/// <summary>
/// Given a thread and a call stack that does not have a stack, make up a pseudo stack for it consisting of the code address,
/// the broken node, the thread and process. Will return -1 if it can't allocate another Pseudo-stack.
/// </summary>
private int GetPseudoStack(ThreadIndex threadIndex, CodeAddressIndex codeAddrIndex)
{
if (m_pseudoStacksTable == null)
{
m_pseudoStacksTable = new Dictionary <PseudoStack, int>();
}
var pseudoStack = new PseudoStack(threadIndex, codeAddrIndex);
int ret;
if (m_pseudoStacksTable.TryGetValue(pseudoStack, out ret))
{
return(ret);
}
ret = m_pseudoStacks.Count;
if (ret >= m_maxPseudoStack)
{
return(-1);
}
m_pseudoStacks.Add(pseudoStack);
m_pseudoStacksTable.Add(pseudoStack, ret);
return(ret);
}
internal void CreateFileScanOperation(AMFilter_FileScanArgsTraceData data)
{
// If we can't get the process or thread index, bail.
ProcessIndex processIndex = data.Process().ProcessIndex;
if (processIndex == ProcessIndex.Invalid)
{
return;
}
ThreadIndex threadIndex = data.Thread().ThreadIndex;
if (threadIndex == ThreadIndex.Invalid)
{
return;
}
// Get the process container.
Dictionary <ThreadIndex, FileScanOperation> processContainer = GetOrCreateProcessContainer(processIndex);
// Create a new file scan operation.
// This happens when the scan is requested inside the user process.
FileScanOperation scan = new FileScanOperation()
{
File = data.FileName,
Reason = data.Reason,
RequestorStack = _stackSource.GetCallStack(data.CallStackIndex(), data)
};
processContainer[threadIndex] = scan;
}
private bool ReasonableTopFrame(StackSourceCallStackIndex callStackIndex, ThreadIndex threadIndex)
{
uint index = (uint)callStackIndex - (uint)StackSourceCallStackIndex.Start;
var stack = m_log.CallStacks[(CallStackIndex)callStackIndex];
if (index < (uint)m_log.CallStacks.Count)
{
CodeAddressIndex codeAddressIndex = m_log.CallStacks.CodeAddressIndex((CallStackIndex)index);
ModuleFileIndex moduleFileIndex = m_log.CallStacks.CodeAddresses.ModuleFileIndex(codeAddressIndex);
if (m_goodTopModuleIndex == moduleFileIndex) // optimization
{
return(true);
}
TraceModuleFile moduleFile = m_log.CallStacks.CodeAddresses.ModuleFile(codeAddressIndex);
if (moduleFile == null)
{
return(false);
}
// We allow things that end in ntdll to be considered unbroken (TODO is this too strong?)
if (moduleFile.FilePath.EndsWith("ntdll.dll", StringComparison.OrdinalIgnoreCase))
{
m_goodTopModuleIndex = moduleFileIndex;
return(true);
}
// The special processes 4 (System) and 0 (Kernel) can stay in the kernel without being broken.
if (moduleFile.FilePath.EndsWith("ntoskrnl.exe", StringComparison.OrdinalIgnoreCase))
{
var processId = m_log.Threads[threadIndex].Process.ProcessID;
if (processId == 4 || processId == 0)
{
m_goodTopModuleIndex = moduleFileIndex;
return(true);
}
}
return(false);
}
return(false);
}
public PseudoStack(ThreadIndex threadIndex, CodeAddressIndex codeAddressIndex)
{
ThreadIndex = threadIndex; CodeAddressIndex = codeAddressIndex;
}
