|
|
/*++
Copyright (c) 2000-2001 Microsoft Corporation
Module Name:
filt.c
Abstract:
Extensions for dumping filter information.
Author:
Michael Courage (mcourage) 6-Apr-2000
Environment:
User Mode.
Revision History:
--*/
#include "precomp.h"
//
// Private globals.
//
PSTR g_pFiltqActions[] = { "QUEUE_IRP ", "DEQUEUE_IRP ", "START_WRITE ", "FINISH_WRITE ", "BLOCK_WRITE ", "WAKE_WRITE ", "BLOCK_PARTIAL_WRITE", "WAKE_PARTIAL_WRITE " };
C_ASSERT( DIM(g_pFiltqActions) == FILTQ_ACTION_COUNT );
//
// Public functions.
//
DECLARE_API( filter )
/*++
Routine Description:
Dumps a filter channel.
Arguments:
None.
Return Value:
None.
--*/
{ ULONG_PTR address = 0; ULONG result; UL_FILTER_CHANNEL channel;
SNAPSHOT_EXTENSION_DATA();
//
// Snag the address from the command line.
//
address = GetExpression( args );
if (address == 0) { address = GetExpression( "&http!g_pFilterChannel" ); }
if (address != 0) { if (!ReadMemory( address, &address, sizeof(address), NULL )) { dprintf( "filter: Cannot read memory @ %p\n", address ); return; } }
if (address == 0) { PrintUsage( "filter" ); return; }
//
// Read the filter.
//
if (!ReadMemory( address, &channel, sizeof(channel), &result )) { dprintf( "filter: cannot read UL_FILTER_CHANNEL @ %p\n", address ); return; }
DumpFilterChannel( "", "filter: ", address, &channel, 0 );
} // filter
DECLARE_API( fproc )
/*++
Routine Description:
Dumps a filter process.
Arguments:
None.
Return Value:
None.
--*/
{ ULONG_PTR address = 0; ULONG result; UL_FILTER_PROCESS process;
SNAPSHOT_EXTENSION_DATA();
//
// Snag the address from the command line.
//
address = GetExpression( args );
if (address == 0) { PrintUsage( "fproc" ); return; }
//
// Read the filter proc.
//
if (!ReadMemory( address, &process, sizeof(process), &result )) { dprintf( "fproc: cannot read UL_FILTER_PROCESS @ %p\n", address ); return; }
DumpFilterProc( "", "fproc: ", address, &process, 0 );
} // fproc
DECLARE_API( fqlog )
/*++
Routine Description:
Dumps the filter queue trace log.
Arguments:
None.
Return Value:
None.
--*/
{ ULONG_PTR address = 0; ULONG_PTR context = 0; ULONG_PTR flags = 0; ULONG_PTR entryAddress; ULONG_PTR logPointer; ULONG result; TRACE_LOG logHeader; LONGLONG numEntries; FILTQ_TRACE_LOG_ENTRY logEntry; PSTR pAction; LONGLONG index; ULONG offset1; ULONG offset2; CHAR invalidAction[sizeof("2047")]; PSTR fileName; CHAR filePath[MAX_PATH];
SNAPSHOT_EXTENSION_DATA();
//
// Snag the optional context from the command line.
//
context = GetExpression( args );
//
// Find the log.
//
address = GetExpression( "&http!g_pFilterQueueTraceLog" );
if (address == 0) { dprintf( "fqlog: cannot find http!g_pFilterQueueTraceLog\n" ); return; }
//
// Read the pointer.
//
if (!ReadMemory( address, &logPointer, sizeof(logPointer), &result )) { dprintf( "fqlog: cannot read PTRACE_LOG @ %p\n", address ); return; }
//
// Read the log header.
//
if (!ReadMemory( logPointer, &logHeader, sizeof(logHeader), &result )) { dprintf( "fqlog: cannot read TRACE_LOG @ %p\n", logPointer ); return; }
dprintf( "fqlog: log @ %p\n" " Signature = %08lx '%c%c%c%c' (%s)\n" " TypeSignature = %08lx '%c%c%c%c'\n" " LogSize = %lu\n" " NextEntry = %I64d\n" " EntrySize = %lu\n" " LogBuffer = %p\n", address, logHeader.Signature, DECODE_SIGNATURE(logHeader.Signature), logHeader.Signature == TRACE_LOG_SIGNATURE ? "OK" : logHeader.Signature == TRACE_LOG_SIGNATURE_X ? "FREED" : "INVALID", logHeader.TypeSignature, DECODE_SIGNATURE(logHeader.TypeSignature), logHeader.LogSize, logHeader.NextEntry, logHeader.EntrySize, logHeader.pLogBuffer );
if (logHeader.pLogBuffer > ( (PUCHAR)address + sizeof(logHeader) )) { dprintf( " ExtraData @ %p\n", address + sizeof(logHeader) ); }
if (logHeader.Signature != TRACE_LOG_SIGNATURE && logHeader.Signature != TRACE_LOG_SIGNATURE_X) { dprintf( "fqlog: log @ %p has invalid signature %08lx:\n", address, logHeader.Signature ); return; }
if (logHeader.EntrySize != sizeof(logEntry) || logHeader.TypeSignature != FILTQ_TRACE_LOG_SIGNATURE) { dprintf( "fqlog: log @ %p is not a filter queue trace log\n", address ); return; }
if (logHeader.NextEntry == -1) { dprintf( "fqlog: empty log @ %p\n", address ); return; }
//
// Calculate the log size to dump.
//
if (logHeader.NextEntry < logHeader.LogSize) { numEntries = logHeader.NextEntry + 1; index = 0; } else { numEntries = logHeader.LogSize; index = (logHeader.NextEntry + 1) % logHeader.LogSize; }
entryAddress = (ULONG_PTR)logHeader.pLogBuffer + (ULONG_PTR)( index * sizeof(logEntry) );
if (entryAddress >= ( (ULONG_PTR)logHeader.pLogBuffer + (ULONG_PTR)( numEntries * sizeof(logEntry) ) ) ) { dprintf( "fqlog: log @ %p has invalid data\n", address ); return; }
//
// Dump the log.
//
for (; numEntries > 0 ; index++, numEntries--, entryAddress += sizeof(logEntry)) { if (CheckControlC()) { break; }
if (index >= logHeader.LogSize) { index = 0; entryAddress = (ULONG_PTR)logHeader.pLogBuffer; }
if (!ReadMemory( entryAddress, &logEntry, sizeof(logEntry), NULL )) { dprintf( "fqlog: cannot read memory @ %p\n", entryAddress ); return; }
if (context == 0 || context == (ULONG_PTR)logEntry.pConnection) {
//
// Grab the file name.
//
if (ReadMemory( (ULONG_PTR)logEntry.pFileName, filePath, sizeof(filePath), &result )) { fileName = strrchr( filePath, '\\' );
if (fileName != NULL) { fileName++; } else { fileName = filePath; } } else { sprintf( filePath, "%p", logEntry.pFileName );
fileName = filePath; }
//
// And the action name.
//
if (logEntry.Action < FILTQ_ACTION_COUNT) { pAction = g_pFiltqActions[logEntry.Action]; } else { sprintf( invalidAction, "%lu", (ULONG)logEntry.Action ); pAction = invalidAction; }
dprintf( "CPU=%lu Conn=%p Act=%s ReadIrps=%lu Writers=%lu, %s:%u\n", logEntry.Processor, logEntry.pConnection, pAction, logEntry.ReadIrps, logEntry.Writers, fileName, logEntry.LineNumber ); } }
} // fqlog
|
