计算流程的已提交页面

时间:2018-11-03 17:30:52

标签: c++ windows

我正在尝试获取特定进程的承诺内存大小,分为图像,私有和映射页面。尽管我没有遇到任何错误,但是这些值比我的预期要大得多(大约大10倍)。

我使用VirtualQueryEx获取块的信息,然后即时更新基地址并使用新的基地址重新查询。更新的值和/或while循环中的条件是否正确?

#include "pch.h"
#include <Windows.h>
#include<WinDef.h>
#include <psapi.h>
#include <iostream>

typedef struct {
    DWORD img;
    DWORD map;
    DWORD prv;
} CommitCounters, *PCommitCounters;


BOOL  GetCommitCountersFromProcess(_In_ int pid, _Out_ PCommitCounters committedCounter ) {
int numberOfTries = 3;
SYSTEM_INFO si;
GetSystemInfo(&si);
DWORD pageSz = si.dwPageSize;

PSAPI_WORKING_SET_INFORMATION wsi, *pwsi;
pwsi = &wsi;
DWORD ws_size;
MEMORY_BASIC_INFORMATION mbi, *pmbi;
pmbi = &mbi;

HANDLE processHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
wsi.NumberOfEntries = 0;

QueryWorkingSet(processHandle, &wsi, sizeof(wsi));
BOOL res = false;
committedCounter->img = 0;
committedCounter->map = 0;
committedCounter->prv = 0;

while (numberOfTries > 0) {
DWORD lastError = GetLastError();

    //ERROR_BAD_LENGTH
    if (lastError == 24) {
        ws_size = sizeof(wsi) + sizeof(PSAPI_WORKING_SET_INFORMATION) + sizeof(PSAPI_WORKING_SET_BLOCK) * wsi.NumberOfEntries;
        pwsi = (PSAPI_WORKING_SET_INFORMATION*) malloc(ws_size);

        pwsi->NumberOfEntries = wsi.NumberOfEntries;
        BOOL resQws = QueryWorkingSet(processHandle, pwsi, ws_size);
        DWORD teste = sizeof(wsi);
        if (resQws) {
            SIZE_T totalSize = (pwsi->NumberOfEntries) * pageSz;
            SIZE_T size = 0; 
            //for (int i = 0; i < pwsi->NumberOfEntries; i++) {
            PSAPI_WORKING_SET_BLOCK ws_block = pwsi->WorkingSetInfo[0];
            LPCVOID* virtualPage = (LPCVOID*)ws_block.VirtualPage;
            while (size <= totalSize)
            {
                //Access page information.

                SIZE_T vqe =  VirtualQueryEx(processHandle, virtualPage, pmbi, sizeof(mbi));
                lastError = GetLastError();

                if (vqe != 0 && (pmbi -> State & MEM_COMMIT) ) {
                    res = true;
                    switch (mbi.Type)
                    {
                    case MEM_IMAGE: 
                        committedCounter->img += pmbi->RegionSize;
                        break;
                    case  MEM_MAPPED: 
                        committedCounter->map += pmbi->RegionSize;
                        break;
                    case MEM_PRIVATE:
                        committedCounter->prv += pmbi->RegionSize;
                        break;
                    }
                }
                else if (vqe == 0) {
                    return res;
                }
                size += pmbi->RegionSize;
                virtualPage = (LPCVOID*)((char*)virtualPage + pmbi->RegionSize);
            }
            CloseHandle(processHandle);
            return res;
        }
        free(pwsi); 
    }
        numberOfTries--;
}

    CloseHandle(processHandle);
    return false;

}

0 个答案:

没有答案
相关问题
最新问题