windows系统调用 进程快照

 1 #include "windows.h"
 2 #include "tlhelp32.h"
 3 #include "iostream"
 4 using namespace std;
 5 
 6 #pragma comment(lib,"kernel32.lib")
 7 
 8 DWORD GetKernelModePercentage(const FILETIME& ftKernel,
 9                               const FILETIME& ftUser
10                               ){
11                                  ULONGLONG qwKernel=(((ULONGLONG)ftKernel.dwHighDateTime)32)+ftKernel.dwLowDateTime;
12                                  ULONGLONG qwUser=(((ULONGLONG)ftUser.dwHighDateTime)32)+ftUser.dwLowDateTime;
13                                  ULONGLONG qwTotal=qwKernel+qwUser;
14                                  DWORD dwPct=(DWORD)(((ULONGLONG)100*qwKernel)/qwTotal);
15                                  return (dwPct);
16 
17 
18 }
19 
20 void main(){
21     HANDLE hSnapshot=CreateToolhelp32Snapshot(
22         TH32CS_SNAPPROCESS,
23         0
24         );
25 
26     PROCESSENTRY32 pe;
27 
28     ZeroMemory(&pe,sizeof(pe));
29     pe.dwSize=sizeof(pe);
30 
31     BOOL bMore=Process32First(hSnapshot,&pe);
32 
33     while(bMore){
34         HANDLE hProcess=OpenProcess(
35             PROCESS_QUERY_INFORMATION,
36             FALSE,
37             pe.th32ProcessID
38             );
39 
40         if(hProcess!=NULL){
41             FILETIME ftCreation,ftKernelMode,ftUserMode,ftExit;
42             GetProcessTimes(
43                 hProcess,
44                 &ftCreation,
45                 &ftExit,
46                 &ftKernelMode,
47                 &ftUserMode    );
48 
49         DWORD dwPctKernel=GetKernelModePercentage(
50             ftKernelMode,
51             ftUserMode
52             );
53 
54         cout"process ID："pe.th32ProcessID
55             ",EXE file:"pe.szExeFile
56             ",% in Kernel mode:"endl;
57 
58         CloseHandle(hProcess);
59         }
60         bMore=Process32Next(hSnapshot,&pe);
61     }
62 
63 
64     getchar();
65 }