1

Process Memory Counter is defined structure available in the psapi (Process Status API). Its structure is defined as,

typedef struct _PROCESS_MEMORY_COUNTERS {
  DWORD  cb;
  DWORD  PageFaultCount;
  SIZE_T PeakWorkingSetSize;
  SIZE_T WorkingSetSize;
  SIZE_T QuotaPeakPagedPoolUsage;
  SIZE_T QuotaPagedPoolUsage;
  SIZE_T QuotaPeakNonPagedPoolUsage;
  SIZE_T QuotaNonPagedPoolUsage;
  SIZE_T PagefileUsage;
  SIZE_T PeakPagefileUsage;
} PROCESS_MEMORY_COUNTERS;

I use GetProcessMemoryInfo method which has the syntax, BOOL GetProcessMemoryInfo(HANDLE Process, PROCESS_MEMORY_COUNTERS* pmc,DWORD size_pmc);

From the struct variable pointer pmc I can access the WorkingSetSize of a process (say mspaint.exe) as pmc.WorkingSetSize.

But the memory value displayed in the task manager is not the same as any of the values in the structre. My Questions are,

  1. What are these values?
  2. What is the value displayed in the task manager?
  3. What is the programmatic way to get the memory used as displayed in the task manager?
  4. Can it be calculated using the process memory counter itself?

PS: The preferred language is C++ and I want to do it without running any commands in the command prompt.

Jabberwocky
  • 48,281
  • 17
  • 65
  • 115
kowsikbabu
  • 499
  • 1
  • 6
  • 23
  • 3
    task manager in win 10 used `VM_COUNTERS_EX2` most member of this structure copied to `PROCESS_MEMORY_COUNTERS` (`GetProcessMemoryInfo` of course used `ZwQueryInformationProcess` with `ProcessVmCounters`) but some members lost. `SIZE_T PrivateWorkingSetSize` lost, but exactly this field show task manager - https://stackoverflow.com/a/42986966/6401656 – RbMm Jun 27 '18 at 12:00
  • 1
    if want value exactly as in task manager - `VM_COUNTERS_EX2 vm; NtQueryInformationProcess(hProcess, ProcessVmCounters, &vm, sizeof(vm), 0); DbgPrint("PrivateWorkingSet=%uK\n", vm.PrivateWorkingSetSize >> 10);` – RbMm Jun 27 '18 at 12:11
  • Hey! Thanks for the reply! I'm having trouble including the header file for VM_COUNTERS_EX2. Any idea on the template to include the header or load the library? – kowsikbabu Jun 27 '18 at 19:01
  • [here](https://stackoverflow.com/a/48987318/6401656) example how include at once `` and `` and you need add `ntdll.lib` or `ntdllp.lib` to the build. however probably only i do this. all another copy/paste definitions from ntifs/ntddk/wdm – RbMm Jun 27 '18 at 19:17

0 Answers0