mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1971 lines
77 KiB
1971 lines
77 KiB
/*++
|
|
|
|
Copyright (c) 1994 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
mminfo.c
|
|
|
|
Abstract:
|
|
|
|
This module monitor the system hard page fault.
|
|
|
|
Author:
|
|
|
|
Stephen Hsiao (shsiao) 4-8-96
|
|
|
|
Environment:
|
|
|
|
User Mode
|
|
|
|
--*/
|
|
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <windows.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <assert.h>
|
|
|
|
#define NTMMPERF 1
|
|
#if NTMMPERF
|
|
typedef enum _KTHREAD_STATE {
|
|
Initialized,
|
|
Ready,
|
|
Running,
|
|
Standby,
|
|
Terminated,
|
|
Waiting,
|
|
Transition
|
|
} KTHREAD_STATE;
|
|
|
|
char *ThreadState[] = {
|
|
"Initialized",
|
|
"Ready",
|
|
"Running",
|
|
"Standby",
|
|
"Terminated",
|
|
"Waiting",
|
|
"Transition",
|
|
};
|
|
|
|
char *WaitReason[] = {
|
|
"Executive",
|
|
"FreePage",
|
|
"PageIn",
|
|
"PoolAllocation",
|
|
"DelayExecution",
|
|
"Suspended",
|
|
"UserRequest",
|
|
"WrExecutive",
|
|
"WrFreePage",
|
|
"WrPageIn",
|
|
"WrPoolAllocation",
|
|
"WrDelayExecution",
|
|
"WrSuspended",
|
|
"WrUserRequest",
|
|
"WrEventPair",
|
|
"WrQueue",
|
|
"WrLpcReceive",
|
|
"WrLpcReply",
|
|
"WrVirtualMemory",
|
|
"WrPageOut",
|
|
"WrRendezvous",
|
|
"Spare2",
|
|
"Spare3",
|
|
"Spare4",
|
|
"Spare5",
|
|
"Spare6",
|
|
"WrKernel",
|
|
"MaximumWaitReason"
|
|
};
|
|
|
|
PSZ PoolTypeNames[7] = {
|
|
"NonPagedPool",
|
|
"PagedPool ",
|
|
"NonPagedMS ",
|
|
"NotUsed ",
|
|
"NonPagedCaAl",
|
|
"PagedCaAl ",
|
|
"NonPCaAlMS "
|
|
};
|
|
|
|
#define CM_KEY_NODE_SIGNATURE 0x6b6e // "kn"
|
|
#define CM_LINK_NODE_SIGNATURE 0x6b6c // "kl"
|
|
#define CM_KEY_VALUE_SIGNATURE 0x6b76 // "kv"
|
|
#define CM_KEY_SECURITY_SIGNATURE 0x6b73 // "ks"
|
|
#define CM_KEY_FAST_LEAF 0x666c // "fl"
|
|
|
|
#define MAX_TASKS 256
|
|
#define TableSize 4096
|
|
#define PAGE_SIZE 4096
|
|
|
|
#define PROTECTED_POOL 0x80000000
|
|
|
|
CHAR Mark[MAX_MMINFO_MARK_SIZE];
|
|
DWORD pid;
|
|
CHAR pname[MAX_PATH];
|
|
CHAR *MmInfoBuffer;
|
|
SYSTEM_MMINFO_FILENAME_INFORMATION ImageHash[TableSize];
|
|
SYSTEM_MMINFO_PROCESS_INFORMATION ProcessHash[TableSize];
|
|
LONG ThreadHash[TableSize] = {-1};
|
|
LONG BufferLength;
|
|
BOOLEAN Debug=FALSE;
|
|
ULONG MmInfoOnFlag=0;
|
|
ULONG DefaultOnFlag=(MMINFO_LOG_MEMORY |
|
|
MMINFO_LOG_WORKINGSET |
|
|
MMINFO_LOG_HARDFAULT |
|
|
MMINFO_LOG_PROCESS |
|
|
MMINFO_LOG_THREAD);
|
|
ULONG DefaultDetailedOnFlag=(MMINFO_LOG_MEMORY |
|
|
MMINFO_LOG_WORKINGSET |
|
|
MMINFO_LOG_HARDFAULT |
|
|
MMINFO_LOG_SOFTFAULT |
|
|
MMINFO_LOG_PROCESS |
|
|
MMINFO_LOG_THREAD |
|
|
MMINFO_LOG_CSWITCH |
|
|
MMINFO_LOG_POOL |
|
|
MMINFO_LOG_CHANGELIST);
|
|
|
|
#ifdef WS_INSTRUMENTATION
|
|
char * WsInfoHeaderFormat =
|
|
" WsInfo, Process, WorkSet, Claim, Access, Age0, Age1, Age2, Age3, Shared, Mod, Faults, RecentF, Repl, URepl, Boosts, Prio\n";
|
|
|
|
char * WsInfoDataFormat =
|
|
" WsInfo, %24s, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d\n";
|
|
|
|
char * TrimHeaderFormat =
|
|
" Trim, Process, WorkSet, Claim, Try, Got, Faults, RecentF, Repl, URepl, Boosts, Prio\n";
|
|
|
|
char * TrimDataFormat =
|
|
" Trim, %24s, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %8d\n";
|
|
|
|
char * WsManagerHeaderFormat =
|
|
" WsManager, Time, Avail, Claim, Faults, LastPF, Counter, DesReduc, DesFree, Action\n";
|
|
|
|
char * WsManagerDataFormat =
|
|
" WsManager, %10I64d, %8d, %8d, %8d, %8d, %8d, %8d, %8d, %s\n";
|
|
|
|
#else
|
|
char * WsInfoHeaderFormat =
|
|
" WsInfo, Process, WorkSet, Faults, Prio\n";
|
|
|
|
char * WsInfoDataFormat =
|
|
" WsInfo, %24s, %8d, %8d, %8d\n";
|
|
|
|
char * TrimHeaderFormat =
|
|
" Trim, Process, WorkSet, Faults, Prio\n";
|
|
|
|
char * TrimDataFormat =
|
|
" Trim, %24s, %8d, %8d, %8d\n";
|
|
|
|
char * WsManagerHeaderFormat =
|
|
" WsManager, Time, Avail, Faults, LastPF, Counter, DesReduc, DesFree, Action\n";
|
|
|
|
char * WsManagerDataFormat =
|
|
" WsManager, %10I64d, %8d, %8d, %8d, %8d, %8d, %8d, %s\n";
|
|
|
|
#endif // WS_INSTRUMENTATION
|
|
char * ImageLoadHeaderFormat =
|
|
" ImageLoad, BaseAddr, EndAddr, SectNum, Process, Name\n";
|
|
|
|
char * ImageLoadDataFormat =
|
|
" ImageLoad, %08x, %08x, %-8x, %s, %S\n";
|
|
|
|
char * SampleProfileHeaderFormat =
|
|
" SampledProfile, EIP, Count\n";
|
|
|
|
char * SampledProfileDataFormat =
|
|
" SampledProfile, %08x, %-8d\n";
|
|
|
|
char * GeneralHeaderFormat = "%12s,%10s,%22s,%12s,%12s,%8s,%30s,%12s,%10s,%10s,%10s\n";
|
|
|
|
ULONG ToTurnOn=0;
|
|
ULONG ToTurnOff=0;
|
|
|
|
CHAR System[] = "System";
|
|
|
|
#define MODE_NONE 0
|
|
#define MODE_SLASH 1
|
|
#define MODE_PLUS 2
|
|
#define MODE_MINUS 3
|
|
|
|
|
|
typedef struct Api_Address_St {
|
|
ULONG Address;
|
|
CHAR *ApiName;
|
|
} Api_Address_t, *PApi_Address_t;
|
|
|
|
typedef struct Dll_Address_St {
|
|
ULONG StartingAddress;
|
|
ULONG EndingAddress;
|
|
CHAR *DllName;
|
|
} Dll_Address_t, *PDll_Address_t;
|
|
|
|
PApi_Address_t GlobalApiInfo;
|
|
PDll_Address_t GlobalDllInfo;
|
|
int NumGlobalApis=0;
|
|
int NumGlobalDlls=0;
|
|
int NumAllocatedGlobalApis=0;
|
|
int NumAllocatedGlobalDlls=0;
|
|
#define AllocationIncrement 1000
|
|
|
|
VOID InsertDll(ULONG StartingAddress, ULONG EndingAddress, CHAR *DllName){
|
|
|
|
if (NumGlobalDlls == NumAllocatedGlobalDlls ){
|
|
if (NumGlobalDlls == 0 ){
|
|
NumAllocatedGlobalDlls = AllocationIncrement;
|
|
GlobalDllInfo = (PDll_Address_t)
|
|
malloc( sizeof(Dll_Address_t) * NumAllocatedGlobalDlls);
|
|
} else {
|
|
NumAllocatedGlobalDlls += AllocationIncrement;
|
|
GlobalDllInfo = (PDll_Address_t)
|
|
realloc( GlobalDllInfo, sizeof(Dll_Address_t) * NumAllocatedGlobalDlls);
|
|
}
|
|
}
|
|
if (GlobalDllInfo == NULL ){
|
|
return;
|
|
}
|
|
GlobalDllInfo[ NumGlobalDlls ].StartingAddress = StartingAddress;
|
|
GlobalDllInfo[ NumGlobalDlls ].EndingAddress = EndingAddress;
|
|
GlobalDllInfo[ NumGlobalDlls ].DllName = DllName;
|
|
NumGlobalDlls ++;
|
|
}
|
|
|
|
VOID InsertApi(ULONG Address, CHAR *ApiName){
|
|
if (NumGlobalApis == NumAllocatedGlobalApis ){
|
|
if (NumGlobalApis == 0 ){
|
|
NumAllocatedGlobalApis = AllocationIncrement;
|
|
GlobalApiInfo = (PApi_Address_t)
|
|
malloc( sizeof(Api_Address_t) * NumAllocatedGlobalApis);
|
|
} else {
|
|
NumAllocatedGlobalApis += AllocationIncrement;
|
|
GlobalApiInfo = (PApi_Address_t)
|
|
realloc( GlobalApiInfo, sizeof(Api_Address_t) * NumAllocatedGlobalApis);
|
|
}
|
|
}
|
|
if (GlobalApiInfo == NULL ){
|
|
return;
|
|
}
|
|
GlobalApiInfo[ NumGlobalApis ].Address = Address;
|
|
GlobalApiInfo[ NumGlobalApis ].ApiName = ApiName;
|
|
NumGlobalApis ++;
|
|
}
|
|
CHAR *DllContainingAddress(ULONG Address){
|
|
int i;
|
|
for(i=0; i < NumGlobalDlls; i++){
|
|
if ( GlobalDllInfo[ i ].StartingAddress <= Address &&
|
|
Address <= GlobalDllInfo[ i ].EndingAddress){
|
|
return GlobalDllInfo[ i ].DllName;
|
|
}
|
|
}
|
|
return "DllNotFound";
|
|
}
|
|
CHAR *ApiAtAddress(ULONG Address){
|
|
int i;
|
|
for(i=0; i < NumGlobalApis; i++){
|
|
if ( GlobalApiInfo[ i ].Address == Address ){
|
|
return GlobalApiInfo[ i ].ApiName;
|
|
}
|
|
}
|
|
return "ApiNotFound";
|
|
}
|
|
|
|
|
|
VOID
|
|
ParseArgs (
|
|
int argc,
|
|
char *argv[]
|
|
)
|
|
{
|
|
ULONG Mode=MODE_NONE;
|
|
char *p;
|
|
char *Usage="\
|
|
Usage: mminfo -Option \n\
|
|
/c Turn OFF hard fault clustering\n\
|
|
/i Initialize MmInfo (Allocate buffer)\n\
|
|
/u Uninitialize MmInfo (Free buffer) \n\
|
|
/d Turn on debugging\n\
|
|
/f Turn off monitoring (Keep log for later processing) \n\
|
|
/F Set a Mark with workingsetflush now \n\
|
|
/M Set a Mark now \n\
|
|
/o Turn on default monitoring (h,m,t, and w)\n\
|
|
/O Turn on detailed monitoring (plus a, l, p, and S)\n\
|
|
+/- a Turn on/off context switch monitor\n\
|
|
+/- e Turn on/off EmptyQ on every Mark\n\
|
|
+/- E Turn on/off EmptyQDetail (Per Process footprint) on every Mark\n\
|
|
+/- h Turn on/off hard fault monitor\n\
|
|
+/- l Turn on/off memory list monitor\n\
|
|
+/- m Turn on/off memory monitor\n\
|
|
+/- p Turn on/off pool monitor\n\
|
|
+/- P Turn on/off sampled profiling\n\
|
|
+/- r Turn on/off registry monitor\n\
|
|
+/- R Turn on/off registry Relocation\n\
|
|
+/- s Turn on/off initial snap shot of memory\n\
|
|
+/- S Turn on/off Soft (Demand zero and Trainsition) fault monitor\n\
|
|
+/- t Turn on/off thread & process monitor\n\
|
|
+/- T Turn on/off detailed trimming monitor\n\
|
|
+/- w Turn on/off working set monitor\n\
|
|
+/- z Turn on/off detailed working set info\n\
|
|
+/- Z Turn on/off dumping working set entries\n\
|
|
Default Dump bata (Also turn off monitoring)\n\
|
|
";
|
|
NTSTATUS status;
|
|
int i;
|
|
|
|
argc--;
|
|
*argv++;
|
|
while ( argc-- > 0 ) {
|
|
p = *argv++;
|
|
|
|
switch (*p) {
|
|
case '/':
|
|
Mode = MODE_SLASH;
|
|
break;
|
|
case '+':
|
|
Mode = MODE_PLUS;
|
|
break;
|
|
case '-':
|
|
Mode = MODE_MINUS;
|
|
break;
|
|
default:
|
|
fprintf(stderr,"%s\n", Usage);
|
|
ExitProcess(1);
|
|
}
|
|
p++;
|
|
|
|
while(*p != '\0') {
|
|
if (Mode == MODE_SLASH) {
|
|
switch (*p) {
|
|
case 'c':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_NO_CLUSTERING;
|
|
break;
|
|
case 'd':
|
|
Debug=TRUE;
|
|
break;
|
|
case 'f':
|
|
status = NtSetSystemInformation (
|
|
SystemMmInfoLogOffInformation,
|
|
NULL,
|
|
0);
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"Set system information failed %lx\n",status);
|
|
}else{
|
|
fprintf(stderr,"Monitor Off\n");
|
|
}
|
|
ExitProcess(0);
|
|
case 'i':
|
|
status = NtSetSystemInformation (
|
|
SystemMmInfoInitializeInformation,
|
|
NULL,
|
|
0);
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr, "Set system information failed %lx\n",status);
|
|
}else{
|
|
fprintf(stderr,"buffer allocated\n");
|
|
}
|
|
ExitProcess(0);
|
|
case 'F':
|
|
case 'M':
|
|
{
|
|
BOOLEAN Flush = (*p == 'F') ? TRUE : FALSE;
|
|
p++;
|
|
while(*p == '\0') {
|
|
p++;
|
|
}
|
|
|
|
i=-1;
|
|
|
|
if (*p == '/' || *p == '+' || *p == '-') {
|
|
// Nothing in the Mark
|
|
fprintf(stderr, "Mark not set!\n");
|
|
fprintf(stderr,"%s\n", Usage);
|
|
ExitProcess(0);
|
|
} else if (*p == '"') {
|
|
p++;
|
|
while(*p != '"') {
|
|
if (i < MAX_MMINFO_MARK_SIZE) {
|
|
i++;
|
|
Mark[i] = *p;
|
|
}
|
|
p++;
|
|
}
|
|
} else {
|
|
while (*p != '\0') {
|
|
if (i < MAX_MMINFO_MARK_SIZE) {
|
|
i++;
|
|
Mark[i] = *p;
|
|
}
|
|
p++;
|
|
}
|
|
}
|
|
|
|
status = NtSetSystemInformation (
|
|
Flush ? SystemMmInfoMarkWithFlush
|
|
: SystemMmInfoMark,
|
|
Mark,
|
|
MAX_MMINFO_MARK_SIZE);
|
|
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr, "Set system information failed %lx\n",status);
|
|
}else{
|
|
fprintf(stderr, "Mark set: %s\n", Mark);
|
|
}
|
|
ExitProcess(0);
|
|
}
|
|
case 'o':
|
|
MmInfoOnFlag = DefaultOnFlag;
|
|
break;
|
|
case 'O':
|
|
MmInfoOnFlag = DefaultDetailedOnFlag;
|
|
break;
|
|
case 'u':
|
|
status = NtSetSystemInformation (
|
|
SystemMmInfoUnInitializeInformation,
|
|
NULL,
|
|
0);
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"Set system information failed %lx\n",status);
|
|
}else{
|
|
fprintf(stderr,"Unitialized\n");
|
|
}
|
|
ExitProcess(0);
|
|
default:
|
|
fprintf(stderr,"%s\n", Usage);
|
|
ExitProcess(1);
|
|
}
|
|
} else if (Mode == MODE_PLUS) {
|
|
switch (*p) {
|
|
case 'a':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_PROCESS |
|
|
MMINFO_LOG_THREAD | MMINFO_LOG_CSWITCH;
|
|
break;
|
|
case 'e':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_MEMORY | MMINFO_LOG_EMPTYQ | MMINFO_LOG_PROCESS;
|
|
break;
|
|
case 'E':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_MEMORY | MMINFO_LOG_EMPTYQ
|
|
| MMINFO_LOG_EMPTYQDETAIL | MMINFO_LOG_PROCESS;
|
|
break;
|
|
case 'm':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_MEMORY | MMINFO_LOG_PROCESS;
|
|
break;
|
|
case 'p':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_POOL;
|
|
break;
|
|
case 'w':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_WORKINGSET | MMINFO_LOG_PROCESS;
|
|
break;
|
|
case 't':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_PROCESS | MMINFO_LOG_THREAD;
|
|
break;
|
|
case 'T':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_WSCHANGE |
|
|
MMINFO_LOG_MEMORY | MMINFO_LOG_PROCESS;
|
|
break;
|
|
case 'h':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_HARDFAULT | MMINFO_LOG_PROCESS;
|
|
break;
|
|
case 'l':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_CHANGELIST | MMINFO_LOG_MEMORY;
|
|
break;
|
|
case 'r':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_REGISTRY;
|
|
break;
|
|
case 'R':
|
|
status = NtSetSystemInformation (
|
|
SystemRelocateCMCellOn,
|
|
NULL,
|
|
0);
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"Set system information failed %lx\n",status);
|
|
}else{
|
|
fprintf(stderr,"Registry Relocation on\n");
|
|
}
|
|
ExitProcess(0);
|
|
case 's':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_INIT_MEMSNAP;
|
|
break;
|
|
case 'S':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_SOFTFAULT |
|
|
MMINFO_LOG_PROCESS | MMINFO_LOG_MEMORY;
|
|
break;
|
|
case 'z':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_WSDETAILS;
|
|
break;
|
|
case 'Z':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_WSENTRIES;
|
|
break;
|
|
case 'P':
|
|
ToTurnOn = ToTurnOn | MMINFO_LOG_PROFILE;
|
|
break;
|
|
default:
|
|
fprintf(stderr,"%s\n", Usage);
|
|
ExitProcess(1);
|
|
}
|
|
} else if (Mode == MODE_MINUS) {
|
|
switch (*p) {
|
|
case 'a':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_CSWITCH ;
|
|
break;
|
|
case 'e':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_EMPTYQ;
|
|
break;
|
|
case 'E':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_EMPTYQDETAIL;
|
|
break;
|
|
case 'm':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_MEMORY ;
|
|
break;
|
|
case 'p':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_POOL;
|
|
break;
|
|
case 'w':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_WORKINGSET;
|
|
break;
|
|
case 't':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_PROCESS |
|
|
MMINFO_LOG_THREAD | MMINFO_LOG_CSWITCH;
|
|
break;
|
|
case 'T':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_WSCHANGE;
|
|
break;
|
|
case 'h':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_HARDFAULT;
|
|
break;
|
|
case 'l':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_CHANGELIST;
|
|
break;
|
|
case 'r':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_REGISTRY;
|
|
break;
|
|
case 'R':
|
|
status = NtSetSystemInformation (
|
|
SystemRelocateCMCellOff,
|
|
NULL,
|
|
0);
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"Set system information failed %lx\n",status);
|
|
}else{
|
|
fprintf(stderr,"Registry Relocation off\n");
|
|
}
|
|
ExitProcess(0);
|
|
case 's':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_INIT_MEMSNAP;
|
|
break;
|
|
case 'S':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_SOFTFAULT;
|
|
break;
|
|
case 'z':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_WSDETAILS;
|
|
break;
|
|
case 'Z':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_WSENTRIES;
|
|
break;
|
|
case 'P':
|
|
ToTurnOff = ToTurnOff | MMINFO_LOG_PROFILE;
|
|
break;
|
|
default:
|
|
fprintf(stderr,"%s\n", Usage);
|
|
ExitProcess(1);
|
|
}
|
|
}
|
|
p++;
|
|
}
|
|
}
|
|
}
|
|
#endif //NTMMPERF
|
|
|
|
int _cdecl
|
|
main(
|
|
int argc,
|
|
char *argv[]
|
|
)
|
|
{
|
|
#if NTMMPERF
|
|
LPSTR p;
|
|
NTSTATUS status;
|
|
ULONG ImageStart, ImageEnd;
|
|
ULONG ProcessStart, ProcessEnd;
|
|
SYSTEM_BASIC_INFORMATION BasicInfo;
|
|
ULONG TotalPageTable;
|
|
ULONG TotalModified;
|
|
ULONG TotalTransition;
|
|
SYSTEMTIME Time;
|
|
ULONG PageKb;
|
|
ULONG LogSize;
|
|
|
|
ULONG LogType;
|
|
_int64 *TmpPint64;
|
|
_int64 PerfCounter, PerfCounterStart;
|
|
_int64 PerfFrequency;
|
|
|
|
PerfHook_t *Hook, *NextHook;
|
|
TimeStamp_t TS;
|
|
PerfSize_t Size;
|
|
PerfTag_t Tag;
|
|
PerfData_t *Info;
|
|
ULONG i;
|
|
|
|
//
|
|
// First parse the arguments and see what to do.
|
|
//
|
|
ParseArgs( argc, argv );
|
|
|
|
if (ToTurnOn & ToTurnOff) {
|
|
fprintf(stderr,"Cannot turn on and off the same flag, make up your mind !!!\n");
|
|
}else{
|
|
MmInfoOnFlag=((MmInfoOnFlag | ToTurnOn) & ~ToTurnOff);
|
|
}
|
|
|
|
//
|
|
// If there is a flag to turn on. Do it.
|
|
//
|
|
|
|
if (MmInfoOnFlag) {
|
|
status = NtSetSystemInformation (
|
|
SystemMmInfoLogOnInformation,
|
|
&MmInfoOnFlag,
|
|
sizeof(ULONG));
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"Set system information failed ON %lx\n",status);
|
|
return 1;
|
|
}else{
|
|
fprintf(stderr,"Monitor On\n");
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
//
|
|
// If we reach this point, we are do dump the log.
|
|
// First turn off monitor.
|
|
//
|
|
|
|
status = NtSetSystemInformation (SystemMmInfoLogOffInformation,
|
|
NULL,
|
|
0);
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"Set system information failed %lx\n",status);
|
|
return 1;
|
|
}
|
|
|
|
//
|
|
// HACK FIXFIX when doing MP stuff
|
|
//
|
|
ThreadHash[0] = 0;
|
|
ProcessHash[0].ProcessID = 0;
|
|
RtlCopyMemory(ProcessHash[0].ImageFileName, "Idle", 16);
|
|
|
|
status = NtQuerySystemInformation(
|
|
SystemBasicInformation,
|
|
&BasicInfo,
|
|
sizeof(BasicInfo),
|
|
NULL
|
|
);
|
|
|
|
if (!NT_SUCCESS (status)) {
|
|
fprintf(stderr,"query system basic information failed %lx\n",status);
|
|
return 1;
|
|
}
|
|
|
|
PageKb = BasicInfo.PageSize / 1024;
|
|
|
|
//
|
|
// print the Headers
|
|
//
|
|
|
|
printf(WsManagerHeaderFormat);
|
|
printf(WsInfoHeaderFormat);
|
|
printf(TrimHeaderFormat );
|
|
printf(ImageLoadHeaderFormat);
|
|
printf(SampleProfileHeaderFormat);
|
|
|
|
|
|
//
|
|
// Mow dump the buffer.
|
|
//
|
|
NextHook = PerfNextHook();
|
|
Hook = PerfFirstHook();
|
|
|
|
LogSize = (ULONG) NextHook - (ULONG) Hook;
|
|
// fprintf(stderr, "Size in Pages %8d\n", PerfQueryBufferSize4KPages());
|
|
// fprintf(stderr, "Size in Bytes %8d\n", PerfQueryBufferSizeBytes());
|
|
// fprintf(stderr, "Size in KBs %8d\n", PerfQueryBufferSizeKB());
|
|
|
|
// fprintf(stderr, "Size in Bytes %8d (%8x - %8x) \n", NextHook - Hook, Hook, NextHook);
|
|
|
|
while( Hook < NextHook ){
|
|
ULONG LogType;
|
|
Hook = (PerfHook_t *)PerfGetHook(Hook, &Tag, &TS, &Size, &Info );
|
|
LogType = Tag.u.Bits.HookId;
|
|
// LogType = Tag.u.Value;
|
|
|
|
// PerfCounter = 0xffffffffffffffff;
|
|
PerfCounter = TS;
|
|
|
|
if (Debug) {
|
|
// fprintf(stdout, "%8x: LogType %4d, Size:%4d, Time: %I64u\n",Hook, LogType, Size, PerfCounter);
|
|
}
|
|
|
|
switch(LogType) {
|
|
printf ("LogType=%08x\n", LogType);
|
|
case PERF_APIMON_DLL_ADDRESS:
|
|
{
|
|
PPerf_Apimon_Dll_Address_t DllInfo;
|
|
DllInfo = (PPerf_Apimon_Dll_Address_t) Info;
|
|
InsertDll(DllInfo->StartingAddress,
|
|
DllInfo->EndingAddress,
|
|
DllInfo->DllName);
|
|
printf ("DllAddressName %08x %08x %s\n",
|
|
DllInfo->StartingAddress,
|
|
DllInfo->EndingAddress,
|
|
DllInfo->DllName);
|
|
}
|
|
break;
|
|
case PERF_APIMON_API_ADDRESS:
|
|
{
|
|
PPerf_Apimon_Api_Address_t ApiInfo;
|
|
ApiInfo = (PPerf_Apimon_Api_Address_t) Info;
|
|
InsertApi(ApiInfo->Address,
|
|
ApiInfo->ApiName);
|
|
printf ("ApiAddressName %08x %s\n",
|
|
ApiInfo->Address,
|
|
ApiInfo->ApiName);
|
|
}
|
|
break;
|
|
case PERF_APIMON_ENTER:
|
|
{
|
|
PPerf_Apimon_Enter_t PEnter;
|
|
PEnter = (PPerf_Apimon_Api_Address_t) Info;
|
|
printf ("ApiEnter %08x %s %s\n",
|
|
PEnter->Address,
|
|
DllContainingAddress(PEnter->Address),
|
|
ApiAtAddress(PEnter->Address));
|
|
}
|
|
break;
|
|
case PERF_APIMON_EXIT:
|
|
{
|
|
PPerf_Apimon_Enter_t PExit;
|
|
PExit = (PPerf_Apimon_Api_Address_t) Info;
|
|
printf ("ApiExit %08x %s %s\n",
|
|
PExit->Address,
|
|
DllContainingAddress(PExit->Address),
|
|
ApiAtAddress(PExit->Address));
|
|
}
|
|
break;
|
|
|
|
case MMINFO_LOG_TYPE_VERSION:
|
|
{
|
|
PSYSTEM_MMINFO_VERSION_INFORMATION TmpPMmInfoVersion;
|
|
|
|
TmpPMmInfoVersion = (PSYSTEM_MMINFO_VERSION_INFORMATION) Info;
|
|
|
|
if (TmpPMmInfoVersion->Version != MMINFO_VERSION) {
|
|
fprintf(stderr, "Kernel Version:%4d mismatch with User Version:%d\n",
|
|
TmpPMmInfoVersion->Version,
|
|
MMINFO_VERSION
|
|
);
|
|
ExitProcess(1);
|
|
} else {
|
|
fprintf(stderr, "Version: %4d, BufferSize = %6d KB\n",
|
|
MMINFO_VERSION,
|
|
LogSize/1024);
|
|
fprintf(stdout, "Version, %4d, BufferSize, %6d KB\n",
|
|
MMINFO_VERSION,
|
|
LogSize/1024);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case MMINFO_LOG_TYPE_PERFFREQUENCY:
|
|
{
|
|
PMMINFO_TIME_FREQUENCY TimeFreq;
|
|
|
|
TimeFreq = (PMMINFO_TIME_FREQUENCY) Info;
|
|
|
|
PerfFrequency = TimeFreq->Frequency;
|
|
|
|
PerfCounterStart = TimeFreq->Time;
|
|
|
|
printf("Log start at (Performance Counter), %I64d\n",
|
|
PerfCounterStart*1000000/PerfFrequency);
|
|
}
|
|
break;
|
|
|
|
case MMINFO_LOG_TYPE_FILENAMEBUFFER:
|
|
{
|
|
PSYSTEM_MMINFO_FILENAME_INFORMATION TmpPImage;
|
|
|
|
TmpPImage = (PSYSTEM_MMINFO_FILENAME_INFORMATION) Info;
|
|
|
|
while (TmpPImage->ImageKey) {
|
|
i=TmpPImage->ImageKey%TableSize;
|
|
|
|
while(ImageHash[i].ImageKey != 0) {
|
|
if (ImageHash[i].ImageKey == TmpPImage->ImageKey) {
|
|
break;
|
|
}else{
|
|
i = (i+1)%TableSize;
|
|
}
|
|
}
|
|
|
|
ImageHash[i].ImageKey =TmpPImage->ImageKey;
|
|
ImageHash[i].ImageName.Length =TmpPImage->ImageName.Length;
|
|
ImageHash[i].ImageName.Buffer =TmpPImage->ImageBuffer;
|
|
if (Debug) {
|
|
printf("%12s,", "S-Created");
|
|
}
|
|
|
|
if (Debug) {
|
|
printf("%10s,%22s,%12s,%12x,%8s,%30S,%12s,%10s,%10s\n",
|
|
"",
|
|
"",
|
|
"",
|
|
ImageHash[i].ImageKey,
|
|
"",
|
|
ImageHash[i].ImageName.Buffer,
|
|
"",
|
|
"",
|
|
"");
|
|
}
|
|
TmpPImage++;
|
|
}
|
|
}
|
|
break;
|
|
case MMINFO_LOG_TYPE_PAGEFAULT:
|
|
{
|
|
PSYSTEM_HARDPAGEFAULT_INFORMATION TmpPMmInfoLog;
|
|
|
|
TmpPMmInfoLog=(PSYSTEM_HARDPAGEFAULT_INFORMATION) Info;
|
|
|
|
printf("%12s,","HardFault");
|
|
printf("%10I64d,",
|
|
(PerfCounter - PerfCounterStart)*1000000/PerfFrequency);
|
|
|
|
if (TmpPMmInfoLog->ProcessID == 0) {
|
|
printf("%22s,","System ( 0)");
|
|
} else{
|
|
ULONG i;
|
|
|
|
i = TmpPMmInfoLog->ProcessID;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPMmInfoLog->ProcessID) {
|
|
printf("%16s ",ProcessHash[i].ImageFileName);
|
|
printf("(%3d),",ProcessHash[i].ProcessID);
|
|
}else{
|
|
printf("Process %13u,",TmpPMmInfoLog->ProcessID);
|
|
}
|
|
}
|
|
printf("%12u,",TmpPMmInfoLog->ThreadID);
|
|
printf("%12x,",TmpPMmInfoLog->Va);
|
|
printf("%8u,",TmpPMmInfoLog->Pfn);
|
|
{
|
|
ULONG i;
|
|
|
|
i=TmpPMmInfoLog->ImageKey%TableSize;
|
|
|
|
while(ImageHash[i].ImageKey != 0) {
|
|
if (ImageHash[i].ImageKey == TmpPMmInfoLog->ImageKey) {
|
|
printf("%30S,",ImageHash[i].ImageName.Buffer);
|
|
break;
|
|
}else{
|
|
i = (i+1)%TableSize;
|
|
}
|
|
}
|
|
if (ImageHash[i].ImageKey == 0) {
|
|
if (TmpPMmInfoLog->Va >= 0x8000000) {
|
|
printf("%30s,","pagefile.sys");
|
|
} else {
|
|
printf("%19s (%8x),","Image", TmpPMmInfoLog->ImageKey);
|
|
}
|
|
}
|
|
}
|
|
printf("%12I64d,",TmpPMmInfoLog->ReadOffset);
|
|
printf("%10u,",TmpPMmInfoLog->ByteCount);
|
|
if (TmpPMmInfoLog->FaultType == 3) {
|
|
printf("%10s,","Read");
|
|
} else if (TmpPMmInfoLog->FaultType == 2) {
|
|
printf("%10s,","Code");
|
|
} else if (TmpPMmInfoLog->FaultType == 1) {
|
|
printf("%10s,","Data");
|
|
} else {
|
|
printf("%10s,","NA");
|
|
}
|
|
|
|
printf("%10I64d",
|
|
(TmpPMmInfoLog->IoCompleteTime-PerfCounter)
|
|
*1000000/PerfFrequency);
|
|
|
|
printf("\n");
|
|
|
|
// printf("Got Page Fault Log\n");
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_TRANSITIONFAULT:
|
|
case MMINFO_LOG_TYPE_DEMANDZEROFAULT:
|
|
case MMINFO_LOG_TYPE_ADDVALIDPAGETOWS:
|
|
case MMINFO_LOG_TYPE_PROTOPTEFAULT:
|
|
case MMINFO_LOG_TYPE_ADDTOWS:
|
|
{
|
|
PSYSTEM_MMINFO_SOFTFAULT_INFORMATION TmpPMmInfoLog;
|
|
|
|
TmpPMmInfoLog=(PSYSTEM_MMINFO_SOFTFAULT_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_TRANSITIONFAULT) {
|
|
printf("%12s,","TransFault");
|
|
} else if (LogType == MMINFO_LOG_TYPE_DEMANDZEROFAULT) {
|
|
printf("%12s,","DeZeroFault");
|
|
} else if (LogType == MMINFO_LOG_TYPE_ADDVALIDPAGETOWS) {
|
|
printf("%12s,","AddValidToWS");
|
|
} else if (LogType == MMINFO_LOG_TYPE_PROTOPTEFAULT) {
|
|
printf("%12s,","ProtoFault");
|
|
} else if (LogType == MMINFO_LOG_TYPE_ADDTOWS) {
|
|
printf("%12s,","AddToWS");
|
|
} else {
|
|
printf("%12s,","Unknown");
|
|
}
|
|
|
|
printf("%10s,", "");
|
|
|
|
if (TmpPMmInfoLog->ProcessID == -1) {
|
|
printf("%22s,","SystemCache");
|
|
} else{
|
|
ULONG i;
|
|
|
|
i = TmpPMmInfoLog->ProcessID;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPMmInfoLog->ProcessID) {
|
|
printf("%16s ",ProcessHash[i].ImageFileName);
|
|
printf("(%3d),",ProcessHash[i].ProcessID);
|
|
}else{
|
|
printf("Process %13u,",TmpPMmInfoLog->ProcessID);
|
|
}
|
|
}
|
|
printf("%12u,",TmpPMmInfoLog->ThreadID);
|
|
printf("%12x,",TmpPMmInfoLog->Va);
|
|
printf("%8u",TmpPMmInfoLog->Pfn);
|
|
|
|
printf("\n");
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_WORKINGSETSNAP:
|
|
{
|
|
PSYSTEM_MMINFO_WSENTRY_INFORMATION TmpPWs;
|
|
PMMINFO_WSENTRY TmpPWsEntry;
|
|
ULONG Size;
|
|
ULONG ii;
|
|
UCHAR Process[22];
|
|
|
|
TmpPWs = (PSYSTEM_MMINFO_WSENTRY_INFORMATION) Info;
|
|
|
|
Size = TmpPWs->WsSize;
|
|
TmpPWsEntry = TmpPWs->Ws;
|
|
|
|
if (TmpPWs->ProcessID == -1) {
|
|
sprintf(Process,"%22s","SystemCache");
|
|
} else {
|
|
ULONG i;
|
|
i = TmpPWs->ProcessID;
|
|
if (ProcessHash[i].ProcessID == TmpPWs->ProcessID) {
|
|
sprintf(Process, "%16s (%3d)",
|
|
ProcessHash[i].ImageFileName,
|
|
ProcessHash[i].ProcessID);
|
|
}else{
|
|
sprintf(Process,"Process %13u",TmpPWs->ProcessID);
|
|
}
|
|
}
|
|
|
|
for (ii = 1; ii <= Size; ii++) {
|
|
printf("%12s,%10s,%22s,%12u,%12x,%8u,%s,%s",
|
|
"WsSnap",
|
|
"",
|
|
Process,
|
|
ii,
|
|
TmpPWsEntry->Va.Page << 12,
|
|
TmpPWsEntry->Pa.Page,
|
|
TmpPWsEntry->Pa.Accessed ?
|
|
"Accessed" : "NotAccessed",
|
|
TmpPWsEntry->Pa.Modified ?
|
|
"Modified" : "NotModified",
|
|
TmpPWsEntry->Pa.Shared ?
|
|
"Shared" : "NotShared"
|
|
);
|
|
#ifdef WS_INSTRUMENTATION_ACCESS_BIT
|
|
printf(",%s",
|
|
TmpPWsEntry->Pa.RecentlyUsed ?
|
|
"RecentlyUsed" : "NotRecentlyUsed"
|
|
);
|
|
#endif // WS_INSTRUMENTATION_ACCESS_BIT
|
|
printf("\n");
|
|
TmpPWsEntry++;
|
|
}
|
|
|
|
// printf("Size = %d\n", Size);
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_OUTWS_REPLACEUSED:
|
|
case MMINFO_LOG_TYPE_OUTWS_REPLACEUNUSED:
|
|
case MMINFO_LOG_TYPE_OUTWS_VOLUNTRIM:
|
|
case MMINFO_LOG_TYPE_OUTWS_FORCETRIM:
|
|
case MMINFO_LOG_TYPE_OUTWS_ADJUSTWS:
|
|
case MMINFO_LOG_TYPE_OUTWS_EMPTYQ:
|
|
{
|
|
PSYSTEM_MMINFO_WSCHANGE_INFORMATION TmpPMmInfoLog;
|
|
|
|
TmpPMmInfoLog=(PSYSTEM_MMINFO_WSCHANGE_INFORMATION) Info;
|
|
|
|
printf("%12s,","Out_Of_WS");
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_OUTWS_REPLACEUSED) {
|
|
printf("%10s,","RepUsed");
|
|
} else if (LogType == MMINFO_LOG_TYPE_OUTWS_REPLACEUNUSED) {
|
|
printf("%10s,","RepUnUsed");
|
|
} else if (LogType == MMINFO_LOG_TYPE_OUTWS_VOLUNTRIM) {
|
|
printf("%10s,","VolunTrim");
|
|
} else if (LogType == MMINFO_LOG_TYPE_OUTWS_FORCETRIM) {
|
|
printf("%10s,","ForceTrim");
|
|
} else if (LogType == MMINFO_LOG_TYPE_OUTWS_ADJUSTWS) {
|
|
printf("%10s,","AdjustWs");
|
|
} else if (LogType == MMINFO_LOG_TYPE_OUTWS_EMPTYQ) {
|
|
printf("%10s,","EmptyQ");
|
|
} else {
|
|
printf("%10s,","Unknown");
|
|
}
|
|
|
|
if (TmpPMmInfoLog->ProcessID == 0) {
|
|
printf("%22s,","SystemCache");
|
|
} else{
|
|
ULONG i;
|
|
|
|
i = TmpPMmInfoLog->ProcessID;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPMmInfoLog->ProcessID) {
|
|
printf("%16s ",ProcessHash[i].ImageFileName);
|
|
printf("(%3d),",ProcessHash[i].ProcessID);
|
|
}else{
|
|
printf("Process %13u,",TmpPMmInfoLog->ProcessID);
|
|
}
|
|
}
|
|
printf("%12s,","");
|
|
printf("%12x,",TmpPMmInfoLog->Entry.Va.Page << 12);
|
|
printf("%8u",TmpPMmInfoLog->Entry.Pa.Page);
|
|
|
|
printf("\n");
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_WSINFOCACHE:
|
|
case MMINFO_LOG_TYPE_TRIMCACHE:
|
|
case MMINFO_LOG_TYPE_WSINFOPROCESS:
|
|
case MMINFO_LOG_TYPE_TRIMPROCESS:
|
|
{
|
|
PSYSTEM_MMINFO_TRIMPROCESS_INFORMATION TmpPMmInfoTrimProcess;
|
|
|
|
TmpPMmInfoTrimProcess = (PSYSTEM_MMINFO_TRIMPROCESS_INFORMATION) Info;
|
|
|
|
if ((LogType == MMINFO_LOG_TYPE_WSINFOPROCESS) ||
|
|
(LogType == MMINFO_LOG_TYPE_WSINFOCACHE)) {
|
|
printf("%12s,","WsInfo");
|
|
} else {
|
|
printf("%12s,","Triming");
|
|
}
|
|
printf("WS:%7d,", TmpPMmInfoTrimProcess->ProcessWorkingSet);
|
|
|
|
if ((LogType == MMINFO_LOG_TYPE_TRIMCACHE) ||
|
|
(LogType == MMINFO_LOG_TYPE_WSINFOCACHE)) {
|
|
printf("%22s,","SystemCache");
|
|
} else{
|
|
if (TmpPMmInfoTrimProcess->ProcessID == 0) {
|
|
printf("%30s,","System ( 0)");
|
|
} else {
|
|
ULONG i;
|
|
|
|
i = TmpPMmInfoTrimProcess->ProcessID;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPMmInfoTrimProcess->ProcessID) {
|
|
printf("%16s ",ProcessHash[i].ImageFileName);
|
|
printf("(%3d),",ProcessHash[i].ProcessID);
|
|
}else{
|
|
printf("Process %13u,",TmpPMmInfoTrimProcess->ProcessID);
|
|
}
|
|
}
|
|
}
|
|
printf("Need:%7d,", TmpPMmInfoTrimProcess->ToTrim);
|
|
printf("Got:%8d,", TmpPMmInfoTrimProcess->ActualTrim);
|
|
printf("Pri:%4d,", TmpPMmInfoTrimProcess->ProcessMemoryPriority);
|
|
printf("PageFaults:%8d,",
|
|
TmpPMmInfoTrimProcess->ProcessPageFaultCount-
|
|
TmpPMmInfoTrimProcess->ProcessLastPageFaultCount);
|
|
if ((LogType == MMINFO_LOG_TYPE_WSINFOPROCESS) ||
|
|
(LogType == MMINFO_LOG_TYPE_WSINFOCACHE)) {
|
|
printf("Acc:%4d,",
|
|
TmpPMmInfoTrimProcess->ProcessAccessedCount);
|
|
printf("Mod:%4d,",
|
|
TmpPMmInfoTrimProcess->ProcessModifiedCount);
|
|
printf("Shd:%4d,",
|
|
TmpPMmInfoTrimProcess->ProcessSharedCount);
|
|
#ifdef WS_INSTRUMENTATION_ACCESS_BIT
|
|
printf("RUsed:%4d,",
|
|
TmpPMmInfoTrimProcess->ProcessRecentlyUsedCount);
|
|
#endif // WS_INSTRUMENTATION_ACCESS_BIT
|
|
}
|
|
#ifdef WS_INSTRUMENTATION
|
|
printf("Replacments:%5d,",
|
|
TmpPMmInfoTrimProcess->ProcessReplacementCount);
|
|
|
|
printf("QuotaBoosts:%5d,",
|
|
TmpPMmInfoTrimProcess->ProcessQuotaBoostCount);
|
|
printf("UsedRepls:%5d,",
|
|
TmpPMmInfoTrimProcess->ProcessSparecount3);
|
|
printf("FaultsSinceQInc:%5d,",
|
|
TmpPMmInfoTrimProcess->ProcessPageFaultCount-
|
|
TmpPMmInfoTrimProcess->ProcessLastGrowthFaultCount);
|
|
printf("FaultSinceFGTrim:%5d,",
|
|
TmpPMmInfoTrimProcess->ProcessPageFaultCount -
|
|
TmpPMmInfoTrimProcess->
|
|
ProcessLastForegroundTrimFaultCount);
|
|
printf("Spare4:%5d,",
|
|
TmpPMmInfoTrimProcess->ProcessSparecount4);
|
|
printf("Spare5:%2d,",
|
|
TmpPMmInfoTrimProcess->ProcessSparecount5);
|
|
#endif // WS_INSTRUMENTATION
|
|
printf("\n");
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_POOLSTAT:
|
|
case MMINFO_LOG_TYPE_ADDPOOLPAGE:
|
|
case MMINFO_LOG_TYPE_FREEPOOLPAGE:
|
|
{
|
|
PSYSTEM_MMINFO_POOL_INFORMATION TmpPMmInfoPool;
|
|
|
|
TmpPMmInfoPool = (PSYSTEM_MMINFO_POOL_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_ADDPOOLPAGE) {
|
|
printf("%12s,","AddPoolPage");
|
|
} else if (LogType == MMINFO_LOG_TYPE_FREEPOOLPAGE) {
|
|
printf("%12s,","FreePoolPage");
|
|
} else{
|
|
printf("%12s,","PoolSummary");
|
|
}
|
|
|
|
printf("%10s,%22d,%12s,%12x,%8d,%8d,%8d,%12d,%12d\n",
|
|
"",
|
|
(int) TmpPMmInfoPool->Pool /100,
|
|
PoolTypeNames[(TmpPMmInfoPool->Pool%100) & 7],
|
|
TmpPMmInfoPool->Entry,
|
|
TmpPMmInfoPool->Alloc,
|
|
TmpPMmInfoPool->DeAlloc,
|
|
TmpPMmInfoPool->TotalPages,
|
|
TmpPMmInfoPool->TotalBytes,
|
|
// TmpPMmInfoPool->TotalBytes*100/4096/TmpPMmInfoPool->TotalPages,
|
|
// TmpPMmInfoPool->TotalBigBytes,
|
|
TmpPMmInfoPool->TotalBigPages
|
|
// TmpPMmInfoPool->TotalBigBytes*100/4096/TmpPMmInfoPool->TotalBigPages
|
|
);
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_WORKINGSETMANAGER:
|
|
{
|
|
PSYSTEM_WORKINGSETMANAGER_INFORMATION TmpPWorkingSetManager;
|
|
char *ActionString;
|
|
|
|
TmpPWorkingSetManager = (PSYSTEM_WORKINGSETMANAGER_INFORMATION) Info;
|
|
|
|
switch(TmpPWorkingSetManager->Action) {
|
|
case WS_ACTION_RESET_COUNTER:
|
|
ActionString = "Reset Counter";
|
|
break;
|
|
case WS_ACTION_NOTHING:
|
|
ActionString = "Nothing";
|
|
break;
|
|
case WS_ACTION_INCREMENT_COUNTER:
|
|
ActionString = "Increment Counter";
|
|
break;
|
|
case WS_ACTION_WILL_TRIM:
|
|
ActionString = "Start Trimming";
|
|
break;
|
|
case WS_ACTION_FORCE_TRIMMING_PROCESS:
|
|
ActionString = "Force Trim";
|
|
break;
|
|
case WS_ACTION_WAIT_FOR_WRITER:
|
|
ActionString = "Wait writter";
|
|
break;
|
|
case WS_ACTION_EXAMINED_ALL_PROCESS:
|
|
ActionString = "All Process Examed";
|
|
break;
|
|
case WS_ACTION_AMPLE_PAGES_EXIST:
|
|
ActionString = "Ample Pages Exist";
|
|
break;
|
|
case WS_ACTION_END_WALK_ENTRIES:
|
|
ActionString = "Finished Walking WsEntries";
|
|
break;
|
|
default:
|
|
ActionString = "Unknown Action";
|
|
break;
|
|
}
|
|
|
|
printf(WsManagerDataFormat,
|
|
(PerfCounter - PerfCounterStart) *1000000/PerfFrequency,
|
|
TmpPWorkingSetManager->Available,
|
|
TmpPWorkingSetManager->PageFaultCount,
|
|
TmpPWorkingSetManager->LastPageFaultCount,
|
|
TmpPWorkingSetManager->MiCheckCounter,
|
|
TmpPWorkingSetManager->DesiredReductionGoal,
|
|
TmpPWorkingSetManager->DesiredFreeGoal,
|
|
ActionString
|
|
);
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_REMOVEPAGEFROMLIST:
|
|
case MMINFO_LOG_TYPE_REMOVEPAGEBYCOLOR:
|
|
case MMINFO_LOG_TYPE_PAGEINMEMORY:
|
|
case MMINFO_LOG_TYPE_MEMORYSNAP:
|
|
case MMINFO_LOG_TYPE_SETPFNDELETED:
|
|
case MMINFO_LOG_TYPE_DELETEKERNELSTACK:
|
|
{
|
|
PSYSTEM_REMOVEDPAGE_INFORMATION TmpPRemovedPage;
|
|
|
|
TmpPRemovedPage=(PSYSTEM_REMOVEDPAGE_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_PAGEINMEMORY) {
|
|
printf("%12s,","InMemory");
|
|
}else if (LogType == MMINFO_LOG_TYPE_MEMORYSNAP) {
|
|
printf("%12s,","MemSnap");
|
|
}else if (LogType == MMINFO_LOG_TYPE_SETPFNDELETED) {
|
|
printf("%12s,","PfnDeleted");
|
|
}else if (LogType == MMINFO_LOG_TYPE_DELETEKERNELSTACK) {
|
|
printf("%12s,","DeleteStack");
|
|
}else {
|
|
printf("%12s,","PageRemoved");
|
|
}
|
|
|
|
printf("%10I64d,",
|
|
(PerfCounter - PerfCounterStart)
|
|
*1000000/PerfFrequency);
|
|
|
|
printf("%22s,","");
|
|
printf("%12x,",TmpPRemovedPage->Pte);
|
|
// printf("%30S,",.ImageName.Buffer);
|
|
switch(TmpPRemovedPage->UsedFor) {
|
|
case MMINFO_PAGE_USED_FOR_PAGEDPOOL:
|
|
printf("%12x,",TmpPRemovedPage->Pte<<10);
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Paged Pool");
|
|
printf("%12s,%10s,%10s,","","","PagedPool");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_NONPAGEDPOOL:
|
|
printf("%12x,",TmpPRemovedPage->Pte<<10);
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","NonPaged Pool");
|
|
printf("%12s,%10s,%10s,","","","NonPagedP");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_KERNELSTACK:
|
|
printf("%12x,",TmpPRemovedPage->Pte<<10);
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Kernel Stack");
|
|
printf("%12s,%10s,%10s,","","","K-Stack");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_FREEPAGE:
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Free Page");
|
|
printf("%12s,%10s,%10s,","","","Free");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_ZEROPAGE:
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Zero Page");
|
|
printf("%12s,%10s,%10s,","","","Zero");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_BADPAGE:
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Bad Page");
|
|
printf("%12s,%10s,%10s,","","","Bad");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_UNKNOWN:
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Unknown");
|
|
printf("%12s,%10s,%10s,","","","Unknown");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_METAFILE:
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Meta File");
|
|
printf("%12s,%10s,%10s,","","","Meta");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_NONAME:
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","No Name");
|
|
printf("%12s,%10s,%10s,","","","Image");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_PAGEFILEMAPPED:
|
|
printf("%12x,",TmpPRemovedPage->Pte<<10);
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("%30s,","Page File Mapped");
|
|
printf("%12s,%10s,%10s,","","","PFMapped");
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_FILE:
|
|
case MMINFO_PAGE_USED_FOR_KERNMAP:
|
|
{
|
|
ULONG i,j;
|
|
|
|
if (TmpPRemovedPage->UsedFor != MMINFO_PAGE_USED_FOR_KERNMAP) {
|
|
printf("%12s,","");
|
|
} else {
|
|
printf("%12x,",TmpPRemovedPage->Pte << 10);
|
|
}
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
|
|
i=TmpPRemovedPage->ImageKey%TableSize;
|
|
|
|
while(ImageHash[i].ImageKey != 0) {
|
|
if (ImageHash[i].ImageKey == TmpPRemovedPage->ImageKey) {
|
|
printf("%30S,",ImageHash[i].ImageName.Buffer);
|
|
break;
|
|
}else{
|
|
i = (i+1)%TableSize;
|
|
}
|
|
}
|
|
|
|
if (Debug) {
|
|
// printf("(%4d %22x)",i,TmpPRemovedPage->ImageKey);
|
|
}
|
|
|
|
if (ImageHash[i].ImageKey == 0) {
|
|
if (TmpPRemovedPage->UsedFor != MMINFO_PAGE_USED_FOR_KERNMAP) {
|
|
printf("%19s (%8x),","Image", TmpPRemovedPage->ImageKey);
|
|
printf("%12I64d,",TmpPRemovedPage->Offset);
|
|
printf("%10s,","");
|
|
printf("%10s,","FILE");
|
|
}else{
|
|
printf("%19s (%8x),","KernMap", TmpPRemovedPage->ImageKey);
|
|
printf("%12s,%10s,","","");
|
|
printf("%10s,","Driver");
|
|
}
|
|
}else{
|
|
if (TmpPRemovedPage->UsedFor == MMINFO_PAGE_USED_FOR_KERNMAP) {
|
|
printf("%12I64d,",TmpPRemovedPage->Offset);
|
|
printf("%10s,","");
|
|
printf("%10s,","Driver");
|
|
}else if (TmpPRemovedPage->UsedFor == MMINFO_PAGE_USED_FOR_FILE) {
|
|
printf("%12I64d,",TmpPRemovedPage->Offset);
|
|
printf("%10s,","");
|
|
printf("%10s,","FILE");
|
|
}else{
|
|
printf("%12s,%10s,","","");
|
|
printf("%10s,","Unknown");
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case MMINFO_PAGE_USED_FOR_PROCESS:
|
|
case MMINFO_PAGE_USED_FOR_PAGETABLE:
|
|
{
|
|
ULONG i;
|
|
|
|
// Bug! Bug! The way to get VA can be wrong in the future.
|
|
|
|
if (TmpPRemovedPage->UsedFor == MMINFO_PAGE_USED_FOR_PAGETABLE) {
|
|
printf("%12x,",TmpPRemovedPage->Pte<<10);
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf("(PT)");
|
|
}else{
|
|
printf("%12x,",TmpPRemovedPage->Pte<<10);
|
|
printf("%8u,",TmpPRemovedPage->Pfn);
|
|
printf(" ");
|
|
}
|
|
if (TmpPRemovedPage->ImageKey == 0) {
|
|
printf("%26s,","System ( 0)");
|
|
}else{
|
|
|
|
i = TmpPRemovedPage->ImageKey;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPRemovedPage->ImageKey) {
|
|
printf("%20s ",ProcessHash[i].ImageFileName);
|
|
printf("(%3d),",ProcessHash[i].ProcessID);
|
|
}else{
|
|
printf("Process %18u,",TmpPRemovedPage->ImageKey);
|
|
}
|
|
}
|
|
if (TmpPRemovedPage->UsedFor == MMINFO_PAGE_USED_FOR_PAGETABLE) {
|
|
// printf("%12I64d,",TmpPRemovedPage->Offset);
|
|
printf("%12s,%10s,%10s,","","","PageTable");
|
|
}else{
|
|
printf("%12s,%10s,%10s,","","","Process");
|
|
// printf("%30s,","Page Table");
|
|
}
|
|
}
|
|
break;
|
|
default:
|
|
printf("Error2 %22u,",TmpPRemovedPage->ImageKey);
|
|
break;
|
|
}
|
|
switch(TmpPRemovedPage->List) {
|
|
case MMINFO_PAGE_IN_LIST_FREEPAGE:
|
|
printf("%10s","Free List");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_ZEROPAGE:
|
|
printf("%10s","Zero List");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_BADPAGE:
|
|
printf("%10s","Bad List");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_STANDBY:
|
|
printf("%10s","Standby");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_TRANSITION:
|
|
printf("%10s","Transition");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_MODIFIED:
|
|
printf("%10s","Modified");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_MODIFIEDNOWRITE:
|
|
printf("%10s","ModNoWrite");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_ACTIVEANDVALID:
|
|
printf("%10s","Valid");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_VALIDANDPINNED:
|
|
printf("%10s","Valid_Pin");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_UNKNOWN:
|
|
printf("%10s","Unknown");
|
|
break;
|
|
default:
|
|
// must be page table
|
|
printf("%10s","");
|
|
break;
|
|
}
|
|
printf("\n");
|
|
|
|
// printf("Got Removed Page Log\n");
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_ZEROSHARECOUNT:
|
|
case MMINFO_LOG_TYPE_ZEROREFCOUNT:
|
|
case MMINFO_LOG_TYPE_DECREFCNT:
|
|
case MMINFO_LOG_TYPE_DECSHARCNT:
|
|
{
|
|
PSYSTEM_MMINFO_PFN_INFORMATION TmpPPfn;
|
|
|
|
TmpPPfn = (PSYSTEM_MMINFO_PFN_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_DECSHARCNT) {
|
|
printf("%12s,", "DecShareCnt");
|
|
} else if (LogType == MMINFO_LOG_TYPE_ZEROSHARECOUNT) {
|
|
printf("%12s,", "ZeroShareCnt");
|
|
} else if (LogType == MMINFO_LOG_TYPE_DECREFCNT) {
|
|
printf("%12s,", "DecRefCnt");
|
|
} else if (LogType == MMINFO_LOG_TYPE_ZEROREFCOUNT) {
|
|
printf("%12s,", "ZeroRefCnt");
|
|
} else {
|
|
printf("%12s,", "UNKNOWN");
|
|
}
|
|
|
|
printf("%10s,","");
|
|
|
|
printf("%22s,","");
|
|
printf("%12s,","");
|
|
printf("%12s,","");
|
|
printf("%8u\n",TmpPPfn->Pfn);
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_INSERTINLIST:
|
|
case MMINFO_LOG_TYPE_INSERTATFRONT:
|
|
case MMINFO_LOG_TYPE_UNLINKFROMSTANDBY:
|
|
case MMINFO_LOG_TYPE_UNLINKFFREEORZERO:
|
|
{
|
|
PSYSTEM_MMINFO_STATE_INFORMATION TmpPMmInfoState;
|
|
|
|
TmpPMmInfoState=(PSYSTEM_MMINFO_STATE_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_INSERTINLIST) {
|
|
printf("%12s,%10s,","Insert-List", "");
|
|
}else if (LogType == MMINFO_LOG_TYPE_INSERTATFRONT) {
|
|
printf("%12s,%10s,","Insert-Front", "");
|
|
}else if (LogType == MMINFO_LOG_TYPE_UNLINKFROMSTANDBY) {
|
|
printf("%12s,%10s,","Unlink-From", "");
|
|
}else if (LogType == MMINFO_LOG_TYPE_UNLINKFFREEORZERO) {
|
|
printf("%12s,%10s,","Unlink-From", "");
|
|
}
|
|
|
|
printf("%22s,","");
|
|
printf("%12s,","");
|
|
printf("%12s,","");
|
|
printf("%8u,",TmpPMmInfoState->Pfn);
|
|
printf("%30s,","");
|
|
printf("%12s,%10s,%10s,","","","");
|
|
switch(TmpPMmInfoState->List) {
|
|
case MMINFO_PAGE_IN_LIST_FREEPAGE:
|
|
printf("%10s","Free List");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_ZEROPAGE:
|
|
printf("%10s","Zero List");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_BADPAGE:
|
|
printf("%10s","Bad List");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_STANDBY:
|
|
printf("%10s","Standby");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_TRANSITION:
|
|
printf("%10s","Transition");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_MODIFIED:
|
|
printf("%10s","Modified");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_MODIFIEDNOWRITE:
|
|
printf("%10s","ModNoWrite");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_ACTIVEANDVALID:
|
|
printf("%10s","Valid");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_VALIDANDPINNED:
|
|
printf("%10s","Valid_Pin");
|
|
break;
|
|
case MMINFO_PAGE_IN_LIST_UNKNOWN:
|
|
printf("%10s","Unknown");
|
|
break;
|
|
default:
|
|
// must be page table
|
|
printf("%10s","");
|
|
break;
|
|
}
|
|
printf("\n");
|
|
|
|
// printf("Got Removed Page Log\n");
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_IMAGENAME:
|
|
case MMINFO_LOG_TYPE_SECTIONREMOVED:
|
|
{
|
|
PSYSTEM_MMINFO_FILENAME_INFORMATION TmpPImage;
|
|
ULONG i;
|
|
|
|
TmpPImage=(PSYSTEM_MMINFO_FILENAME_INFORMATION) Info;
|
|
// printf("Got Image Log\n");
|
|
|
|
i=TmpPImage->ImageKey%TableSize;
|
|
|
|
while(ImageHash[i].ImageKey != 0) {
|
|
if (ImageHash[i].ImageKey == TmpPImage->ImageKey) {
|
|
break;
|
|
}else{
|
|
i = (i+1)%TableSize;
|
|
}
|
|
}
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_IMAGENAME) {
|
|
ImageHash[i].ImageKey
|
|
=TmpPImage->ImageKey;
|
|
ImageHash[i].ImageName.Length
|
|
=TmpPImage->ImageName.Length;
|
|
ImageHash[i].ImageName.Buffer
|
|
=TmpPImage->ImageBuffer;
|
|
if (Debug) {
|
|
printf("%12s,", "S-Created");
|
|
}
|
|
}else{
|
|
if (Debug) {
|
|
printf("%12s,", "S-Deleted");
|
|
}
|
|
|
|
}
|
|
if (Debug) {
|
|
printf("%10s,%22s,%12s,%12x,%8s,%30S,%12s,%10s,%10s\n",
|
|
"",
|
|
"",
|
|
"",
|
|
ImageHash[i].ImageKey,
|
|
"",
|
|
ImageHash[i].ImageName.Buffer,
|
|
"",
|
|
"",
|
|
"");
|
|
}
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_PROCESSNAME:
|
|
case MMINFO_LOG_TYPE_DIEDPROCESS:
|
|
{
|
|
PSYSTEM_MMINFO_PROCESS_INFORMATION TmpPProcess;
|
|
ULONG i;
|
|
|
|
TmpPProcess=(PSYSTEM_MMINFO_PROCESS_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_PROCESSNAME) {
|
|
i = TmpPProcess->ProcessID;
|
|
|
|
ProcessHash[i].ProcessID
|
|
=TmpPProcess->ProcessID;
|
|
RtlCopyMemory(ProcessHash[i].ImageFileName,
|
|
TmpPProcess->ImageFileName, 16);
|
|
|
|
printf("%12s,", "P-Created");
|
|
}else{
|
|
printf("%12s,", "P-Deleted");
|
|
}
|
|
printf("%10s,%16s (%3d)\n",
|
|
"",
|
|
ProcessHash[TmpPProcess->ProcessID].ImageFileName,
|
|
ProcessHash[TmpPProcess->ProcessID].ProcessID);
|
|
|
|
// printf("Got Process Log\n");
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_OUTSWAPPROCESS:
|
|
case MMINFO_LOG_TYPE_INSWAPPROCESS:
|
|
{
|
|
PSYSTEM_MMINFO_SWAPPROCESS_INFORMATION TmpPProc;
|
|
ULONG i;
|
|
|
|
TmpPProc=(PSYSTEM_MMINFO_SWAPPROCESS_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_OUTSWAPPROCESS) {
|
|
printf("%12s,", "P-OutSwap");
|
|
}else{
|
|
printf("%12s,", "P-InSwap");
|
|
}
|
|
|
|
if (PerfCounter) {
|
|
printf("%10I64d,", ((PerfCounter - PerfCounterStart) * 1000000) / PerfFrequency);
|
|
} else {
|
|
printf("%10s,", "");
|
|
}
|
|
|
|
printf("%16s (%3d)",
|
|
ProcessHash[TmpPProc->ProcessID].ImageFileName,
|
|
ProcessHash[TmpPProc->ProcessID].ProcessID);
|
|
|
|
printf("\n");
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_OUTSWAPSTACK:
|
|
case MMINFO_LOG_TYPE_INSWAPSTACK:
|
|
{
|
|
PSYSTEM_MMINFO_SWAPTHREAD_INFORMATION TmpPThread;
|
|
ULONG i;
|
|
|
|
TmpPThread=(PSYSTEM_MMINFO_SWAPTHREAD_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_OUTSWAPSTACK) {
|
|
printf("%12s,", "KS-OutSwap");
|
|
}else{
|
|
printf("%12s,", "KS-InSwap");
|
|
}
|
|
|
|
printf("%10d,%16s (%3d)",
|
|
TmpPThread->ThreadID,
|
|
ProcessHash[TmpPThread->ProcessID].ImageFileName,
|
|
ProcessHash[TmpPThread->ProcessID].ProcessID);
|
|
|
|
if (PerfCounter) {
|
|
printf(",%12I64d", ((PerfCounter - PerfCounterStart) * 1000000) / PerfFrequency);
|
|
}
|
|
printf("\n");
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_CREATETHREAD:
|
|
case MMINFO_LOG_TYPE_GROWKERNELSTACK:
|
|
case MMINFO_LOG_TYPE_TERMINATETHREAD:
|
|
case MMINFO_LOG_TYPE_CONVERTTOGUITHREAD:
|
|
{
|
|
PSYSTEM_MMINFO_THREAD_INFORMATION TmpPThread;
|
|
ULONG i;
|
|
|
|
TmpPThread=(PSYSTEM_MMINFO_THREAD_INFORMATION) Info;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_CREATETHREAD) {
|
|
printf("%12s,", "T-Created");
|
|
ThreadHash[TmpPThread->ThreadID] = TmpPThread->ProcessID;
|
|
}else if (LogType == MMINFO_LOG_TYPE_GROWKERNELSTACK) {
|
|
printf("%12s,", "GrowStack");
|
|
}else if (LogType == MMINFO_LOG_TYPE_CONVERTTOGUITHREAD) {
|
|
printf("%12s,", "T-GUI");
|
|
}else{
|
|
printf("%12s,", "T-Deleted");
|
|
//
|
|
// Threads are sometimes set as deleted while still
|
|
// running. If we mark them as dead here we have
|
|
// a problem when they are cswitched out.
|
|
//
|
|
//ThreadHash[TmpPThread->ThreadID] = -1;
|
|
}
|
|
|
|
printf("%10d,%16s (%3d)",
|
|
TmpPThread->ThreadID,
|
|
ProcessHash[TmpPThread->ProcessID].ImageFileName,
|
|
ProcessHash[TmpPThread->ProcessID].ProcessID);
|
|
|
|
// printf("Got Process Log\n");
|
|
if (LogType != MMINFO_LOG_TYPE_TERMINATETHREAD) {
|
|
printf(",%12x",TmpPThread->StackBase);
|
|
printf(",%12x",TmpPThread->StackLimit);
|
|
|
|
if (TmpPThread->UserStackBase) {
|
|
printf(",%12x",TmpPThread->UserStackBase);
|
|
printf(",%12x",TmpPThread->UserStackLimit);
|
|
} else {
|
|
printf(",%12s","");
|
|
printf(",%12s","");
|
|
}
|
|
|
|
if (TmpPThread->WaitMode >= 0) {
|
|
if (TmpPThread->WaitMode) {
|
|
printf(",%8s", "Swapable");
|
|
} else {
|
|
printf(",%8s", "NonSwap");
|
|
}
|
|
}
|
|
}
|
|
printf("\n");
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_CSWITCH:
|
|
{
|
|
PSYSTEM_MMINFO_CSWITCH_INFORMATION TmpPMmInfo;
|
|
ULONG OldProcessId;
|
|
ULONG NewProcessId;
|
|
|
|
TmpPMmInfo = (PSYSTEM_MMINFO_CSWITCH_INFORMATION) Info;
|
|
|
|
OldProcessId = ThreadHash[TmpPMmInfo->OldThreadId];
|
|
NewProcessId = ThreadHash[TmpPMmInfo->NewThreadId];
|
|
if ((OldProcessId == -1) || (NewProcessId == -1)) {
|
|
printf("Error: Bad thread value %d or %d\n",
|
|
TmpPMmInfo->OldThreadId,
|
|
TmpPMmInfo->NewThreadId
|
|
);
|
|
break;
|
|
}
|
|
printf("%12s,%10I64d,%11s,%16s,%10d,%16s (%3d), %10d,%16s (%3d),%4d,%4d,%8s\n",
|
|
"CSwitch",
|
|
((PerfCounter - PerfCounterStart) *
|
|
1000000) / PerfFrequency,
|
|
ThreadState[TmpPMmInfo->OldState],
|
|
(TmpPMmInfo->OldState == Waiting) ?
|
|
WaitReason[TmpPMmInfo->WaitReason] :
|
|
"",
|
|
TmpPMmInfo->OldThreadId,
|
|
ProcessHash[OldProcessId].ImageFileName,
|
|
OldProcessId,
|
|
TmpPMmInfo->NewThreadId,
|
|
ProcessHash[NewProcessId].ImageFileName,
|
|
NewProcessId,
|
|
TmpPMmInfo->OldThreadPri,
|
|
TmpPMmInfo->NewThreadPri,
|
|
(TmpPMmInfo->OldWaitMode) ? "Swapable" : "NonSwap"
|
|
);
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_POOLSNAP:
|
|
{
|
|
#define PROTECTED_POOL 0x80000000
|
|
ULONG PoolTag[2]={0,0};
|
|
PMMINFO_POOL_TRACKER_TABLE TmpPMmInfopoolTrackTable;
|
|
|
|
TmpPMmInfopoolTrackTable=(PMMINFO_POOL_TRACKER_TABLE) Info;
|
|
|
|
PoolTag[0]=TmpPMmInfopoolTrackTable->Tag & ~PROTECTED_POOL;
|
|
|
|
// Data for Paged Pool
|
|
if (TmpPMmInfopoolTrackTable->PagedAllocs) {
|
|
printf("%12s,","PoolSnap");
|
|
printf("%10s,", PoolTag);
|
|
printf("%22s,","");
|
|
printf("%12s,%12s,","PagedPool","");
|
|
|
|
printf("%8u,%8u,%8u\n",
|
|
TmpPMmInfopoolTrackTable->PagedBytes,
|
|
TmpPMmInfopoolTrackTable->PagedAllocs,
|
|
TmpPMmInfopoolTrackTable->PagedFrees);
|
|
}
|
|
|
|
// Data for NonPaged Pool
|
|
if (TmpPMmInfopoolTrackTable->NonPagedAllocs) {
|
|
printf("%12s,","PoolSnap");
|
|
printf("%10s,", PoolTag);
|
|
printf("%22s,","");
|
|
printf("%12s,%12s,","NonPagedPool","");
|
|
|
|
printf("%8u,%8u,%8u\n",
|
|
TmpPMmInfopoolTrackTable->NonPagedBytes,
|
|
TmpPMmInfopoolTrackTable->NonPagedAllocs,
|
|
TmpPMmInfopoolTrackTable->NonPagedFrees);
|
|
}
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_ALLOCATEPOOL:
|
|
case MMINFO_LOG_TYPE_BIGPOOLPAGE:
|
|
{
|
|
#define PROTECTED_POOL 0x80000000
|
|
ULONG PoolTag[2]={0,0};
|
|
PSYSTEM_MMINFO_ALLOCATEPOOL_INFORMATION TmpPMmInfoAllocatePool;
|
|
|
|
TmpPMmInfoAllocatePool=(PSYSTEM_MMINFO_ALLOCATEPOOL_INFORMATION) Info;
|
|
PoolTag[0]=TmpPMmInfoAllocatePool->PoolTag & ~PROTECTED_POOL;
|
|
|
|
if (LogType == MMINFO_LOG_TYPE_ALLOCATEPOOL) {
|
|
printf("%12s,", "Pool_Alloc");
|
|
printf("%10s,", PoolTag);
|
|
if (TmpPMmInfoAllocatePool->ProcessID == 0) {
|
|
printf("%22s,","System ( 0)");
|
|
} else{
|
|
ULONG i;
|
|
|
|
i = TmpPMmInfoAllocatePool->ProcessID;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPMmInfoAllocatePool->ProcessID) {
|
|
printf("%16s ",ProcessHash[i].ImageFileName);
|
|
printf("(%3d),",ProcessHash[i].ProcessID);
|
|
}else{
|
|
printf("Process %13u,",TmpPMmInfoAllocatePool->ProcessID);
|
|
}
|
|
}
|
|
}else{
|
|
printf("%12s,","BigPoolPage");
|
|
printf("%10s,", PoolTag);
|
|
printf("%22s,","");
|
|
}
|
|
|
|
printf("%12s,%12x,%8u\n",
|
|
PoolTypeNames[TmpPMmInfoAllocatePool->PoolType & 7],
|
|
TmpPMmInfoAllocatePool->Entry,
|
|
TmpPMmInfoAllocatePool->Size);
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_FREEPOOL:
|
|
{
|
|
|
|
PSYSTEM_MMINFO_FREEPOOL_INFORMATION TmpPMmInfoFreePool;
|
|
|
|
TmpPMmInfoFreePool=(PSYSTEM_MMINFO_FREEPOOL_INFORMATION) Info;
|
|
|
|
printf("%12s,%10s,%22s,%12s,%12x\n",
|
|
"Pool_Free",
|
|
"",
|
|
"",
|
|
"",
|
|
TmpPMmInfoFreePool->Entry);
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_ASYNCMARK:
|
|
case MMINFO_LOG_TYPE_MARK:
|
|
{
|
|
PSYSTEM_MMINFO_MARK_INFORMATION TmpPMmInfo;
|
|
|
|
TmpPMmInfo = (PSYSTEM_MMINFO_MARK_INFORMATION) Info;
|
|
|
|
printf("%12s,%10I64d, %-s\n",
|
|
(LogType == MMINFO_LOG_TYPE_ASYNCMARK) ?
|
|
"AsyncMark" : "Mark",
|
|
((PerfCounter - PerfCounterStart) *
|
|
1000000) / PerfFrequency,
|
|
TmpPMmInfo->Name);
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_CMCELLREFERRED:
|
|
{
|
|
PSYSTEM_MMINFO_CMCELL_INFORMATION TmpPMmInfoCmCell;
|
|
TmpPMmInfoCmCell=(PSYSTEM_MMINFO_CMCELL_INFORMATION) Info;
|
|
|
|
printf("%12s,%10s,","Cell_Used","");
|
|
switch(TmpPMmInfoCmCell->Signature) {
|
|
case CM_KEY_NODE_SIGNATURE:
|
|
printf("%22s,%12s","Key_Node","");
|
|
break;
|
|
case CM_LINK_NODE_SIGNATURE:
|
|
printf("%22s,%12s","Link_Node","");
|
|
break;
|
|
case CM_KEY_VALUE_SIGNATURE:
|
|
printf("%22s,%12s","Key_Value","");
|
|
break;
|
|
case CM_KEY_FAST_LEAF:
|
|
printf("%22s,%12s","Index_Leaf","");
|
|
break;
|
|
case CM_KEY_SECURITY_SIGNATURE:
|
|
printf("%22s,%12s","Key_Security","");
|
|
break;
|
|
default:
|
|
printf("%22s,%12s","Unknown","");
|
|
break;
|
|
}
|
|
|
|
printf(",%12x,%8d\n", TmpPMmInfoCmCell->Va, TmpPMmInfoCmCell->Size*-1);
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_IMAGELOAD:
|
|
{
|
|
PMMINFO_IMAGELOAD_INFORMATION TmpPMmInfo;
|
|
char WsNameBuf[30];
|
|
char * WsName = &WsNameBuf[0];
|
|
|
|
TmpPMmInfo = (PMMINFO_IMAGELOAD_INFORMATION) Info;
|
|
Info = TmpPMmInfo + 1;
|
|
|
|
if (TmpPMmInfo->ProcessId == 0) {
|
|
WsName = "System ( 0)";
|
|
} else {
|
|
ULONG i;
|
|
|
|
i = TmpPMmInfo->ProcessId;
|
|
|
|
if (ProcessHash[i].ProcessID == TmpPMmInfo->ProcessId) {
|
|
sprintf(WsName, "%16s (%3d)",
|
|
ProcessHash[i].ImageFileName,
|
|
ProcessHash[i].ProcessID);
|
|
}else{
|
|
sprintf(WsName, "Process %13u", TmpPMmInfo->ProcessId);
|
|
}
|
|
}
|
|
|
|
printf(ImageLoadDataFormat,
|
|
TmpPMmInfo->ImageBase,
|
|
(ULONG)TmpPMmInfo->ImageBase + TmpPMmInfo->ImageSize,
|
|
TmpPMmInfo->ImageSectionNumber,
|
|
WsName,
|
|
TmpPMmInfo->ImageName
|
|
);
|
|
|
|
break;
|
|
}
|
|
case MMINFO_LOG_TYPE_SAMPLED_PROFILE:
|
|
{
|
|
PMMINFO_SAMPLED_PROFILE_INFORMATION TmpPMmInfo;
|
|
TmpPMmInfo = (PMMINFO_SAMPLED_PROFILE_INFORMATION) Info;
|
|
Info = TmpPMmInfo + 1;
|
|
|
|
printf(SampledProfileDataFormat,
|
|
TmpPMmInfo->InstructionPointer,
|
|
TmpPMmInfo->Count
|
|
);
|
|
|
|
break;
|
|
}
|
|
|
|
default:
|
|
// fprintf(stderr, "Tag Value %8d\n", Tag.u.Value);
|
|
// fprintf(stderr, "TimeStamp %8x %8x\n", TS.upper, TS.lower);
|
|
break;
|
|
}
|
|
}
|
|
#else //NTMMPERF
|
|
printf("Sorry but this is an internal tool!!!\n");
|
|
#endif //NTMMPERF
|
|
return 0;
|
|
}
|
|
|