找到了CPU使用率对杀死病毒线程没帮助。
要强制杀死,不是普通的wmi能实现的。
呵呵 同意 杀毒也是一门学问
此号自封于2006年11月30日
呵呵 同意 杀毒也是一门学问
这么晚都未睡?
对不起楼主,我的确没找到获取单个进程CPU占用率的代码
但是微软的确有样例实现了
http://www.microsoft.com/technet/sysinternals/default.mspx
Process Explorer v10.20 汉化绿色版
Process Explorer 是一款增强型的任务管理器,你可以使用它方便地管理你的程序进程,能强行关闭任何程序(包括系统级别的不允许随便终止的“顽固”进程)。除此之外,它还详尽地显示计算机信息:CPU、内存使用情况,DLL、句柄信息,很酷的曲线图... 此为最新版,原版、汉化均有较多改进,签名验证、DEP等新的东西。
而根据我感觉,WMI最大程度只到达了整个CPU占用率的获取,另一种方法是通过 性能计数器控件。
至于要杀死病毒进程,那是必须用到汇编知识,必须深入了解rookit技术后才能做到
非C#几个函数能解决~
找到过2段程序 一段C++的 一段DEPHILE的
结果前者没调通 后者不懂...
你把两个程序贴一下哈
#include <windows.h>
#include <conio.h>
#include <stdio.h>
#define SystemBasicInformation 0
#define SystemPerformanceInformation 2
#define SystemTimeInformation 3
#define Li2Double(x) ((double)((x).HighPart) * 4.294967296E9 + (double)((x).LowPart))
typedef struct
{
DWORD dwUnknown1;
ULONG uKeMaximumIncrement;
ULONG uPageSize;
ULONG uMmNumberOfPhysicalPages;
ULONG uMmLowestPhysicalPage;
ULONG uMmHighestPhysicalPage;
ULONG uAllocationGranularity;
PVOID pLowestUserAddress;
PVOID pMmHighestUserAddress;
ULONG uKeActiveProcessors;
BYTE bKeNumberProcessors;
BYTE bUnknown2;
WORD wUnknown3;
} SYSTEM_BASIC_INFORMATION;
typedef struct
{
LARGE_INTEGER liIdleTime;
DWORD dwSpare[76];
} SYSTEM_PERFORMANCE_INFORMATION;
typedef struct
{
LARGE_INTEGER liKeBootTime;
LARGE_INTEGER liKeSystemTime;
LARGE_INTEGER liExpTimeZoneBias;
ULONG uCurrentTimeZoneId;
DWORD dwReserved;
} SYSTEM_TIME_INFORMATION;
// ntdll!NtQuerySystemInformation (NT specific!)
//
// The function copies the system information of the
// specified type into a buffer
//
// NTSYSAPI
// NTSTATUS
// NTAPI
// NtQuerySystemInformation(
// IN UINT SystemInformationClass, // information type
// OUT PVOID SystemInformation, // pointer to buffer
// IN ULONG SystemInformationLength, // buffer size in bytes
// OUT PULONG ReturnLength OPTIONAL // pointer to a 32-bit
// // variable that receives
// // the number of bytes
// // written to the buffer
// );
typedef LONG (WINAPI *PROCNTQSI)(UINT,PVOID,ULONG,PULONG);
PROCNTQSI NtQuerySystemInformation;
void main(void)
{
SYSTEM_PERFORMANCE_INFORMATION SysPerfInfo;
SYSTEM_TIME_INFORMATION SysTimeInfo;
SYSTEM_BASIC_INFORMATION SysBaseInfo;
double dbIdleTime;
double dbSystemTime;
LONG status;
LARGE_INTEGER liOldIdleTime = {0,0};
LARGE_INTEGER liOldSystemTime = {0,0};
NtQuerySystemInformation = (PROCNTQSI)GetProcAddress(GetModuleHandle("ntdll"),"NtQuerySystemInformation");
if (!NtQuerySystemInformation)
return;
// get number of processors in the system
status = NtQuerySystemInformation(SystemBasicInformation,&SysBaseInfo,sizeof(SysBaseInfo),NULL);
if (status != NO_ERROR)
return;
printf("\nCPU Usage (press any key to exit): ");
while(!_kbhit())
{
// get new system time
status = NtQuerySystemInformation(SystemTimeInformation,&SysTimeInfo,sizeof(SysTimeInfo),0);
if (status!=NO_ERROR)
return;
// get new CPU's idle time
status =NtQuerySystemInformation(SystemPerformanceInformation,&SysPerfInfo,sizeof(SysPerfInfo),NULL);
if (status != NO_ERROR)
return;
// if it's a first call - skip it
if (liOldIdleTime.QuadPart != 0)
{
// CurrentValue = NewValue - OldValue
dbIdleTime = Li2Double(SysPerfInfo.liIdleTime) - Li2Double(liOldIdleTime);
dbSystemTime = Li2Double(SysTimeInfo.liKeSystemTime) -
Li2Double(liOldSystemTime);
// CurrentCpuIdle = IdleTime / SystemTime
dbIdleTime = dbIdleTime / dbSystemTime;
// CurrentCpuUsage% = 100 - (CurrentCpuIdle * 100) / NumberOfProcessors
dbIdleTime = 100.0 - dbIdleTime * 100.0 /
(double)SysBaseInfo.bKeNumberProcessors + 0.5;
printf("\b\b\b\b%3d%%",(UINT)dbIdleTime);
}
// store new CPU's idle and system time
liOldIdleTime = SysPerfInfo.liIdleTime;
liOldSystemTime = SysTimeInfo.liKeSystemTime;
// wait one second
Sleep(1000);
}
printf("\n");
}
[此贴子已经被作者于2006-11-28 10:17:12编辑过]
如何实时获取系统每个进程占用的CPU?--讨论及请教
版权所有 codesky.net 2003-2005
发表时间:2005-5-21 关键字:不详
本文的目的是为了和大家讨论一个问题,同时给出一个根据进程ID,来返回该进程实时占用的CPU使用率的函数。希望大家在用这个函数的时候别忘记我的问题。
目前计算进程CPU占用率的方法主要有两种,一种是根据时间来计算,另一种根据注册表计算,我使用的是前者。前者方法原理:在一个特定时间段内计算特定进程的总时间和所有进程的总时间,它们的比值就是那个特定进程的确CPU占有率。
我写了一个函数(改写),以进程的ID作为参数,进程CPU占用率作为返回值,实时计算特定进程的CPU占用,测试正确。整个程序如下:
结构定义:
typedef struct _THREAD_INFO
{
LARGE_INTEGER CreateTime;
DWORD dwUnknown1;
DWORD dwStartAddress;
DWORD StartEIP;
DWORD dwOwnerPID;
DWORD dwThreadId;
DWORD dwCurrentPriority;
DWORD dwBasePriority;
DWORD dwContextSwitches;
DWORD Unknown;
DWORD WaitReason;
}THREADINFO, *PTHREADINFO;
typedef struct _UNICODE_STRING
{
USHORT Length;
USHORT MaxLength;
PWSTR Buffer;
} UNICODE_STRING;
typedef struct _PROCESS_INFO
{
DWORD dwOffset;
DWORD dwThreadsCount;
DWORD dwUnused1[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
UNICODE_STRING ProcessName;
DWORD dwBasePriority;
DWORD dwProcessID;
DWORD dwParentProcessId;
DWORD dwHandleCount;
DWORD dwUnused3[2];
DWORD dwVirtualBytesPeak;
DWORD dwVirtualBytes;
ULONG dwPageFaults;
DWORD dwWorkingSetPeak;
DWORD dwWorkingSet;
DWORD dwQuotaPeakPagedPoolUsage;
DWORD dwQuotaPagedPoolUsage;
DWORD dwQuotaPeakNonPagedPoolUsage;
DWORD dwQuotaNonPagedPoolUsage;
DWORD dwPageFileUsage;
DWORD dwPageFileUsagePeak;
DWORD dCommitCharge;
THREADINFO ThreadSysInfo[1];
} PROCESSINFO, *PPROCESSINFO;
函数定义:
int Button2Click(int id);//参数是进程ID
函数实体:
int Button2Click(int id)
{
int cpuusage;
PVOID pProcInfo = NULL;
DWORD dwInfoSize = 0x20000;
PPROCESSINFO pProcessInfo;
DWORD dwWorkingSet;
long ( __stdcall *NtQuerySystemInformation )( DWORD, PVOID, DWORD, DWORD );
static __int64 LastTotalProcessCPUUsage = 0;
static __int64 LastCurrentProcessCPUUsage = 0;
int CurrentDelta;
int TotalDelta;
__int64 TotalProcessCPUUsage = 0;
__int64 CurrentProcessCPUUsage = 0;
/////////////////////////////////
pProcInfo = (PVOID)(new byte[dwInfoSize]);
NtQuerySystemInformation = (long(__stdcall*)(DWORD,PVOID,DWORD,DWORD))
GetProcAddress( GetModuleHandle( "ntdll.dll" ),"NtQuerySystemInformation" );
NtQuerySystemInformation(5,pProcInfo,dwInfoSize,0);
pProcessInfo = (PPROCESSINFO)pProcInfo;
do
{
TotalProcessCPUUsage += (__int64)pProcessInfo->KernelTime.QuadPart + (__int64)pProcessInfo->UserTime.QuadPart;
if(pProcessInfo->dwProcessID == id)
{
dwWorkingSet = pProcessInfo->dwWorkingSet;
CurrentProcessCPUUsage += (__int64)pProcessInfo->KernelTime.QuadPart + (__int64)pProcessInfo->UserTime.QuadPart;
}
/////////
if(pProcessInfo->dwOffset == 0)
{
break;
}
pProcessInfo = (PPROCESSINFO)((byte*)pProcessInfo + pProcessInfo->dwOffset);
}
while(true);
TotalDelta = TotalProcessCPUUsage - LastTotalProcessCPUUsage;
CurrentDelta = CurrentProcessCPUUsage - LastCurrentProcessCPUUsage;
if(TotalDelta != 0)
cpuusage = 100 * CurrentDelta / TotalDelta;
//this->Caption = "CPU = " + IntToStr(100 * CurrentDelta / TotalDelta) +
//"Memory = "+ IntToStr(dwWorkingSet / 1024) " K";
LastTotalProcessCPUUsage = TotalProcessCPUUsage;
LastCurrentProcessCPUUsage = CurrentProcessCPUUsage;
delete[] pProcInfo;
return cpuusage;
}
控制台调用:
int main(void)
{
while(true)
{
int s = Button2Click(0);//在此把进程ID作为参数传入
printf("%d\n",s);
Sleep(1000);
}
return 0;
}
///////////////////////////////
以上代码运行非常正常
///////////////////////////////
但我如何实时求出系统中运行的每个进程的CPU占用率,并列表显示出来??
我遍历系统进程(for循环),然后把每个进程的ID作为参数传入,外部用定时器控制,
但是我得到的值都是错的,为什么???
谁能搞定这个问题??