windows系统调用 进程快照
时间:2014-05-18 20:01:58
收藏:0
阅读:535
1 #include "windows.h" 2 #include "tlhelp32.h" 3 #include "iostream" 4 using namespace std; 5 6 #pragma comment(lib,"kernel32.lib") 7 8 DWORD GetKernelModePercentage(const FILETIME& ftKernel, 9 const FILETIME& ftUser 10 ){ 11 ULONGLONG qwKernel=(((ULONGLONG)ftKernel.dwHighDateTime)<<32)+ftKernel.dwLowDateTime; 12 ULONGLONG qwUser=(((ULONGLONG)ftUser.dwHighDateTime)<<32)+ftUser.dwLowDateTime; 13 ULONGLONG qwTotal=qwKernel+qwUser; 14 DWORD dwPct=(DWORD)(((ULONGLONG)100*qwKernel)/qwTotal); 15 return (dwPct); 16 17 18 } 19 20 void main(){ 21 HANDLE hSnapshot=CreateToolhelp32Snapshot( 22 TH32CS_SNAPPROCESS, 23 0 24 ); 25 26 PROCESSENTRY32 pe; 27 28 ZeroMemory(&pe,sizeof(pe)); 29 pe.dwSize=sizeof(pe); 30 31 BOOL bMore=Process32First(hSnapshot,&pe); 32 33 while(bMore){ 34 HANDLE hProcess=OpenProcess( 35 PROCESS_QUERY_INFORMATION, 36 FALSE, 37 pe.th32ProcessID 38 ); 39 40 if(hProcess!=NULL){ 41 FILETIME ftCreation,ftKernelMode,ftUserMode,ftExit; 42 GetProcessTimes( 43 hProcess, 44 &ftCreation, 45 &ftExit, 46 &ftKernelMode, 47 &ftUserMode ); 48 49 DWORD dwPctKernel=GetKernelModePercentage( 50 ftKernelMode, 51 ftUserMode 52 ); 53 54 cout<<"process ID:"<<pe.th32ProcessID 55 <<",EXE file:"<<pe.szExeFile 56 <<",% in Kernel mode:"<<dwPctKernel<<endl; 57 58 CloseHandle(hProcess); 59 } 60 bMore=Process32Next(hSnapshot,&pe); 61 } 62 63 64 getchar(); 65 }
评论(0)