blob: 00e91817061ff36ee3a42f9a6af79c2426a35a36 [file] [log] [blame]
// Written by Zoltan Csizmadia, zoltan_csizmadia@yahoo.com
// For companies(Austin,TX): If you would like to get my resume, send an email.
//
// The source is free, but if you want to use it, mention my name and e-mail address
//
//////////////////////////////////////////////////////////////////////////////////////
//
// SystemInfo.h, v1.1
#ifndef SYSTEMINFO_H_INCLUDED
#define SYSTEMINFO_H_INCLUDED
#ifndef WINNT
#error You need Windows NT to use this source code. Define WINNT!
#endif
#if _MSC_VER > 1000
#pragma once
#endif // _MSC_VER > 1000
#pragma warning( disable : 4786 )
#pragma warning( disable : 4200 )
#include <map>
#include <string>
#include <list>
using std::map;
using std::string;
using std::list;
///////////////////////////////////////////////////////////////////////////////
//
// Typedefs
//
///////////////////////////////////////////////////////////////////////////////
typedef struct _UNICODE_STRING
{
WORD Length;
WORD MaximumLength;
PWSTR Buffer;
} UNICODE_STRING;
///////////////////////////////////////////////////////////////////////////////
//
// SystemInfoUtils
//
///////////////////////////////////////////////////////////////////////////////
// Helper functions
class SystemInfoUtils
{
public:
///////////////////////////////////////////////////////////////////////
// String conversion functions
// From wide char string to string
static void LPCWSTR2string( LPCWSTR strW, string& str );
// From unicode string to string
static void Unicode2string( UNICODE_STRING* strU, string& str );
///////////////////////////////////////////////////////////////////////
// File name conversion functions
static BOOL GetDeviceFileName( LPCTSTR, string& );
static BOOL GetFsFileName( LPCTSTR, string& );
///////////////////////////////////////////////////////////////////////
// Information functions
static DWORD GetNTMajorVersion();
};
///////////////////////////////////////////////////////////////////////////////
//
// INtDll
//
///////////////////////////////////////////////////////////////////////////////
class INtDll
{
public:
typedef DWORD (WINAPI *PNtQueryObject)( HANDLE, DWORD, VOID*, DWORD, VOID* );
typedef DWORD (WINAPI *PNtQuerySystemInformation)( DWORD, VOID*, DWORD, ULONG* );
typedef DWORD (WINAPI *PNtQueryInformationThread)(HANDLE, ULONG, PVOID, DWORD, DWORD* );
typedef DWORD (WINAPI *PNtQueryInformationFile)(HANDLE, PVOID, PVOID, DWORD, DWORD );
typedef DWORD (WINAPI *PNtQueryInformationProcess)(HANDLE, DWORD, PVOID, DWORD, PVOID );
public:
static PNtQuerySystemInformation NtQuerySystemInformation;
static PNtQueryObject NtQueryObject;
static PNtQueryInformationThread NtQueryInformationThread;
static PNtQueryInformationFile NtQueryInformationFile;
static PNtQueryInformationProcess NtQueryInformationProcess;
static BOOL NtDllStatus;
static DWORD dwNTMajorVersion;
protected:
static BOOL Init();
};
///////////////////////////////////////////////////////////////////////////////
//
// SystemProcessInformation
//
///////////////////////////////////////////////////////////////////////////////
class SystemProcessInformation : public INtDll
{
public:
typedef LARGE_INTEGER QWORD;
typedef struct _PROCESS_BASIC_INFORMATION {
DWORD ExitStatus;
PVOID PebBaseAddress;
DWORD AffinityMask;
DWORD BasePriority;
DWORD UniqueProcessId;
DWORD InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION;
typedef struct _VM_COUNTERS
{
DWORD PeakVirtualSize;
DWORD VirtualSize;
DWORD PageFaultCount;
DWORD PeakWorkingSetSize;
DWORD WorkingSetSize;
DWORD QuotaPeakPagedPoolUsage;
DWORD QuotaPagedPoolUsage;
DWORD QuotaPeakNonPagedPoolUsage;
DWORD QuotaNonPagedPoolUsage;
DWORD PagefileUsage;
DWORD PeakPagefileUsage;
} VM_COUNTERS;
typedef struct _SYSTEM_THREAD
{
DWORD u1;
DWORD u2;
DWORD u3;
DWORD u4;
DWORD ProcessId;
DWORD ThreadId;
DWORD dPriority;
DWORD dBasePriority;
DWORD dContextSwitches;
DWORD dThreadState; // 2=running, 5=waiting
DWORD WaitReason;
DWORD u5;
DWORD u6;
DWORD u7;
DWORD u8;
DWORD u9;
} SYSTEM_THREAD;
typedef struct _SYSTEM_PROCESS_INFORMATION
{
DWORD dNext;
DWORD dThreadCount;
DWORD dReserved01;
DWORD dReserved02;
DWORD dReserved03;
DWORD dReserved04;
DWORD dReserved05;
DWORD dReserved06;
QWORD qCreateTime;
QWORD qUserTime;
QWORD qKernelTime;
UNICODE_STRING usName;
DWORD BasePriority;
DWORD dUniqueProcessId;
DWORD dInheritedFromUniqueProcessId;
DWORD dHandleCount;
DWORD dReserved07;
DWORD dReserved08;
VM_COUNTERS VmCounters;
DWORD dCommitCharge;
SYSTEM_THREAD Threads[1];
} SYSTEM_PROCESS_INFORMATION;
enum { BufferSize = 0x10000 };
public:
SystemProcessInformation( BOOL bRefresh = FALSE );
virtual ~SystemProcessInformation();
BOOL Refresh();
public:
map< DWORD, SYSTEM_PROCESS_INFORMATION*> m_ProcessInfos;
SYSTEM_PROCESS_INFORMATION* m_pCurrentProcessInfo;
protected:
UCHAR* m_pBuffer;
};
///////////////////////////////////////////////////////////////////////////////
//
// SystemThreadInformation
//
///////////////////////////////////////////////////////////////////////////////
class SystemThreadInformation : public INtDll
{
public:
typedef struct _THREAD_INFORMATION
{
DWORD ProcessId;
DWORD ThreadId;
HANDLE ThreadHandle;
} THREAD_INFORMATION;
typedef struct _BASIC_THREAD_INFORMATION {
DWORD u1;
DWORD u2;
DWORD u3;
DWORD ThreadId;
DWORD u5;
DWORD u6;
DWORD u7;
} BASIC_THREAD_INFORMATION;
public:
SystemThreadInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );
BOOL Refresh();
public:
list< THREAD_INFORMATION > m_ThreadInfos;
DWORD m_processId;
};
///////////////////////////////////////////////////////////////////////////////
//
// SystemHandleInformation
//
///////////////////////////////////////////////////////////////////////////////
class SystemHandleInformation : public INtDll
{
public:
enum {
OB_TYPE_UNKNOWN = 0,
OB_TYPE_TYPE = 1,
OB_TYPE_DIRECTORY,
OB_TYPE_SYMBOLIC_LINK,
OB_TYPE_TOKEN,
OB_TYPE_PROCESS,
OB_TYPE_THREAD,
OB_TYPE_UNKNOWN_7,
OB_TYPE_EVENT,
OB_TYPE_EVENT_PAIR,
OB_TYPE_MUTANT,
OB_TYPE_UNKNOWN_11,
OB_TYPE_SEMAPHORE,
OB_TYPE_TIMER,
OB_TYPE_PROFILE,
OB_TYPE_WINDOW_STATION,
OB_TYPE_DESKTOP,
OB_TYPE_SECTION,
OB_TYPE_KEY,
OB_TYPE_PORT,
OB_TYPE_WAITABLE_PORT,
OB_TYPE_UNKNOWN_21,
OB_TYPE_UNKNOWN_22,
OB_TYPE_UNKNOWN_23,
OB_TYPE_UNKNOWN_24,
//OB_TYPE_CONTROLLER,
//OB_TYPE_DEVICE,
//OB_TYPE_DRIVER,
OB_TYPE_IO_COMPLETION,
OB_TYPE_FILE
} SystemHandleType;
public:
typedef struct _SYSTEM_HANDLE
{
DWORD ProcessID;
WORD HandleType;
WORD HandleNumber;
DWORD KernelAddress;
DWORD Flags;
} SYSTEM_HANDLE;
typedef struct _SYSTEM_HANDLE_INFORMATION
{
DWORD Count;
SYSTEM_HANDLE Handles[1];
} SYSTEM_HANDLE_INFORMATION;
protected:
typedef struct _GetFileNameThreadParam
{
HANDLE hFile;
string* pName;
ULONG rc;
} GetFileNameThreadParam;
public:
SystemHandleInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE, LPCTSTR lpTypeFilter = NULL );
~SystemHandleInformation();
BOOL SetFilter( LPCTSTR lpTypeFilter, BOOL bRefresh = TRUE );
const string& GetFilter();
BOOL Refresh();
public:
//Information functions
static BOOL GetType( HANDLE, WORD&, DWORD processId = GetCurrentProcessId() );
static BOOL GetTypeToken( HANDLE, string&, DWORD processId = GetCurrentProcessId() );
static BOOL GetTypeFromTypeToken( LPCTSTR typeToken, WORD& type );
static BOOL GetNameByType( HANDLE, WORD, string& str, DWORD processId = GetCurrentProcessId());
static BOOL GetName( HANDLE, string&, DWORD processId = GetCurrentProcessId() );
//Thread related functions
static BOOL GetThreadId( HANDLE, DWORD&, DWORD processId = GetCurrentProcessId() );
//Process related functions
static BOOL GetProcessId( HANDLE, DWORD&, DWORD processId = GetCurrentProcessId() );
static BOOL GetProcessPath( HANDLE h, string& strPath, DWORD processId = GetCurrentProcessId());
//File related functions
static BOOL GetFileName( HANDLE, string&, DWORD processId = GetCurrentProcessId() );
public:
//For remote handle support
static HANDLE OpenProcess( DWORD processId );
static HANDLE DuplicateHandle( HANDLE hProcess, HANDLE hRemote );
protected:
static void GetFileNameThread( PVOID /* GetFileNameThreadParam* */ );
BOOL IsSupportedHandle( SYSTEM_HANDLE& handle );
public:
list< SYSTEM_HANDLE > m_HandleInfos;
DWORD m_processId;
protected:
string m_strTypeFilter;
};
///////////////////////////////////////////////////////////////////////////////
//
// SystemModuleInformation
//
///////////////////////////////////////////////////////////////////////////////
class SystemModuleInformation
{
public:
typedef struct _MODULE_INFO
{
DWORD ProcessId;
TCHAR FullPath[_MAX_PATH];
HMODULE Handle;
} MODULE_INFO;
public:
typedef DWORD (WINAPI *PEnumProcessModules)(
HANDLE hProcess, // handle to process
HMODULE *lphModule, // array of module handles
DWORD cb, // size of array
LPDWORD lpcbNeeded // number of bytes required
);
typedef DWORD (WINAPI *PGetModuleFileNameEx)(
HANDLE hProcess, // handle to process
HMODULE hModule, // handle to module
LPTSTR lpFilename, // path buffer
DWORD nSize // maximum characters to retrieve
);
public:
SystemModuleInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );
BOOL Refresh();
protected:
void GetModuleListForProcess( DWORD processID );
public:
DWORD m_processId;
list< MODULE_INFO > m_ModuleInfos;
protected:
PEnumProcessModules m_EnumProcessModules;
PGetModuleFileNameEx m_GetModuleFileNameEx;
};
///////////////////////////////////////////////////////////////////////////////
//
// SystemWindowInformation
//
///////////////////////////////////////////////////////////////////////////////
class SystemWindowInformation
{
public:
enum { MaxCaptionSize = 1024 };
typedef struct _WINDOW_INFO
{
DWORD ProcessId;
TCHAR Caption[MaxCaptionSize];
HWND hWnd;
} WINDOW_INFO;
public:
SystemWindowInformation( DWORD pID = (DWORD)-1, BOOL bRefresh = FALSE );
BOOL Refresh();
protected:
static BOOL CALLBACK EnumerateWindows( HWND hwnd, LPARAM lParam );
public:
DWORD m_processId;
list< WINDOW_INFO > m_WindowInfos;
};
#endif