|
Click to See Complete Forum and Search --> : How to retrieve resource associated a running process? main December 30th, 2002, 09:07 PM hi all, how to get resources associated a running progress, such as socket , shared memory ans so on...... by the way, i'd like to ask another question: how to get the cpu and memory occupation of a running process? thank you ... DanM December 31st, 2002, 02:16 AM 1) NT native API Here is a book you may need (most probably you wont find too much documentation): http://www.amazon.com/exec/obidos/tg/detail/-/1578701996/qid=1041317685/sr=8-1/ref=sr_8_1/002-1483510-0968864?v=glance&s=books&n=507846 2)GetProcessTimes http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getprocesstimes.asp http://www.microsoft.com/msj/defaulttop.asp?page=/msj/archive/s2058a.htm Dan galathaea December 31st, 2002, 03:57 AM This thread (http://codeguru.com/forum/showthread.php?s=&threadid=222670&highlight=ntqueryobject) should give you a start. It refers to finding out about open file resources, but the basis of the idea is the Native API command NtQueryObject (aka ZwQueryObject in user mode) as DanM has mentioned, and searching through the internal object directory and can be used for any of the kernel objects with some modifications. However, I think that sockets may be a different animal, and it might be necessary to do something like a layered service provider (but, alas, I am not an expert of such techniques). Anyway, searching these forums, the internet, and google groups for NtQueryObject will give you a good code basis to get some of your problems fixed, but I would definitely go with Nebbett's Reference for the really complete summary. DrPizza December 31st, 2002, 09:07 AM ZwXxx() is the name for the kernel-mode versions of the functions, not the user-mode ones. NtQueryObject is also known as nothing else in user-mode. ntdll.dll exports functions with both NtXxx() and ZwXxx() names; the former outnumber the latter, however. galathaea December 31st, 2002, 12:55 PM If you go to this site (http://sysinternals.com/ntw2k/info/ntdll.shtml) they have a good explanation of the Native API. In particular, they state Note that all of the Native APIs begin with "Nt". The export table in NTDLL.DLL also makes the Native API accessible through an alternate naming convention, one where command names begin with "Zw" instead of "Nt". Thus, ZwCreateFile() is an alias for NtCreateFile(). In ring0, however, one deals only with the Zw functions as exported from ntoskrnl.exe, as Dr. Pizza has mentioned. main December 31st, 2002, 10:27 PM Thank you ...... codeguru.com
Copyright WebMediaBrands Inc., All Rights Reserved. |
|