1.窗口信息
MS爲我們提供了打開特定桌面和枚舉桌面窗口的函數。
hDesk = OpenDesktop(lpszDesktop, 0, FALSE, DESKTOP_ENUMERATE);
// 打開我們默認的Default桌面;
EnumDesktopWindows(hDesk,(WNDENUMPROC)EnumWindowProc, 0);
// 枚舉打開桌面上的所有窗口,由回調函數實現。
BOOL __stdcall EnumWindowProc(HWND, LPARAM);
// 在回調函數中,我們可以獲得窗口的標題和相關進程,線程信息;
GetWindowText(hWnd, szWindowText, dwMaxCount);
GetWindowThreadProcessId(hWnd, &dwPID);
2.設備驅動器信息(服務和設備驅動器差不多,在此不做重複)
設備驅動信息有服務控制管理器(SCM)來管理的,我要打開服務控制管理器,並枚舉所有的設備驅動器。
OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
// 以所有權限打開服務控制管理器;
EnumServicesStatus(schManager, dwDeviceType, dwDeviceState,
EnumStatus, dwBufSize, &dwBytesNeeded, &dwDevicesReturned, &dwResumeHandle))
// 枚舉所有設備的當前狀態;
CloseServiceHandle(schManager);
// 記住,在結束訪問後要關閉服務句柄;
OpenService(schManager, szDeviceName, SERVICE_ALL_ACCESS);
// 打開特定的設備驅動器;
QueryServiceConfig(schDevice, lpDeviceConfig, 1024 * 8, &dwBytesNeeded);
// 查詢驅動器的服務配置信息;
QueryServiceStatus(schDevice, &DeviceStatus);
// 查詢設備驅動器的當前狀態;
QueryServiceConfig2(schDevice, SERVICE_CONFIG_DESCRIPTION, (LPBYTE)lpDeviceDescription, 8*1024, &dwBytesNeeded)
// 查詢設備的描述信息;
StartService(schDevice, 0, NULL);
// 啓動設備;
ControlService(schDevice, SERVICE_CONTROL_STOP, &DeviceStatus);
// 停止設備;
DeleteService(schDevice);
// 刪除設備;
3.磁盤信息
我們希望獲得系統所有磁盤的信息,包括軟盤,硬盤,光盤等等;
GetLogicalDriveStrings(dwBufferLength, lpBuffer);
// 獲得邏輯設備的信息;
GetVolumeInformation(lpRootPathName, lpVolumeNameBuffer, dwVolumeNameSize, &dwVolumeSerialNumber,
&dwMaximumComponentLength, &dwFileSystemFlags, lpFileSystemNameBuffer, dwFileSystemNameSize);
// 獲得磁盤卷信息,包括卷名稱和格式類型;
GetDiskFreeSpaceEx(lpRootPathName, &FreeBytesAvailable, &TotalNumberOfBytes, &TotalNumberOfFreeBytes);
// 探測磁盤的空間使用情況;
4.環境變量
我們可以從註冊表中獲得環境塊的信息:HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Session Manager/Environment,當然要使用註冊表的函數。
RegOpenKeyEx(HKEY_LOCAL_MACHINE, RegKey, 0, KEY_QUERY_VALUE, &hKey);
// 打開註冊表的鍵;
RegEnumValue(hKey, dwIndex, EnvironVariable, &dwVariableLength, NULL, NULL, NULL, NULL);
// 查詢我們需要的信息值;
GetEnvironmentVariable(EnvironVariable, EnvironString, 1024);
// 獲得環境變量的字符串信息;
5.事件記錄信息
OpenEventLog(NULL, szLog);
// 打開時間日誌記錄;
GetOldestEventLogRecord(hEvent, &dwThisRecord);
// 獲得最新的日誌信息,以便繼續查找;
ReadEventLog(hEvent, EVENTLOG_FORWARDS_READ │ EVENTLOG_SEQUENTIAL_READ,
0, pEventLogRecord, 1024 * 32, &dwRead, &dwNeeded);
// 讀去日誌信息;
LookupAccountSid(NULL, pSid, szName, &dwName, szDomain, &dwDomain, &SNU);
// 獲取賬戶的SID,以便獲得賬戶的用戶名稱;
GetNumberOfEventLogRecords(hEvent, &dwTotal);
// 獲得事件日誌的總數;
CloseEventLog(hEvent);
// 不要忘記關閉事件句柄;
6.網絡共享
我們使用第二等級的網絡共享搜索;
NetShareEnum(NULL, dwLevel,(PBYTE *)&pBuf, MAX_PREFERRED_LENGTH, &entriesread, &totalentries, &resume);
// 列舉所有的共享目錄及相關信息;
NetApiBufferFree(pBuf);
// 釋放緩衝區;
NetShareDel(NULL, (char *)lpShareNameW, 0);
// 刪除網絡共享目錄;
7.網絡適配器信息
我們要探測NIC的信息和網絡流量;
GetAdaptersInfo(&AdapterInfo, &OutBufLen);
// 獲取適配器信息;
8.系統性能
獲取系統的存儲器使用情況;
GetPerformanceInfo(&PerfInfo, sizeof(PERFORMACE_INFORMATION))
// 獲取系統性能信息;
9.進程/線程/模塊信息
在此我們使用工具幫助函數(ToolHelp32)和系統
OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY │ TOKEN_ADJUST_PRIVILEGES, &hToken);
// 打開進程的令牌,提升權限;
AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
// 將進程的權限提升到支持調試(Debug);
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
// 創建進程的快照;
Process32First(hProcessSnap, &ProcessEntry32);
Process32First(hProcessSnap, &ProcessEntry32);
// 枚舉所有進程;
OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, ProcessEntry32.th32ProcessID);
// 打開特定進程,以查詢進程相關信息;
GetProcessTimes(hProcess, &CreateTime, &ExitTime, &KernelTime, &UserTime);
// 獲取進程的時間信息;
GetProcessMemoryInfo(hProcess, &PMCounter, sizeof(PMCounter));
// 獲取進程的存儲區信息;
GetPriorityClass(hProcess);
// 獲取進程的優先權;
GetProcessIoCounters(hProcess, &IoCounters);
// 獲取進程的IO使用情況;
CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessID);
// 創建模塊快照;
Module32First(hModuleSnap, &ModuleEntry32);
Module32Next(hModuleSnap, &ModuleEntry32);
// 枚舉進程模塊信息;
CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0);
// 創建線程快照;
Thread32First(hThreadSnap, &ThreadEntry32);
Thread32Next(hThreadSnap, &ThreadEntry32);
// 枚舉線程信息;
OpenThread(THREAD_ALL_ACCESS, FALSE, ThreadEntry32.th32ThreadID);
// 打開線程,須自己獲得此函數地址;
TerminateProcess(hProcess,0);
// 終止進程;
SuspendThread(hThread);
// 懸掛線程;
ResumeThread(hThread);
// 激活線程;
10.關機
AdjustTokenPrivileges(hToken, FALSE, &TokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
// 調整進程令牌,使其支持關機;
ExitWindowsEx(EWX_LOGOFF, 0);
// 註銷系統;
LockWorkStation();
// 鎖定系統;
InitiateSystemShutdown(NULL, szMessage, dwTimeout, FALSE, bSig);
// 支持到記時和消息顯示的關機/重啓;
SetSystemPowerState(bSig, FALSE);
// 系統休眠/冬眠;
11.用戶信息
NetUserEnum(NULL, dwLevel, FILTER_NORMAL_ACCOUNT, (LPBYTE*)&pBuf,
dwPrefMaxLen, &dwEntriesRead, &dwTotalEntries, &dwResumeHandle);
// 枚舉系統用戶信息;
NetUserDel(NULL, lpUserNameW);
// 刪除指定用戶;
12.系統版本信息
GetVersionEx((LPOSVERSIONINFO)&osviex);
// 獲取操作系統的版本信息;
我們也可以通過註冊表(HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion)獲取相關信息:
GetTickCount();
// 獲取開機時間;
GetComputerName(szInfo, &dwInfo);
// 獲取計算機名稱;
GetUserName(szInfo, &dwInfo);
// 獲取計算機用戶名;
GetWindowsDirectory(szInfo, MAX_PATH + 1);
// 獲取Windows目錄;
GetSystemDirectory(szInfo, MAX_PATH + 1);
// 獲取系統目錄;
____________________________________________________________________________________
1、先聲明下面一個函數:
function SHFormatDrive(Hwnd:HWND;Drive:Integer;Size:Uint;Action:Integer):Integer;
stdcall;external 'shell32.dll' name 'SHFormatDrive';
說明:1、Hwnd:窗口所有者的句柄
2、Drive:所有格式化的對象:0指a驅;1指b驅;2指c盤...
3、Size:暫時無用
4、Action:0:快速格式化;1:全面格式化;2:格式化時傳送系統,即:sys a(b,c)
2、上述函數參數太多,可以再次進行包裝即:
function FormatDrive(Drive,Action:Integer):Integer;
begin
Result:=SHFormatDrive(Application.Handle,Drive,0,Action);
end;
說明:只需要填寫兩個參數
3、用法:
1、快速格式化A盤: FormatDrive(0,0);
2、全面格式化A盤: FormatDrive(1,0);
3、格式化A盤時帶系統: FormatDrive(2,0);
implementation
{$R *.DFM}
function SHFormatDrive(Hwnd:HWND;Drive:Integer;Size:Uint;Action:Integer):Integer;
stdcall;external 'shell32.dll' name 'SHFormatDrive';
function FormatDrive(Drive,Action:Integer):Integer;
begin
Result:=SHFormatDrive(Application.Handle,Drive,0,Action);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
FormatDrive(5,0);
end;
GetSystemInfo
//聲明:GetSystemInfo( var lpSystemInfo: TSystemInfo {} ); //TSystemInfo 考試#大提示是 _SYSTEM_INFO 結構的重定義: _SYSTEM_INFO = record case Integer of 0: ( dwOemId: DWORD); { ...
var lpSystemInfo: TSystemInfo {}
);
//TSystemInfo 考試#大提示是 _SYSTEM_INFO 結構的重定義:
_SYSTEM_INFO = record
case Integer of
0: (
dwOemId: DWORD); {返回計算機標識符, 已廢棄}
1: (
wProcessorArchitecture: Word; {處理器的體系結構}
wReserved: Word; {保留}
dwPageSize: DWORD; {分頁大小}
lpMinimumApplicationAddress: Pointer;{最小尋址空間}
lpMaximumApplicationAddress: Pointer;{最大尋址空間}
dwActiveProcessorMask: DWORD; {處理器掩碼; 0..31 表示不同的處理器}
dwNumberOfProcessors: DWORD; {處理器數目}
dwProcessorType: DWORD; {處理器類型}
dwAllocationGranularity: DWORD; {虛擬內存空間的粒度}
wProcessorLevel: Word; {處理器等級}
wProcessorRevision: Word); {處理器版本}
end;//舉例:procedure TForm1.FormCreate(Sender: TObject);
var
SI: TSystemInfo;
begin
GetSystemInfo(SI);
Memo1.Clear;
with Memo1.Lines do
begin
Add(Format('OEMID:' + #9#9 + '%d', [SI.dwOemId]));
Add(Format('處理器體系結構:' + #9 + '%d', [SI.wProcessorArchitecture]));
Add(Format('分頁大小:' + #9 + '%d', [SI.dwPageSize]));
Add(Format('最小尋址空間:' + #9 + '%d', [Integer(SI.lpMinimumApplicationAddress)]));
Add(Format('最大尋址空間:' + #9 + '%d', [Integer(SI.lpMaximumApplicationAddress)]));
Add(Format('處理器掩碼:' + #9 + '%d', [SI.dwActiveProcessorMask]));
Add(Format('處理器數目:' + #9 + '%d', [SI.dwNumberOfProcessors]));
Add(Format('處理器類型:' + #9 + '%d', [SI.dwProcessorType]));
Add(Format('虛擬內存粒度:' + #9 + '%d', [SI.dwAllocationGranularity]));
Add(Format('處理器等級:' + #9 + '%d', [SI.wProcessorLevel]));
Add(Format('處理器版本:' + #9 + '%d', [SI.wProcessorRevision]));
end;
end;//效果圖:
CPU和內存信息的代碼
函數定義:
CString DetectCPUType();
CString DetectMemoryType();
變量:
// CPU type
CString m_sCPUNameString;
CString m_sCPUIdentifier;
CString m_sCPUVendorIdentifier;
DWORD m_dwCPUSpeed;
// total physical memory in MB
DWORD m_TotMem;
// total virtual memory
DWORD m_TotVirtMem;
函數:
CString CSystemLocalInfo::DetectCPUType()
{
LONG lresult;
HKEY NewKey;
lresult = RegOpenKeyEx(HKEY_LOCAL_MACHINE,_T(CPU_CONFIGURATION_KEY),
0,KEY_EXECUTE,&NewKey);
if (ERROR_SUCCESS != lresult) return 0; // key not found
TCHAR szKeyValue[100]; memset(szKeyValue,0,100);
DWORD dwType=REG_SZ; DWORD dwSize=100;
lresult=RegQueryValueEx(NewKey,_T("Identifier"),NULL,
&dwType,(LPBYTE)szKeyValue,&dwSize);
if ((lresult==ERROR_SUCCESS) && (dwSize>0))
{ m_sCPUIdentifier=szKeyValue; };
memset(szKeyValue,0,100); dwType=REG_SZ; dwSize=100;
lresult=RegQueryValueEx(NewKey,_T("VendorIdentifier"),NULL,
&dwType,(LPBYTE)szKeyValue,&dwSize);
if ((lresult==ERROR_SUCCESS) && (dwSize>0))
{ m_sCPUVendorIdentifier=szKeyValue; };
memset(szKeyValue,0,100); dwType=REG_SZ; dwSize=100;
lresult=RegQueryValueEx(NewKey,_T("ProcessorNameString"),
NULL,&dwType,(LPBYTE)szKeyValue,&dwSize);
if ((lresult==ERROR_SUCCESS) && (dwSize>0))
{ m_sCPUNameString=szKeyValue; };
DWORD dwData=0; dwType=REG_DWORD; dwSize=sizeof(dwData);
lresult=RegQueryValueEx(NewKey,_T("~MHz"),NULL,
&dwType,(LPBYTE)(&dwData),&dwSize);
if ((lresult==ERROR_SUCCESS) && (dwSize>0))
{ m_dwCPUSpeed=dwData; };
RegCloseKey(NewKey);
return szKeyValue;
}
CString CSystemLocalInfo::DetectMemoryType()
{
// TODO: Add extra initialization here
MEMORYSTATUS Mem;
// get the memory status
GlobalMemoryStatus(&Mem);
// set the total memory
this->m_TotMem=(DWORD)Mem.dwTotalPhys/(1024*1024);
this->m_TotVirtMem=(DWORD)Mem.dwTotalVirtual/(1024*1024);
CString Msg;
Msg.Format("物理內存: %ld MB : 虛擬內存: %ld MB",
this->m_TotMem,this->m_TotVirtMem);
return Msg;
}
這個是網卡的。
void CNetParamDlg::GetNetInfo()
{
FIXED_INFO *FixedInfo;
ULONG OutBuff;
DWORD dwRetVal;
CString Msg;
FixedInfo = (FIXED_INFO*)GlobalAlloc(GPTR,sizeof(FIXED_INFO));
OutBuff = sizeof(FIXED_INFO);
if(ERROR_BUFFER_OVERFLOW == GetNetworkParams(FixedInfo,&OutBuff))
{
GlobalFree(FixedInfo);
FixedInfo =(FIXED_INFO*)GlobalAlloc(GPTR,OutBuff);
}
if(dwRetVal = GetNetworkParams(FixedInfo,&OutBuff))
{
Msg.Format( "Call to GetNetworkParams failed. Return Value: %08x/n", dwRetVal);
MessageBox(Msg,NULL,MB_OK);
}
else ParesData(FixedInfo);
UpdateData(FALSE);
}
顯卡和顯示器的具體信息,包括牌子型號
// This sample is a program which show the information ,such as description,
// provider and version of each pci device:
//retrieve a set of all devices on the Peripheral Component Interconnect (PCI)
//bus.
HDEVINFO hPciDevInfo = SetupDiGetClassDevs(NULL,REGSTR_KEY_PCIENUM,0,
DIGCF_PRESENT | DIGCF_ALLCLASSES );
if (hPciDevInfo == INVALID_HANDLE_VALUE) return ;
// Show all related device in the PCI set
DisplayDriverDsp(hPciDevInfo);
void CTestDlg::DisplayDriverDsp(HDEVINFO hDevInfo)
{
SP_DEVINFO_DATA DeviceInfoData;
DeviceInfoData.cbSize = sizeof(SP_DEVINFO_DATA);
TCHAR buffer[MAX_PATH];
ZeroMemory(buffer, MAX_PATH);
HKEY hCurKey;
CString strConstKey;
HKEY hRootKey = HKEY_LOCAL_MACHINE;
if (bIsNt)
strConstKey = "SYSTEM//CurrentControlSet//Control//Class//";
else
strConstKey = "SYSTEM//CurrentControlSet//Services//Class//";
/*DWORD dwI, dwValueType;
TCHAR szValueName[MAX_PATH];
TCHAR szValueData[MAX_PATH];
ZeroMemory(szValueName, MAX_PATH);
ZeroMemory(szValueData, MAX_PATH);
DWORD dwVNameSize, dwVDataSize;
dwVNameSize = MAX_PATH;
dwVDataSize = MAX_PATH;*/
for (DWORD i=0;SetupDiEnumDeviceInfo(hDevInfo,i,&DeviceInfoData);i++)
{
SetupDiGetDeviceRegistryProperty(hDevInfo, &DeviceInfoData,
SPDRP_DRIVER, NULL, (PBYTE)buffer, MAX_PATH, NULL);
CString strKey = strConstKey;
strKey += buffer;
if (ERROR_SUCCESS != ::RegOpenKey(hRootKey, (LPCSTR)strKey, &hCurKey))
{
TRACE("%d", GetLastError());
return;
}
// Get the driver description
DWORD dwType = REG_SZ;
if (ERROR_SUCCESS != ::RegQueryValueEx(hCurKey, "DriverDesc", NULL,
&dwType, (LPBYTE)szValueData, &dwVDataSize))
return;
// Get provider name
if (ERROR_SUCCESS != ::RegQueryValueEx(hCurKey, "ProviderName", NULL, &dwType, (LPBYTE)szValueData, &dwVDataSize))
return;
// Retrieve version:
if (ERROR_SUCCESS != ::RegQueryValueEx(hCurKey, "Ver", NULL, &dwType, (LPBYTE)szValueData, &dwVDataSize))
return;
}