本文整理汇总了C++中NtQuerySystemInformation函数的典型用法代码示例。如果您正苦于以下问题:C++ NtQuerySystemInformation函数的具体用法?C++ NtQuerySystemInformation怎么用?C++ NtQuerySystemInformation使用的例子?那么, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NtQuerySystemInformation函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: EngQuerySystemAttribute
BOOL
APIENTRY
EngQuerySystemAttribute(
_In_ ENG_SYSTEM_ATTRIBUTE CapNum,
_Out_ PDWORD pCapability)
{
SYSTEM_BASIC_INFORMATION sbi;
SYSTEM_PROCESSOR_INFORMATION spi;
switch (CapNum)
{
case EngNumberOfProcessors:
NtQuerySystemInformation(SystemBasicInformation,
&sbi,
sizeof(SYSTEM_BASIC_INFORMATION),
NULL);
*pCapability = sbi.NumberOfProcessors;
return TRUE;
case EngProcessorFeature:
NtQuerySystemInformation(SystemProcessorInformation,
&spi,
sizeof(SYSTEM_PROCESSOR_INFORMATION),
NULL);
*pCapability = spi.ProcessorFeatureBits;
return TRUE;
default:
break;
}
return FALSE;
}示例2: GetWin32kBase
ULONG GetWin32kBase()
{
ULONG i, Count, Status, BytesRet;
PSYSTEM_MODULE_INFORMATION pSMI;
Status=NtQuerySystemInformation(SystemModuleInformation, pSMI, 0, &BytesRet); //allocation length
if(Status!=STATUS_INFO_LENGTH_MISMATCH)
printf("Error with NtQuerySystemInformation : 0x%x : %d \n", Status, RtlNtStatusToDosError(Status));
pSMI=(PSYSTEM_MODULE_INFORMATION)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, BytesRet);
Status=NtQuerySystemInformation(SystemModuleInformation, pSMI, BytesRet, &BytesRet);
if(Status!=STATUS_SUCCESS)
printf("Error with NtQuerySystemInformation : 0x%x : %d \n", Status, RtlNtStatusToDosError(Status));
/*
The data returned to the SystemInformation buffer is a ULONG count of the number of
handles followed immediately by an array of
SYSTEM_MODULE_INFORMATION.
*/
Count=*(PULONG)pSMI;
pSMI=(PSYSTEM_MODULE_INFORMATION)((PUCHAR)pSMI+4);
for(i=0; i<Count; i++)
{
if(StrStr((pSMI+i)->ImageName, "win32k.sys"))
return (ULONG)(pSMI+i)->Base;
}
HeapFree(GetProcessHeap(), HEAP_NO_SERIALIZE, pSMI);
return 0;
} 示例3: NtQuerySysHandleInfo
bool NtQuerySysHandleInfo(DynBuf & buf)
{
ULONG RequiredSize = NULL;
buf.Allocate(sizeof(SYSTEM_HANDLE_INFORMATION));
NtQuerySystemInformation(SystemHandleInformation, buf.GetPtr(), (ULONG)buf.Size(), &RequiredSize);
buf.Allocate(RequiredSize + sizeof(SYSTEM_HANDLE_INFORMATION));
return (NtQuerySystemInformation(SystemHandleInformation, buf.GetPtr(), (ULONG)buf.Size(), &RequiredSize) >= 0);
}示例4: NtQuerySystemInformation
void CpuMuninNodePlugin::CalculateCpuLoad()
{
if (NtQuerySystemInformation != NULL && GetSystemTimes != NULL) {
LONG status;
SYSTEM_TIME_INFORMATION SysTimeInfo;
SYSTEM_BASIC_INFORMATION SysBaseInfo;
// get number of processors in the system
status = NtQuerySystemInformation(SystemBasicInformation, &SysBaseInfo, sizeof(SysBaseInfo), NULL);
if (status != NO_ERROR) {
printf("Querying SystemBasicInformation failed: 0x%x\n", status);
return;
}
// get new system time
status = NtQuerySystemInformation(SystemTimeInformation, &SysTimeInfo, sizeof(SysTimeInfo), NULL);
if (status!=NO_ERROR) {
printf("Querying SystemTimeInformation failed: 0x%x\n", status);
return;
}
// get new CPU times
// http://www.codeproject.com/Articles/9113/Get-CPU-Usage-with-GetSystemTimes
FILETIME ftIdleTime;
FILETIME ftKernelTime;
FILETIME ftUserTime;
BOOL result = GetSystemTimes((LPFILETIME)&ftIdleTime, (LPFILETIME)&ftKernelTime, (LPFILETIME)&ftUserTime);
if (result == FALSE) {
printf("GetSystemTimes failed\n");
return;
}
unsigned long long systemTime = FileTimeToInt64(ftKernelTime) + FileTimeToInt64(ftUserTime);
unsigned long long idleTime = FileTimeToInt64(ftIdleTime);
// if it's a first call - skip it
if (liOldIdleTime != 0)
{
// CurrentValue = NewValue - OldValue
__int64 diffIdleTime = idleTime - liOldIdleTime;
__int64 diffSystemTime = systemTime - liOldSystemTime;
dbCpuTimePercent = (1.0f - ((diffSystemTime > 0) ? ((float)diffIdleTime) / diffSystemTime : 0)) * 100;
}
// store new times
liOldIdleTime = idleTime;
liOldSystemTime = systemTime;
}
else {
printf("NtQuerySystemInformation or GetSystemTimes functions not available\n");
}
}示例5: GetProcessPathByPID5
/* Vista Or Above 在基本用户的权限下也可 返回DOS device path */
BOOL GetProcessPathByPID5(DWORD dwProcessID, LPTSTR szFullPath, DWORD nSize)
{
NTSTATUS Status;
PVOID pBuffer;
SYSTEM_PROCESS_ID_INFORMATION info;
_NtQuerySystemInformation NtQuerySystemInformation;
NtQuerySystemInformation = (_NtQuerySystemInformation)GetProcAddress(
GetModuleHandle(_T("ntdll.dll")), "NtQuerySystemInformation");
if (NtQuerySystemInformation == NULL)
{
ODS(_T("NtQuerySystemInformation address error!"));
return FALSE;
}
pBuffer = malloc(0x100);
info.ProcessId = (HANDLE)dwProcessID;
info.ImageName.Length = 0;
info.ImageName.MaximumLength = (USHORT)0x100;
info.ImageName.Buffer = pBuffer;
Status = NtQuerySystemInformation(SystemProcessIdInformation, &info, sizeof(info), NULL);
if (Status == STATUS_INFO_LENGTH_MISMATCH)
{
free(pBuffer);
pBuffer = malloc(info.ImageName.MaximumLength);
info.ImageName.Buffer = pBuffer;
Status = NtQuerySystemInformation(SystemProcessIdInformation, &info, sizeof(info), NULL);
}
if (!NT_SUCCESS(Status))
{
ODS(_T("NtQuerySystemInformation failed!"));
free(pBuffer);
return FALSE;
}
#ifdef UNICODE
lstrcpynW(szFullPath, info.ImageName.Buffer, nSize);
#else
WideCharToMultiByte(CP_ACP, 0, info.ImageName.Buffer, -1, szFullPath, nSize, NULL, NULL);
#endif
free(pBuffer);
DosDevicePathToWin32Path(szFullPath);
return TRUE;
}示例6: GetLogicalProcessorInformation
/*
* @implemented
*/
BOOL
WINAPI
GetLogicalProcessorInformation(OUT PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer,
IN OUT PDWORD ReturnLength)
{
NTSTATUS Status;
if (!ReturnLength)
{
SetLastError(ERROR_INVALID_PARAMETER);
return FALSE;
}
Status = NtQuerySystemInformation(SystemLogicalProcessorInformation,
Buffer,
*ReturnLength,
ReturnLength);
/* Normalize the error to what Win32 expects */
if (Status == STATUS_INFO_LENGTH_MISMATCH) Status = STATUS_BUFFER_TOO_SMALL;
if (!NT_SUCCESS(Status))
{
BaseSetLastNTError(Status);
return FALSE;
}
return TRUE;
}示例7: NtQuerySystemInformation
static void *get_mod_info()
{
DWORD got = 0;
void *m;
NTSTATUS ret = NtQuerySystemInformation(
SystemModuleInformation, NULL, 0, &got);
if (ret != STATUS_INFO_LENGTH_MISMATCH)
return NULL;
m = malloc(got);
if (NT_SUCCESS(NtQuerySystemInformation(SystemModuleInformation, m, got, &got)))
return m;
free(m);
return NULL;
}示例8: SmpMakeSystemManagedPagingFileDescriptor
VOID
NTAPI
SmpMakeSystemManagedPagingFileDescriptor(IN PSMP_PAGEFILE_DESCRIPTOR Descriptor)
{
NTSTATUS Status;
LONGLONG MinimumSize, MaximumSize, Ram;
SYSTEM_BASIC_INFORMATION BasicInfo;
/* Query the page size of the system, and the amount of RAM */
Status = NtQuerySystemInformation(SystemBasicInformation,
&BasicInfo,
sizeof(BasicInfo),
NULL);
if (!NT_SUCCESS(Status))
{
/* If we failed, use defaults since we have no idea otherwise */
DPRINT1("SMSS:PFILE: NtQuerySystemInformation failed with %x \n", Status);
SmpMakeDefaultPagingFileDescriptor(Descriptor);
return;
}
/* Chekc how much RAM we have and set three times this amount as maximum */
Ram = BasicInfo.NumberOfPhysicalPages * BasicInfo.PageSize;
MaximumSize = 3 * Ram;
/* If we have more than 1GB, use that as minimum, otherwise, use 1.5X RAM */
MinimumSize = (Ram >= 1024 * MEGABYTE) ? Ram : MaximumSize / 2;
/* Write the new sizes in the descriptor and mark it as system managed */
Descriptor->MinSize.QuadPart = MinimumSize;
Descriptor->MaxSize.QuadPart = MaximumSize;
Descriptor->Flags |= SMP_PAGEFILE_SYSTEM_MANAGED;
}示例9: GetKernelModuleInfo
PVOID GetKernelModuleInfo(CHAR * target_name, PVOID* base, LONG* size) {
PVOID buffer = NULL;
ULONG buf_size = 0x5000;
NTSTATUS result;
do {
buffer = ExAllocatePool(PagedPool, buf_size);
if (buffer == NULL) {
return NULL;
}
ULONG need;
result = NtQuerySystemInformation(SystemModuleInformation, buffer, buf_size, &need);
if (result == STATUS_INFO_LENGTH_MISMATCH) {
ExFreePool(buffer);
buf_size *= 2;
}
else if (!NT_SUCCESS(result)) {
ExFreePool(buffer);
return NULL;
}
} while (result == STATUS_INFO_LENGTH_MISMATCH);
PSYSTEM_MODULE_INFORMATION system_module_info = (PSYSTEM_MODULE_INFORMATION)buffer;
int module_count = system_module_info->Count;
for(int i=0; i<module_count; i++){
CHAR* name = system_module_info->Module[i].ImageName + system_module_info->Module[i].PathLength;
//DbgPrint("kernel module: %s,%p \n", name, system_module_info->Module[i].Base);
if (_stricmp(name, target_name) == 0) {
*base = system_module_info->Module[i].Base;
*size = system_module_info->Module[i].Size;
}
}
return NULL;
}示例10: list_processes
void list_processes(void)
{
PSYSTEM_PROCESS_INFORMATION pspi;
ULONG ofs = 0, sz, i, j;
NTSTATUS r;
sz = 0;
r = NtQuerySystemInformation( SystemProcessInformation, buffer, sizeof buffer, &sz );
ok( r == STATUS_SUCCESS, "NtQuerySystemInformation failed\n" );
if (r != STATUS_SUCCESS)
return;
for (i=0, ofs=0; ofs<sz; i++)
{
pspi = (PSYSTEM_PROCESS_INFORMATION) (buffer + ofs);
dprintf( "%ld %ld %ld %S\n", pspi->ThreadCount, pspi->ProcessId,
pspi->InheritedFromProcessId, pspi->ProcessName.Buffer);
for (j=0; j<pspi->ThreadCount; j++)
{
dprintf("%p %p %p %08lx %08lx\n",
pspi->Threads[j].StartAddress,
pspi->Threads[j].ClientId.UniqueProcess,
pspi->Threads[j].ClientId.UniqueThread,
pspi->Threads[j].State,
pspi->Threads[j].WaitReason);
}
if (!pspi->NextEntryDelta)
break;
ofs += pspi->NextEntryDelta;
}
}示例11: stat_gettext
static int stat_gettext(int tag, char *buf)
{
char *original_buf = buf;
/* TODO: Support more than one processors */
LARGE_INTEGER idle_time, kernel_time, user_time;
GetSystemTimes((FILETIME *)&idle_time, (FILETIME *)&kernel_time, (FILETIME *)&user_time);
uint64_t user = user_time.QuadPart / (TICKS_PER_SECOND / USER_HZ);
uint64_t nice = 0;
uint64_t system = kernel_time.QuadPart / (TICKS_PER_SECOND / USER_HZ);
uint64_t idle = idle_time.QuadPart / (TICKS_PER_SECOND / USER_HZ);
system -= idle; /* KernelTime includes IdleTime */
uint64_t iowait = 0;
uint64_t irq = 0;
uint64_t softirq = 0;
uint64_t steal = 0, guest = 0, guest_nice = 0;
buf += ksprintf(buf, "cpu %llu %llu %llu %llu %llu %llu %llu %llu %llu %llu\n",
user, nice, system, idle, iowait, irq, softirq, steal, guest, guest_nice);
buf += ksprintf(buf, "intr %llu\n", 0);
buf += ksprintf(buf, "swap %llu %llu\n", 0);
uint64_t ctxt = 0;
buf += ksprintf(buf, "ctxt %llu\n", ctxt);
/* Boot time */
SYSTEM_TIMEOFDAY_INFORMATION tod_info;
NtQuerySystemInformation(SystemTimeOfDayInformation, &tod_info, sizeof(tod_info), NULL);
uint64_t btime = filetime_to_unix_sec((FILETIME *)&tod_info.BootTime);
buf += ksprintf(buf, "btime %llu\n", btime);
uint64_t processes = 0;
buf += ksprintf(buf, "processes %llu\n", processes);
int procs_running = 1;
buf += ksprintf(buf, "procs_running %d\n", procs_running);
int procs_blocked = 0;
buf += ksprintf(buf, "procs_blocked %d\n", procs_blocked);
return buf - original_buf;
}示例12: NtQuerySystemInformation
bool mod_mimikatz_sekurlsa::searchPasswords(vector<wstring> * arguments)
{
if(searchLSASSDatas())
{
if(PNT_QUERY_SYSTEM_INFORMATION NtQuerySystemInformation = reinterpret_cast<PNT_QUERY_SYSTEM_INFORMATION>(GetProcAddress(GetModuleHandle(L"ntdll"), "NtQuerySystemInformation")))
{
#ifdef _M_X64
PBYTE MmSystemRangeStart = reinterpret_cast<PBYTE>(0xffff080000000000);
#elif defined _M_IX86
PBYTE MmSystemRangeStart = reinterpret_cast<PBYTE>(0x80000000);
#endif
ULONG maTaille = 0;
NtQuerySystemInformation(KIWI_SystemMmSystemRangeStart, &MmSystemRangeStart, sizeof(PBYTE), &maTaille);
DWORD nbPossible = 0;
for(PBYTE pMemoire = 0; pMemoire < MmSystemRangeStart ; )
{
MEMORY_BASIC_INFORMATION mesInfos;
if(VirtualQueryEx(hLSASS, pMemoire, &mesInfos, sizeof(MEMORY_BASIC_INFORMATION)) > 0)
{
if((mesInfos.Protect & PAGE_READWRITE) && !(mesInfos.Protect & PAGE_GUARD) && (mesInfos.Type == MEM_PRIVATE))
{
UNICODE_STRING donnees[3];
for(PBYTE pZone = reinterpret_cast<PBYTE>(mesInfos.BaseAddress); pZone < (reinterpret_cast<PBYTE>(mesInfos.BaseAddress) + mesInfos.RegionSize - 3*sizeof(UNICODE_STRING)); pZone += sizeof(DWORD))
{
if(mod_memory::readMemory(pZone, donnees, 3*sizeof(UNICODE_STRING), hLSASS))
{
if(
(donnees[0].Length && !((donnees[0].Length & 1) || (donnees[0].MaximumLength & 1)) && (donnees[0].Length < sizeof(wchar_t)*0xff) && (donnees[0].Length <= donnees[0].MaximumLength) && donnees[0].Buffer) &&
(donnees[1].Length && !((donnees[1].Length & 1) || (donnees[1].MaximumLength & 1)) && (donnees[1].Length < sizeof(wchar_t)*0xff) && (donnees[1].Length <= donnees[1].MaximumLength) && donnees[1].Buffer) &&
(donnees[2].Length && !((donnees[2].Length & 1) || (donnees[2].MaximumLength & 1)) && (donnees[2].Length < sizeof(wchar_t)*0xff) && (donnees[2].Length <= donnees[2].MaximumLength) && donnees[2].Buffer)
)
{
wstring user, domain, password;
BYTE * bPassword = NULL;
if(ressembleString(&donnees[0], &user) && ressembleString(&donnees[1], &domain) && !ressembleString(&donnees[2], NULL, &bPassword))
{
if(bPassword)
{
mod_mimikatz_sekurlsa::SeckPkgFunctionTable->LsaUnprotectMemory(bPassword, donnees[2].MaximumLength);
password.assign(mod_text::stringOrHex(bPassword, donnees[2].Length, 0, false));
}
(*outputStream) << L"[" << nbPossible++ << L"] { " << user << L" ; " << domain << L" ; " << password << L" }" << endl;
}
if(bPassword)
delete[] bPassword;
}
}
}
}
pMemoire += mesInfos.RegionSize;
}
else break;
}
}
}
else (*outputStream) << L"Données LSASS en erreur" << endl;
return true;
}示例13: leakHal
BOOL leakHal()
{
_NtQuerySystemInformation NtQuerySystemInformation = (_NtQuerySystemInformation)GetProcAddress(GetModuleHandleA("NTDLL.DLL"), "NtQuerySystemInformation");
PRTL_PROCESS_MODULES pModuleInfo;
DWORD ntoskrnlBase;
DWORD HalDTUser, HalDTOffset;
HMODULE userKernel;
pModuleInfo = (PRTL_PROCESS_MODULES)VirtualAlloc(NULL, 0x100000, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
if (pModuleInfo == NULL)
{
printf("Could not allocate memory\n");
return FALSE;
}
NtQuerySystemInformation(SystemModuleInformation, pModuleInfo, 0x100000, NULL);
ntoskrnlBase = (DWORD)pModuleInfo->Modules[0].ImageBase;
userKernel = LoadLibraryEx(L"ntoskrnl.exe", NULL, DONT_RESOLVE_DLL_REFERENCES);
if (userKernel == NULL)
{
printf("Could not load ntoskrnl.exe\n");
return FALSE;
}
HalDTUser = (DWORD)GetProcAddress(userKernel, "HalDispatchTable");
HalDTOffset = HalDTUser - (DWORD)userKernel;
g_HalDispatchTable = ntoskrnlBase + HalDTOffset + 0x9000;
return TRUE;
}示例14: CsrOneTimeInitialize
NTSTATUS
CsrOneTimeInitialize( VOID )
{
NTSTATUS Status;
//
// Save away system information in a global variable
//
Status = NtQuerySystemInformation( SystemBasicInformation,
&CsrNtSysInfo,
sizeof( CsrNtSysInfo ),
NULL
);
if (!NT_SUCCESS( Status )) {
return( Status );
}
//
// Use the process heap for memory allocation.
//
CsrHeap = RtlProcessHeap();
CsrInitOnceDone = TRUE;
return( STATUS_SUCCESS );
}示例15: fetch_process_info
/******************************************************************
* fetch_process_info
*
* reads system wide process information, and make spi point to the record
* for process of id 'pid'
*/
static BOOL fetch_process_info(struct dump_context* dc)
{
ULONG buf_size = 0x1000;
NTSTATUS nts;
dc->pcs_buffer = NULL;
if (!(dc->pcs_buffer = HeapAlloc(GetProcessHeap(), 0, buf_size))) return FALSE;
for (;;)
{
nts = NtQuerySystemInformation(SystemProcessInformation,
dc->pcs_buffer, buf_size, NULL);
if (nts != STATUS_INFO_LENGTH_MISMATCH) break;
dc->pcs_buffer = HeapReAlloc(GetProcessHeap(), 0, dc->pcs_buffer,
buf_size *= 2);
if (!dc->pcs_buffer) return FALSE;
}
if (nts == STATUS_SUCCESS)
{
dc->spi = dc->pcs_buffer;
for (;;)
{
if (dc->spi->dwProcessID == dc->pid) return TRUE;
if (!dc->spi->dwOffset) break;
dc->spi = (SYSTEM_PROCESS_INFORMATION*)
((char*)dc->spi + dc->spi->dwOffset);
}
}
HeapFree(GetProcessHeap(), 0, dc->pcs_buffer);
dc->pcs_buffer = NULL;
dc->spi = NULL;
return FALSE;
}