#include
#include
#include
typedef struct _UNICODE_STRING {
USHORT Length;//UNICODE占用的内存字节数,个数*2;
USHORT MaximumLength;
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
typedef struct _SYSTEM_BASIC_INFORMATION{
ULONG Reserved;
ULONG TimerResolution;
ULONG PageSize;
ULONG NumberOfPhysicalPages;
ULONG LowestPhysicalPageNumber;
ULONG HighestPhysicalPageNumber;
ULONG AllocationGranularity;
ULONG_PTR MinimumUserModeAddress;
ULONG_PTR MaximumUserModeAddress;
ULONG_PTR ActiveProcessorsAffinityMask;
CCHAR NumberOfProcessors;
}SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation,// 0 Y N
SystemProcessorInformation,// 1 Y N
SystemPerformanceInformation,// 2 Y N
SystemTimeOfDayInformation,// 3 Y N
SystemNotImplemented1,// 4 Y N // SystemPathInformation
SystemProcessesAndThreadsInformation,// 5 Y N
SystemCallCounts,// 6 Y N
SystemConfigurationInformation,// 7 Y N
SystemProcessorTimes,// 8 Y N
SystemGlobalFlag,// 9 Y Y
SystemNotImplemented2,// 10 YN // SystemCallTimeInformation
SystemModuleInformation,// 11 YN
SystemLockInformation,// 12 YN
SystemNotImplemented3,// 13 YN // SystemStackTraceInformation
SystemNotImplemented4,// 14 YN // SystemPagedPoolInformation
SystemNotImplemented5,// 15 YN // SystemNonPagedPoolInformation
SystemHandleInformation,// 16 YN
SystemObjectInformation,// 17 YN
SystemPagefileInformation,// 18 YN
SystemInstructionEmulationCounts,// 19 YN
SystemInvalidInfoClass1,// 20
SystemCacheInformation,// 21 YY
SystemPoolTagInformation,// 22 YN
SystemProcessorStatistics,// 23 YN
SystemDpcInformation,// 24 YY
SystemNotImplemented6,// 25 YN // SystemFullMemoryInformation
SystemLoadImage,// 26 NY // SystemLoadGdiDriverInformation
SystemUnloadImage,// 27 NY
SystemTimeAdjustment,// 28 YY
SystemNotImplemented7,// 29 YN // SystemSummaryMemoryInformation
SystemNotImplemented8,// 30 YN // SystemNextEventIdInformation
SystemNotImplemented9,// 31 YN // SystemEventIdsInformation
SystemCrashDumpInformation,// 32 YN
SystemExceptionInformation,// 33 YN
SystemCrashDumpStateInformation,// 34 YY/N
SystemKernelDebuggerInformation,// 35 YN
SystemContextSwitchInformation,// 36 YN
SystemRegistryQuotaInformation,// 37 YY
SystemLoadAndCallImage,// 38 NY // SystemExtendServiceTableInformation
SystemPrioritySeparation,// 39 NY
SystemNotImplemented10,// 40 YN // SystemPlugPlayBusInformation
SystemNotImplemented11,// 41 YN // SystemDockInformation
SystemInvalidInfoClass2,// 42 // SystemPowerInformation
SystemInvalidInfoClass3,// 43 // SystemProcessorSpeedInformation
SystemTimeZoneInformation,// 44 YN
SystemLookasideInformation,// 45 YN
SystemSetTimeSlipEvent,// 46 NY
SystemCreateSession,// 47 NY
SystemDeleteSession,// 48 NY
SystemInvalidInfoClass4,// 49
SystemRangeStartInformation,// 50 YN
SystemVerifierInformation,// 51 YY
SystemAddVerifier,// 52 NY
SystemSessionProcessesInformation// 53 YN
} SYSTEM_INFORMATION_CLASS;
int main(int argc, PCHAR argv[]){
NTSTATUS hModule;
hModule = LoadLibrary("ntdll.dll");
DWORD dizhi = GetProcAddress(hModule, "KiFastSystemCall");
printf("地址是: %p KiFastSystemCall地址是: %p\n", hModule, dizhi);
//定义一个函数指针类型,参数符合对应函数
typedef NTSTATUS (WINAPI *SIFC)(IN SYSTEM_INFORMATION_CLASS, IN PVOID, IN ULONG, OUT PULONG);
//这样就可以用这个没有声明的函数了 NTSTATUS WINAPI ZwQuerySystemInformation(IN SYSTEM_INFORMATION_CLASS, IN PVOID, IN ULONG, OUT PULONG);
SIFC ZwQuerySystemInformation = (SIFC)GetProcAddress(hModule, "ZwQuerySystemInformation");
SYSTEM_INFORMATION_CLASS SystemInformationClass = 1;//要检索的系统信息的类型 所有进程信息
ULONG SystemInformationLength = sizeof(SYSTEM_BASIC_INFORMATION);//一个进程信息的结构大小
LPVOID processinfo = VirtualAlloc(NULL, SystemInformationLength, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);//分配默认大小的内存
if (processinfo == NULL){
printf("分配虚拟内存失败: %d\n", GetLastError());
} else{
printf("分配虚拟内存成功\n");
}
ZwQuerySystemInformation(SystemInformationClass, &processinfo, SystemInformationLength, NULL);
PSYSTEM_BASIC_INFORMATION proinfo;
proinfo = (PSYSTEM_BASIC_INFORMATION)processinfo;
printf("处理器个数 = %d\n", proinfo->NumberOfProcessors);
VirtualFree(processinfo, SystemInformationLength, MEM_DECOMMIT);//释放内存
//MessageBoxA(NULL, "hello world", "默认的弹窗", MB_OK);
getchar();
return 0;
}
网友评论