private string KsDataFormatToString (ByteArrayReader reader)
{
StringBuilder result = new StringBuilder ();
uint formatSize = reader.ReadU32LE ();
uint flags = reader.ReadU32LE ();
uint sampleSize = reader.ReadU32LE ();
uint reserved = reader.ReadU32LE ();
Guid majorFormatGuid = reader.ReadGuid ();
string majorFormatStr = MajorFormatToString (majorFormatGuid);
Guid subFormatGuid = reader.ReadGuid ();
string subFormatStr = SubFormatToString (subFormatGuid);
Guid specifierGuid = reader.ReadGuid ();
string specifierStr = SpecifierToString (specifierGuid);
result.Append ("\r\nKSDATAFORMAT:");
result.AppendFormat ("\r\n FormatSize: {0}", formatSize);
result.AppendFormat ("\r\n Flags: {0}", flags);
result.AppendFormat ("\r\n SampleSize: {0}", sampleSize);
result.AppendFormat ("\r\n Reserved: {0}", reserved);
result.AppendFormat ("\r\n MajorFormat: {0}", majorFormatStr);
result.AppendFormat ("\r\n SubFormat: {0}", subFormatStr);
result.AppendFormat ("\r\n Specifier: {0}", specifierStr);
if (specifierStr == "KSDATAFORMAT_SPECIFIER_VIDEOINFO")
{
Rectangle sourceRect = reader.ReadRectLE ();
Rectangle targetRect = reader.ReadRectLE ();
uint bitRate = reader.ReadU32LE ();
uint bitErrorRate = reader.ReadU32LE ();
Int64 avgTimePerFrame = reader.ReadI64LE ();
double fps = 10000000.0 / avgTimePerFrame;
result.Append ("\r\nKS_VIDEOINFO:");
result.AppendFormat ("\r\n rcSource: ({0}, {1}, {2}, {3})", sourceRect.Left, sourceRect.Top, sourceRect.Right, sourceRect.Bottom);
result.AppendFormat ("\r\n rcTarget: ({0}, {1}, {2}, {3})", targetRect.Left, targetRect.Top, targetRect.Right, targetRect.Bottom);
result.AppendFormat ("\r\n dwBitRate: {0}", bitRate);
result.AppendFormat ("\r\n dwBitErrorRate: {0}", bitErrorRate);
result.AppendFormat ("\r\n AvgTimePerFrame: {0} ({1:0.##} fps)", avgTimePerFrame, fps);
uint size = reader.ReadU32LE ();
int width = reader.ReadI32LE ();
int height = reader.ReadI32LE ();
ushort planes = reader.ReadU16LE ();
ushort bitCount = reader.ReadU16LE ();
uint compression = reader.ReadU32LE ();
uint sizeImage = reader.ReadU32LE ();
int xPelsPerMeter = reader.ReadI32LE ();
int yPelsPerMeter = reader.ReadI32LE ();
uint clrUsed = reader.ReadU32LE ();
uint clrImportant = reader.ReadU32LE ();
result.Append ("\r\nKS_BITMAPINFOHEADER:");
result.AppendFormat ("\r\n biSize: {0}", size);
result.AppendFormat ("\r\n biWidth: {0}", width);
result.AppendFormat ("\r\n biHeight: {0}", height);
result.AppendFormat ("\r\n biPlanes: {0}", planes);
result.AppendFormat ("\r\n biBitCount: {0}", bitCount);
result.AppendFormat ("\r\n biCompression: 0x{0:x8}", compression);
result.AppendFormat ("\r\n biSizeImage: {0}", sizeImage);
result.AppendFormat ("\r\n biXPelsPerMeter: {0}", xPelsPerMeter);
result.AppendFormat ("\r\n biYPelsPerMeter: {0}", yPelsPerMeter);
result.AppendFormat ("\r\n biClrUsed: {0}", clrUsed);
result.AppendFormat ("\r\n biClrImportant: {0}", clrImportant);
}
return result.ToString ();
}
private VisualTransaction CreateTransactionFromDeviceIoControl (Event ev, XmlElement eventRoot)
{
XmlNode handleNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[1]/value");
XmlNode codeNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[2]/value");
XmlNode retValNode = eventRoot.SelectSingleNode ("/event/returnValue/value");
XmlNode lastErrNode = eventRoot.SelectSingleNode ("/event/lastError");
string handleStr = null, codeStr = null, retValStr = null, lastErrStr = null;
string headline = "DeviceIoControl";
if (handleNode != null && codeNode != null && retValNode != null && lastErrNode != null)
{
handleStr = handleNode.Attributes["value"].Value;
if (!interestingHandles.Contains (handleStr))
interestingHandles.Add (handleStr);
codeStr = codeNode.Attributes["value"].Value;
retValStr = retValNode.Attributes["value"].Value;
lastErrStr = ErrorCodeToString (Convert.ToUInt32 (lastErrNode.Attributes["value"].Value));
headline += String.Format (" ({0}) => {1}", FunctionCallArgListToString (eventRoot), retValStr.ToUpper ());
}
// HACK #2:
if (lastErrStr == "ERROR_MORE_DATA") // || lastErrStr == "ERROR_NOT_FOUND" || lastErrStr == "ERROR_SET_NOT_FOUND")
return null;
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.Out, ev.Timestamp);
tr.ContextID = handleStr;
tr.HeadlineText = headline;
tr.AddHeaderField ("Id", ev.Id);
if (lastErrStr != null)
tr.AddHeaderField ("LastError", lastErrStr);
ByteArrayReader inBuf = null;
ByteArrayReader outBufEnter = null;
ByteArrayReader outBufLeave = null;
XmlNode node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[3]/value/value");
if (node != null)
inBuf = new ByteArrayReader (Convert.FromBase64String (node.InnerText));
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[5]/value/value");
if (node != null)
outBufEnter = new ByteArrayReader (Convert.FromBase64String (node.InnerText));
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument[1]/value/value");
if (node != null)
outBufLeave = new ByteArrayReader (Convert.FromBase64String (node.InnerText));
if (codeStr == "IOCTL_KS_PROPERTY" && inBuf != null)
{
Guid propSetGuid = inBuf.ReadGuid ();
uint rawPropId = inBuf.ReadU32LE ();
uint propFlags = inBuf.ReadU32LE ();
string propSetStr, propIdStr, propFlagsStr;
if (ksPropertySets.ContainsKey (propSetGuid))
{
object o = ksPropertySets[propSetGuid];
if (o is string)
{
propSetStr = o as string;
propIdStr = String.Format ("0x{0:x8}", rawPropId);
}
else
{
KsPropertySet propSet = o as KsPropertySet;
propSetStr = propSet.Name;
propIdStr = Enum.GetName (propSet.EnumType, rawPropId);
}
}
else
{
propSetStr = propSetGuid.ToString ("B");
propIdStr = String.Format ("0x{0:x8}", rawPropId);
}
propFlagsStr = BitfieldToString (ksPropertyFlags, propFlags);
// HACK #3
//if (propFlagsStr == "GET")
// return null;
if (propSetStr == "KSPROPSETID_Topology")
return null;
else if (propSetStr == "KSPROPSETID_MediaSeeking" && propIdStr == "TIMEFORMAT" && propFlagsStr == "GET")
return null;
else if (propSetStr == "KSPROPSETID_Pin" && propFlagsStr == "GET")
{
List<string> boringIds = new List<string> (new string[] { "CTYPES", "CINSTANCES", "COMMUNICATION", "CONSTRAINEDDATARANGES", "DATAFLOW", "DATARANGES", "DATAINTERSECTION", "NAME" });
if (boringIds.Contains (propIdStr))
return null;
}
StringBuilder body = new StringBuilder ();
body.AppendFormat ("[lpInBuffer]\r\nKSPROPERTY: {0}, {1}, {2}", propSetStr, propIdStr, propFlagsStr);
string remainder = inBuf.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
if (outBufEnter != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on entry]");
if (propSetStr == "KSPROPSETID_Connection" && propIdStr == "DATAFORMAT")
{
body.AppendFormat ("\r\n{0}", KsDataFormatToString (outBufEnter));
}
remainder = outBufEnter.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
if (outBufLeave != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on exit]");
if (propSetStr == "KSPROPSETID_Connection" && propIdStr == "ALLOCATORFRAMING_EX")
{
body.Append (KsAllocatorFramingExToString (outBufLeave));
}
remainder = outBufLeave.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
tr.BodyText = body.ToString ();
}
else if (codeStr == "IOCTL_KS_READ_STREAM")
{
XmlNode dataNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[5]/value");
string body = KsReadStreamDataToString (dataNode, "in");
if (retValStr.ToUpper () == "TRUE")
{
dataNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument[1]/value");
body += KsReadStreamDataToString (dataNode, "out");
}
else if (lastErrStr == "ERROR_IO_PENDING")
{
pendingReadStreamRequests[ev.Id] = true;
}
tr.BodyText = body;
}
else if (codeStr == "IOCTL_KS_ENABLE_EVENT" && inBuf != null)
{
StringBuilder body = new StringBuilder ();
body.AppendFormat ("[lpInBuffer]\r\nKSEVENT: {0} {1} {2}",
inBuf.ReadGuid (), inBuf.ReadU32LE (),
BitfieldToString (ksEventFlags, inBuf.ReadU32LE ()));
string remainder = inBuf.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
if (outBufEnter != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on entry]");
remainder = outBufEnter.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
if (outBufLeave != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on exit]");
remainder = outBufLeave.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
tr.BodyText = body.ToString ();
}
else
{
List<string> blobs = new List<string> ();
if (inBuf != null)
blobs.Add (inBuf.ReadRemainingBytesAsHexDump ());
if (outBufEnter != null)
blobs.Add (outBufEnter.ReadRemainingBytesAsHexDump ());
if (blobs.Count > 0)
tr.BodyText = String.Join ("\r\n\r\n", blobs.ToArray ());
}
return tr;
}
private VisualTransaction CreateTransactionFromKsCreatePin (Event ev, XmlElement eventRoot)
{
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.In, ev.Timestamp);
string retValStr = eventRoot.SelectSingleNode ("/event/returnValue/value").Attributes["value"].Value;
string lastErrStr = ErrorCodeToString (Convert.ToUInt32 (eventRoot.SelectSingleNode ("/event/lastError").Attributes["value"].Value));
XmlNodeList inNodes = eventRoot.SelectNodes ("/event/arguments[@direction='in']/argument/value");
string filterHandle = inNodes[0].Attributes["value"].Value;
string desiredAccess = inNodes[2].Attributes["value"].Value;
string connHandle = "";
XmlNode outNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument/value/value");
if (outNode != null)
{
connHandle = " => " + outNode.Attributes["value"].Value;
}
tr.ContextID = filterHandle;
tr.HeadlineText = String.Format ("KsCreatePin ({0}, &Connect, {1}, &ConnectionHandle{2}) => {3}", filterHandle, desiredAccess, connHandle, retValStr);
tr.AddHeaderField ("Id", ev.Id);
tr.AddHeaderField ("LastError", lastErrStr);
StringBuilder body = new StringBuilder ();
byte[] connBytes = Convert.FromBase64String (inNodes[1].SelectSingleNode ("value[@type='KSPIN_CONNECT']").InnerText);
ByteArrayReader connReader = new ByteArrayReader (connBytes);
body.Append ("[Connect]:\r\nKSPIN_CONNECT:");
body.AppendFormat ("\r\n Interface: ({0}, {1}, {2})", connReader.ReadGuid (), connReader.ReadU32LE (), connReader.ReadU32LE ());
body.AppendFormat ("\r\n Medium: ({0}, {1}, {2})", connReader.ReadGuid (), connReader.ReadU32LE (), connReader.ReadU32LE ());
body.AppendFormat ("\r\n PinId: {0}", connReader.ReadU32LE ());
body.AppendFormat ("\r\n PinToHandle: {0}", connReader.ReadU32LE ());
body.AppendFormat ("\r\n Priority: ({0}, {1})", connReader.ReadU32LE (), connReader.ReadU32LE ());
if (connReader.Remaining > 0)
throw new Exception ("KSPIN_CONNECT parse error");
byte[] formatRaw = Convert.FromBase64String (inNodes[1].SelectSingleNode ("value[@type='KSDATAFORMAT']").InnerText);
ByteArrayReader formatReader = new ByteArrayReader (formatRaw);
body.AppendFormat ("\r\nKSDATAFORMAT:{0}", KsDataFormatToString (formatReader));
tr.BodyText = body.ToString ();
return tr;
}
private string KsReadStreamDataToString (XmlNode dataNode, string directionContext)
{
StringBuilder body = new StringBuilder ();
XmlNode streamHdrNode = dataNode.SelectSingleNode ("value[@type='KSSTREAM_HEADER']");
byte[] streamHdrBuf = Convert.FromBase64String (streamHdrNode.InnerText);
ByteArrayReader streamHdrReader = new ByteArrayReader (streamHdrBuf);
uint size = streamHdrReader.ReadU32LE ();
uint typeSpecificFlags = streamHdrReader.ReadU32LE ();
long presentationTime = streamHdrReader.ReadI64LE ();
uint presentationNumerator = streamHdrReader.ReadU32LE ();
uint presentationDenominator = streamHdrReader.ReadU32LE ();
long duration = streamHdrReader.ReadI64LE ();
uint frameExtent = streamHdrReader.ReadU32LE ();
uint dataUsed = streamHdrReader.ReadU32LE ();
uint data = streamHdrReader.ReadU32LE ();
uint optionsFlags = streamHdrReader.ReadU32LE ();
body.AppendFormat ("[lpOutBuffer direction='{0}']\r\nKSSTREAM_HEADER:", directionContext);
body.AppendFormat ("\r\n Size: {0}", size);
body.AppendFormat ("\r\n TypeSpecificFlags: 0x{0:x8}", typeSpecificFlags);
body.AppendFormat ("\r\n PresentationTime: (Time={0}, {1}/{2})", presentationTime, presentationNumerator, presentationDenominator);
body.AppendFormat ("\r\n Duration: {0}", duration);
body.AppendFormat ("\r\n FrameExtent: {0}", frameExtent);
body.AppendFormat ("\r\n DataUsed: {0}", dataUsed);
body.AppendFormat ("\r\n Data: 0x{0:x8}", data);
body.AppendFormat ("\r\n OptionsFlags: 0x{0:x8}", optionsFlags);
string streamHdrRemainder = streamHdrReader.ReadRemainingBytesAsHexDump ();
if (streamHdrRemainder != null)
body.AppendFormat ("\r\n\r\n[lpOutBuffer direction='{0}']\r\nRemainder:\r\n{1}", directionContext, streamHdrRemainder);
XmlNode frameInfoNode = dataNode.SelectSingleNode ("value[@type='KS_FRAME_INFO']");
byte[] frameInfoBuf = Convert.FromBase64String (frameInfoNode.InnerText);
ByteArrayReader frameInfoReader = new ByteArrayReader (frameInfoBuf);
uint extendedHeaderSize = frameInfoReader.ReadU32LE ();
uint frameFlags = frameInfoReader.ReadU32LE ();
long pictureNumber = frameInfoReader.ReadI64LE ();
long dropCount = frameInfoReader.ReadI64LE ();
uint directDraw = frameInfoReader.ReadU32LE ();
uint surfaceHandle = frameInfoReader.ReadU32LE ();
Rectangle directDrawRect = frameInfoReader.ReadRectLE ();
uint reserved1 = frameInfoReader.ReadU32LE ();
uint reserved2 = frameInfoReader.ReadU32LE ();
uint reserved3 = frameInfoReader.ReadU32LE ();
uint reserved4 = frameInfoReader.ReadU32LE ();
body.AppendFormat ("\r\nKS_FRAME_INFO:");
body.AppendFormat ("\r\n ExtendedHeaderSize: {0}", extendedHeaderSize);
body.AppendFormat ("\r\n dwFrameFlags: 0x{0:x8}", frameFlags);
body.AppendFormat ("\r\n PictureNumber: {0}", pictureNumber);
body.AppendFormat ("\r\n DropCount: {0}", dropCount);
body.AppendFormat ("\r\n hDirectDraw: 0x{0:x8}", directDraw);
body.AppendFormat ("\r\n hSurfaceHandle: 0x{0:x8}", surfaceHandle);
body.AppendFormat ("\r\n DirectDrawRect: ({0}, {1}, {2}, {3})", directDrawRect.Left, directDrawRect.Top, directDrawRect.Right, directDrawRect.Bottom);
body.AppendFormat ("\r\n Reserved1: {0}", reserved1);
body.AppendFormat ("\r\n Reserved2: {0}", reserved2);
body.AppendFormat ("\r\n Reserved3: {0}", reserved3);
body.AppendFormat ("\r\n Reserved4: {0}", reserved4);
string frameInfoRemainder = frameInfoReader.ReadRemainingBytesAsHexDump ();
if (frameInfoRemainder != null)
body.AppendFormat ("\r\n\r\n[lpOutBuffer direction='{0}']\r\nRemainder:\r\n{1}", directionContext, frameInfoRemainder);
return body.ToString ();
}
private string KsAllocatorFramingExToString (ByteArrayReader reader)
{
StringBuilder result = new StringBuilder ();
uint countItems = reader.ReadU32LE ();
result.Append ("\r\nKSALLOCATOR_FRAMING_EX:");
result.AppendFormat ("\r\n CountItems: {0}", countItems);
result.AppendFormat ("\r\n PinFlags: 0x{0:x8}", reader.ReadU32LE ());
result.AppendFormat ("\r\n OutputCompression: ({0}/{1}, ConstantMargin={2})",
reader.ReadU32LE (), reader.ReadU32LE (), reader.ReadU32LE ());
result.AppendFormat ("\r\n PinWeight: {0}", reader.ReadU32LE ());
for (int i = 0; i < countItems; i++)
{
result.AppendFormat ("\r\n\r\nFramingItem[{0}]:", i);
result.AppendFormat ("\r\n MemoryType: {0}", MemoryTypeToString (reader.ReadGuid ()));
result.AppendFormat ("\r\n BusType: {0}", BusTypeToString (reader.ReadGuid ()));
result.AppendFormat ("\r\n MemoryFlags: {0}", BitfieldToString (ksAllocatorQueryFlags, reader.ReadU32LE ()));
result.AppendFormat ("\r\n BusFlags: 0x{0:x8}", reader.ReadU32LE ());
result.AppendFormat ("\r\n Flags: {0}", BitfieldToString (ksAllocatorQueryFlags, reader.ReadU32LE ()));
result.AppendFormat ("\r\n Frames: {0}", reader.ReadU32LE ());
result.AppendFormat ("\r\n FileAlignment: {0}", BitfieldToString (fileAlignmentFlags, reader.ReadU32LE ()));
result.AppendFormat ("\r\n MemoryTypeWeight: {0}", reader.ReadU32LE ());
result.AppendFormat ("\r\n PhysicalRange: ([{0}, {1}], Stepping={2})",
reader.ReadU32LE (), reader.ReadU32LE (), reader.ReadU32LE ());
result.AppendFormat ("\r\n FramingRange: (([{0}, {1}], Stepping={2}), InPlaceWeight={3}, NotInPlaceWeight={4})",
reader.ReadU32LE (), reader.ReadU32LE (), reader.ReadU32LE (), reader.ReadU32LE (), reader.ReadU32LE ());
}
return result.ToString ();
}
