Alex Fedotov.com 

Requirements

Development Environment Requirements

Microsoft Visual C++ 6.0
Windows NT DDK

Run-Time Requirements

Microsoft Windows NT 4.0 or later

Home Code Samples Articles Links  

<< Hide left pane Leave feedback

Paging Files Sample

This sample demonstrates how to obtain information about all paging files in the system using the undocumented ZwQuerySystemInformation function. This function, which prototype is shown below, provides access to a wide variety of system information. 

NTSTATUS ZwQuerySystemInformation(
    IN ULONG SystemInformationClass,    // information class
    IN OUT PVOID SystemInformation,     // information buffer
    IN ULONG SystemInformationLength,   // size of information buffer
    OUT PULONG ReturnLength OPTIONAL    // receives information length
    );

The first parameter, SystemInformationClass, specifies the type of information to retrieve. To obtain information about paging files, this parameter should be set to 18.

The second parameter, SystemInformation, should point to a buffer, into which the system will store requested information. For paging files, the information is returned as an array of SYSTEM_PAGEFILE_INFORMATION structures, one structure for each paging file in the system. 

typedef struct _SYSTEM_PAGEFILE_INFORMATION {
    ULONG            NextEntryOffset;   // offset to the next entry
    ULONG            CurrentSize;       // current file size
    ULONG            TotalUsed;         // current file usage
    ULONG            PeakUsed;          // peak file usage
    UNICODE_STRING   FileName;          // file name in native format
} SYSTEM_PAGEFILE_INFORMATION, * PSYSTEM_PAGEFILE_INFORMATION;

All sizes in this structure are expressed in pages. To determine corresponding sizes in bytes, these values should be multiplied on the processor's page size, which can be obtained with GetSystemInfo function.

Below is a part of the sample program source code, which obtains and displays information about all paging files in the system. 

int _tmain(
    int argc, 
    _TCHAR * argv[]
    )
{
    // determine page size on the current processor
    SYSTEM_INFO si;
    GetSystemInfo(&si);

    ULONG cbBuffer = 0x1000;
    LPVOID pBuffer = NULL;
    NTSTATUS Status;

    // it is difficult to determine a priory which size of the
    // buffer will be enough to retrieve all information, so we
    // start with 4K buffer and increase its size until we get
    // the information successfully
    do
    {
        pBuffer = malloc(cbBuffer);
        if (pBuffer == NULL)
        {
            _tprintf(_T("Not enough memory\n"));
            return 1;
        }

        Status = ZwQuerySystemInformation(
                    SystemPagefileInformation,
                    pBuffer, cbBuffer, NULL);

        if (Status == STATUS_INFO_LENGTH_MISMATCH)
        {
            free(pBuffer);
            cbBuffer *= 2;
        }
        else if (!NT_SUCCESS(Status))
        {
            _tprintf(_T("ZwQuerySystemInformation failed with")
                     _T("status 0x%08X\n"), Status);

            free(pBuffer);
            return 1;
        }
    }
    while (Status == STATUS_INFO_LENGTH_MISMATCH);

    PSYSTEM_PAGEFILE_INFORMATION pInfo = 
        (PSYSTEM_PAGEFILE_INFORMATION)pBuffer;

    // print header
    _tprintf(_T(" Current Size   Total Used   Peak Used   File Name\n"));
    _tprintf(_T("--------------------------------------------------\n"));

    for (;;)
    {
        _tprintf(_T("   %8d K   %8d K   %8d K   %ls\n"),
                 pInfo->CurrentSize * si.dwPageSize / 1024,
                 pInfo->TotalUsed * si.dwPageSize / 1024,
                 pInfo->PeakUsed * si.dwPageSize / 1024,
                 pInfo->FileName.Buffer);

        if (pInfo->NextEntryOffset == 0)
            break;

        pInfo = (PSYSTEM_PAGEFILE_INFORMATION)((PBYTE)pInfo + 
	                      pInfo->NextEntryOffset);
    }

    free(pBuffer);
    return 0;
}

Note: the same information can be obtained using Windows Management Instrumentation (WMI), which is fully documented in the Platform SDK. WMI exposes paging files information through Win32_PageFileUsage and Win32_PageFileSettings classes. It is strongly recommended to use WMI to obtain system information rather than undocumented functions.

References

  1. Gary Nebbett, Windows NT/2000 Native API Reference. New Riders Publishing, 2000.

Leave your comment

From:
Subject:
Comment:
 
 
Best viewed with Microsoft Internet Explorer 4.0+Send feedback to: me@alexfedotov.com
Last modified on Fri, Feb 10 2006

HotLog