public static ModuleInfo GetFirstModuleInfo(int processId)
{
ModuleInfo[] moduleInfos = NtProcessManager.GetModuleInfos(processId, true);
if (moduleInfos.Length == 0)
{
return(null);
}
return(moduleInfos[0]);
}
private static ThreadInfo GetThreadInfo(NativeMethods.PERF_OBJECT_TYPE type, IntPtr instancePtr, NativeMethods.PERF_COUNTER_DEFINITION[] counters)
{
ThreadInfo threadInfo = new ThreadInfo();
for (int i = 0; i < counters.Length; i++)
{
NativeMethods.PERF_COUNTER_DEFINITION pERF_COUNTER_DEFINITION = counters[i];
long num = NtProcessManager.ReadCounterValue(pERF_COUNTER_DEFINITION.CounterType, (IntPtr)((long)instancePtr + (long)pERF_COUNTER_DEFINITION.CounterOffset));
switch (pERF_COUNTER_DEFINITION.CounterNameTitlePtr)
{
case 11:
threadInfo.threadId = (int)num;
break;
case 12:
threadInfo.processId = (int)num;
break;
case 13:
threadInfo.basePriority = (int)num;
break;
case 14:
threadInfo.currentPriority = (int)num;
break;
case 17:
threadInfo.startAddress = (IntPtr)num;
break;
case 18:
threadInfo.threadState = (System.Diagnostics.ThreadState)num;
break;
case 19:
threadInfo.threadWaitReason = NtProcessManager.GetThreadWaitReason((int)num);
break;
}
}
return(threadInfo);
}
private static ProcessInfo[] GetProcessInfos(IntPtr dataPtr)
{
Hashtable hashtable = new Hashtable(60);
long num = 0L;
while (true)
{
IntPtr intPtr = (IntPtr)((long)dataPtr + num);
NtProcessInfoHelper.SystemProcessInformation systemProcessInformation = new NtProcessInfoHelper.SystemProcessInformation();
Marshal.PtrToStructure(intPtr, systemProcessInformation);
ProcessInfo processInfo = new ProcessInfo();
processInfo.processId = systemProcessInformation.UniqueProcessId.ToInt32();
processInfo.handleCount = (int)systemProcessInformation.HandleCount;
processInfo.sessionId = (int)systemProcessInformation.SessionId;
processInfo.poolPagedBytes = (long)((ulong)systemProcessInformation.QuotaPagedPoolUsage);
processInfo.poolNonpagedBytes = (long)((ulong)systemProcessInformation.QuotaNonPagedPoolUsage);
processInfo.virtualBytes = (long)((ulong)systemProcessInformation.VirtualSize);
processInfo.virtualBytesPeak = (long)((ulong)systemProcessInformation.PeakVirtualSize);
processInfo.workingSetPeak = (long)((ulong)systemProcessInformation.PeakWorkingSetSize);
processInfo.workingSet = (long)((ulong)systemProcessInformation.WorkingSetSize);
processInfo.pageFileBytesPeak = (long)((ulong)systemProcessInformation.PeakPagefileUsage);
processInfo.pageFileBytes = (long)((ulong)systemProcessInformation.PagefileUsage);
processInfo.privateBytes = (long)((ulong)systemProcessInformation.PrivatePageCount);
processInfo.basePriority = systemProcessInformation.BasePriority;
if (systemProcessInformation.NamePtr == IntPtr.Zero)
{
if (processInfo.processId == NtProcessManager.SystemProcessID)
{
processInfo.processName = "System";
}
else
{
if (processInfo.processId == 0)
{
processInfo.processName = "Idle";
}
else
{
processInfo.processName = processInfo.processId.ToString(CultureInfo.InvariantCulture);
}
}
}
else
{
string text = NtProcessInfoHelper.GetProcessShortName(Marshal.PtrToStringUni(systemProcessInformation.NamePtr, (int)(systemProcessInformation.NameLength / 2)));
processInfo.processName = text;
}
hashtable[processInfo.processId] = processInfo;
intPtr = (IntPtr)((long)intPtr + (long)Marshal.SizeOf(systemProcessInformation));
int num2 = 0;
while ((long)num2 < (long)((ulong)systemProcessInformation.NumberOfThreads))
{
NtProcessInfoHelper.SystemThreadInformation systemThreadInformation = new NtProcessInfoHelper.SystemThreadInformation();
Marshal.PtrToStructure(intPtr, systemThreadInformation);
ThreadInfo threadInfo = new ThreadInfo();
threadInfo.processId = (int)systemThreadInformation.UniqueProcess;
threadInfo.threadId = (int)systemThreadInformation.UniqueThread;
threadInfo.basePriority = systemThreadInformation.BasePriority;
threadInfo.currentPriority = systemThreadInformation.Priority;
threadInfo.startAddress = systemThreadInformation.StartAddress;
threadInfo.threadState = (ThreadState)systemThreadInformation.ThreadState;
threadInfo.threadWaitReason = NtProcessManager.GetThreadWaitReason((int)systemThreadInformation.WaitReason);
processInfo.threadInfoList.Add(threadInfo);
intPtr = (IntPtr)((long)intPtr + (long)Marshal.SizeOf(systemThreadInformation));
num2++;
}
if (systemProcessInformation.NextEntryOffset == 0u)
{
break;
}
num += (long)((ulong)systemProcessInformation.NextEntryOffset);
}
ProcessInfo[] array = new ProcessInfo[hashtable.Values.Count];
hashtable.Values.CopyTo(array, 0);
return(array);
}
public static int GetProcessIdFromHandle(SafeProcessHandle processHandle)
{
return(NtProcessManager.GetProcessIdFromHandle(processHandle));
}
public static ModuleInfo[] GetModuleInfos(int processId)
{
return(NtProcessManager.GetModuleInfos(processId, false));
}
private static ProcessInfo GetProcessInfo(NativeMethods.PERF_OBJECT_TYPE type, IntPtr instancePtr, NativeMethods.PERF_COUNTER_DEFINITION[] counters)
{
ProcessInfo processInfo = new ProcessInfo();
for (int i = 0; i < counters.Length; i++)
{
NativeMethods.PERF_COUNTER_DEFINITION pERF_COUNTER_DEFINITION = counters[i];
long num = NtProcessManager.ReadCounterValue(pERF_COUNTER_DEFINITION.CounterType, (IntPtr)((long)instancePtr + (long)pERF_COUNTER_DEFINITION.CounterOffset));
switch (pERF_COUNTER_DEFINITION.CounterNameTitlePtr)
{
case 0:
processInfo.handleCount = (int)num;
break;
case 1:
processInfo.poolPagedBytes = num;
break;
case 2:
processInfo.poolNonpagedBytes = num;
break;
case 4:
processInfo.virtualBytesPeak = num;
break;
case 5:
processInfo.virtualBytes = num;
break;
case 6:
processInfo.privateBytes = num;
break;
case 7:
processInfo.pageFileBytes = num;
break;
case 8:
processInfo.pageFileBytesPeak = num;
break;
case 9:
processInfo.workingSetPeak = num;
break;
case 10:
processInfo.workingSet = num;
break;
case 12:
processInfo.processId = (int)num;
break;
case 13:
processInfo.basePriority = (int)num;
break;
}
}
return(processInfo);
}
