How to find the memory used by a process from kernel mode in Windows
Question
I am trying to get the memory used by a process in kernel mode of Windows.
I tried using the GetProcessMemoryInfo API through PSAPI.h . but this is a USER mode function, and it's not giving me data.
Is there any other way to get the memory details?
1 answers
solution1
1 2016-09-20 14:01:45
you need use ProcessVmCounters and ProcessIoCounters with ZwQueryInformationProcess or NtQueryInformationProcess dependent on previous mode
ULONG rcb;
union {
VM_COUNTERS vmc;
VM_COUNTERS_EX vmcex;
};
IO_COUNTERS ioc;
ZwQueryInformationProcess(NtCurrentProcess(), ProcessVmCounters, &vmc, sizeof(vmc), &rcb);
ZwQueryInformationProcess(NtCurrentProcess(), ProcessVmCounters, &vmcex, sizeof(vmcex), &rcb);
ZwQueryInformationProcess(NtCurrentProcess(), ProcessIoCounters, &ioc, sizeof(ioc), &rcb);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Windows virtual memory and kernel mode
How to pass a variable-size array from Windows kernel driver to a user-mode process?
Find page in memory for Process (linux-kernel)
How to get physical memory and cpu used by particular process in windows?
How to set keyboard indicator light from windows kernel mode driver?
How to prevent a process from using memory used by another process?
How to find exact stack and heap memory used by a process in linux/ubuntu?
How to check if a process is my descendant (kernel mode)
process allocated memory blocks from kernel
Windows: Different ways to terminate a process from kernel
Related Tags