Skip to content

Commit

Permalink
- Added -ShowTotal File
Browse files Browse the repository at this point in the history
- Print file and total totals
- Added company headers
  • Loading branch information
AloisKraus committed May 8, 2024
1 parent d043e57 commit dfa9a98
Show file tree
Hide file tree
Showing 16 changed files with 152 additions and 69 deletions.
4 changes: 2 additions & 2 deletions ETWAnalyzer/Commands/DumpCommand.cs
Original file line number Diff line number Diff line change
Expand Up @@ -379,7 +379,7 @@ class DumpCommand : ArgParser
" ObjectRef -filedir/fd Extract\\ or xxx.json" + Environment.NewLine +
" [-TimeFmt s,Local,LocalTime,UTC,UTCTime,Here,HereTime] [-csv xxx.csv] [-NoCSVSeparator] [-NoCmdLine] [-Clip] [-TestsPerRun dd -SkipNTests dd] [-TestRunIndex dd -TestRunCount dd] [-MinMaxMsTestTimes xx-yy ...] [-ProcessName/pn xxx.exe(pid)] " + Environment.NewLine +
" [-RelatedProcess xxx.exe(pid)] [-MinMaxDuration minS [maxS]] [-MinMaxId min [max]] [-CreateStack filter] [-DestroyStack filter] [-StackFilter filter] [-Object filter] [-ObjectName filter] [-Handle filter] [-ShowRef]" + Environment.NewLine +
" [-ShowStack] [-Leak] [-MultiProcess] [-Map [0,1]] [-PtrInMap 0x...] [-MinMaxMapSize min [max]] [-Overlapped] [-Showtotal Total]" + Environment.NewLine +
" [-ShowStack] [-Leak] [-MultiProcess] [-Map [0,1]] [-PtrInMap 0x...] [-MinMaxMapSize min [max]] [-Overlapped] [-Showtotal Total,File,None]" + Environment.NewLine +
" [-NewProcess 0/1/-1/-2/2] [-PlainProcessNames] [-CmdLine substring]" + Environment.NewLine +
" -ProcessName/pn xxx.exe(pid) Filter for processes which did access/modify the object." + Environment.NewLine +
" -RelatedProcess xxx.exe(pid) Filter in all events for this process. You can also use a negative filter to exclude specific processes like -pn *creator.exe -realatedprocess !other.exe" + Environment.NewLine +
Expand All @@ -388,7 +388,7 @@ class DumpCommand : ArgParser
" -CreateStack filter Keep all object events (create/objRef/duplicate...) where the create stack matches." + Environment.NewLine +
" -DestroyStack filter Keep all object events (create/objRef/duplicate...) where the destroy stack matches." + Environment.NewLine +
" -StackFilter filter Keep only the events where the stack matches and throw away all other events. To keep all events which have e.g. CreateWebRequest in their stack use -StackFilter *CreateWebRequest*" + Environment.NewLine +
" -ShowTotal Total Do not print individual events, just the counts." + Environment .NewLine +
" -ShowTotal [Total,File,None] Do not print individual events, just the counts. Total will print totals across multiple files, while File will print the per File totals." + Environment .NewLine +
" -Object filter Filter for kernel object pointer value. E.g. -Object 0x8300004." + Environment.NewLine +
" -ObjectName filter Filter for object name. E.g. -ObjectName *IO to filter for all object which end with :IO." + Environment.NewLine +
" -Handle filter Text filter for handle value/s. E.g. -Handle 0xABC." + Environment.NewLine +
Expand Down
116 changes: 86 additions & 30 deletions ETWAnalyzer/EventDump/DumpObjectRef.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using ETWAnalyzer.Commands;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Commands;
using ETWAnalyzer.Extract;
using ETWAnalyzer.Extract.Common;
using ETWAnalyzer.Extract.Handle;
Expand All @@ -11,11 +14,14 @@

namespace ETWAnalyzer.EventDump
{
/// <summary>
/// Dump Object/VAMap/Handle tracing data.
/// </summary>
class DumpObjectRef : DumpFileDirBase<DumpObjectRef.MatchData>
{
internal class MatchData
{
public ObjectRefTrace ObjTrace { get; set; }
public IObjectRefTrace ObjTrace { get; set; }

public IStackCollection Stacks { get; set; }
public IETWExtract Extract { get; set; }
Expand Down Expand Up @@ -468,46 +474,88 @@ private void ThrowAwayAllEventsWithNotMatchingStacks(IStackCollection stacks, Ob
handle.FileUnmapEvents = handle.FileUnmapEvents.Where(x => CachingStackFilter(stacks, x.StackIdx)).ToList();
}

private void PrintMatches(List<MatchData> matches)
class Totals
{
int createCount=0;
int closeCount = 0;
int duplicateCount = 0;
int mapCount = 0;
int unmapCount = 0;
int refChangeCount = 0;
HashSet<ETWProcessIndex> processes = new();
public int CreateCount { get; internal set; }
public int CloseCount { get; internal set; }
public int DuplicateCount { get; internal set; }
public int MapCount { get; internal set; }
public int UnmapCount { get; internal set; }
public int RefChangeCount { get; internal set; }
public HashSet<ETWProcess> Processes { get; internal set; } = new();

void AddProcess(IReadOnlyList<IStackEventBase> items, IETWExtract extract)
{
foreach(IStackEventBase item in items)
{
Processes.Add(extract.GetProcess(item.ProcessIdx));
}
}

string fileName = null;
foreach (var ev in matches)
void AddProcess(IReadOnlyList<IHandleDuplicateEvent> duplicates, IETWExtract extract)
{
createCount += ev.ObjTrace.HandleCreateEvents.Count;
ev.ObjTrace.HandleCreateEvents.ForEach( x=> processes.Add(x.ProcessIdx));
foreach (IHandleDuplicateEvent duplicate in duplicates)
{
Processes.Add(extract.GetProcess(duplicate.ProcessIdx));
Processes.Add(extract.GetProcess(duplicate.SourceProcessIdx));
}
}

public void Add(IObjectRefTrace trace, IETWExtract extract)
{
CreateCount += trace.HandleCreateEvents.Count;
AddProcess(trace.HandleCreateEvents, extract);

CloseCount += trace.HandleCloseEvents.Count;
AddProcess(trace.HandleCloseEvents, extract);

DuplicateCount += trace.HandleDuplicateEvents.Count;
AddProcess(trace.HandleDuplicateEvents, extract);

MapCount += trace.FileMapEvents.Count;
AddProcess(trace.FileMapEvents, extract);

UnmapCount += trace.FileUnmapEvents.Count;
AddProcess(trace.FileUnmapEvents, extract);

closeCount += ev.ObjTrace.HandleCloseEvents.Count;
ev.ObjTrace.HandleCloseEvents.ForEach(x => processes.Add(x.ProcessIdx));
RefChangeCount += trace.RefChanges.Count;
AddProcess(trace.RefChanges, extract);
}

duplicateCount += ev.ObjTrace.HandleDuplicateEvents.Count;
ev.ObjTrace.HandleDuplicateEvents.ForEach(x => processes.Add(x.ProcessIdx));
ev.ObjTrace.HandleDuplicateEvents.ForEach(x => processes.Add(x.SourceProcessIdx));
public void PrintTotals(ConsoleColor color)
{
ColorConsole.WriteEmbeddedColorLine($"Totals: Processes: {Processes.Count} Handles Created: {CreateCount}, Closed: {CloseCount}, Duplicate: {DuplicateCount}, RefChanges: {RefChangeCount}, FileMap: {MapCount} Unmap: {UnmapCount}", color);
}
}

mapCount += ev.ObjTrace.FileMapEvents.Count;
ev.ObjTrace.FileMapEvents.ForEach(x => processes.Add(x.ProcessIdx));
private void PrintMatches(List<MatchData> matches)
{
Totals fileTotal = new();
Totals allfileTotal = new();

unmapCount += ev.ObjTrace.FileUnmapEvents.Count;
ev.ObjTrace.FileUnmapEvents.ForEach(x => processes.Add(x.ProcessIdx));
string fileName = null;
int fileCount = 0;

refChangeCount += ev.ObjTrace.RefChanges.Count;
ev.ObjTrace.RefChanges.ForEach(x => processes.Add(x.ProcessIdx));
foreach (var ev in matches)
{
fileTotal.Add(ev.ObjTrace, ev.Extract);
allfileTotal.Add(ev.ObjTrace, ev.Extract);

if (ShowTotal != DumpCommand.TotalModes.Total)
if (ev.File.FileName != fileName)
{
if (ev.File.FileName != fileName)
if( ShowTotal != DumpCommand.TotalModes.None && fileName != null)
{
PrintFileName(ev.File.FileName, null, ev.File.PerformedAt, ev.File.Extract.MainModuleVersion?.ToString());
fileName = ev.File.FileName;
fileTotal.PrintTotals(ConsoleColor.Yellow);
}

PrintFileName(ev.File.FileName, null, ev.File.PerformedAt, ev.File.Extract.MainModuleVersion?.ToString());
fileCount++;
fileName = ev.File.FileName;
fileTotal = new();
}

if( ShowTotal == null || ShowTotal == DumpCommand.TotalModes.None )
{
if (ev.ObjTrace.IsFileMap)
{
if (Map == null || Map == 1)
Expand All @@ -525,7 +573,15 @@ private void PrintMatches(List<MatchData> matches)
}
}

ColorConsole.WriteEmbeddedColorLine($"[red]Totals: Processes: {processes.Count} Handles Created: {createCount}, Closed: {closeCount}, Duplicate: {duplicateCount}, RefChanges: {refChangeCount}, FileMap: {mapCount} Unmap: {unmapCount}[/red]");
if( matches.Count > 0 && ShowTotal != DumpCommand.TotalModes.None)
{
fileTotal.PrintTotals(ConsoleColor.Yellow);
}

if (fileCount > 1 && (ShowTotal == DumpCommand.TotalModes.Total || ShowTotal == null))
{
allfileTotal.PrintTotals(ConsoleColor.Red);
}
}


Expand Down
5 changes: 4 additions & 1 deletion ETWAnalyzer/Extract/Common/StackCollection.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using Newtonsoft.Json;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using Newtonsoft.Json;
using System;
using System.Collections.Generic;

Expand Down
5 changes: 4 additions & 1 deletion ETWAnalyzer/Extract/Common/StackEventBase.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using Microsoft.Windows.EventTracing;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using Microsoft.Windows.EventTracing;
using Newtonsoft.Json;
using System;

Expand Down
11 changes: 5 additions & 6 deletions ETWAnalyzer/Extract/Handle/HandleCloseEvent.cs
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
using ETWAnalyzer.Extract.Common;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT


using ETWAnalyzer.Extract.Common;
using Microsoft.Windows.EventTracing;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace ETWAnalyzer.Extract.Handle
{
Expand Down
6 changes: 4 additions & 2 deletions ETWAnalyzer/Extract/Handle/HandleCreateEvent.cs
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
using ETWAnalyzer.Extract.Common;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Extract.Common;
using Microsoft.Windows.EventTracing;
using System;

namespace ETWAnalyzer.Extract.Handle
{
Expand Down
6 changes: 4 additions & 2 deletions ETWAnalyzer/Extract/Handle/HandleDuplicateEvent.cs
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
using ETWAnalyzer.Extract.Common;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Extract.Common;
using Microsoft.Windows.EventTracing;
using System;

namespace ETWAnalyzer.Extract.Handle
{
Expand Down
12 changes: 6 additions & 6 deletions ETWAnalyzer/Extract/Handle/HandleObjectData.cs
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Extract.Common;
using ETWAnalyzer.Extractors;
using System;
using System.Collections.Generic;
using System.IO;

namespace ETWAnalyzer.Extract.Handle
{
Expand Down
5 changes: 4 additions & 1 deletion ETWAnalyzer/Extract/Handle/IHandleObjectData.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using System.Collections.Generic;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using System.Collections.Generic;
using ETWAnalyzer.Extract.Common;

namespace ETWAnalyzer.Extract.Handle
Expand Down
9 changes: 8 additions & 1 deletion ETWAnalyzer/Extract/Handle/IObjectRefTrace.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using System;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using System;
using System.Collections.Generic;

namespace ETWAnalyzer.Extract.Handle
Expand Down Expand Up @@ -39,6 +42,10 @@ public interface IObjectRefTrace
/// </summary>
bool IsMultiProcess { get; }

/// <summary>
/// If true the object contains only file mapping events
/// </summary>
bool IsFileMap { get; }

/// <summary>
/// Contains all handle close events if Handle tracing was enabled.
Expand Down
7 changes: 5 additions & 2 deletions ETWAnalyzer/Extract/Handle/ObjectRefTrace.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using ETWAnalyzer.Extract.Common;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Extract.Common;
using Microsoft.Windows.EventTracing;
using Newtonsoft.Json;
using System;
Expand Down Expand Up @@ -133,7 +136,7 @@ internal void RefreshCollectionsAfterDeserialize()
/// <summary>
/// True if object contains file map/unmap events. If it is false it can only contain object provider events.
/// </summary>
internal bool IsFileMap
public bool IsFileMap
{
get => FileMapEvents.Count > 0 || FileMapEvents.Count > 0;
}
Expand Down
5 changes: 4 additions & 1 deletion ETWAnalyzer/Extract/Handle/RefCountChangeEvent.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using ETWAnalyzer.Extract.Common;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Extract.Common;
using Microsoft.Windows.EventTracing;
using System;

Expand Down
5 changes: 4 additions & 1 deletion ETWAnalyzer/Extract/Handle/VAMap.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using System;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using System;
using ETWAnalyzer.Extract.Common;
using Microsoft.Windows.EventTracing;

Expand Down
10 changes: 4 additions & 6 deletions ETWAnalyzer/Extractors/Handle/MapFileEventObjects.cs
Original file line number Diff line number Diff line change
@@ -1,10 +1,8 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.CompilerServices;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using System;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading.Tasks;

namespace ETWAnalyzer.Extractors.Handle
{
Expand Down
5 changes: 4 additions & 1 deletion ETWAnalyzer/Extractors/Handle/ObjectRefEventObjects.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
using Microsoft.Windows.EventTracing;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using Microsoft.Windows.EventTracing;
using Microsoft.Windows.EventTracing.Processes;
using Microsoft.Windows.EventTracing.Symbols;
using System;
Expand Down
10 changes: 4 additions & 6 deletions ETWAnalyzer/Extractors/Handle/ObjectRefExtractor.cs
Original file line number Diff line number Diff line change
@@ -1,21 +1,19 @@
using ETWAnalyzer.Extract;
//// SPDX-FileCopyrightText: © 2024 Siemens Healthcare GmbH
//// SPDX-License-Identifier: MIT

using ETWAnalyzer.Extract;
using ETWAnalyzer.Extract.Common;
using ETWAnalyzer.Extract.Handle;
using ETWAnalyzer.Infrastructure;
using ETWAnalyzer.TraceProcessorHelpers;
using Microsoft.Diagnostics.Tracing.AutomatedAnalysis;
using Microsoft.Windows.EventTracing;
using Microsoft.Windows.EventTracing.Events;
using Microsoft.Windows.EventTracing.Processes;
using Microsoft.Windows.EventTracing.Symbols;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;

namespace ETWAnalyzer.Extractors.Handle
{
Expand Down

0 comments on commit dfa9a98

Please sign in to comment.