How to retrieve resource associated a running process?
by the way, i'd like to ask another question:
how to get the cpu and memory occupation of a running process?
thank you ...
[255 byte] By [main] at [2007-11-18 0:35:06] 
hi all, how to get resources associated a running progress, such as socket , shared memory ans so on.....
by the way, i'd like to ask another question:
how to get the cpu and memory occupation of a running process?
thank you ...
# 1 Re: How to retrieve resource associated a running process?
1) NT native APIHere is a book you may need (most probably you wont find too much documentation):
http://www.amazon.com/exec/obidos/tg/detail/-/1578701996/qid=1041317685/sr=8-1/ref=sr_8_1/002-1483510-0968864?v=glance&s=books&n=507846
2)GetProcessTimes
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/getprocesstimes.asp
http://www.microsoft.com/msj/defaulttop.asp?page=/msj/archive/s2058a.htm
Dan
DanM at 2007-11-9 13:02:28 >
# 2 Re: How to retrieve resource associated a running process?
This thread (http://dev-archive.com/forum/showthread.php?s=&threadid=222670&highlight=ntqueryobject) should give you a start. It refers to finding out about open file resources, but the basis of the idea is the Native API command NtQueryObject (aka ZwQueryObject in user mode) as DanM has mentioned, and searching through the internal object directory and can be used for any of the kernel objects with some modifications. However, I think that sockets may be a different animal, and it might be necessary to do something like a layered service provider (but, alas, I am not an expert of such techniques). Anyway, searching these forums, the internet, and google groups for NtQueryObject will give you a good code basis to get some of your problems fixed, but I would definitely go with Nebbett's Reference for the really complete summary.galathaea at 2007-11-9 13:03:31 >
# 3 Re: How to retrieve resource associated a running process?
ZwXxx() is the name for the kernel-mode versions of the functions, not the user-mode ones. NtQueryObject is also known as nothing else in user-mode. ntdll.dll exports functions with both NtXxx() and ZwXxx() names; the former outnumber the latter, however.DrPizza at 2007-11-9 13:04:28 >
# 4 Re: How to retrieve resource associated a running process?
If you go to this site (http://sysinternals.com/ntw2k/info/ntdll.shtml) they have a good explanation of the Native API. In particular, they stateNote that all of the Native APIs begin with "Nt". The export table in NTDLL.DLL also makes the Native API accessible through an alternate naming convention, one where command names begin with "Zw" instead of "Nt". Thus, ZwCreateFile() is an alias for NtCreateFile().
In ring0, however, one deals only with the Zw functions as exported from ntoskrnl.exe, as Dr. Pizza has mentioned.
galathaea at 2007-11-9 13:05:34 >
# 5 Re: How to retrieve resource associated a running process?
Thank you .....main at 2007-11-9 13:06:29 >
