archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/sdktools/memsnap/poolsnap.c

550 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // poolsnap.c
  2. // this program takes a snapshot of all the kernel pool tags.
  3. // and appends it to the logfile (arg)
  4. // pmon was model for this
  6. /* includes */
  7. #include <nt.h>
  8. #include <ntrtl.h>
  9. #include <nturtl.h>
  10. #include <windows.h>
  11. #include <assert.h>
  12. #include <stdlib.h>
  13. #include <stdio.h>
  14. #include <string.h>
  15. #include <ctype.h>
  16. #include <io.h>
  17. #include <srvfsctl.h>
  18. #include <search.h>
  20. #if !defined(POOLSNAP_INCLUDED)
  21. #define SORTLOG_INCLUDED
  22. #define ANALOG_INCLUDED
  23. #include "analog.c"
  24. #include "sortlog.c"
  25. #endif
  27. #include "tags.c"
  29. //
  30. // declarations
  31. //
  33. int __cdecl ulcomp(const void *e1,const void *e2);
  35. NTSTATUS
  36. QueryPoolTagInformationIterative(
  37. PUCHAR *CurrentBuffer,
  38. size_t *CurrentBufferSize
  39. );
  41. //
  42. // definitions
  43. //
  45. #define NONPAGED 0
  46. #define PAGED 1
  47. #define BOTH 2
  49. //
  50. // Printf format string for pool tag info.
  51. //
  53. #ifdef _WIN64
  54. #define POOLTAG_PRINT_FORMAT " %4s %5s %18I64d %18I64d %16I64d %14I64d %12I64d\n"
  55. #else
  56. #define POOLTAG_PRINT_FORMAT " %4s %5s %9ld %9ld %8ld %7ld %6ld\n"
  57. #endif
  59. // from poolmon
  60. // raw input
  62. PSYSTEM_POOLTAG_INFORMATION PoolInfo;
  64. //
  65. // the amount of memory to increase the size
  66. // of the buffer for NtQuerySystemInformation at each step
  67. //
  69. #define BUFFER_SIZE_STEP 65536
  71. //
  72. // the buffer used for NtQuerySystemInformation
  73. //
  75. PUCHAR CurrentBuffer = NULL;
  77. //
  78. // the size of the buffer used for NtQuerySystemInformation
  79. //
  81. size_t CurrentBufferSize = 0;
  83. //
  84. // formatted output
  85. //
  87. typedef struct _POOLMON_OUT {
  88. union {
  89. UCHAR Tag[4];
  90. ULONG TagUlong;
  91. };
  92. UCHAR NullByte;
  93. BOOL Changed;
  94. ULONG Type;
  96. SIZE_T Allocs[2];
  97. SIZE_T AllocsDiff[2];
  98. SIZE_T Frees[2];
  99. SIZE_T FreesDiff[2];
  100. SIZE_T Allocs_Frees[2];
  101. SIZE_T Used[2];
  102. SIZE_T UsedDiff[2];
  103. SIZE_T Each[2];
  105. } POOLMON_OUT, *PPOOLMON_OUT;
  107. PPOOLMON_OUT OutBuffer;
  108. PPOOLMON_OUT Out;
  110. UCHAR *PoolType[] = {
  111. "Nonp ",
  112. "Paged"};
  115. VOID PoolsnapUsage(VOID)
  116. {
  117. printf("poolsnap [-?] [-t] [<logfile>]\n");
  118. printf("poolsnap logs system pool usage to <logfile>\n");
  119. printf("<logfile> = poolsnap.log by default\n");
  120. printf("-? Gives this help\n");
  121. printf("-a Analyze the log file for leaks.\n");
  122. printf("-t Output extra tagged information\n");
  123. exit(-1);
  124. }
  126. #if !defined(POOLSNAP_INCLUDED)
  127. VOID
  128. AnalyzeLog (
  129. PCHAR FileName,
  130. BOOL HtmlOutput
  131. )
  132. {
  133. char * Args[4];
  135. UNREFERENCED_PARAMETER(HtmlOutput);
  137. Args[0] = "memsnap.exe";
  138. Args[1] = FileName;
  139. Args[2] = "_memsnap_temp_";
  140. Args[3] = NULL;
  141. SortlogMain (3, Args);
  143. Args[0] = "memsnap.exe";
  144. Args[1] = "-d";
  145. Args[2] = "_memsnap_temp_";
  146. Args[3] = NULL;
  147. AnalogMain (3, Args);
  149. DeleteFile ("_memsnap_temp_");
  150. }
  151. #endif
  154. /*
  155. * FUNCTION: Main
  156. *
  157. * ARGUMENTS: See Usage
  158. *
  159. * RETURNS: 0
  160. *
  161. */
  163. #if defined(POOLSNAP_INCLUDED)
  164. int __cdecl PoolsnapMain (int argc, char* argv[])
  165. #else
  166. int __cdecl main (int argc, char* argv[])
  167. #endif
  168. {
  169. NTSTATUS Status; // status from NT api
  170. FILE* LogFile= NULL; // log file handle
  171. DWORD x= 0; // counter
  172. SIZE_T NumberOfPoolTags;
  173. INT iCmdIndex; // index into argv
  174. BOOL bOutputTags= FALSE; // if true, output standard tags
  176. // get higher priority in case system is bogged down
  177. if ( GetPriorityClass(GetCurrentProcess()) == NORMAL_PRIORITY_CLASS) {
  178. SetPriorityClass(GetCurrentProcess(),HIGH_PRIORITY_CLASS);
  179. }
  181. //
  182. // parse command line arguments
  183. //
  185. for( iCmdIndex=1; iCmdIndex < argc; iCmdIndex++ ) {
  187. CHAR chr;
  189. chr= *argv[iCmdIndex];
  191. if( (chr=='-') || (chr=='/') ) {
  192. chr= argv[iCmdIndex][1];
  193. switch( chr ) {
  194. case '?':
  195. PoolsnapUsage();
  196. break;
  197. case 't': case 'T':
  198. bOutputTags= TRUE;
  199. break;
  201. case 'a':
  202. case 'A':
  204. if (argv[iCmdIndex + 1] != NULL) {
  205. AnalyzeLog (argv[iCmdIndex + 1], FALSE);
  206. }
  207. else {
  208. AnalyzeLog ("poolsnap.log", FALSE);
  209. }
  211. exit (0);
  213. default:
  214. printf("Invalid switch: %s\n",argv[iCmdIndex]);
  215. PoolsnapUsage();
  216. break;
  217. }
  218. }
  219. else {
  220. if( LogFile ) {
  221. printf("Error: more than one file specified: %s\n",argv[iCmdIndex]);
  222. return(0);
  223. }
  224. LogFile= fopen(argv[iCmdIndex],"a");
  225. if( !LogFile ) {
  226. printf("Error: Opening file %s\n",argv[iCmdIndex]);
  227. return(0);
  228. }
  229. }
  230. }
  233. //
  234. // if no file specified, use default name
  235. //
  237. if( !LogFile ) {
  238. if( (LogFile = fopen("poolsnap.log","a")) == NULL ) {
  239. printf("Error: opening file poolsnap.log\n");
  240. return(0);
  241. }
  242. }
  244. //
  245. // print file header once
  246. //
  248. if( _filelength(_fileno(LogFile)) == 0 ) {
  249. fprintf(LogFile," Tag Type Allocs Frees Diff Bytes Per Alloc\n");
  250. }
  251. fprintf(LogFile,"\n");
  254. if( bOutputTags ) {
  255. OutputStdTags(LogFile, "poolsnap" );
  256. }
  258. // grab all pool information
  259. // log line format, fixed column format
  261. Status = QueryPoolTagInformationIterative(
  262. &CurrentBuffer,
  263. &CurrentBufferSize
  264. );
  266. if (! NT_SUCCESS(Status)) {
  267. printf("Failed to query pool tags information (status %08X). \n", Status);
  268. printf("Please check if pool tags are enabled. \n");
  269. return (0);
  270. }
  272. PoolInfo = (PSYSTEM_POOLTAG_INFORMATION)CurrentBuffer;
  274. //
  275. // Allocate the output buffer.
  276. //
  278. OutBuffer = malloc (PoolInfo->Count * sizeof(POOLMON_OUT));
  280. if (OutBuffer == NULL) {
  281. printf ("Error: cannot allocate internal buffer of %p bytes \n",
  282. (PVOID)(PoolInfo->Count * sizeof(POOLMON_OUT)));
  283. return (0);
  284. }
  286. Out = OutBuffer;
  288. if( NT_SUCCESS(Status) ) {
  290. for (x = 0; x < (int)PoolInfo->Count; x++) {
  291. // get pool info from buffer
  293. Out->Type = 0;
  295. // non-paged
  296. if (PoolInfo->TagInfo[x].NonPagedAllocs != 0) {
  298. Out->Allocs[NONPAGED] = PoolInfo->TagInfo[x].NonPagedAllocs;
  299. Out->Frees[NONPAGED] = PoolInfo->TagInfo[x].NonPagedFrees;
  300. Out->Used[NONPAGED] = PoolInfo->TagInfo[x].NonPagedUsed;
  301. Out->Allocs_Frees[NONPAGED] = PoolInfo->TagInfo[x].NonPagedAllocs -
  302. PoolInfo->TagInfo[x].NonPagedFrees;
  303. Out->TagUlong = PoolInfo->TagInfo[x].TagUlong;
  304. Out->Type |= (1 << NONPAGED);
  305. Out->Changed = FALSE;
  306. Out->NullByte = '\0';
  307. Out->Each[NONPAGED] = Out->Used[NONPAGED] /
  308. (Out->Allocs_Frees[NONPAGED]?Out->Allocs_Frees[NONPAGED]:1);
  309. }
  311. // paged
  312. if (PoolInfo->TagInfo[x].PagedAllocs != 0) {
  313. Out->Allocs[PAGED] = PoolInfo->TagInfo[x].PagedAllocs;
  314. Out->Frees[PAGED] = PoolInfo->TagInfo[x].PagedFrees;
  315. Out->Used[PAGED] = PoolInfo->TagInfo[x].PagedUsed;
  316. Out->Allocs_Frees[PAGED] = PoolInfo->TagInfo[x].PagedAllocs -
  317. PoolInfo->TagInfo[x].PagedFrees;
  318. Out->TagUlong = PoolInfo->TagInfo[x].TagUlong;
  319. Out->Type |= (1 << PAGED);
  320. Out->Changed = FALSE;
  321. Out->NullByte = '\0';
  322. Out->Each[PAGED] = Out->Used[PAGED] /
  323. (Out->Allocs_Frees[PAGED]?Out->Allocs_Frees[PAGED]:1);
  324. }
  325. Out += 1;
  326. }
  327. }
  328. else {
  329. fprintf(LogFile, "Query pooltags Failed %lx\n",Status);
  330. fprintf(LogFile, " Be sure to turn on 'enable pool tagging' in gflags and reboot.\n");
  331. if( bOutputTags ) {
  332. fprintf(LogFile, "!Error:Query pooltags failed %lx\n",Status);
  333. fprintf(LogFile, "!Error: Be sure to turn on 'enable pool tagging' in gflags and reboot.\n");
  334. }
  336. // If there is an operator around, wake him up, but keep moving
  338. Beep(1000,350); Beep(500,350); Beep(1000,350);
  339. exit(0);
  340. }
  342. //
  343. // sort by tag value which is big endian
  344. //
  346. NumberOfPoolTags = Out - OutBuffer;
  347. qsort((void *)OutBuffer,
  348. (size_t)NumberOfPoolTags,
  349. (size_t)sizeof(POOLMON_OUT),
  350. ulcomp);
  352. //
  353. // print in file
  354. //
  356. for (x = 0; x < (int)PoolInfo->Count; x++) {
  358. if ((OutBuffer[x].Type & (1 << NONPAGED))) {
  359. fprintf(LogFile,
  360. POOLTAG_PRINT_FORMAT,
  361. OutBuffer[x].Tag,
  362. PoolType[NONPAGED],
  363. OutBuffer[x].Allocs[NONPAGED],
  364. OutBuffer[x].Frees[NONPAGED],
  365. OutBuffer[x].Allocs_Frees[NONPAGED],
  366. OutBuffer[x].Used[NONPAGED],
  367. OutBuffer[x].Each[NONPAGED]);
  368. }
  370. if ((OutBuffer[x].Type & (1 << PAGED))) {
  371. fprintf(LogFile,
  372. POOLTAG_PRINT_FORMAT,
  373. OutBuffer[x].Tag,
  374. PoolType[PAGED],
  375. OutBuffer[x].Allocs[PAGED],
  376. OutBuffer[x].Frees[PAGED],
  377. OutBuffer[x].Allocs_Frees[PAGED],
  378. OutBuffer[x].Used[PAGED],
  379. OutBuffer[x].Each[PAGED]);
  380. }
  381. }
  384. // close file
  385. fclose(LogFile);
  387. return 0;
  388. }
  390. // comparison function for qsort
  391. // Tags are big endian
  393. int __cdecl ulcomp(const void *e1,const void *e2)
  394. {
  395. ULONG u1;
  397. u1 = ((PUCHAR)e1)[0] - ((PUCHAR)e2)[0];
  398. if (u1 != 0) {
  399. return u1;
  400. }
  401. u1 = ((PUCHAR)e1)[1] - ((PUCHAR)e2)[1];
  402. if (u1 != 0) {
  403. return u1;
  404. }
  405. u1 = ((PUCHAR)e1)[2] - ((PUCHAR)e2)[2];
  406. if (u1 != 0) {
  407. return u1;
  408. }
  409. u1 = ((PUCHAR)e1)[3] - ((PUCHAR)e2)[3];
  410. return u1;
  412. }
  415. /*
  416. * FUNCTION:
  417. *
  418. * QueryPoolTagInformationIterative
  419. *
  420. * ARGUMENTS:
  421. *
  422. * CurrentBuffer - a pointer to the buffer currently used for
  423. * NtQuerySystemInformation( SystemPoolTagInformation ).
  424. * It will be allocated if NULL or its size grown
  425. * if necessary.
  426. *
  427. * CurrentBufferSize - a pointer to a variable that holds the current
  428. * size of the buffer.
  429. *
  430. *
  431. * RETURNS:
  432. *
  433. * NTSTATUS returned by NtQuerySystemInformation or
  434. * STATUS_INSUFFICIENT_RESOURCES if the buffer must grow and the
  435. * heap allocation for it fails.
  436. *
  437. */
  439. NTSTATUS
  440. QueryPoolTagInformationIterative(
  441. PUCHAR *CurrentBuffer,
  442. size_t *CurrentBufferSize
  443. )
  444. {
  445. size_t NewBufferSize;
  446. NTSTATUS ReturnedStatus = STATUS_SUCCESS;
  448. if( CurrentBuffer == NULL || CurrentBufferSize == NULL ) {
  450. return STATUS_INVALID_PARAMETER;
  452. }
  454. if( *CurrentBufferSize == 0 || *CurrentBuffer == NULL ) {
  456. //
  457. // there is no buffer allocated yet
  458. //
  460. NewBufferSize = sizeof( UCHAR ) * BUFFER_SIZE_STEP;
  462. *CurrentBuffer = (PUCHAR) malloc( NewBufferSize );
  464. if( *CurrentBuffer != NULL ) {
  466. *CurrentBufferSize = NewBufferSize;
  468. } else {
  470. //
  471. // insufficient memory
  472. //
  474. ReturnedStatus = STATUS_INSUFFICIENT_RESOURCES;
  476. }
  478. }
  480. //
  481. // iterate by buffer's size
  482. //
  484. while( *CurrentBuffer != NULL ) {
  486. ReturnedStatus = NtQuerySystemInformation (
  487. SystemPoolTagInformation,
  488. *CurrentBuffer,
  489. (ULONG)*CurrentBufferSize,
  490. NULL );
  492. if( ! NT_SUCCESS(ReturnedStatus) ) {
  494. //
  495. // free the current buffer
  496. //
  498. free( *CurrentBuffer );
  500. *CurrentBuffer = NULL;
  502. if (ReturnedStatus == STATUS_INFO_LENGTH_MISMATCH) {
  504. //
  505. // try with a greater buffer size
  506. //
  508. NewBufferSize = *CurrentBufferSize + BUFFER_SIZE_STEP;
  510. *CurrentBuffer = (PUCHAR) malloc( NewBufferSize );
  512. if( *CurrentBuffer != NULL ) {
  514. //
  515. // allocated new buffer
  516. //
  518. *CurrentBufferSize = NewBufferSize;
  520. } else {
  522. //
  523. // insufficient memory
  524. //
  526. ReturnedStatus = STATUS_INSUFFICIENT_RESOURCES;
  528. *CurrentBufferSize = 0;
  530. }
  532. } else {
  534. *CurrentBufferSize = 0;
  536. }
  538. } else {
  540. //
  541. // NtQuerySystemInformation returned success
  542. //
  544. break;
  546. }
  547. }
  549. return ReturnedStatus;
  550. }