private void Parser_ALPCReceiveMessage(ALPCReceiveMessageTraceData obj) { if (!IsRunning) { return; } AddEvent(new AlpcEvent(obj) { Type = AlpcEventType.ReceiveMessage, MessageId = obj.MessageID, }); ALPCSendMessageTraceData source; lock (_sendMessages) { source = _sendMessages.FirstOrDefault(msg => msg.MessageID == obj.MessageID); } if (source == null) { //Console.WriteLine($"Receive without Send {obj.ProcessName} ({obj.ProcessID}) msg: {obj.MessageID}"); return; } var message = new AlpcMessage { SourceProcess = source.ProcessID, SourceProcessName = source.ProcessName, TargetProcess = obj.ProcessID, TargetProcessName = obj.ProcessName, MessageId = obj.MessageID, SourceThread = source.ThreadID, TargetThread = obj.ThreadID, SendTime = source.TimeStamp, ReceiveTime = obj.TimeStamp, }; lock (_messages) { _messages.Add(message); } _sendMessages.Remove(source); //Dump(message); }
private void HandleALPCReceiveMessage(ALPCReceiveMessageTraceData data) { Tuple <int, string, int> senderProcess; if (sentMessages.TryGetValue(data.MessageID, out senderProcess)) { if (data.ProcessID == pid) { connectedProcesses.Add($"{senderProcess.Item2} ({senderProcess.Item1})"); traceOutput.WriteLine($"{data.TimeStampRelativeMSec:0.0000} ({data.ProcessID}.{data.ThreadID}) ALPC {data.ProcessName} " + $"<--(0x{data.MessageID:X})--- {senderProcess.Item2} ({senderProcess.Item1}.{senderProcess.Item3})"); } else if (senderProcess.Item1 == pid) { connectedProcesses.Add($"{data.ProcessName} ({data.ProcessID})"); traceOutput.WriteLine($"{data.TimeStampRelativeMSec:0.0000} ({senderProcess.Item1}.{senderProcess.Item3}) ALPC {senderProcess.Item2} " + $"---(0x{data.MessageID:X})--> {data.ProcessName} ({data.ProcessID}.{data.ThreadID})"); } } }