TXT

01 System

By Deborah Wilson,2014-05-27 15:03
22 views 0
01 System

     ??ÎÄÓÉ402823080??Ï×

    pdfÎĵµ?ÉÄÜÔÚWAP?Ëä?ÀÀÌåÑé???Ñ????ÒéÄúÓÅÏÈÑ?ÔñTXT???òÏÂÔØÔ?ÎÄ?þµ????ú?é????

     1996 CH01 11/19/99 12:24 PM Page 1

     1 System Information

     The system services described in this chapter operate on the system as a whole rather than on individual objects within the system.They mostly gather information about the performance and operation of the system and set system parameters.

     and Control

     ZwQuerySystemInformation

     ZwQuerySystemInformation

     queries information about the system.

     NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL );

     Parameters

     SystemInformationClass

     The type of system information to be queried.The permitted values are a subset of the enumeration SYSTEM_INFORMATION_CLASS, described in the following section.

     SystemInformation

     Points to a caller-allocated buffer or variable that receives the requested system information.

     SystemInformationLength

     The size in bytes of SystemInformation, which the caller should set according to the given SystemInformationClass.

     1996 CH01 11/19/99 12:24 PM Page 2

     2

     System Information and Control: ZwQuerySystem Information

     ReturnLength

     Optionally points to a variable that receives the number of bytes actually returned to SystemInformation; if SystemInformationLength is too small to contain the available information, the variable is normally set to zero except for two information classes (6 and 11) when it is set to the number of bytes required for the available information. If this information is not needed, ReturnLength may be a null pointer.

     Return Value

     Returns

     STATUS_SUCCESS STATUS_NOT_IMPLEMENTED

     or an error status, such as STATUS_INVALID_INFO_CLASS, or STATUS_INFO_LENGTH_MISMATCH.

     Related Win32 Functions

     GetSystemInfo, GetTimeZoneInformation, GetSystemTimeAdjustment, PSAPI functions, and performance counters.

     Remarks

     ZwQuerySystemInformation

     is the source of much of the information displayed by ??Performance Monitor?? for the classes Cache, Memory, Objects, Paging File, Process, Processor, System, and Thread. It is also frequently used by resource kit utilities that display information about the system.

     The ReturnLength information is not always valid (depending on the information class), even when the routine returns STATUS_SUCCESS.When the return value indicates STATUS_INFO_LENGTH_MISMATCH, only some of the information classes return an estimate of the required length. Some information classes are implemented only in the ??checked?? version of the kernel. Some, such as SystemCallCounts, return useful information only in ??checked?? versions of the kernel. Some information classes require certain flags to have been set in boot time. For example, SystemObjectInformation requires that

    FLG_MAINTAIN_OBJECT_TYPELIST be set at boot time.

     NtGlobalFlags

     at

     Information class SystemNotImplemented1 (4) would return STATUS_NOT_IMPLEMENTED if it were not for the fact that it uses DbgPrint to print the text ??EX: SystemPathInformation now available via SharedUserData.?? and then calls DbgBreakPoint.The breakpoint exception is caught by a frame based exception handler (in the absence of intervention by a debugger) and causes ZwQuerySystemInformation to return with STATUS_BREAKPOINT.

     ZwSetSystemInformation

     ZwSetSystemInformation

     sets information that affects the operation of the system.

     NTSYSAPI NTSTATUS NTAPI ZwSetSystemInformation( IN

    SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation,

     1996 CH01 11/19/99 12:24 PM Page 3

     System Information and Control: SYSTEM_INFORMATION_CLASS

     IN ULONG SystemInformationLength );

     3

     Parameters

     SystemInformationClass

     The type of system information to be set.The permitted values are a subset of the enumeration SYSTEM_INFORMATION_CLASS, described in the following section.

     SystemInformation

     Points to a caller-allocated buffer or variable that contains the system information to be set.

     SystemInformationLength

     The size in bytes of SystemInformation, which the caller should set according to the given SystemInformationClass.

     Return Value

     Returns

     STATUS_SUCCESS STATUS_NOT_IMPLEMENTED

     or an error status, such as STATUS_INVALID_INFO_CLASS, or STATUS_INFO_LENGTH_MISMATCH.

     Related Win32 Functions

     SetSystemTimeAdjustment.

     Remarks

     At least one of the information classes uses the input and output.

     SystemInformation

     parameter for both

     SYSTEM_INFORMATION_CLASS

     The system information classes available in the ??free?? (retail) build of the system are listed below along with a remark as to whether the information class can be queried, set, or both. Some of the information classes labeled ??SystemNotImplementedXxx?? are implemented in the ??checked?? build, and a few of these classes are briefly described later.

     Query typedef enum _SYSTEM_INFORMATION_CLASS

    { SystemBasicInformation, SystemProcessorInformation,

    SystemPerformanceInformation, SystemTimeOfDayInformation, SystemNotImplemented1, SystemProcessesAndThreadsInformation, SystemCallCounts, SystemConfigurationInformation,

    SystemProcessorTimes, SystemGlobalFlag, SystemNotImplemented2, SystemModuleInformation, // // // // // // // // // // // // 0 1 2 3 4 5 6 7 8 9 10 11 Y Y Y Y Y Y Y Y Y Y Y Y Set N N N N N N N N N Y N N

     1996 CH01 11/19/99 12:24 PM Page 4

     4

     System Information and Control: SYSTEM_INFORMATION_CLASS

     SystemLockInformation, SystemNotImplemented3,

    SystemNotImplemented4, SystemNotImplemented5,

    SystemHandleInformation, SystemObjectInformation,

    SystemPagefileInformation, SystemInstructionEmulationCounts, SystemInvalidInfoClass1, SystemCacheInformation,

    SystemPoolTagInformation, SystemProcessorStatistics,

    SystemDpcInformation, SystemNotImplemented6, SystemLoadImage, SystemUnloadImage, SystemTimeAdjustment, SystemNotImplemented7, SystemNotImplemented8, SystemNotImplemented9,

    SystemCrashDumpInformation, SystemExceptionInformation, SystemCrashDumpStateInformation, SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation, SystemLoadAndCallImage, SystemPrioritySeparation,

    SystemNotImplemented10, SystemNotImplemented11,

    SystemInvalidInfoClass2, SystemInvalidInfoClass3,

    SystemTimeZoneInformation, SystemLookasideInformation,

    SystemSetTimeSlipEvent, SystemCreateSession, SystemDeleteSession, SystemInvalidInfoClass4, SystemRangeStartInformation,

    SystemVerifierInformation, SystemAddVerifier,

    SystemSessionProcessesInformation } SYSTEM_INFORMATION_CLASS; // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 Y Y Y Y Y Y Y Y Y Y Y Y Y N N Y Y Y Y Y Y Y Y Y Y N N Y Y N N N N N N N N Y N N Y N Y Y Y N N N N N Y/N N N Y Y Y N N

     Y Y N N N Y Y N Y

     N N Y Y Y N Y Y N

     SystemBasicInformation

     typedef struct _SYSTEM_BASIC_INFORMATION { // Information Class 0 ULONG Unknown; ULONG MaximumIncrement; ULONG PhysicalPageSize; ULONG NumberOfPhysicalPages; ULONG LowestPhysicalPage; ULONG

    HighestPhysicalPage; ULONG AllocationGranularity; ULONG LowestUserAddress; ULONG HighestUserAddress; ULONG ActiveProcessors; UCHAR NumberProcessors; } SYSTEM_BASIC_INFORMATION,

    *PSYSTEM_BASIC_INFORMATION;

     1996 CH01 11/19/99 12:24 PM Page 5

     System Information and Control: SystemBasicInformation

     5

     Members

     Unknown

     Always contains zero; interpretation unknown.

     MaximumIncrement

     The maximum number of 100-nanosecond units between clock ticks. Also the number of 100-nanosecond units per clock tick for kernel intervals measured in clock ticks.

     PhysicalPageSize

     The size in bytes of a physical page.

     NumberOfPhysicalPages

     The number of physical pages managed by the operating system.

     LowestPhysicalPage

     The number of the lowest physical page managed by the operating system (numbered from zero).

     HighestPhysicalPage

     The number of the highest physical page managed by the operating system (numbered from zero).

     AllocationGranularity

     The granularity to which the base address of virtual memory reservations is rounded.

     LowestUserAddress

     The lowest virtual address potentially available to user mode applications.

     HighestUserAddress

     The highest virtual address potentially available to user mode applications.

     ActiveProcessors

     A bit mask representing the set of active processors in the system. Bit 0 is processor 0; bit 31 is processor 31.

     NumberProcessors

     The number of processors in the system.

     Remarks

     Much of the data in this information class can be obtained by calling the Win32 function GetSystemInfo.

     1996 CH01 11/19/99 12:24 PM Page 6

     6

     System Information and Control: SystemProcessorInformation

     SystemProcessorInformation

     typedef struct _SYSTEM_PROCESSOR_INFORMATION { // Information Class 1 USHORT ProcessorArchitecture; USHORT ProcessorLevel; USHORT ProcessorRevision; USHORT Unknown; ULONG FeatureBits; } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;

     Members

     ProcessorArchitecture

     The system??s processor architecture. Some of the possible values are defined in winnt.h with identifiers of the form

    PROCESSOR_ARCHITECTURE_* (where ??*?? is a wildcard).

     ProcessorLevel

     The system??s architecture-dependent processor level. Some of the possible values are defined in the Win32 documentation for the SYSTEM_INFO structure.

     ProcessorRevision

     The system??s architecture-dependent processor revision. Some of the possible values are defined in the Win32 documentation for the SYSTEM_INFO structure.

     Unknown

     Always contains zero; interpretation unknown.

     FeatureBits

     A bit mask representing any special features of the system??s processor (for example, whether the Intel MMX instruction set is available).The flags for the Intel platform include:

     Intel Mnemonic VME TCS CMOV PGE PSE MTRR CXS MMX PAT FXSR SIMD Value 0x0001 0x0002 0x0004 0x0008 0x0010 0x0020 0x0040 0x0080 0x0100 0x0400 0x0800 0x2000 Description Virtual-8086 Mode Enhancements Time Stamp Counter CR4 Register Conditional Mov/Cmp Instruction PTE Global Bit Page Size Extensions Memory Type Range Registers CMPXCHGB8 Instruction MMX Technology Page Attribute Table Fast Floating Point Save and Restore Streaming SIMD Extension

     Remarks

     Much of the data in this information class can be obtained by calling the Win32 function GetSystemInfo.

     1996 CH01 11/19/99 12:24 PM Page 7

     System Information and Control: SystemPerformanceInformation

     7

     SystemPerformanceInformation

     typedef struct _SYSTEM_PERFORMANCE_INFORMATION { // Information Class 2 LARGE_INTEGER IdleTime; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; ULONG ReadOperationCount; ULONG WriteOperationCount; ULONG OtherOperationCount; ULONG AvailablePages; ULONG TotalCommittedPages; ULONG TotalCommitLimit; ULONG PeakCommitment; ULONG PageFaults; ULONG WriteCopyFaults; ULONG TransitionFaults; ULONG Reserved1; ULONG DemandZeroFaults; ULONG PagesRead; ULONG PageReadIos; ULONG Reserved2[2]; ULONG PagefilePagesWritten; ULONG PagefilePageWriteIos; ULONG MappedFilePagesWritten; ULONG MappedFilePageWriteIos; ULONG PagedPoolUsage; ULONG NonPagedPoolUsage; ULONG PagedPoolAllocs; ULONG PagedPoolFrees; ULONG NonPagedPoolAllocs; ULONG NonPagedPoolFrees; ULONG TotalFreeSystemPtes; ULONG SystemCodePage; ULONG

    TotalSystemDriverPages; ULONG TotalSystemCodePages; ULONG SmallNonPagedLookasideListAllocateHits; ULONG

    SmallPagedLookasideListAllocateHits; ULONG Reserved3; ULONG MmSystemCachePage; ULONG PagedPoolPage; ULONG SystemDriverPage; ULONG FastReadNoWait; ULONG FastReadWait; ULONG FastReadResourceMiss; ULONG FastReadNotPossible; ULONG FastMdlReadNoWait; ULONG FastMdlReadWait; ULONG FastMdlReadResourceMiss; ULONG FastMdlReadNotPossible; ULONG MapDataNoWait; ULONG MapDataWait; ULONG MapDataNoWaitMiss; ULONG MapDataWaitMiss; ULONG PinMappedDataCount; ULONG PinReadNoWait; ULONG PinReadWait; ULONG PinReadNoWaitMiss; ULONG PinReadWaitMiss; ULONG CopyReadNoWait; ULONG CopyReadWait; ULONG CopyReadNoWaitMiss;

     1996 CH01 11/19/99 12:24 PM Page 8

     8

     System Information and Control: SystemPerformanceInformation

     ULONG CopyReadWaitMiss; ULONG MdlReadNoWait; ULONG MdlReadWait; ULONG MdlReadNoWaitMiss; ULONG MdlReadWaitMiss; ULONG ReadAheadIos; ULONG LazyWriteIos; ULONG LazyWritePages; ULONG DataFlushes; ULONG DataPages; ULONG ContextSwitches; ULONG FirstLevelTbFills; ULONG SecondLevelTbFills; ULONG SystemCalls; }

    SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;

     Members

     IdleTime

     The total idle time, measured in units of 100-nanoseconds, of all the processors in the system.

     ReadTransferCount

     The number of bytes read by all calls to

     ZwReadFile.

     WriteTransferCount

     The number of bytes written by all calls to

     ZwWriteFile.

     OtherTransferCount

     The number of bytes transferred to satisfy all other I/O operations, such as ZwDeviceIoControlFile.

     ReadOperationCount

     The number of calls to

     ZwReadFile.

     WriteOperationCount

     The number of calls to

     ZwWriteFile.

     OtherOperationCount

     The number of calls to all other I/O system services such as

     ZwDeviceIoControlFile.

     AvailablePages

     The number of pages of physical memory available to processes running on the system.

     TotalCommittedPages

     The number of pages of committed virtual memory.

     TotalCommitLimit

     The number of pages of virtual memory that could be committed without extending the system??s pagefiles.

     1996 CH01 11/19/99 12:24 PM Page 9

     System Information and Control: SystemPerformanceInformation

     9

     PeakCommitment

     The peak number of pages of committed virtual memory.

     PageFaults

     The number of page faults (both soft and hard).

     WriteCopyFaults

     The number of page faults arising from attempts to write to copy-on-write pages.

     TransitionFaults

     The number of soft page faults (excluding demand zero faults).

     DemandZeroFaults

     The number of demand zero faults.

     PagesRead

     The number of pages read from disk to resolve page faults.

     PageReadIos

     The number of read operations initiated to resolve page faults.

     PagefilePagesWritten

     The number of pages written to the system??s pagefiles.

     PagefilePageWriteIos

     The number of write operations performed on the system??s pagefiles.

     MappedFilePagesWritten

     The number of pages written to mapped files.

     MappedFilePageWriteIos

     The number of write operations performed on mapped files.

     PagedPoolUsage

     The number of pages of virtual memory used by the paged pool.

     NonPagedPoolUsage

     The number of pages of virtual memory used by the nonpaged pool.

     PagedPoolAllocs

     The number of allocations made from the paged pool.

     PagedPoolFrees

     The number of allocations returned to the paged pool.

     NonPagedPoolAllocs

     The number of allocations made from the nonpaged pool.

     1996 CH01 11/19/99 12:24 PM Page 10

     10

     System Information and Control: SystemPerformanceInformation

     NonPagedPoolFrees

     The number of allocations returned to the nonpaged pool.

     TotalFreeSystemPtes

     The number of available System Page Table Entries.

     SystemCodePage

     The number of pages of pageable operating system code and static data in physical memory.The meaning of ??operating system code and static data?? is defined by address range (lowest system address to start of system cache) and includes a contribution from win32k.sys.

     TotalSystemDriverPages

     The number of pages of pageable device driver code and static data.

     TotalSystemCodePages

     The number of pages of pageable operating system code and static

    data.The meaning of ??operating system code and static data?? is defined by load time (SERVICE_BOOT_START driver or earlier) and does not include a contribution from win32k.sys.

     SmallNonPagedLookasideListAllocateHits

     The number of times an allocation could be satisfied by one of the small nonpaged lookaside lists.

     SmallPagedLookasideListAllocateHits

     The number of times an allocation could be satisfied by one of the small-paged lookaside lists.

     MmSystemCachePage

     The number of pages of the system cache in physical memory.

     PagedPoolPage

     The number of pages of paged pool in physical memory.

     SystemDriverPage

     The number of pages of pageable device driver code and static data in physical memory.

     FastReadNoWait

     The number of asynchronous fast read operations.

     FastReadWait

     The number of synchronous fast read operations.

     FastReadResourceMiss

     The number of fast read operations not possible because of resource conflicts.

     1996 CH01 11/19/99 12:24 PM Page 11

     System Information and Control: SystemPerformanceInformation

     11

     FastReadNotPossible

     The number of fast read operations not possible because file system intervention required.

     FastMdlReadNoWait

     The number of asynchronous fast read operations requesting a Memory Descriptor List (MDL) for the data.

     FastMdlReadWait

     The number of synchronous fast read operations requesting an MDL for the data.

     FastMdlReadResourceMiss

     The number of synchronous fast read operations requesting an MDL for the data not possible because of resource conflicts.

     FastMdlReadNotPossible

     The number of synchronous fast read operations requesting an MDL for the data not possible because file system intervention required.

     MapDataNoWait

     The number of asynchronous data map operations.

     MapDataWait

     The number of synchronous data map operations.

     MapDataNoWaitMiss

     The number of asynchronous data map operations that incurred page faults.

     MapDataWaitMiss

     The number of synchronous data map operations that incurred page faults.

     PinMappedDataCount

     The number of requests to pin mapped data.

     PinReadNoWait

     The number of asynchronous requests to pin mapped data.

     PinReadWait

     The number of synchronous requests to pin mapped data.

     PinReadNoWaitMiss

     The number of asynchronous requests to pin mapped data that incurred page faults when pinning the data.

     PinReadWaitMiss

     The number of synchronous requests to pin mapped data that incurred page faults when pinning the data.

     1996 CH01 11/19/99 12:24 PM Page 12

     12

     System Information and Control: SystemPerformanceInformation

     CopyReadNoWait

     The number of asynchronous copy read operations.

     CopyReadWait

     The number of synchronous copy read operations.

     CopyReadNoWaitMiss

     The number of asynchronous copy read operations that incurred page faults when reading from the cache.

     CopyReadWaitMiss

     The number of synchronous copy read operations that incurred page faults when reading from the cache.

     MdlReadNoWait

     The number of synchronous read operations requesting an MDL for the cached data.

     MdlReadWait

     The number of synchronous read operations requesting an MDL for the cached data.

     MdlReadNoWaitMiss

     The number of synchronous read operations requesting an MDL for the cached data that incurred page faults.

     MdlReadWaitMiss

     The number of synchronous read operations requesting an MDL for the cached data that incurred page faults.

Report this document

For any questions or suggestions please email
cust-service@docsford.com