delphi 模仿任务管理器.doc

很久很久以前，我在delphi的一个网站写过一个帖子，但那个网站的读者群水平太低，基本没有人阅读，因为没有人阅读，所以那个帖子没有写完，那个帖子就是讨论如何计算CPU的各种占有率，下面将那个帖子转帖在这里，帖子很长，耐心读： 闲了没事，用SoftIce跟踪 TaskMgr 居然看出点门道来，将这些见解和大家共享，文章可能很长，也可能要花很长的时间，反正爱看就看，不爱看就别看。 幸亏微软提供了相应的 .PDB 和 .DBG文件，使跟踪变的比较容易。本文所有提到的技术都属于微软，我只不过是读懂了然后用Delphi改写，自己没有什么技术，不得用于商业用途，否则老盖找你打官司，可别来找我。 使用未公开的函数 NtQuerySystemInformation 点滴(自己动手写任务管理器) （如何自己写一个任务管理器，从显示到功能和Windows TaskMgr完全一样，包括从注册表中读取Windows TaskMgr的所有启动参数(170个字节)，并增加一些TaskMgr没有的功能） gzgzlxg 2005年4月12日 该文章为近一个月研究Windows 2000和Windows 2003的任务管理器的体会，研究还没有最后结束，但文章必须先写，否则许多东西不写下来就忘了。该文章将分若干篇来写，这是第一段。 NtQuerySystemInformation 是所谓 Undocuments 函数，主要用来获取系统各类信息。Windows 2000的任务管理器 TaskMgr 主要就是使用该函数来获取各类信息，如CPU使用率，内核使用率，句柄总数，线程总数，进程总数.等等在任务管理器中的几乎所有信息都是来自该函数。（当然也可以用别的函数完成类似的工作，如PDH，ToolHelp，或读取注册表等方法，各种方法中，应该以使用NtQuerySystemInformation 最好，这就是 TaskMgr 为什么使用该函数的原因。） 在MSDN知识库中是这样描写该函数的： NtQuerySystemInformation is available for use in Windows 2000 and Windows XP. It may be altered or unavailable in subsequent versions. Applications should use the alternate functions listed in this topic. 但幸运的是，至少在Windows 2003 的任务管理器中仍然是使用该函数来获取系统各类信息的。 下面将具体讲述该函数在Delphi中的使用 1. 函数NtQuerySystemInformation NtQuerySystemInformation函数隶属Ntdll.dll，函数的调用非常复杂，有许多入口参数，MSDN知识库中基本都是一带而过，没有具体的说明，这里所写的都是自己具体使用的感受，和网站上一些少的可怜的资料，而这些可怜的资料也都是别人自己的体会，所以难免有错误，因此在具体使用中，如有任何问题，概不负责。 1.1函数的调用格式： function NtQuerySystemInformation( SystemInformationClass: TSystemInformationClass; SystemInformationClass in One of the values enumerated in SYSTEM_INFORMATION_CLASS, indicating the kind of system information to be retrieved. pSystemInformation: PVOID; SystemInformation in, out Points to a buffer where the requested information is/ to be returned. The size and structure of this information varies depending on the value of the SystemInformationClass parameter: uSystemInformationLength: ULONG; SystemInformationLength in Size of the buffer pointed to by the SystemInformation parameter, in bytes. puReturnLength: PULONG ReturnLength out, optional Optional pointer to a location where the function writes the actual size of the information requested. If that size is less than or equal to the SystemInformationLength parameter, the function copies the information into the SystemInformation buffer; otherwise, it returns an NTSTATUS error code and returns in ReturnLength the size of buffer required to receive the requested information. ): NTSTATUS; stdcall; Return Values Returns an NTSTATUS success or error code. The forms and significance of NTSTATUS error codes are listed in the Ntstatus.h header file available in the Windows Device Driver Kit (DDK), and are described in the DDK documentation under Kernel-Mode Driver Architecture / Design Guide / Driver Programming Techniques / Logging Errors. uses a NtQuerySystemInformation call to obtain information about the Cache s settings and NtSetSystemInformation to set new sizing information. The working-set information for a process serves as guidelines for NT s Memory Manager egarding how many pages of/ physical memory should be assigned to the application. Because they are guidelines, conditions can result such that the Memory Manager grows a working-set to a size greater than the maximum, or shrinks it to less than the minimum. However, the settings are factors that will affect the overall allocation, and hence responsiveness, of an application. In the case of CacheSet the application is the file system Cache. 1.2 参数说明： NtQuerySystemInformation的调用参数非常多，我这里只列出在TaskMgr中调用的部分。 1.2.1 TSystemInformationClass TSystemInformationClass有许多类，这里列出的是能够找到的，可能还有一些。 PSystemInformationClass = TSystemInformationClass; _SYSTEM_INFORMATION_CLASS = ( SystemBasicInformation, SystemProcessorInformation, SystemPerformanceInformation, SystemTimeOfDayInformation, SystemPathInformation, SystemProcessInformation, SystemCallCountInformation, SystemConfigurationInformation, SystemProcessorPerformanceInformation, SystemGlobalFlag, SystemCallTimeInformation, SystemModuleInformation, SystemLockInformation, SystemStackTraceInformation, SystemPagedPoolInformation, SystemNonPagedPoolInformation, SystemHandleInformation, SystemObjectInformation, SystemPageFileInformation, SystemVdmInstemulInformation, SystemVdmBopInformation, SystemFileCacheInformation, SystemPoolTagInformation, SystemInterruptInformation, SystemDpcBehaviorInformation, SystemFullMemoryInformation, SystemLoadGdiDriverInformation, SystemUnloadGdiDriverInformation, SystemTimeAdjustmentInformation, SystemSummaryMemoryInformation, SystemNextEventIdInformation, SystemEventIdsInformation, SystemCrashDumpInformation, SystemExceptionInformation, SystemCrashDumpStateInformation, SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation, SystemExtendServiceTableInformation, SystemPrioritySeperation, SystemPlugPlayBusInformation, SystemDockInformation, SystemPowerInformation, SystemProcessorSpeedInformation, SystemCurrentTimeZoneInformation, SystemLookasideInformation, SystemSetTimeSlipEvent, SystemCreateSession, / set mode only SystemDeleteSession, / set mode only SystemInvalidInfoClass1, / invalid info class SystemRangeStartInformation, / 0x0004 (fails if size != 4) SystemVerifierInformation, SystemAddVerifier, SystemSessionProcessesInformation, / checked build only MaxSystemInfoClass); TSystemInformationClass = _SYSTEM_INFORMATION_CLASS; 这里用Delphi的枚举类型列出了 SYSTEM_INFORMAION_CLASS，这些命名除了少数在MSDN上有简单的说明外，其余的都是根据使用者或从别的途径得到的，所以在网上，你可以见到不同的叫法，我这里列出的命名是我个人认为比较合适的或者说我比较喜欢的。 在TaskMgr中只使用了下面列出的5个，本文将主要介绍这5个类的具体调用。 SystemBasicInformation / 0 SystemPerformanceInformation / 2 SystemProcessInformation / 5 SystemProcessorPerformanceInformation / 8 SystemFileCacheInformation / 21 对我有用0 丢个板砖0 引用 举报 管理 TOP gzgzlxg (LXG) 等级： #13楼 得分：0回复于：2008-09-01 14:22:331.2.2 SystemInformation 根据 SYSTEM_INFORMAION_CLASS 类，SystemInformation 是相应的结构，下面只列出在TaskMgr中使用的5个结构，用Delphi的格式列出： /- /对应 SystemBasicInformation 0号调用 PSYSTEM_BASIC_INFORMATION = TSystemBasicInformation; _SYSTEM_BASIC_INFORMATION = packed record dwUnknown1: DWORD; /34 uKeMaximumIncrement: ULONG; /一个时钟的计量单位 /30 uPageSize: ULONG; /一个内存页的大小 /2c uMmNumberOfPhysicalPages: ULONG; /系统管理着多少个页 /28 uMmLowestPhysicalPage: ULONG; /低端内存页 /24 uMmHighestPhysicalPage: ULONG; /高端内存页 /20 uAllocationGranularity: ULONG; /1c pLowestUserAddress: Pointer; /低端用户地址 /18 pMmHighestUserAddress: Pointer; /高端用户地址 /14 uKeActiveProcessors: ULONG; /激活的处理器 /10 bKeNumberProcessors: BYTE; /有多少个处理器 /0c bUnknown2: BYTE; wUnknown3: WORD; end; TSystemBasicInformation = _SYSTEM_BASIC_INFORMATION; SYSTEM_BASIC_INFORMATION = _SYSTEM_BASIC_INFORMATION; /- /对应 SystemPerformanceInformation 2号调用 PSYSTEM_PERFORMANCE_INFORMATION = TSystemPerformanceInformation; _SYSTEM_PERFORMANCE_INFORMATION = packed record liIdleTime: LARGE_INTEGER; IoReadTransferCount: LARGE_INTEGER; IoWriteTransferCount: LARGE_INTEGER; IoOtherTransferCount: LARGE_INTEGER; IoReadOperationCount: ULONG; IoWriteOperationCount: ULONG; IoOtherOperationCount: ULONG; AvailablePages: ULONG; CommittedPages: ULONG; CommitLimit: ULONG; PeakCommitment: ULONG; PageFaultCount: ULONG; CopyOnWriteCount: ULONG; TransitionCount: ULONG; CacheTransitionCount: ULONG; DemandZeroCount: ULONG; PageReadCount: ULONG; PageReadIoCount: ULONG; CacheReadCount: ULONG; CacheIoCount: ULONG; DirtyPagesWriteCount: ULONG; DirtyWriteIoCount: ULONG; MappedPagesWriteCount: ULONG; MappedWriteIoCount: ULONG; PagedPoolPages: ULONG; NonPagedPoolPages: ULONG; PagedPoolAllocs: ULONG; PagedPoolFrees: ULONG; NonPagedPoolAllocs: ULONG; NonPagedPoolFrees: ULONG; FreeSystemPtes: ULONG; ResidentSystemCodePage: ULONG; TotalSystemDriverPages: ULONG; TotalSystemCodePages: ULONG; NonPagedPoolLookasideHits: ULONG; PagedPoolLookasideHits: ULONG; Spare3Count: ULONG; ResidentSystemCachePage: ULONG; ResidentPagedPoolPage: ULONG; ResidentSystemDriverPage: ULONG; CcFastReadNoWait: ULONG; CcFastReadWait: ULONG; CcFastReadResourceMiss: ULONG; CcFastReadNotPossible: ULONG; CcFastMdlReadNoWait: ULONG; CcFastMdlReadWait: ULONG; CcFastMdlReadResourceMiss: ULONG; CcFastMdlReadNotPossible: ULONG; CcMapDataNoWait: ULONG; CcMapDataWait: ULONG; CcMapDataNoWaitMiss: ULONG; CcMapDataWaitMiss: ULONG; CcPinMappedDataCount: ULONG; CcPinReadNoWait: ULONG; CcPinReadWait: ULONG; CcPinReadNoWaitMiss: ULONG; CcPinReadWaitMiss: ULONG; CcCopyReadNoWait: ULONG; CcCopyReadWait: ULONG; CcCopyReadNoWaitMiss: ULONG; CcCopyReadWaitMiss: ULONG; CcMdlReadNoWait: ULONG; CcMdlReadWait: ULONG; CcMdlReadNoWaitMiss: ULONG; CcMdlReadWaitMiss: ULONG; CcReadAheadIos: ULONG; CcLazyWriteIos: ULONG; CcLazyWritePages: ULONG; CcDataFlushes: ULONG; CcDataPages: ULONG; ContextSwitches: ULONG; FirstLevelTbFills: ULONG; SecondLevelTbFills: ULONG; SystemCalls: ULONG; end; TSystemPerformanceInformation = _SYSTEM_PERFORMANCE_INFORMATION; SYSTEM_PERFORMANCE_INFORMATION = _SYSTEM_PERFORMANCE_INFORMATION; /- PVM_COUNTERS = TVmCounters; _VM_COUNTERS = packed record uPeakVirtualSize: ULONG; uVirtualSize: ULONG; uPageFaultCount: ULONG; uPeakWorkingSetSize: ULONG; uWorkingSetSize: ULONG; uQuotaPeakPagedPoolUsage: ULONG; uQuotaPagedPoolUsage: ULONG; uQuotaPeakNonPagedPoolUsage: ULONG; uQuotaNonPagedPoolUsage: ULONG; uPagefileUsage: ULONG; uPeakPagefileUsage: ULONG; end; TVmCounters = _VM_COUNTERS; VM_COUNTERS = _VM_COUNTERS; PIO_COUNTERSEX = TIoCountersex; _IO_COUNTERSEX = packed record ReadOperationCount: LARGE_INTEGER; WriteOperationCount: LARGE_INTEGER; OtherOperationCount: LARGE_INTEGER; ReadTransferCount: LARGE_INTEGER; WriteTransferCount: LARGE_INTEGER; OtherTransferCount: LARGE_INTEGER; end; TIoCountersex = _IO_COUNTERSEX; IO_COUNTERSEX = _IO_COUNTERSEX; PSYSTEM_THREAD_INFORMATION = TSystemThreadInfo; _SYSTEM_THREAD_INFORMATION = packed record KernelTime: LARGE_INTEGER; / 100 nsec units /$000 UserTime: LARGE_INTEGER; / 100 nsec units /$008 CreateTime: LARGE_INTEGER; / relative to 01-01-1601 /$010 WaitTime: DWORD; /$018 pStartAddress: PVOID; /$01C Cid: CLIENT_ID; / process/thread ids /$020 Priority: DWORD; /$028 BasePriority: DWORD; /$02C ContextSwitches: DWORD; /$030 ThreadState: DWORD; / 2=running, 5=waiting /$034 WaitReason: DWORD; /KWAIT_REASON; /$038 uReserved01: DWORD; /$03C end; /$040 TSystemThreadInfo = _SYSTEM_THREAD_INFORMATION; SYSTEM_THREAD_INFORMATION = _SYSTEM_THREAD_INFORMATION; PSYSTEM_PROCESS = TSystemProcess; _SYSTEM_PROCESS = packed record / common members uNext: DWORD; / relative offset /$000 ThreadCount: DWORD; /$004 Reserved01: LARGE_INTEGER; /$008 Reserved02: LARGE_INTEGER; /$010 Reserved03: LARGE_INTEGER; /$018 CreateTime: LARGE_INTEGER; / relative to 01-01-1601 /$020 UserTime: LARGE_INTEGER; / 100 nsec units /$028 KernelTime: LARGE_INTEGER; / 100 nsec units /$030 usName: UNICODE_STRING; /$038 BasePriority: DWORD; /KPRIORITY; /$040 UniqueProcessId: DWORD; /$044 InheritedFromUniqueProcessId: DWORD; /$048 HandleCount: DWORD; /$04C SessionId: DWORD; /$050 W2K Only Reserved08: DWORD; /$054 VmCounters: VM_COUNTERS; / see ntddk.h /$058 CommitCharge: DWORD; / bytes /$084 end; /$088 TSystemProcess = _SYSTEM_PROCESS; SYSTEM_PROCESS = _SYSTEM_PROCESS; PSYSTEM_PROCESS_NT4 = TSystemProcessNt4; _SYSTEM_PROCESS_NT4 = packed record / Windows NT 4.0 Process: SYSTEM_PROCESS; / common members /$000 Threads: SYSTEM_THREAD_INFORMATION; / thread array /$088 end; /$088 TSystemProcessNt4 = _SYSTEM_PROCESS_NT4; SYSTEM_PROCESS_NT4 = _SYSTEM_PROCESS_NT4; PSYSTEM_PROCESS_NT5 = TSystemProcessNt5; _SYSTEM_PROCESS_NT5 = packed record / Windows 2000 Process: SYSTEM_PROCESS; / common members /$000 IoCounters: IO_COUNTERSEX; / see ntddk.h /$088 aThreads: SYSTEM_THREAD_INFORMATION; / thread array /$0B8 end; /$0B8 TSystemProcessNt5 = _SYSTEM_PROCESS_NT5; SYSTEM_PROCESS_NT5 = _SYSTEM_PROCESS_NT5; /对应 SystemProcessInformation 5号调用 PSYSTEM_PROCESS_INFORMATION = TSystemProcessInformation; _SYSTEM_PROCESS_INFORMATION = packed record case Integer of 0: (Process_NT4: SYSTEM_PROCESS_NT4); 1: (Process_NT5: SYSTEM_PROCESS_NT5); end; TSystemProcessInformation = _SYSTEM_PROCESS_INFORMATION; SYSTEM_PROCESS_INFORMATION = _SYSTEM_PROCESS_INFORMATION; 对我有用0 丢个板砖0 引用 举报 管理 TOP gzgzlxg (LXG) 等级： #14楼 得分：0回复于：2008-09-01 14:23:18/- /对应 SystemProcessorPerformanceInformation 8号调用 PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = TSystemProcessorPerformanceInformation; _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = packed record IdleTime: LARGE_INTEGER; KernelTime: LARGE_INTEGER; UserTime: LARGE_INTEGER; DpcTime: LARGE_INTEGER; InterruptTime: LARGE_INTEGER; InterruptCount: DWORD; dwUnknown1: DWORD; end; TSystemProcessorPerformanceInformation = _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION = _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; /- / 对应 SystemFileCacheInformation 21号调用 PSYSTEM_CACHE_INFORMATION = TSystemCacheInformation; _SYSTEM_CACHE_INFORMATION = packed record uFileCache: ULONG; / bytes uFileCachePeak: ULONG; / bytes PageFaultCount: ULONG; MinimumWorkingSet: ULONG; MaximumWorkingSet: ULONG; TransitionSharedPages: ULONG; TransitionSharedPagesPeak: ULONG; Reserved: array0.1 of ULONG; end; TSystemCacheInformation = _SYSTEM_CACHE_INFORMATION; SYSTEM_CACHE_INFORMATION = _SYSTEM_CACHE_INFORMATION; 2. 任务管理器性能 在讲述性能前先大致描述任务管理器的三大部分。 任务管理器由【性能】、【进程】、【应用程序】三大部分组成。其实这三大部分是有机的联系在一起的，尤其是【性能】和【进程】，【性能】中除了CPU使用率以外，其余的数据都是由进程模块顺便取得的。 TaskMgr可能是一个叫David的人主持开发的，程序启动初始化的时候，将系统的 Button Class 类的WndProc的调用指向自己（DavesFrameWndProc），将类名改为DavesFrameClass，保存原来的地址，在处理完DavesFrameWndProc的信息后调用原来的过程，也就是所谓的钩子。David也许很喜欢各类水果，程序中有四个菜单是用水果来命名的，分别是 Apple、Banana、Peach、Pear。