archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/memsnap/poolsnap.c

471 lines
11 KiB
Raw Normal View History

Add source files
4 years ago
  1. // poolsnap.c
  2. // this program takes a snapshot of all the kernel pool tags.
  3. // and appends it to the logfile (arg)
  4. // pmon was model for this
  6. /* includes */
  7. #include <nt.h>
  8. #include <ntrtl.h>
  9. #include <nturtl.h>
  10. #include <windows.h>
  11. #include <assert.h>
  12. #include <stdlib.h>
  13. #include <stdio.h>
  14. #include <string.h>
  15. #include <ctype.h>
  16. #include <io.h>
  17. #include <srvfsctl.h>
  18. #include <search.h>
  20. #include "tags.c"
  22. //
  23. // declarations
  24. //
  26. int __cdecl ulcomp(const void *e1,const void *e2);
  28. NTSTATUS
  29. QueryPoolTagInformationIterative(
  30. PUCHAR *CurrentBuffer,
  31. size_t *CurrentBufferSize
  32. );
  34. //
  35. // definitions
  36. //
  38. #define NONPAGED 0
  39. #define PAGED 1
  40. #define BOTH 2
  43. // from poolmon
  44. // raw input
  46. PSYSTEM_POOLTAG_INFORMATION PoolInfo;
  48. //
  49. // the amount of memory to increase the size
  50. // of the buffer for NtQuerySystemInformation at each step
  51. //
  53. #define BUFFER_SIZE_STEP 65536
  55. //
  56. // the buffer used for NtQuerySystemInformation
  57. //
  59. PUCHAR CurrentBuffer = NULL;
  61. //
  62. // the size of the buffer used for NtQuerySystemInformation
  63. //
  65. size_t CurrentBufferSize = 0;
  67. //
  68. // formatted output
  69. //
  71. typedef struct _POOLMON_OUT {
  72. union {
  73. UCHAR Tag[4];
  74. ULONG TagUlong;
  75. };
  76. UCHAR NullByte;
  77. BOOL Changed;
  78. ULONG Type;
  79. SIZE_T Allocs;
  80. SIZE_T AllocsDiff;
  81. SIZE_T Frees;
  82. SIZE_T FreesDiff;
  83. SIZE_T Allocs_Frees;
  84. SIZE_T Used;
  85. SIZE_T UsedDiff;
  86. SIZE_T Each;
  87. } POOLMON_OUT, *PPOOLMON_OUT;
  89. PPOOLMON_OUT OutBuffer;
  90. PPOOLMON_OUT Out;
  92. UCHAR *PoolType[] = {
  93. "Nonp ",
  94. "Paged"};
  97. VOID Usage(VOID)
  98. {
  99. printf("poolsnap [-?] [-t] [<logfile>]\n");
  100. printf("poolsnap logs system pool usage to <logfile>\n");
  101. printf("-? Gives this help\n");
  102. printf("-t Output extra tagged information\n");
  103. printf("<logfile> = poolsnap.log by default\n");
  104. exit(-1);
  105. }
  107. /*
  108. * FUNCTION: Main
  109. *
  110. * ARGUMENTS: See Usage
  111. *
  112. * RETURNS: 0
  113. *
  114. */
  116. int __cdecl main(int argc, char* argv[])
  117. {
  118. NTSTATUS Status; // status from NT api
  119. FILE* LogFile= NULL; // log file handle
  120. DWORD x= 0; // counter
  121. SIZE_T NumberOfPoolTags;
  122. INT iCmdIndex; // index into argv
  123. BOOL bOutputTags= FALSE; // if true, output standard tags
  125. // get higher priority in case system is bogged down
  126. if ( GetPriorityClass(GetCurrentProcess()) == NORMAL_PRIORITY_CLASS) {
  127. SetPriorityClass(GetCurrentProcess(),HIGH_PRIORITY_CLASS);
  128. }
  130. //
  131. // parse command line arguments
  132. //
  134. for( iCmdIndex=1; iCmdIndex < argc; iCmdIndex++ ) {
  136. CHAR chr;
  138. chr= *argv[iCmdIndex];
  140. if( (chr=='-') || (chr=='/') ) {
  141. chr= argv[iCmdIndex][1];
  142. switch( chr ) {
  143. case '?':
  144. Usage();
  145. break;
  146. case 't': case 'T':
  147. bOutputTags= TRUE;
  148. break;
  149. default:
  150. printf("Invalid switch: %s\n",argv[iCmdIndex]);
  151. Usage();
  152. break;
  153. }
  154. }
  155. else {
  156. if( LogFile ) {
  157. printf("Error: more than one file specified: %s\n",argv[iCmdIndex]);
  158. return(0);
  159. }
  160. LogFile= fopen(argv[iCmdIndex],"a");
  161. if( !LogFile ) {
  162. printf("Error: Opening file %s\n",argv[iCmdIndex]);
  163. return(0);
  164. }
  165. }
  166. }
  169. //
  170. // if no file specified, use default name
  171. //
  173. if( !LogFile ) {
  174. if( (LogFile = fopen("poolsnap.log","a")) == NULL ) {
  175. printf("Error: opening file poolsnap.log\n");
  176. return(0);
  177. }
  178. }
  180. //
  181. // print file header once
  182. //
  184. if( _filelength(_fileno(LogFile)) == 0 ) {
  185. fprintf(LogFile," Tag Type Allocs Frees Diff Bytes Per Alloc\n");
  186. }
  187. fprintf(LogFile,"\n");
  190. if( bOutputTags ) {
  191. OutputStdTags(LogFile, "poolsnap" );
  192. }
  194. // grab all pool information
  195. // log line format, fixed column format
  197. Status = QueryPoolTagInformationIterative(
  198. &CurrentBuffer,
  199. &CurrentBufferSize
  200. );
  202. if (! NT_SUCCESS(Status)) {
  203. printf("Failed to query pool tags information (status %08X). \n", Status);
  204. printf("Please check if pool tags are enabled. \n");
  205. return (0);
  206. }
  208. PoolInfo = (PSYSTEM_POOLTAG_INFORMATION)CurrentBuffer;
  210. //
  211. // Allocate the output buffer.
  212. //
  214. OutBuffer = malloc (PoolInfo->Count * sizeof(POOLMON_OUT));
  216. if (OutBuffer == NULL) {
  217. printf ("Error: cannot allocate internal buffer of %p bytes \n",
  218. PoolInfo->Count * sizeof(POOLMON_OUT));
  219. return (0);
  220. }
  222. Out = OutBuffer;
  224. if( NT_SUCCESS(Status) ) {
  225. for (x = 0; x < (int)PoolInfo->Count; x++) {
  226. // get pool info from buffer
  228. // non-paged
  229. if (PoolInfo->TagInfo[x].NonPagedAllocs != 0) {
  230. Out->Allocs = PoolInfo->TagInfo[x].NonPagedAllocs;
  231. Out->Frees = PoolInfo->TagInfo[x].NonPagedFrees;
  232. Out->Used = PoolInfo->TagInfo[x].NonPagedUsed;
  233. Out->Allocs_Frees = PoolInfo->TagInfo[x].NonPagedAllocs -
  234. PoolInfo->TagInfo[x].NonPagedFrees;
  235. Out->TagUlong = PoolInfo->TagInfo[x].TagUlong;
  236. Out->Type = NONPAGED;
  237. Out->Changed = FALSE;
  238. Out->NullByte = '\0';
  239. Out->Each = Out->Used / (Out->Allocs_Frees?Out->Allocs_Frees:1);
  240. }
  242. // paged
  243. if (PoolInfo->TagInfo[x].PagedAllocs != 0) {
  244. Out->Allocs = PoolInfo->TagInfo[x].PagedAllocs;
  245. Out->Frees = PoolInfo->TagInfo[x].PagedFrees;
  246. Out->Used = PoolInfo->TagInfo[x].PagedUsed;
  247. Out->Allocs_Frees = PoolInfo->TagInfo[x].PagedAllocs -
  248. PoolInfo->TagInfo[x].PagedFrees;
  249. Out->TagUlong = PoolInfo->TagInfo[x].TagUlong;
  250. Out->Type = PAGED;
  251. Out->Changed = FALSE;
  252. Out->NullByte = '\0';
  253. Out->Each = Out->Used / (Out->Allocs_Frees?Out->Allocs_Frees:1);
  254. }
  255. Out += 1;
  256. }
  257. }
  259. else {
  260. fprintf(LogFile, "Query pooltags Failed %lx\n",Status);
  261. fprintf(LogFile, " Be sure to turn on 'enable pool tagging' in gflags and reboot.\n");
  262. if( bOutputTags ) {
  263. fprintf(LogFile, "!Error:Query pooltags failed %lx\n",Status);
  264. fprintf(LogFile, "!Error: Be sure to turn on 'enable pool tagging' in gflags and reboot.\n");
  265. }
  267. // If there is an operator around, wake him up, but keep moving
  269. Beep(1000,350); Beep(500,350); Beep(1000,350);
  270. exit(0);
  271. }
  273. //
  274. // sort by tag value which is big endian
  275. //
  277. NumberOfPoolTags = Out - OutBuffer;
  278. qsort((void *)OutBuffer,
  279. (size_t)NumberOfPoolTags,
  280. (size_t)sizeof(POOLMON_OUT),
  281. ulcomp);
  283. //
  284. // print in file
  285. //
  287. for (x = 0; x < (int)PoolInfo->Count; x++) {
  288. fprintf(LogFile,
  289. #ifdef _WIN64
  290. " %4s %5s %18I64d %18I64d %16I64d %14I64d %12I64d\n",
  291. #else
  292. " %4s %5s %9ld %9ld %8ld %7ld %6ld\n",
  293. #endif
  294. OutBuffer[x].Tag,
  295. PoolType[OutBuffer[x].Type],
  296. OutBuffer[x].Allocs,
  297. OutBuffer[x].Frees,
  298. OutBuffer[x].Allocs_Frees,
  299. OutBuffer[x].Used,
  300. OutBuffer[x].Each
  301. );
  302. }
  305. // close file
  306. fclose(LogFile);
  308. return 0;
  309. }
  311. // comparison function for qsort
  312. // Tags are big endian
  314. int __cdecl ulcomp(const void *e1,const void *e2)
  315. {
  316. ULONG u1;
  318. u1 = ((PUCHAR)e1)[0] - ((PUCHAR)e2)[0];
  319. if (u1 != 0) {
  320. return u1;
  321. }
  322. u1 = ((PUCHAR)e1)[1] - ((PUCHAR)e2)[1];
  323. if (u1 != 0) {
  324. return u1;
  325. }
  326. u1 = ((PUCHAR)e1)[2] - ((PUCHAR)e2)[2];
  327. if (u1 != 0) {
  328. return u1;
  329. }
  330. u1 = ((PUCHAR)e1)[3] - ((PUCHAR)e2)[3];
  331. return u1;
  333. }
  336. /*
  337. * FUNCTION:
  338. *
  339. * QueryPoolTagInformationIterative
  340. *
  341. * ARGUMENTS:
  342. *
  343. * CurrentBuffer - a pointer to the buffer currently used for
  344. * NtQuerySystemInformation( SystemPoolTagInformation ).
  345. * It will be allocated if NULL or its size grown
  346. * if necessary.
  347. *
  348. * CurrentBufferSize - a pointer to a variable that holds the current
  349. * size of the buffer.
  350. *
  351. *
  352. * RETURNS:
  353. *
  354. * NTSTATUS returned by NtQuerySystemInformation or
  355. * STATUS_INSUFFICIENT_RESOURCES if the buffer must grow and the
  356. * heap allocation for it fails.
  357. *
  358. */
  360. NTSTATUS
  361. QueryPoolTagInformationIterative(
  362. PUCHAR *CurrentBuffer,
  363. size_t *CurrentBufferSize
  364. )
  365. {
  366. size_t NewBufferSize;
  367. NTSTATUS ReturnedStatus = STATUS_SUCCESS;
  369. if( CurrentBuffer == NULL || CurrentBufferSize == NULL ) {
  371. return STATUS_INVALID_PARAMETER;
  373. }
  375. if( *CurrentBufferSize == 0 || *CurrentBuffer == NULL ) {
  377. //
  378. // there is no buffer allocated yet
  379. //
  381. NewBufferSize = sizeof( UCHAR ) * BUFFER_SIZE_STEP;
  383. *CurrentBuffer = (PUCHAR) malloc( NewBufferSize );
  385. if( *CurrentBuffer != NULL ) {
  387. *CurrentBufferSize = NewBufferSize;
  389. } else {
  391. //
  392. // insufficient memory
  393. //
  395. ReturnedStatus = STATUS_INSUFFICIENT_RESOURCES;
  397. }
  399. }
  401. //
  402. // iterate by buffer's size
  403. //
  405. while( *CurrentBuffer != NULL ) {
  407. ReturnedStatus = NtQuerySystemInformation (
  408. SystemPoolTagInformation,
  409. *CurrentBuffer,
  410. (ULONG)*CurrentBufferSize,
  411. NULL );
  413. if( ! NT_SUCCESS(ReturnedStatus) ) {
  415. //
  416. // free the current buffer
  417. //
  419. free( *CurrentBuffer );
  421. *CurrentBuffer = NULL;
  423. if (ReturnedStatus == STATUS_INFO_LENGTH_MISMATCH) {
  425. //
  426. // try with a greater buffer size
  427. //
  429. NewBufferSize = *CurrentBufferSize + BUFFER_SIZE_STEP;
  431. *CurrentBuffer = (PUCHAR) malloc( NewBufferSize );
  433. if( *CurrentBuffer != NULL ) {
  435. //
  436. // allocated new buffer
  437. //
  439. *CurrentBufferSize = NewBufferSize;
  441. } else {
  443. //
  444. // insufficient memory
  445. //
  447. ReturnedStatus = STATUS_INSUFFICIENT_RESOURCES;
  449. *CurrentBufferSize = 0;
  451. }
  453. } else {
  455. *CurrentBufferSize = 0;
  457. }
  459. } else {
  461. //
  462. // NtQuerySystemInformation returned success
  463. //
  465. break;
  467. }
  468. }
  470. return ReturnedStatus;
  471. }