get process info
How can I get "I/O Write Bytes" info for process? :confused:
Archive: get process info
get process info
How can I get "I/O Write Bytes" info for process? :confused:
Oh, man. You can read some manual on this at MSDN.
Them use System plugin to call the DLL and function required.
MSDN :eek:
If I could understand what is written there, I would not have to ask here
So... http://msdn.microsoft.com/en-us/libr...(v=VS.85).aspx
System::Call 'kernel32::OpenProcess(i 1040, i 0, i $PID)i .r0'
System::Alloc 48 ;6 counters * 8 bytes?
Pop $1
System::Call 'kernel32::ProcessGetIOCounters(i r0, p r1)' ??? :hang:
hmmm... good question - seems like it should work (except that 'p' is incorrect... that's the online docs vs included docs mismatch thing.. you'd want 'i')...
...except that it doesn't seem to. Perhaps the struct size isn't quite right - but doesn't seem to be anything wrong with it...
OutFile"test.exe"
!define PROCESS_QUERY_INFORMATION 0x0400
!define PROCESS_VM_READ 0x0010
Section
System::Call "kernel32::GetCurrentProcessId(v)i.r0"
System::Call "kernel32::OpenProcess(i${PROCESS_QUERY_INFORMATION}|${PROCESS_VM_READ}, i0, ir0) i.r1 ? e"
Pop $7
System::Call "*(l, l, l, l, l, l) i.r2"
System::Call "kernel32::GetProcessIoCounters(ir1, i.r2) i.r5 ? e"
Pop $6
System::Call "*$2(l.R1, l.R2, l.R3, l.R4, l.R5, l.R6)"
MessageBox MB_OK "GetCurrentProcessId: $0$\nGetOpenProcess: $1$\nBuffer: $2$\nGetProcessIoCounters result: $5$\nGetLastError: $6$\n$\n***91;$R1***93;***91;$R2***93;***91;$R3***93;***91;$R4***93;***91;$R5***93;***91;$R6***93;"
System::Free $2
SectionEnd
>
---------------------------
No idea.. some System plugin wizard will hopefully step in %)
Dot
At least the following line should have a dot less on the second parameter. (it's a buffer 'out' so one has to supply the buffer handle)
System::Call "kernel32::GetProcessIoCounters(ir1, ir2) i.r5 ? e"
Results:I'm not sure what I'm exactly looking for, so it's a bit hard to confirm the shape of IO_COUNTERS Structure to be rightGetCurrentProcessId: 700
GetOpenProcess: 204
Buffer: 1371680
GetProcessIoCounters result: 1
GetLastError: 80
>***91;82***93;***91;3***93;***91;2529***93;***91;66090***93;***91;11408***93;***91;98746***93;
Originally posted by gringoloco023Oh pish. Go figure.. I correlated the __out type as out in the System syntax, and not in.
At least the following line should have a dot less on the second parameter. (it's a buffer 'out' so one has to supply the buffer handle)
System::Call "kernel32::GetProcessIoCounters(ir1, ir2) i.r5 ? e"
Originally posted by gringoloco23Open up Task Manager, add the IO columns if needed, compare to those :)
I'm not sure what I'm exactly looking for, so it's a bit hard to confirm the shape of IO_COUNTERS Structure to be right
OutFile"test.exe"
!define PROCESS_QUERY_INFORMATION 0x0400
!define PROCESS_VM_READ 0x0010
Section
System::Call "kernel32::GetCurrentProcessId(v)i.r0"
System::Call "kernel32::OpenProcess(i${PROCESS_QUERY_INFORMATION}|${PROCESS_VM_READ}, i0, ir0) i.r1"
System::Call "*(l, l, l, l, l, l) i.r2"
System::Call "kernel32::GetProcessIoCounters(ir1, ir2)"
System::Call "*$2(l.R1, l.R2, l.R3, l.R4, l.R5, l.R6)"
MessageBox MB_OK "PID: $0$\n$\nI/O Reads: $R1$\nI/O Writes: $R2$\nI/O Other: $R3$\nI/O Read Bytes: $R4$\nI/O Write Bytes: $R5$\nI/O Other Bytes: $R6"
System::Free $2
SectionEnd
>
---------------------------
Thank you! ;)