|
|
/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
perfsprc.c
Abstract:
Author:
Bob Watson (a-robw) Aug 95
Revision History:
--*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <wchar.h>
#include <winperf.h>
#include <ntprfctr.h>
#include <perfutil.h>
#include "perfsprc.h"
#include "procmsg.h"
#include "dataheap.h"
// bit field definitions for collect function flags
#define POS_READ_SYS_PROCESS_DATA ((DWORD)0x00010000)
#define POS_READ_PROCESS_VM_DATA ((DWORD)0x00020000)
#define POS_READ_JOB_OBJECT_DATA ((DWORD)0x00040000)
#define POS_READ_JOB_DETAIL_DATA ((DWORD)0x00080000)
#define POS_READ_HEAP_DATA ((DWORD)0x00100000)
#define POS_COLLECT_PROCESS_DATA ((DWORD)0x00010001)
#define POS_COLLECT_THREAD_DATA ((DWORD)0x00010003)
#define POS_COLLECT_EXPROCESS_DATA ((DWORD)0x00030004)
#define POS_COLLECT_IMAGE_DATA ((DWORD)0x0003000C)
#define POS_COLLECT_LONG_IMAGE_DATA ((DWORD)0x00030014)
#define POS_COLLECT_THREAD_DETAILS_DATA ((DWORD)0x00030024)
#define POS_COLLECT_JOB_OBJECT_DATA ((DWORD)0x00050040)
#define POS_COLLECT_JOB_DETAIL_DATA ((DWORD)0x000D00C1)
#define POS_COLLECT_HEAP_DATA ((DWORD)0x00110101)
#define POS_COLLECT_FUNCTION_MASK ((DWORD)0x000001FF)
#define POS_COLLECT_GLOBAL_DATA ((DWORD)0x001501C3)
#define POS_COLLECT_GLOBAL_NO_HEAP ((DWORD)0x000500C3)
#define POS_COLLECT_FOREIGN_DATA ((DWORD)0)
#define POS_COLLECT_COSTLY_DATA ((DWORD)0x0003003C)
// global variables to this DLL
HANDLE ThisDLLHandle = NULL;HANDLE hEventLog = NULL;LPWSTR wszTotal = NULL;HANDLE hLibHeap = NULL;
LPBYTE pProcessBuffer = NULL;PPROCESS_VA_INFO pProcessVaInfo = NULL;PUNICODE_STRING pusLocalProcessNameBuffer = NULL;
LARGE_INTEGER PerfTime = {0,0};
const WCHAR IDLE_PROCESS[] = L"Idle";const WCHAR SYSTEM_PROCESS[] = L"System";
const WCHAR szPerflibSubKey[] = L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib";const WCHAR szPerfProcSubKey[] = L"\\Registry\\Machine\\SYSTEM\\CurrentControlSet\\Services\\PerfProc\\Performance";
const WCHAR szDisplayHeapPerfObject[] = L"DisplayHeapPerfObject";const WCHAR szProcessNameFormat[] = L"ProcessNameFormat";const WCHAR szThreadNameFormat[] = L"ThreadNameFormat";
BOOL PerfSprc_DisplayHeapPerfObject = FALSE;DWORD PerfSprc_dwProcessNameFormat = NAME_FORMAT_DEFAULT;DWORD PerfSprc_dwThreadNameFormat = NAME_FORMAT_DEFAULT;
extern DWORD bOpenJobErrorLogged;
//
// Value to decide if process names should be collected from:
// the SystemProcessInfo structure (fastest)
// -- or --
// the process's image file (slower, but shows Unicode filenames)
//
LONG lProcessNameCollectionMethod = PNCM_NOT_DEFINED;
// variables local to this module
static POS_FUNCTION_INFO posDataFuncInfo[] = { {PROCESS_OBJECT_TITLE_INDEX, POS_COLLECT_PROCESS_DATA, 0, CollectProcessObjectData}, {THREAD_OBJECT_TITLE_INDEX, POS_COLLECT_THREAD_DATA, 0, CollectThreadObjectData}, {EXPROCESS_OBJECT_TITLE_INDEX, POS_COLLECT_EXPROCESS_DATA, 0, CollectExProcessObjectData}, {IMAGE_OBJECT_TITLE_INDEX, POS_COLLECT_IMAGE_DATA, 0, CollectImageObjectData}, {LONG_IMAGE_OBJECT_TITLE_INDEX, POS_COLLECT_LONG_IMAGE_DATA,0, CollectLongImageObjectData}, {THREAD_DETAILS_OBJECT_TITLE_INDEX, POS_COLLECT_THREAD_DETAILS_DATA, 0, CollectThreadDetailsObjectData}, {JOB_OBJECT_TITLE_INDEX, POS_COLLECT_JOB_OBJECT_DATA, 0, CollectJobObjectData}, {JOB_DETAILS_OBJECT_TITLE_INDEX, POS_COLLECT_JOB_DETAIL_DATA, 0, CollectJobDetailData}, {HEAP_OBJECT_TITLE_INDEX, POS_COLLECT_HEAP_DATA, 0, CollectHeapObjectData}};
#define POS_NUM_FUNCS (sizeof(posDataFuncInfo) / sizeof(posDataFuncInfo[1]))
static BOOL bInitOk = FALSE;static DWORD dwOpenCount = 0;static DWORD ProcessBufSize = LARGE_BUFFER_SIZE;
PM_OPEN_PROC OpenSysProcessObject;PM_COLLECT_PROC CollecSysProcessObjectData;PM_CLOSE_PROC CloseSysProcessObject;
__inlineVOIDPerfpQuerySystemTime( IN PLARGE_INTEGER SystemTime ){ do { SystemTime->HighPart = USER_SHARED_DATA->SystemTime.High1Time; SystemTime->LowPart = USER_SHARED_DATA->SystemTime.LowPart; } while (SystemTime->HighPart != USER_SHARED_DATA->SystemTime.High2Time);
}
�BOOLGetProcessExeName( HANDLE hProcessID, PUNICODE_STRING pusName){ HANDLE hProcess; OBJECT_ATTRIBUTES obProcess; CLIENT_ID ClientId; PROCESS_BASIC_INFORMATION BasicInfo; NTSTATUS Status; PPEB Peb; PPEB_LDR_DATA Ldr; PLIST_ENTRY LdrHead; PLIST_ENTRY LdrNext; PLDR_DATA_TABLE_ENTRY LdrEntry; LDR_DATA_TABLE_ENTRY LdrEntryData; BOOL bReturn; WCHAR wszDllName[MAX_PATH];
// open process for reading
// get handle to process
ClientId.UniqueThread = (HANDLE)NULL; ClientId.UniqueProcess = hProcessID;
InitializeObjectAttributes( &obProcess, NULL, 0, NULL, NULL );
Status = NtOpenProcess( &hProcess, (ACCESS_MASK)PROCESS_ALL_ACCESS, &obProcess, &ClientId);
if (! NT_SUCCESS(Status)){ // unable to open the process,
return FALSE; }
// Get the process information
Status = NtQueryInformationProcess( hProcess, ProcessBasicInformation, &BasicInfo, sizeof(BasicInfo), NULL );
if ( !NT_SUCCESS(Status) ) { SetLastError( RtlNtStatusToDosError( Status ) ); bReturn = FALSE; } else { Peb = BasicInfo.PebBaseAddress;
//
// get the loader information block
//
// Ldr = Peb->Ldr
//
if (!ReadProcessMemory(hProcess, &Peb->Ldr, &Ldr, sizeof(Ldr), NULL)) { // unable to read loader information
bReturn = FALSE; } else { LdrHead = &Ldr->InMemoryOrderModuleList;
//
// get the first memory block listed. this is the .EXE in NT
//
if (!ReadProcessMemory(hProcess, &LdrHead->Flink, &LdrNext, sizeof(LdrNext), NULL)) { // unable to read memory link
bReturn = FALSE; } else { LdrEntry = CONTAINING_RECORD(LdrNext, LDR_DATA_TABLE_ENTRY, InMemoryOrderLinks);
if (!ReadProcessMemory(hProcess, LdrEntry, &LdrEntryData, sizeof(LdrEntryData), NULL)) { // unable to read image header
bReturn = FALSE; } else { if (!ReadProcessMemory(hProcess, LdrEntryData.BaseDllName.Buffer, (LPVOID)&wszDllName[0], sizeof(wszDllName), NULL)) { // unable to read DLL buffer
bReturn = FALSE; } else { // copy the short name to the caller's buffer
RtlInitUnicodeString ( pusName, wszDllName); SetLastError(ERROR_SUCCESS); } } } } NtClose (hProcess); }
return TRUE;}�LONGGetProcessNameColMeth ( VOID){ NTSTATUS Status; HANDLE hPerflibKey; OBJECT_ATTRIBUTES oaPerflibKey; UNICODE_STRING PerflibSubKeyString; UNICODE_STRING NameInfoValueString; LONG lReturn = PNCM_SYSTEM_INFO; PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo; DWORD dwBufLen; DWORD dwRetBufLen; PDWORD pdwValue;
RtlInitUnicodeString ( &PerflibSubKeyString, szPerflibSubKey);
InitializeObjectAttributes( &oaPerflibKey, &PerflibSubKeyString, OBJ_CASE_INSENSITIVE, NULL, NULL );
Status = NtOpenKey( &hPerflibKey, MAXIMUM_ALLOWED, &oaPerflibKey );
if (NT_SUCCESS (Status)) { // registry key opened, now read value.
// allocate enough room for the structure, - the last
// UCHAR in the struct, but + the data buffer (a dword)
dwBufLen = sizeof(KEY_VALUE_PARTIAL_INFORMATION) - sizeof(UCHAR) + sizeof (DWORD);
pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ALLOCMEM ( hLibHeap, HEAP_ZERO_MEMORY, dwBufLen);
if (pKeyInfo != NULL) { // initialize value name string
RtlInitUnicodeString ( &NameInfoValueString, (LPCWSTR)L"CollectUnicodeProcessNames");
dwRetBufLen = 0; Status = NtQueryValueKey ( hPerflibKey, &NameInfoValueString, KeyValuePartialInformation, (PVOID)pKeyInfo, dwBufLen, &dwRetBufLen);
if (NT_SUCCESS(Status)) { // check value of return data buffer
pdwValue = (PDWORD)&pKeyInfo->Data[0]; if (*pdwValue == PNCM_MODULE_FILE) { lReturn = PNCM_MODULE_FILE; } else { // all other values will cause this routine to return
// the default value of PNCM_SYSTEM_INFO;
} }
FREEMEM (hLibHeap, 0, pKeyInfo); } // close handle
NtClose (hPerflibKey); }
return lReturn;}�VOIDPerfProcGlobalSettings ( VOID){ NTSTATUS Status; HANDLE hPerfProcKey; OBJECT_ATTRIBUTES oaPerfProcKey; UNICODE_STRING PerfProcSubKeyString; UNICODE_STRING NameInfoValueString; PKEY_VALUE_PARTIAL_INFORMATION pKeyInfo; DWORD dwBufLen; DWORD dwRetBufLen; PDWORD pdwValue;
PerfpQuerySystemTime(&PerfTime);
RtlInitUnicodeString ( &PerfProcSubKeyString, szPerfProcSubKey);
InitializeObjectAttributes( &oaPerfProcKey, &PerfProcSubKeyString, OBJ_CASE_INSENSITIVE, NULL, NULL );
Status = NtOpenKey( &hPerfProcKey, MAXIMUM_ALLOWED, &oaPerfProcKey );
if (NT_SUCCESS (Status)) { // registry key opened, now read value.
// allocate enough room for the structure, - the last
// UCHAR in the struct, but + the data buffer (a dword)
dwBufLen = sizeof(KEY_VALUE_PARTIAL_INFORMATION) - sizeof(UCHAR) + sizeof (DWORD);
pKeyInfo = (PKEY_VALUE_PARTIAL_INFORMATION)ALLOCMEM ( hLibHeap, HEAP_ZERO_MEMORY, dwBufLen);
if (pKeyInfo != NULL) { // initialize value name string
RtlInitUnicodeString ( &NameInfoValueString, szDisplayHeapPerfObject);
dwRetBufLen = 0; Status = NtQueryValueKey ( hPerfProcKey, &NameInfoValueString, KeyValuePartialInformation, (PVOID)pKeyInfo, dwBufLen, &dwRetBufLen);
if (NT_SUCCESS(Status)) { // check value of return data buffer
pdwValue = (PDWORD)&pKeyInfo->Data[0]; if (*pdwValue == 1) { PerfSprc_DisplayHeapPerfObject = TRUE; } else { // all other values will cause this routine to return
// the default value of FALSE
} }
RtlInitUnicodeString( &NameInfoValueString, szProcessNameFormat); dwRetBufLen = 0; Status = NtQueryValueKey( hPerfProcKey, &NameInfoValueString, KeyValuePartialInformation, (PVOID)pKeyInfo, dwBufLen, &dwRetBufLen);
if (NT_SUCCESS(Status)) { pdwValue = (PDWORD) &pKeyInfo->Data[0]; PerfSprc_dwProcessNameFormat = *pdwValue; }
RtlInitUnicodeString( &NameInfoValueString, szThreadNameFormat); dwRetBufLen = 0; Status = NtQueryValueKey( hPerfProcKey, &NameInfoValueString, KeyValuePartialInformation, (PVOID)pKeyInfo, dwBufLen, &dwRetBufLen);
if (NT_SUCCESS(Status)) { pdwValue = (PDWORD) &pKeyInfo->Data[0]; PerfSprc_dwThreadNameFormat = *pdwValue; }
FREEMEM (hLibHeap, 0, pKeyInfo); } // close handle
NtClose (hPerfProcKey); } if ((PerfSprc_dwProcessNameFormat < NAME_FORMAT_BLANK) || (PerfSprc_dwProcessNameFormat > NAME_FORMAT_ID)) PerfSprc_dwProcessNameFormat = NAME_FORMAT_DEFAULT; if ((PerfSprc_dwThreadNameFormat < NAME_FORMAT_BLANK) || (PerfSprc_dwThreadNameFormat > NAME_FORMAT_ID)) PerfSprc_dwThreadNameFormat = NAME_FORMAT_DEFAULT;}�BOOLDllProcessAttach ( IN HANDLE DllHandle)/*++
Description:
perform any initialization function that apply to all object modules
--*/{ BOOL bReturn = TRUE; WCHAR wszTempBuffer[512]; LONG lStatus; DWORD dwBufferSize;
UNREFERENCED_PARAMETER (DllHandle);
// open handle to the event log
if (hEventLog == NULL) { hEventLog = MonOpenEventLog((LPWSTR)L"PerfProc");
// create the local heap
hLibHeap = HeapCreate (0, 1, 0);
if (hLibHeap == NULL) { return FALSE; }
if (lProcessNameCollectionMethod == PNCM_NOT_DEFINED) { // get desired process name collection method as defined in the
// registry
lProcessNameCollectionMethod = GetProcessNameColMeth (); } }
lStatus = GetPerflibKeyValue ( szTotalValue, REG_SZ, sizeof(wszTempBuffer), (LPVOID)&wszTempBuffer[0], DEFAULT_TOTAL_STRING_LEN, (LPVOID)&szDefaultTotalString[0]);
if (lStatus == ERROR_SUCCESS) { // then a string was returned in the temp buffer
dwBufferSize = lstrlenW (wszTempBuffer) + 1; dwBufferSize *= sizeof (WCHAR); wszTotal = ALLOCMEM (hLibHeap, HEAP_ZERO_MEMORY, dwBufferSize); if (wszTotal == NULL) { // unable to allocate buffer so use static buffer
wszTotal = (LPWSTR)&szDefaultTotalString[0]; } else { memcpy (wszTotal, wszTempBuffer, dwBufferSize); } } else { // unable to get string from registry so just use static buffer
wszTotal = (LPWSTR)&szDefaultTotalString[0]; }
return bReturn;}�BOOLDllProcessDetach ( IN HANDLE DllHandle){ UNREFERENCED_PARAMETER (DllHandle);
if (dwOpenCount > 0) { // the Library is being unloaded before it was
// closed so close it now as this is the last
// chance to do it before the library is tossed.
// if the value of dwOpenCount is > 1, set it to
// one to insure everything will be closed when
// the close function is called.
if (dwOpenCount > 1) dwOpenCount = 1; CloseSysProcessObject(); }
if ((wszTotal != NULL) && (wszTotal != &szDefaultTotalString[0])) { FREEMEM (hLibHeap, 0, wszTotal); wszTotal = NULL; }
if (HeapDestroy (hLibHeap)) hLibHeap = NULL;
if (hEventLog != NULL) { MonCloseEventLog (); }
return TRUE;}�BOOL__stdcallDllInit( IN HANDLE DLLHandle, IN DWORD Reason, IN LPVOID ReservedAndUnused){ ReservedAndUnused;
// this will prevent the DLL from getting
// the DLL_THREAD_* messages
DisableThreadLibraryCalls (DLLHandle);
switch(Reason) { case DLL_PROCESS_ATTACH: return DllProcessAttach (DLLHandle);
case DLL_PROCESS_DETACH: return DllProcessDetach (DLLHandle);
case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: default: return TRUE; }}�PUNICODE_STRINGGetProcessSlowName ( PSYSTEM_PROCESS_INFORMATION pProcess)/*++
GetProcessSlowName
Inputs: PSYSTEM_PROCESS_INFORMATION pProcess
address of System Process Information data structure.
Outputs:
None
Returns:
Pointer to an initialized Unicode string (created by this routine) that contains the short name of the process image or a numeric ID if no name is found.
If unable to allocate memory for structure, then NULL is returned.
--*/{ PWCHAR pPeriod; PWCHAR pThisChar;
WORD wStringSize;
WORD wThisChar; WORD wLength;
// this routine assumes that the allocated memory has been zero'd
if (pusLocalProcessNameBuffer == NULL) { // allocate Unicode String Structure and adjacent buffer first
wLength = MAX_INSTANCE_NAME * sizeof(WCHAR); if (pProcess->ImageName.Length > 0) { if (wLength < pProcess->ImageName.Length) { wLength = pProcess->ImageName.Length; } } wStringSize = sizeof(UNICODE_STRING) + wLength + 64 + (WORD) sizeof(UNICODE_NULL);
pusLocalProcessNameBuffer = ALLOCMEM (hLibHeap, HEAP_ZERO_MEMORY, // this will only 0 the buffer the first time!
(DWORD)wStringSize); if (pusLocalProcessNameBuffer == NULL) { return NULL; } else { pusLocalProcessNameBuffer->MaximumLength = (WORD)(wStringSize - (WORD)(sizeof (UNICODE_STRING))); } } else { wStringSize = pusLocalProcessNameBuffer->MaximumLength; } pusLocalProcessNameBuffer->Length = 0; pusLocalProcessNameBuffer->Buffer = (PWCHAR)&pusLocalProcessNameBuffer[1];
memset ( // buffer must be zero'd so we'll have a NULL Term
pusLocalProcessNameBuffer->Buffer, 0, (DWORD)pusLocalProcessNameBuffer->MaximumLength);
// get the process name from the image file
GetProcessExeName (pProcess->UniqueProcessId, pusLocalProcessNameBuffer);
if (pusLocalProcessNameBuffer->Length > 0) { // some name has been defined
pPeriod = (PWCHAR)pusLocalProcessNameBuffer->Buffer; pThisChar = (PWCHAR)pusLocalProcessNameBuffer->Buffer; wThisChar = 0;
//
// go from beginning to end and find last backslash and
// last period in name
//
while (*pThisChar != 0) { // go until null
if (*pThisChar == L'.') { pPeriod = pThisChar; } pThisChar++; // point to next char
wThisChar += sizeof(WCHAR); if (wThisChar >= pusLocalProcessNameBuffer->Length) { break; } }
// if pPeriod is still pointing to the beginning of the
// string, then no period was found
if (pPeriod == (PWCHAR)pusLocalProcessNameBuffer->Buffer) { pPeriod = pThisChar; // set to end of string;
} else { // if a period was found, then see if the extension is
// .EXE, if so leave it, if not, then use end of string
// (i.e. include extension in name)
if (lstrcmpiW(pPeriod, (LPCWSTR)L".EXE") != 0) { pPeriod = pThisChar; } }
// copy characters between period (or end of string) and
// slash (or start of string) to make image name
wStringSize = (WORD)((PCHAR)pPeriod - (PCHAR)pusLocalProcessNameBuffer->Buffer); wLength = pusLocalProcessNameBuffer->MaximumLength - sizeof(UNICODE_NULL); if (wStringSize >= wLength) { wStringSize = wLength; } *pPeriod = 0; // null terminate buffer
if ((PerfSprc_dwProcessNameFormat == NAME_FORMAT_ID) && (wStringSize < (wLength - 10))) { ULONG Length; Length = PerfIntegerToWString( HandleToUlong(pProcess->UniqueProcessId), 10, (pusLocalProcessNameBuffer->MaximumLength - wStringSize) / sizeof(WCHAR), pPeriod+1); if (Length > 0) *pPeriod = L'_'; wStringSize += (WORD) (Length * sizeof(WCHAR)); } pusLocalProcessNameBuffer->Length = wStringSize; // adjust length
} else { // no name defined so use Process #
// check to see if this is a system process and give it
// a name
switch (HandleToUlong(pProcess->UniqueProcessId)) { case IDLE_PROCESS_ID: RtlAppendUnicodeToString (pusLocalProcessNameBuffer, (LPWSTR)IDLE_PROCESS); break;
case SYSTEM_PROCESS_ID: RtlAppendUnicodeToString (pusLocalProcessNameBuffer, (LPWSTR)SYSTEM_PROCESS); break;
// if the id is not a system process, then use the id as the name
default: // try accessing via the "regular" interface
return (GetProcessShortName (pProcess));
break; } }
return pusLocalProcessNameBuffer;}�PUNICODE_STRINGGetProcessShortName ( PSYSTEM_PROCESS_INFORMATION pProcess)/*++
GetProcessShortName
Inputs: PSYSTEM_PROCESS_INFORMATION pProcess
address of System Process Information data structure.
Outputs:
None
Returns:
Pointer to an initialized Unicode string (created by this routine) that contains the short name of the process image or a numeric ID if no name is found.
If unable to allocate memory for structure, then NULL is returned.
--*/{ PWCHAR pSlash; PWCHAR pPeriod; PWCHAR pThisChar;
WORD wStringSize;
WORD wThisChar; ULONG ProcessId; WORD wLength;
// this routine assumes that the allocated memory has been zero'd
if (pusLocalProcessNameBuffer == NULL) { // allocate Unicode String Structure and adjacent buffer first
wLength = MAX_INSTANCE_NAME * sizeof(WCHAR); if (pProcess->ImageName.Length > 0) { if (wLength < pProcess->ImageName.Length) { wLength = pProcess->ImageName.Length; } } wStringSize = sizeof(UNICODE_STRING) + wLength + 64 + (WORD) sizeof(UNICODE_NULL);
pusLocalProcessNameBuffer = ALLOCMEM (hLibHeap, HEAP_ZERO_MEMORY, // this will only 0 the buffer the first time!
(DWORD)wStringSize);
if (pusLocalProcessNameBuffer == NULL) { return NULL; } else { pusLocalProcessNameBuffer->MaximumLength = (WORD)(wStringSize - (WORD)sizeof (UNICODE_STRING)); } } else { wStringSize = pusLocalProcessNameBuffer->MaximumLength; } pusLocalProcessNameBuffer->Length = 0; pusLocalProcessNameBuffer->Buffer = (PWCHAR)&pusLocalProcessNameBuffer[1];
memset ( // buffer must be zero'd so we'll have a NULL Term
pusLocalProcessNameBuffer->Buffer, 0, (DWORD)pusLocalProcessNameBuffer->MaximumLength);
ProcessId = HandleToUlong(pProcess->UniqueProcessId); if (pProcess->ImageName.Buffer) { // some name has been defined
pSlash = (PWCHAR)pProcess->ImageName.Buffer; pPeriod = (PWCHAR)pProcess->ImageName.Buffer; pThisChar = (PWCHAR)pProcess->ImageName.Buffer; wThisChar = 0;
//
// go from beginning to end and find last backslash and
// last period in name
//
while (*pThisChar != 0) { // go until null
if (*pThisChar == L'\\') { pSlash = pThisChar; } else if (*pThisChar == L'.') { pPeriod = pThisChar; } pThisChar++; // point to next char
wThisChar += sizeof(WCHAR); if (wThisChar >= pProcess->ImageName.Length) { break; } }
// if pPeriod is still pointing to the beginning of the
// string, then no period was found
if (pPeriod == (PWCHAR)pProcess->ImageName.Buffer) { pPeriod = pThisChar; // set to end of string;
} else { // if a period was found, then see if the extension is
// .EXE, if so leave it, if not, then use end of string
// (i.e. include extension in name)
if (lstrcmpiW(pPeriod, (LPCWSTR)L".EXE") != 0) { pPeriod = pThisChar; } }
if (*pSlash == L'\\') { // if pSlash is pointing to a slash, then
pSlash++; // point to character next to slash
}
// copy characters between period (or end of string) and
// slash (or start of string) to make image name
wStringSize = (WORD)((PCHAR)pPeriod - (PCHAR)pSlash); // size in bytes
wLength = pusLocalProcessNameBuffer->MaximumLength - sizeof(UNICODE_NULL); if (wStringSize >= wLength) { wStringSize = wLength; }
memcpy (pusLocalProcessNameBuffer->Buffer, pSlash, wStringSize);
// null terminate is
// not necessary because allocated memory is zero-init'd
pPeriod = (PWCHAR) ((PCHAR) pusLocalProcessNameBuffer->Buffer + wStringSize); if (PerfSprc_dwProcessNameFormat == NAME_FORMAT_ID) { ULONG Length; Length = PerfIntegerToWString( ProcessId, 10, (pusLocalProcessNameBuffer->MaximumLength - wStringSize) / sizeof(WCHAR), pPeriod+1); if (Length > 0) *pPeriod = L'_'; wStringSize += (WORD) (Length * sizeof(WCHAR)); } pusLocalProcessNameBuffer->Length = wStringSize; } else { // no name defined so use Process #
// check to see if this is a system process and give it
// a name
switch (ProcessId) { case IDLE_PROCESS_ID: RtlAppendUnicodeToString (pusLocalProcessNameBuffer, (LPWSTR)IDLE_PROCESS); break;
case SYSTEM_PROCESS_ID: RtlAppendUnicodeToString (pusLocalProcessNameBuffer, (LPWSTR)SYSTEM_PROCESS); break;
// if the id is not a system process, then use the id as the name
default: RtlIntegerToUnicodeString (ProcessId, 10, pusLocalProcessNameBuffer);
break; }
}
return pusLocalProcessNameBuffer;}�#pragma warning (disable : 4706)
DWORDGetSystemProcessData (){ DWORD dwReturnedBufferSize; NTSTATUS Status; DWORD WinError; PVOID pBuffer;
//
// Get process data from system.
// if bGotProcessInfo is TRUE, that means we have the process
// info. collected earlier when we are checking for costly
// object types.
//
if (pProcessBuffer == NULL) { // allocate a new block
pProcessBuffer = ALLOCMEM (hLibHeap, HEAP_ZERO_MEMORY, ProcessBufSize); if (pProcessBuffer == NULL) { return ERROR_OUTOFMEMORY; } }
PerfpQuerySystemTime(&PerfTime); while( (Status = NtQuerySystemInformation( SystemProcessInformation, pProcessBuffer, ProcessBufSize, &dwReturnedBufferSize)) == STATUS_INFO_LENGTH_MISMATCH ) { // expand buffer & retry
ProcessBufSize += INCREMENT_BUFFER_SIZE;
pBuffer = pProcessBuffer; if ( !(pProcessBuffer = REALLOCMEM(hLibHeap, 0, pProcessBuffer, ProcessBufSize)) ) { FREEMEM(hLibHeap, 0, pBuffer); return (ERROR_OUTOFMEMORY); } }
if ( !NT_SUCCESS(Status) ) { // convert to win32 error
WinError = (DWORD)RtlNtStatusToDosError(Status); } else { WinError = ERROR_SUCCESS; }
return (WinError);
}#pragma warning (default : 4706)
�DWORD APIENTRYOpenSysProcessObject ( LPWSTR lpDeviceNames )/*++
Routine Description:
This routine will initialize the data structures used to pass data back to the registry
Arguments:
Pointer to object ID of each device to be opened (PerfGen)
Return Value:
None.
--*/{ DWORD status, dwSize; HKEY hKey; UNREFERENCED_PARAMETER (lpDeviceNames);
if (dwOpenCount == 0) { // clear the job object open error flag
bOpenJobErrorLogged = FALSE; PerfProcGlobalSettings(); }
dwOpenCount++;
bInitOk = TRUE;
return ERROR_SUCCESS;}�DWORD APIENTRYCollectSysProcessObjectData ( IN LPWSTR lpValueName, IN OUT LPVOID *lppData, IN OUT LPDWORD lpcbTotalBytes, IN OUT LPDWORD lpNumObjectTypes)/*++
Routine Description:
This routine will return the data for the processor object
Arguments:
IN LPWSTR lpValueName pointer to a wide character string passed by registry.
IN OUT LPVOID *lppData IN: pointer to the address of the buffer to receive the completed PerfDataBlock and subordinate structures. This routine will append its data to the buffer starting at the point referenced by *lppData. OUT: points to the first byte after the data structure added by this routine. This routine updated the value at lppdata after appending its data.
IN OUT LPDWORD lpcbTotalBytes IN: the address of the DWORD that tells the size in bytes of the buffer referenced by the lppData argument OUT: the number of bytes added by this routine is writted to the DWORD pointed to by this argument
IN OUT LPDWORD NumObjectTypes IN: the address of the DWORD to receive the number of objects added by this routine OUT: the number of objects added by this routine is writted to the DWORD pointed to by this argument
Returns:
0 if successful, else Win 32 error code of failure
--*/{ LONG lReturn = ERROR_SUCCESS;
NTSTATUS status;
// build bit mask of functions to call
DWORD dwQueryType; DWORD FunctionCallMask = 0; DWORD FunctionIndex;
DWORD dwNumObjectsFromFunction; DWORD dwOrigBuffSize; DWORD dwByteSize;
if (!bInitOk) { ReportEvent (hEventLog, EVENTLOG_ERROR_TYPE, 0, PERFPROC_NOT_OPEN, NULL, 0, 0, NULL, NULL); *lpcbTotalBytes = (DWORD) 0; *lpNumObjectTypes = (DWORD) 0; lReturn = ERROR_SUCCESS; goto COLLECT_BAIL_OUT; }
dwQueryType = GetQueryType (lpValueName);
switch (dwQueryType) { case QUERY_ITEMS: for (FunctionIndex = 0; FunctionIndex < POS_NUM_FUNCS; FunctionIndex++) { if (IsNumberInUnicodeList ( posDataFuncInfo[FunctionIndex].dwObjectId, lpValueName)) { FunctionCallMask |= posDataFuncInfo[FunctionIndex].dwCollectFunctionBit; } } break;
case QUERY_GLOBAL: // only return the HEAP data in a global query if it's enabled
// if they ask for it specifically, then it's OK
if (PerfSprc_DisplayHeapPerfObject) { FunctionCallMask = POS_COLLECT_GLOBAL_DATA; } else { // filter out the heap perf object
FunctionCallMask = POS_COLLECT_GLOBAL_NO_HEAP; } break;
case QUERY_FOREIGN: FunctionCallMask = POS_COLLECT_FOREIGN_DATA; break;
case QUERY_COSTLY: FunctionCallMask = POS_COLLECT_COSTLY_DATA; break;
default: FunctionCallMask = POS_COLLECT_COSTLY_DATA; break; }
// collect data from system
if (FunctionCallMask & POS_READ_SYS_PROCESS_DATA) { status = GetSystemProcessData ();
if (!NT_SUCCESS(status)) { ReportEvent (hEventLog, EVENTLOG_ERROR_TYPE, 0, PERFPROC_UNABLE_QUERY_PROCESS_INFO, NULL, 0, sizeof(DWORD), NULL, (LPVOID)&status); } } else { status = ERROR_SUCCESS; } // collect data from system
if ((status == ERROR_SUCCESS) && (pProcessBuffer != NULL) && (FunctionCallMask & POS_READ_PROCESS_VM_DATA)) { pProcessVaInfo = GetSystemVaData ( (PSYSTEM_PROCESS_INFORMATION)pProcessBuffer); // call function
if (pProcessVaInfo == NULL) { ReportEvent (hEventLog, EVENTLOG_ERROR_TYPE, 0, PERFPROC_UNABLE_QUERY_VM_INFO, NULL, 0, sizeof(DWORD), NULL, (LPVOID)&status); // zero buffer
} } else { // zero buffer
}
// collect data
*lpNumObjectTypes = 0; dwOrigBuffSize = dwByteSize = *lpcbTotalBytes; *lpcbTotalBytes = 0;
// remove query bits
FunctionCallMask &= POS_COLLECT_FUNCTION_MASK;
for (FunctionIndex = 0; FunctionIndex < POS_NUM_FUNCS; FunctionIndex++) { if ((posDataFuncInfo[FunctionIndex].dwCollectFunctionBit & FunctionCallMask) == (posDataFuncInfo[FunctionIndex].dwCollectFunctionBit & POS_COLLECT_FUNCTION_MASK)) { dwNumObjectsFromFunction = 0; lReturn = (*posDataFuncInfo[FunctionIndex].pCollectFunction) ( lppData, &dwByteSize, &dwNumObjectsFromFunction);
if (lReturn == ERROR_SUCCESS) { *lpNumObjectTypes += dwNumObjectsFromFunction; *lpcbTotalBytes += dwByteSize; dwOrigBuffSize -= dwByteSize; dwByteSize = dwOrigBuffSize; } else { break; } } }
// this list of data must be freed after use
if (pProcessVaInfo != NULL) {
FreeSystemVaData (pProcessVaInfo); pProcessVaInfo = NULL;
}
// *lppData is updated by each function
// *lpcbTotalBytes is updated after each successful function
// *lpNumObjects is updated after each successful function
COLLECT_BAIL_OUT:
return lReturn;}�DWORD APIENTRYCloseSysProcessObject ()/*++
Routine Description:
This routine closes the open handles to the Signal Gen counters.
Arguments:
None.
Return Value:
ERROR_SUCCESS
--*/
{ DWORD status = ERROR_SUCCESS; PVOID buffer;
if (--dwOpenCount == 0) { if (hLibHeap != NULL) { // close
if (pProcessBuffer != NULL) { buffer = pProcessBuffer; pProcessBuffer = NULL; FREEMEM (hLibHeap, 0, buffer); }
if (pusLocalProcessNameBuffer != NULL) { buffer = pusLocalProcessNameBuffer; pusLocalProcessNameBuffer = NULL; FREEMEM (hLibHeap, 0, buffer); } } } return status;
}
const CHAR PerfpIntegerWChars[] = {L'0', L'1', L'2', L'3', L'4', L'5', L'6', L'7', L'8', L'9', L'A', L'B', L'C', L'D', L'E', L'F'};
ULONGPerfIntegerToWString( IN ULONG Value, IN ULONG Base, IN LONG OutputLength, OUT LPWSTR String )/*++
Routine Description:
Arguments:
Return Value:
--*/
{ WCHAR Result[ 33 ], *s; ULONG Shift, Mask, Digit, Length;
Shift = 0; switch( Base ) { case 16: Shift = 4; break; case 8: Shift = 3; break; case 2: Shift = 1; break;
case 0: Base = 10; case 10: Shift = 0; break; default: Base = 10; Shift = 0; // Default to 10
}
if (Shift != 0) { Mask = 0xF >> (4 - Shift); }
s = &Result[ 32 ]; *s = L'\0'; do { if (Shift != 0) { Digit = Value & Mask; Value >>= Shift; } else { Digit = Value % Base; Value = Value / Base; }
*--s = PerfpIntegerWChars[ Digit ]; } while (Value != 0);
Length = (ULONG) (&Result[ 32 ] - s); if (OutputLength < 0) { OutputLength = -OutputLength; while ((LONG)Length < OutputLength) { *--s = L'0'; Length++; } }
if ((LONG)Length > OutputLength) { return( 0 ); } else { try { RtlMoveMemory( String, s, Length*sizeof(WCHAR) );
if ((LONG)Length < OutputLength) { String[ Length ] = L'\0'; } } except( EXCEPTION_EXECUTE_HANDLER ) { return( 0 ); }
return( Length ); }}
|
