Windows 资源监视器使用哪个 API? [英] Which API does Windows Resource Monitor use?
问题描述
Windows 资源监视器显示(除其他外)磁盘上的哪些文件当前由哪些进程访问.它实时执行此操作.如何?
Windows Resource Monitor displays (among other things) which files on disk are currently accessed by which processes. And it does that in realtime. How?
我知道它可能使用 ETW,并且我可以使用 xperf 等工具生成跟踪.但是如何在不启动、停止和解析跟踪文件的情况下获取实时信息?
I know that it probably uses ETW and that I can generate traces with tools like xperf. But how to get realtime information without having to start, stop and parse a trace file?
我需要以编程方式访问数据,即从 C# 或 C++.
I need to programmatically access the data, i.e. from C# or C++.
推荐答案
wOpenTrace/ProcessTrace/StopTrace 可以得到数据只要您知道提供者 GUID,就可以实时访问.它们可以在 Win2000 上运行,但您需要在回调函数中解析原始数据.要将原始数据转换为人类可读的文本,我们需要 TMF/MOF.不过不确定它们是否公开.
wOpenTrace/ProcessTrace/StopTrace can get the data in real-time as long as you know the provider GUID. They can run on Win2000 but you need to parse the raw data in your callback functions. To convert raw data into human-readable text, we need the TMF/MOF. Not sure if they are public though.
对于 Vista/Win7,有一组新的 TDH(跟踪数据助手)API(例如:TdhFormatProperty).向下滚动一点上面的链接,你可以看到它们.TDH 的好处是它们可以为您解析数据(尽管仍然需要向 TDH 提供 TMF/MOF).
For Vista/Win7, there is a new set of TDH (Trace Data Helper) APIs (eg: TdhFormatProperty). Scroll down a little of above links and you can see them. The good thing about TDH is they can parse the data for you (still need to provide TDH the TMF/MOF though).
我尝试使用 Open/Process/StopTrace API 将我自己的 .etl 编写为可读的 .txt 程序(因为我需要支持 XP).我发现这很困难.TMF 文件不难解释,因为它是纯文本.困难的是破译 50 多种不同的未记录的类似 prinf 格式规范的内部结构.所以最后我放弃了,坚持使用强大的tracefmt.exe 在 Microsoft WDK 中提供.
I tried to write my own .etl to readable .txt program using Open/Process/StopTrace API (because I need to support XP). I found out it's quite difficult. The TMF file is not hard to interpret since it pure text. The hard thing is to decipher more than 50 different undocumented prinf-alike format-specifications' internal structures. So I gave up in the end and stick to the powerful tracefmt.exe provided in Microsoft WDK.
这篇关于Windows 资源监视器使用哪个 API?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
