/// <summary> /// Given a thread and a call stack that does not have a stack, make up a pseudo stack for it consisting of the code address, /// the broken node, the thread and process. Will return -1 if it can't allocate another Pseudo-stack. /// </summary> private int GetPseudoStack(ThreadIndex threadIndex, CodeAddressIndex codeAddrIndex) { if (m_pseudoStacksTable == null) { m_pseudoStacksTable = new Dictionary <PseudoStack, int>(); } var pseudoStack = new PseudoStack(threadIndex, codeAddrIndex); int ret; if (m_pseudoStacksTable.TryGetValue(pseudoStack, out ret)) { return(ret); } ret = m_pseudoStacks.Count; if (ret >= m_maxPseudoStack) { return(-1); } m_pseudoStacks.Add(pseudoStack); m_pseudoStacksTable.Add(pseudoStack, ret); return(ret); }
internal void CreateFileScanOperation(AMFilter_FileScanArgsTraceData data) { // If we can't get the process or thread index, bail. ProcessIndex processIndex = data.Process().ProcessIndex; if (processIndex == ProcessIndex.Invalid) { return; } ThreadIndex threadIndex = data.Thread().ThreadIndex; if (threadIndex == ThreadIndex.Invalid) { return; } // Get the process container. Dictionary <ThreadIndex, FileScanOperation> processContainer = GetOrCreateProcessContainer(processIndex); // Create a new file scan operation. // This happens when the scan is requested inside the user process. FileScanOperation scan = new FileScanOperation() { File = data.FileName, Reason = data.Reason, RequestorStack = _stackSource.GetCallStack(data.CallStackIndex(), data) }; processContainer[threadIndex] = scan; }
private bool ReasonableTopFrame(StackSourceCallStackIndex callStackIndex, ThreadIndex threadIndex) { uint index = (uint)callStackIndex - (uint)StackSourceCallStackIndex.Start; var stack = m_log.CallStacks[(CallStackIndex)callStackIndex]; if (index < (uint)m_log.CallStacks.Count) { CodeAddressIndex codeAddressIndex = m_log.CallStacks.CodeAddressIndex((CallStackIndex)index); ModuleFileIndex moduleFileIndex = m_log.CallStacks.CodeAddresses.ModuleFileIndex(codeAddressIndex); if (m_goodTopModuleIndex == moduleFileIndex) // optimization { return(true); } TraceModuleFile moduleFile = m_log.CallStacks.CodeAddresses.ModuleFile(codeAddressIndex); if (moduleFile == null) { return(false); } // We allow things that end in ntdll to be considered unbroken (TODO is this too strong?) if (moduleFile.FilePath.EndsWith("ntdll.dll", StringComparison.OrdinalIgnoreCase)) { m_goodTopModuleIndex = moduleFileIndex; return(true); } // The special processes 4 (System) and 0 (Kernel) can stay in the kernel without being broken. if (moduleFile.FilePath.EndsWith("ntoskrnl.exe", StringComparison.OrdinalIgnoreCase)) { var processId = m_log.Threads[threadIndex].Process.ProcessID; if (processId == 4 || processId == 0) { m_goodTopModuleIndex = moduleFileIndex; return(true); } } return(false); } return(false); }
public PseudoStack(ThreadIndex threadIndex, CodeAddressIndex codeAddressIndex) { ThreadIndex = threadIndex; CodeAddressIndex = codeAddressIndex; }