HomeWindows Programming

Examine Information on Windows NT System Level Primitives

CodeGuru Staff
By CodeGuru Staff

CodeGuru content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Environment: Windows NT 4.0/2000 only, VC6 SP4, NT DDK is not needed 🙂

Overview

This article presents two separate utilities (NtSysInfo and WhoUses) to examine low level information on such Windows NT
system primitives such as processes, threads, windows, modules and objects. Some of the things
that I’m doing here are similar to the utilities found on the sysinternals Web site.

NtSysInfo Syntax

NtSysInfo enables you to explore the Windows NT internals and enumerate the system’s processes,
windows, threads, objects.

Usage: NtSysInfo.exe [/H[type]|/M[dllname]|/P|/T|/W] [processId]}
 /H          Handle list. Can be filtered by "type"
             type: File, Thread, Semaphore, Process, Event,...
 /M          Module list. Can be filtered by "dllname"
 /P          Process list (processId not used)
 /T          Thread list
 /W          Window list
 processId   Process ID, dec. or 0x??? (-1 = every process, default)

Examples:
  NtSysInfo.exe /HFile 651
  NtSysInfo.exe /H 1248
  NtSysInfo.exe /Mkernel32.dll
  NtSysInfo.exe /P
  NtSysInfo.exe /W
  NtSysInfo.exe /W 1215

WhoUses Syntax

NtSysInfo allows you to list processes, windows, threads, objects.
The WhoUses utility enalbes you to determine what process has a file or DLL locked.

Usage: WhoUses.exe [/M] fileName
  /M         fileName is a module name ( EXE, DLL, ... )
  fileName   File name

Examples:
  WhoUses.exe /M kernel32.dll
  WhoUses.exe /M c:testtest.dll
  WhoUses.exe yourTextFile.txt
  WhoUses.exe c:pagefile.sys
  WhoUses.exe Serial0

Code Examples

  1. Get the process list
    2. SystemProcessInformation pi;
pi.Refresh();
// Iterate through pi.m_ProcessInfos
  2. Get the thread list
    3. // processId == -1 means every process
SystemThreadInformation ti( processId );
ti.Refresh();
// Iterate through ti.m_ThreadInfos
  3. Get the object list
    4. // processId == -1 means every process
SystemHandleInformation oi( processId );
oi.Refresh();
// Iterate through oi.m_HandleInfos
  4. Get the file object list
    5. // processId == -1 means every process
SystemHandleInformation fi( processId );
fi.SetFilter( _T("File"), TRUE ); // Refresh
// Iterate through fi.m_HandleInfos
  5. Get the window list
    6. // processId == -1 means every process
SystemWindowInformation wi( processId );
wi.Refresh();
// Iterate through wi.m_WindowInfos
  6. Get window list
    7. // processId == -1 means every process
SystemModuleInformation mi( processId );
mi.Refresh();
// Iterate through mi.m_ModuleInfos

Warnings & Disclaimers

This software uses a few undocumented functions (ntdll.dll), peeks around in your
systems internals. Use at your own risk! It works for me. 🙂

Resources

  • Book: Undocumented Windows NT by Prasad Dabak, Sandeep Phadke, Milind Borate
  • Book: Windows NT/2000 Native API Reference by Gary Nebbett
  • Web: System Internals, www.sysinternals.com

Downloads

Download source/demo code – 38 Kb

CodeGuru Staff
CodeGuru Staff

More by Author

Previous article
List Control with OLE Drag ‘& Drop
Next article
Browse IIS Directory Structures

News & Trends

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Must Read

CodeGuru covers topics related to Microsoft-related software development, mobile development, database management, and web application programming. In addition to tutorials and how-tos that teach programmers how to code in Microsoft-related languages and frameworks like C# and .Net, we also publish articles on software development tools, the latest in developer news, and advice for project managers. Cloud services such as Microsoft Azure and database options including SQL Server and MSSQL are also frequently covered.

Advertisers

Advertise with TechnologyAdvice on CodeGuru and our other developer-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.