下面代码试了多次, 差不多一样快, 不知为什么???
不是 ZW 的 API 快吗?
procedure TForm1.Button1Click(Sender: TObject);
var
mTreeNode:TTreeNode;
hheap:THandle;
SYSTEM_PROCESSES_Info : PSYSTEM_PROCESSES;
Ns:NTSTATUS;
PN:string;
i, J : integer;
DT : TDateTime;
FT : TFileTime;
ST : TsystemTime;
StartTime, EndTime: integer;
begin
for J:=0 to 500 do // 调用 500 次 NtQuerySystemInformation
begin
StartTime:=GetTickCount;
hheap:=GetProcessHeap;
if hheap=0 then
begin
showmessage('Get Heap Error!');
exit;
end;
SYSTEM_PROCESSES_Info:=HeapAlloc(hheap, HEAP_ZERO_MEMORY,BLOCK_SIZE);
if SYSTEM_PROCESSES_Info = nil then
begin
showmessage('HeapAlloc error!');
exit;
end;
i:=1;
repeat
Ns:=NtQuerySystemInformation(SystemProcessesAndThreadsInformation, // 指定了所查询的系统信息类型
SYSTEM_PROCESSES_Info, // 一个指针,这个指针用来返回系统句柄列表,在调用NtQuerySystemInformation函数之前,必须为这个指针分配足够的内存空间,否则函数调用会出错
BLOCK_SIZE * i, // 所分配的内存空间大小,单位是byte
nil); // 返回的大小
if Ns=STATUS_INFO_LEN_MISMATCH then // 如果函数调用成功,返回值将是0,否则可以使用GetLastError()获得详细的错误代码。
begin
inc(i);
SYSTEM_PROCESSES_Info:=HeapReAlloc(hheap, HEAP_ZERO_MEMORY, SYSTEM_PROCESSES_Info, BLOCK_SIZE * i);
if SYSTEM_PROCESSES_Info =nil then
begin
showmessage('HeapReAlloc error!');
exit;
end;
end;
until ns<>STATUS_INFO_LEN_MISMATCH;
TreeView1.Items.Clear;
repeat
SYSTEM_PROCESSES_Info:=PSYSTEM_PROCESSES(dword(SYSTEM_PROCESSES_Info) + SYSTEM_PROCESSES_Info.NextEntryDelta);
pn:=widechartostring(SYSTEM_PROCESSES_Info.ProcessName.buffer);
mTreeNode:=TreeView1.Items.Add(nil, pn);
treeview1.Items.AddChild(mTreeNode, '进程标识符:'+inttostr(SYSTEM_PROCESSES_Info.ProcessID));
treeview1.Items.AddChild(mTreeNode, '父进程的标识符:'+inttostr(SYSTEM_PROCESSES_Info.InheritedFromProcessId));
until SYSTEM_PROCESSES_Info.NextEntryDelta=0;
end;
EndTime:=GetTickCount;
showmessage('总共花了 '+ Inttostr(EndTime-StartTime)+ ' ms');
end;
procedure TForm1.Button2Click(Sender: TObject);
var
mTreeNode:TTreeNode;
hheap:THandle;
SYSTEM_PROCESSES_Info : PSYSTEM_PROCESSES;
Ns:NTSTATUS;
PN:string;
i, J : integer;
DT : TDateTime;
FT : TFileTime;
ST : TsystemTime;
StartTime, EndTime: integer;
begin
for J:=0 to 500 do // 调用 500 次 ZWQuerySystemInformation
begin
StartTime:=GetTickCount;
hheap:=GetProcessHeap;
if hheap=0 then
begin
showmessage('Get Heap Error!');
exit;
end;
SYSTEM_PROCESSES_Info:=HeapAlloc(hheap, HEAP_ZERO_MEMORY,BLOCK_SIZE);
if SYSTEM_PROCESSES_Info = nil then
begin
showmessage('HeapAlloc error!');
exit;
end;
i:=1;
repeat
Ns:=ZWQuerySystemInformation(SystemProcessesAndThreadsInformation, // 指定了所查询的系统信息类型
SYSTEM_PROCESSES_Info, // 一个指针,这个指针用来返回系统句柄列表,在调用NtQuerySystemInformation函数之前,必须为这个指针分配足够的内存空间,否则函数调用会出错
BLOCK_SIZE * i, // 所分配的内存空间大小,单位是byte
nil); // 返回的大小
if Ns=STATUS_INFO_LEN_MISMATCH then // 如果函数调用成功,返回值将是0,否则可以使用GetLastError()获得详细的错误代码。
begin
inc(i);
SYSTEM_PROCESSES_Info:=HeapReAlloc(hheap, HEAP_ZERO_MEMORY, SYSTEM_PROCESSES_Info, BLOCK_SIZE * i);
if SYSTEM_PROCESSES_Info =nil then
begin
showmessage('HeapReAlloc error!');
exit;
end;
end;
until ns<>STATUS_INFO_LEN_MISMATCH;
TreeView1.Items.Clear;
repeat
SYSTEM_PROCESSES_Info:=PSYSTEM_PROCESSES(dword(SYSTEM_PROCESSES_Info) + SYSTEM_PROCESSES_Info.NextEntryDelta);
pn:=widechartostring(SYSTEM_PROCESSES_Info.ProcessName.buffer);
mTreeNode:=TreeView1.Items.Add(nil, pn);
treeview1.Items.AddChild(mTreeNode, '进程标识符:'+inttostr(SYSTEM_PROCESSES_Info.ProcessID));
treeview1.Items.AddChild(mTreeNode, '父进程的标识符:'+inttostr(SYSTEM_PROCESSES_Info.InheritedFromProcessId));
until SYSTEM_PROCESSES_Info.NextEntryDelta=0;
end;
EndTime:=GetTickCount;
showmessage('总共花了 '+ Inttostr(EndTime-StartTime)+ ' ms');
end;
procedure TForm1.Button3Click(Sender: TObject);
var
found : boolean;
I, J : Integer;
ProcessListHandle, modSnapShot : THandle; //进程列表的句柄
mProcess: TMODULEENTRY32;
ProcessStruct : TProcessEntry32;
mTreeNode:TTreeNode;
StartTime, EndTime: integer;
begin
for J:=0 to 500 do // 调用 500 次 CreateToolhelp32Snapshot
begin
StartTime:=GetTickCount;
ProcessListHandle := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0);
ProcessStruct.dwSize := Sizeof(ProcessStruct);
found := Process32First(ProcessListHandle, ProcessStruct);
I:=0;
TreeView1.Items.Clear;
with ProcessStruct do
begin
while found do
begin
mTreeNode:=TreeView1.Items.Add(nil, szExeFile);
treeview1.Items.AddChild(mTreeNode, '进程标识符:'+inttostr(th32ProcessID));
treeview1.Items.AddChild(mTreeNode, '父进程的标识符:'+inttostr(th32ParentProcessID));
Inc(I);
found:=Process32Next(ProcessListHandle, ProcessStruct);
end; { while found do }
end; { with ProcessStruct do }
CloseHandle(ProcessListHandle);
end;
EndTime:=GetTickCount;
showmessage('总共花了 '+ Inttostr(EndTime-StartTime)+ ' ms');
//ViewProcessThread:=0;
end;
[课程]Android-CTF解题方法汇总!