Skip to content

Commit 5d19ff7

Browse files
Merge pull request #71 from supervoidcoder/add-memory-usage
Now you can see the RAM usage of a process straight from win-witr! Gone are the days where you have to wonder why there's a suspicious process born from WINWORD and uses up 12 GB of RAM
2 parents 2e07cd9 + b17f34f commit 5d19ff7

1 file changed

Lines changed: 54 additions & 0 deletions

File tree

main.cpp

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
#include <algorithm>
2222
#include <conio.h>
2323
#include <cassert>
24+
#include <psapi.h>
2425

2526
#define windows_time_to_unix_epoch(x) ((x) - 116444736000000000LL) / 10000000LL
2627
// The above macro converts Windows FILETIME to Unix epoch time in seconds.
@@ -1794,13 +1795,65 @@ void PIDinspect(DWORD pid) { // ooh guys look i'm in the void
17941795
std::cout << "Command: " << command << std::endl;
17951796
}
17961797
std::string workdir = GetWorkingDir(hProcess);
1798+
17971799

17981800

17991801
if (IsVirtualTerminalModeEnabled()) {
18001802
std::cout << "\033[1;32mWorking Directory\033[0m: " << workdir << std::endl;
18011803
} else {
18021804
std::cout << "Working Directory: " << workdir << std::endl;
18031805
}
1806+
1807+
// to get memory usage,
1808+
// we have to use psapi.h
1809+
// the metric we want is WorkingSetSize because the api spits out a bunch of other metrics we don't need
1810+
// hopefully this doesn't tank performance for yet another api call
1811+
// the command and working dir don't affect it because PEB walks take like 5 ms idk
1812+
// reference: https://learn.microsoft.com/en-us/windows/win32/psapi/collecting-memory-usage-information-for-a-process
1813+
1814+
PROCESS_MEMORY_COUNTERS pmc;
1815+
if ( GetProcessMemoryInfo( hProcess, &pmc, sizeof(pmc)) ) {
1816+
// in the original snippet from windows
1817+
// THE BRACKET IS AFTER THE IF IN THE LINE DOWN
1818+
// i can't be talking about code organization but MICROSOFT WHAT
1819+
size_t RAM = pmc.WorkingSetSize; //should be fine for this, unless you have like 10 exabytes of RAM for a single process somehow
1820+
1821+
std::string FRAM = ""; // fram means formatted ram, i'm so creative at var naming
1822+
if (RAM < 1000) {
1823+
// if less than 1000 bytes (which is a kilobyte) then just return bytes
1824+
FRAM = std::to_string(RAM) + " B";
1825+
}
1826+
else if (RAM < 1000ULL * 1000) {
1827+
1828+
FRAM = std::to_string(RAM / 1000) + " KB";
1829+
}
1830+
else if (RAM < 1000ULL * 1000 * 1000) {
1831+
1832+
FRAM = std::to_string(RAM /( 1000ULL * 1000)) + " MB";
1833+
}
1834+
else if (RAM < 1000ULL * 1000 * 1000 * 1000) {
1835+
FRAM = std::to_string(RAM /( 1000ULL * 1000 * 1000)) + " GB";
1836+
}
1837+
else {
1838+
FRAM = std::to_string(RAM /( 1000ULL * 1000 * 1000 * 1000)) + " TB";
1839+
// if someone actually reaches this i'm concerned
1840+
}
1841+
1842+
1843+
1844+
1845+
if (IsVirtualTerminalModeEnabled()) {
1846+
std::cout << "\033[1;32mRAM Usage\033[0m: " << FRAM << std::endl;
1847+
// I know RAM is technically a "nerdy tech term" or whatever and it'd be more logical
1848+
// to say "memory" but I feel like at this point everyone knows what RAM means
1849+
// especially with the RAM shortage, it should be ingrained in their brains
1850+
1851+
} else {
1852+
std::cout << "RAM Usage: " << FRAM << std::endl;
1853+
}
1854+
}
1855+
1856+
18041857

18051858

18061859

@@ -1817,6 +1870,7 @@ void PIDinspect(DWORD pid) { // ooh guys look i'm in the void
18171870
std::cout << "\nWhy It Exists:\n";
18181871
}
18191872
PrintAncestry(pid);
1873+
18201874

18211875
if (IsVirtualTerminalModeEnabled()) {
18221876
std::cout << "\n\033[1;35mStarted:\033[0m " << GetReadableFileTime(pid) << std::endl;

0 commit comments

Comments
 (0)