation, SystemPrioritySeperation, SystemVerifierAddDriverInformation, SystemVerifierRemoveDriverInformation, SystemProcessorIdleInformation, SystemLegacyDriverInformation, SystemCurrentTimeZoneInformation, SystemLookasideInformation, SystemTimeSlipNotification, SystemSessionCreate, SystemSessionDetach, SystemSessionInformation, SystemRangeStartInformation, SystemVerifierInformation, SystemVerifierThunkExtend, SystemSessionProcessInformation, SystemLoadGdiDriverInSystemSpace, SystemNumaProcessorMap, SystemPrefetcherInformation, SystemExtendedProcessInformation, SystemRecommendedSharedDataAlignment, SystemComPlusPackage, SystemNumaAvailableMemory, SystemProcessorPowerInformation, SystemEmulationBasicInformation, SystemEmulationProcessorInformation, SystemExtendedHandleInformation, SystemLostDelayedWriteInformation, SystemBigPoolInformation, SystemSessionPoolTagInformation, SystemSessionMappedViewInformation, SystemHotpatchInformation, SystemObjectSecurityMode, SystemWatchdogTimerHandler, SystemWatchdogTimerInformation, SystemLogicalProcessorInformation, SystemWow64SharedInformation, SystemRegisterFirmwareTableInformationHandler, SystemFirmwareTableInformation, SystemModuleInformationEx, SystemVerifierTriageInformation, SystemSuperfetchInformation, SystemMemoryListInformation, SystemFileCacheInformationEx, MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum } SYSTEM_INFORMATION_CLASS;
// // System Information Structures. //
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
谢谢回答。
协商缓存难道是利用循环让len持续+1来检测?
那岂不是很费时间啊?
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
似乎解决了 原来是要不断尝试增加info和len的大小
谢谢各位!
|
能力值:
( LV8,RANK:130 )
|
-
-
9 楼
一般是len*2吧。。。
|