/// <summary>
/// Get all process information for the system.
/// </summary>
/// <returns>The list of process information.</returns>
public static IEnumerable <NtProcessInformation> GetProcessInformation()
{
using (var process_info = QueryBuffer <SystemProcessInformation>(SystemInformationClass.SystemProcessInformation))
{
int offset = 0;
while (true)
{
var process_buffer = process_info.GetStructAtOffset <SystemProcessInformation>(offset);
var process_entry = process_buffer.Result;
SystemThreadInformation[] thread_info = new SystemThreadInformation[process_entry.NumberOfThreads];
process_buffer.Data.ReadArray(0, thread_info, 0, thread_info.Length);
yield return(new NtProcessInformation(process_entry, thread_info
.Select(t => new NtThreadInformation(process_entry.UniqueProcessId == IntPtr.Zero ? "Idle"
: process_entry.ImageName.ToString(), t))));
if (process_entry.NextEntryOffset == 0)
{
break;
}
offset += process_entry.NextEntryOffset;
}
}
}
internal NtThreadInformation(string name, SystemThreadInformation thread_info)
{
ProcessName = name;
ThreadId = thread_info.ClientId.UniqueThread.ToInt32();
ProcessId = thread_info.ClientId.UniqueProcess.ToInt32();
StartAddress = thread_info.StartAddress;
ThreadState = thread_info.ThreadState;
WaitReason = thread_info.WaitReason;
}
internal NtThreadInformation(string name, SystemThreadInformation thread_info)
{
ProcessName = name;
ThreadId = thread_info.ClientId.UniqueThread.ToInt32();
ProcessId = thread_info.ClientId.UniqueProcess.ToInt32();
StartAddress = thread_info.StartAddress.ToInt64();
ThreadState = (ThreadState)thread_info.ThreadState;
WaitReason = (ThreadWaitReason)thread_info.WaitReason;
KernelTime = thread_info.KernelTime.QuadPart;
UserTime = thread_info.UserTime.QuadPart;
CreateTime = thread_info.CreateTime.QuadPart;
WaitTime = thread_info.WaitTime;
Priority = thread_info.Priority;
BasePriority = thread_info.BasePriority;
ContextSwitches = thread_info.ContextSwitches;
}
/// <summary>
/// Get all process information for the system.
/// </summary>
/// <returns>The list of process information.</returns>
public static IEnumerable <NtProcessInformation> GetProcessInformation()
{
using (SafeHGlobalBuffer process_info = new SafeHGlobalBuffer(0x10000))
{
AllocateSafeBuffer(process_info, SystemInformationClass.SystemProcessInformation);
int offset = 0;
while (true)
{
var process_buffer = process_info.GetStructAtOffset <SystemProcessInformation>(offset);
var process_entry = process_buffer.Result;
SystemThreadInformation[] thread_info = new SystemThreadInformation[process_entry.NumberOfThreads];
process_buffer.Data.ReadArray(0, thread_info, 0, thread_info.Length);
yield return(new NtProcessInformation(process_entry, thread_info.Select(t => new NtThreadInformation(process_entry.ImageName.ToString(), t))));
if (process_entry.NextEntryOffset == 0)
{
break;
}
offset += process_entry.NextEntryOffset;
}
}
}