Windows Kernel System Information API Reference

This section provides an overview and reference for Windows API functions that allow you to retrieve system information directly from the kernel.

Processes and Threads

Information about running processes and threads is crucial for system monitoring and management.

Key Functions:

  • OpenProcess: Retrieves a handle to an existing process object.
  • EnumProcesses: Retrieves the process identifier for each of the system's processes.
  • GetProcessTimes: Retrieves timing information for the specified process.
  • CreateToolhelp32Snapshot: Takes a snapshot of the specified set of processes, modules, or threads.

Related Structures:

  • PROCESSENTRY32: Describes an entry in the process table.

// Example: Get process ID
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (hProcess != NULL) {
    // ... use process handle
    CloseHandle(hProcess);
}

Memory Management

Understand memory usage, allocation, and system memory status.

Key Functions:

  • GlobalMemoryStatusEx: Fills the structure specified by the lpBuffer parameter with information about the current memory utilization of the computer.
  • VirtualQueryEx: Retrieves detailed information about a range of pages in the virtual address space of the calling process.
  • GetSystemInfo: Populates the specified structure with information about the current system.

Related Structures:

  • MEMORYSTATUSEX: Contains information about the current memory status of the computer.
  • SYSTEM_INFO: Contains information about the current computer system.

MEMORYSTATUSEX memInfo;
memInfo.dwLength = sizeof(MEMORYSTATUSEX);
GlobalMemoryStatusEx(&memInfo);
// Access memInfo.ullTotalPhys, memInfo.ullAvailPhys, etc.

Performance Counters

Access real-time performance data for various system components.

Key Functions:

  • PdhOpenLog: Opens a performance data log file.
  • PdhCollectQueryData: Collects data for the specified counter query.
  • PdhGetFormattedCounterValue: Retrieves the formatted value of a counter.

Note:

For more direct kernel access to performance data, consider using Windows Management Instrumentation (WMI) or specific performance driver interfaces.

Environment Variables

Retrieve system-wide and user-specific environment variables.

Key Functions:

  • GetEnvironmentVariable: Retrieves the value of the specified environment variable for the current process.
  • SetEnvironmentVariable: Sets the value of an environment variable for the current process.

Example:


TCHAR userName[256];
DWORD len = GetEnvironmentVariable(TEXT("USERNAME"), userName, 256);
if (len > 0 && len < 256) {
    wcout << L"Current User: " << userName << endl;
}

System Limits

Query system-defined limits and configurations.

Key Functions:

  • GetSystemMetrics: Retrieves the specified system metric (sometimes referred to as a user interface element or feature).
  • GetNativeSystemInfo: Populates the structure specified by lpSystemInfo with information about the current computer.

Common Metrics:

  • SM_CXSCREEN: Width of the screen.
  • SM_CYSCREEN: Height of the screen.
  • SM_NUMBEROFPROCESSORS: Number of logical processors.