Windows核心编程笔记第六篇(代码精读VOID ShowProcessInfo(HWND hwnd, DWORD dwProcessID))
Code

 

PROCESSENTRY32

 

Describes an entry from a list that enumerates the processes residing in the system address space when a snapshot was taken.

//在系统快照生成时,通过一个列举进程在内存中存储情况的列表描述一个入口点信息


typedef struct tagPROCESSENTRY32 {
DWORD dwSize;
DWORD cntUsage;
DWORD th32ProcessID;
ULONG_PTR th32DefaultHeapID;
DWORD th32ModuleID;
DWORD cntThreads;
DWORD th32ParentProcessID;
LONG pcPriClassBase;
DWORD dwFlags;
TCHAR szExeFile[MAX_PATH];} PROCESSENTRY32,
*PPROCESSENTRY32;

Members

dwSize
Size of the structure, in bytes. Before calling the Process32First function, set this member to sizeof(PROCESSENTRY32). If you do not initialize dwSize, Process32First fails.
//这个结构体的大小以bytes为单位,在调用Process32First方法前把这个成员参数设置成sizeof(PROCESSENTRY32)如果你不定义dwSize,Process32First将失败
cntUsage
This member is no longer used and is always set to zero.
//这个成员不常使用通常置0( 用法数量
th32ProcessID
Process identifier.
//进程标示
th32DefaultHeapID
This member is no longer used and is always set to zero.
//这个成员不常使用通常置0(默认堆栈ID)
th32ModuleID
This member is no longer used and is always set to zero.
//这个成员不常使用通常置0(模块标示)
cntThreads
Number of execution threads started by the process.
//进程启动的活动线程数
th32ParentProcessID
Process identifier of the process that created this process (its parent process).
//父进程的标示
pcPriClassBase
Base priority of any threads created by this process.
//这个进程创建的线程首选基地址
dwFlags
This member is no longer used, and is always set to zero.
//这个成员不常使用通常置(0标志位)
szExeFile
Pointer to a null-terminated string that specifies the name of the executable file for the process.
//指向一个以0结尾的字符串用于指明这个进程的可执行程序名

Heap32ListFirst

 

The Heap32ListFirst function retrieves information about the first heap that has been allocated by a specified process.

//Heap32ListFirst方法返回被指定进程创建的第一个堆栈信息


BOOL WINAPI Heap32ListFirst(  HANDLE hSnapshot,  LPHEAPLIST32 lphl);

Parameters

hSnapshot
[in] Handle to the snapshot returned from a previous call to the CreateToolhelp32Snapshot function.
//CreateToolhelp32Snapshot方法返回的系统快照句柄
 
 
lphl
[in, out] Pointer to a HEAPLIST32 structure.
// 指向HEAPLIST32结构的指针

Return Values

Returns TRUE if the first entry of the heap list has been copied to the buffer or FALSE otherwise. The ERROR_NO_MORE_FILES error value is returned by the GetLastError function when no heap list exists or the snapshot does not contain heap list information.

//如果第一个入口信息被填充到缓存返回TRUE,否则返回FALSE。当堆栈列表不存在或者系统快照不包含堆栈列表信息的时候返回ERROR_NO_MORE_FILES

Remarks

The calling application must set the dwSize member of HEAPLIST32 to the size, in bytes, of the structure. Heap32ListFirst changes dwSize to the number of bytes written to the structure. This will never be greater than the initial value of dwSize, but it may be smaller. If the value is smaller, do not rely on the values of any members whose offsets are greater than this value.

//调用者必须以bytes为单位初始化HEAPLIST32结构体的大小,Heap32ListFirst方法用写入结构体的字节数改变dwSize,这个值永远不会大于dwSize的初始值,

//但是可能小于。如果初始值比较小不要指望成员的偏移量能比它大

To retrieve information about other heaps in the heap list, use the Heap32ListNext function.

//获取其他堆栈信息应调用Heap32ListNext方法。

CreateToolhelp32Snapshot

 

The CreateToolhelp32Snapshot function takes a snapshot of the specified processes, as well as the heaps, modules, and threads used by these processes.


HANDLE WINAPI CreateToolhelp32Snapshot(  DWORD dwFlags,  DWORD th32ProcessID);

Parameters

dwFlags
[in] Portions of the system to include in the snapshot. This parameter can be one of the following values.
Value Meaning
TH32CS_INHERIT Indicates that the snapshot handle is to be inheritable.
TH32CS_SNAPALL Includes all processes and threads in the system, plus the heaps and modules of the process specified in th32ProcessID. Equivalent to specifying the TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, TH32CS_SNAPPROCESS, and TH32CS_SNAPTHREAD values.
TH32CS_SNAPHEAPLIST Includes all heaps of the process specified in th32ProcessID in the snapshot. To enumerate the heaps, see Heap32ListFirst.
TH32CS_SNAPMODULE Includes all modules of the process specified in th32ProcessID in the snapshot. To enumerate the modules, see Module32First.
TH32CS_SNAPPROCESS Includes all processes in the system in the snapshot. To enumerate the processes, see Process32First.
TH32CS_SNAPTHREAD
Includes all threads in the system in the snapshot. To enumerate the threads, see Thread32First.

To identify the threads that belong to a specific process, compare its process identifier to the th32OwnerProcessID member of the THREADENTRY32 structure when enumerating the threads.
th32ProcessID
[in] Process identifier of the process to be included in the snapshot. This parameter can be zero to indicate the current process. This parameter is used when the TH32CS_SNAPHEAPLIST, TH32CS_SNAPMODULE, or TH32CS_SNAPALL value is specified. Otherwise, it is ignored and all processes are included in the snapshot.

Return Values

If the function succeeds, it returns an open handle to the specified snapshot.

If the function fails, it returns INVALID_HANDLE_VALUE. To get extended error information, call GetLastError.

Remarks

The snapshot taken by this function is examined by the other tool help functions to provide their results. Access to the snapshot is read only. The snapshot handle acts as an object handle and is subject to the same rules regarding which processes and threads it is valid in.

To enumerate the heap or module states for all processes, specify TH32CS_SNAPALL and set th32ProcessID to zero. Then, for each additional process in the snapshot, call CreateToolhelp32Snapshot again, specifying its process identifier and the TH32CS_SNAPHEAPLIST or TH32_SNAPMODULE value.

To destroy the snapshot, use the CloseHandle function.


 

 posted on 2009-10-29 18:46  wParma  阅读(1112)  评论(0编辑  收藏  举报