public void Process(Event ev)
{
ITagFactory factory;
if (m_factories.TryGetValue(ev.GetType(), out factory))
{
foreach (ITag tag in factory.GetTags(ev))
ev.Tags.Add(tag);
}
}
public ITag[] GetTags(Event ev)
{
ResourceTag tag;
uint handle = GetResourceHandleFromEvent(ev);
if (IsResourceAllocationEvent(ev) || !m_tags.ContainsKey(handle))
{
tag = CreateResourceTag(handle);
m_tags[handle] = tag;
}
else
{
tag = m_tags[handle];
}
return new ITag[] { tag };
}
private VisualTransaction CreateTransactionFromDeviceIoControl (Event ev, XmlElement eventRoot)
{
XmlNode handleNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[1]/value");
XmlNode codeNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[2]/value");
XmlNode retValNode = eventRoot.SelectSingleNode ("/event/returnValue/value");
XmlNode lastErrNode = eventRoot.SelectSingleNode ("/event/lastError");
string handleStr = null, codeStr = null, retValStr = null, lastErrStr = null;
string headline = "DeviceIoControl";
if (handleNode != null && codeNode != null && retValNode != null && lastErrNode != null)
{
handleStr = handleNode.Attributes["value"].Value;
if (!interestingHandles.Contains (handleStr))
interestingHandles.Add (handleStr);
codeStr = codeNode.Attributes["value"].Value;
retValStr = retValNode.Attributes["value"].Value;
lastErrStr = ErrorCodeToString (Convert.ToUInt32 (lastErrNode.Attributes["value"].Value));
headline += String.Format (" ({0}) => {1}", FunctionCallArgListToString (eventRoot), retValStr.ToUpper ());
}
// HACK #2:
if (lastErrStr == "ERROR_MORE_DATA") // || lastErrStr == "ERROR_NOT_FOUND" || lastErrStr == "ERROR_SET_NOT_FOUND")
return null;
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.Out, ev.Timestamp);
tr.ContextID = handleStr;
tr.HeadlineText = headline;
tr.AddHeaderField ("Id", ev.Id);
if (lastErrStr != null)
tr.AddHeaderField ("LastError", lastErrStr);
ByteArrayReader inBuf = null;
ByteArrayReader outBufEnter = null;
ByteArrayReader outBufLeave = null;
XmlNode node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[3]/value/value");
if (node != null)
inBuf = new ByteArrayReader (Convert.FromBase64String (node.InnerText));
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[5]/value/value");
if (node != null)
outBufEnter = new ByteArrayReader (Convert.FromBase64String (node.InnerText));
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument[1]/value/value");
if (node != null)
outBufLeave = new ByteArrayReader (Convert.FromBase64String (node.InnerText));
if (codeStr == "IOCTL_KS_PROPERTY" && inBuf != null)
{
Guid propSetGuid = inBuf.ReadGuid ();
uint rawPropId = inBuf.ReadU32LE ();
uint propFlags = inBuf.ReadU32LE ();
string propSetStr, propIdStr, propFlagsStr;
if (ksPropertySets.ContainsKey (propSetGuid))
{
object o = ksPropertySets[propSetGuid];
if (o is string)
{
propSetStr = o as string;
propIdStr = String.Format ("0x{0:x8}", rawPropId);
}
else
{
KsPropertySet propSet = o as KsPropertySet;
propSetStr = propSet.Name;
propIdStr = Enum.GetName (propSet.EnumType, rawPropId);
}
}
else
{
propSetStr = propSetGuid.ToString ("B");
propIdStr = String.Format ("0x{0:x8}", rawPropId);
}
propFlagsStr = BitfieldToString (ksPropertyFlags, propFlags);
// HACK #3
//if (propFlagsStr == "GET")
// return null;
if (propSetStr == "KSPROPSETID_Topology")
return null;
else if (propSetStr == "KSPROPSETID_MediaSeeking" && propIdStr == "TIMEFORMAT" && propFlagsStr == "GET")
return null;
else if (propSetStr == "KSPROPSETID_Pin" && propFlagsStr == "GET")
{
List<string> boringIds = new List<string> (new string[] { "CTYPES", "CINSTANCES", "COMMUNICATION", "CONSTRAINEDDATARANGES", "DATAFLOW", "DATARANGES", "DATAINTERSECTION", "NAME" });
if (boringIds.Contains (propIdStr))
return null;
}
StringBuilder body = new StringBuilder ();
body.AppendFormat ("[lpInBuffer]\r\nKSPROPERTY: {0}, {1}, {2}", propSetStr, propIdStr, propFlagsStr);
string remainder = inBuf.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
if (outBufEnter != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on entry]");
if (propSetStr == "KSPROPSETID_Connection" && propIdStr == "DATAFORMAT")
{
body.AppendFormat ("\r\n{0}", KsDataFormatToString (outBufEnter));
}
remainder = outBufEnter.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
if (outBufLeave != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on exit]");
if (propSetStr == "KSPROPSETID_Connection" && propIdStr == "ALLOCATORFRAMING_EX")
{
body.Append (KsAllocatorFramingExToString (outBufLeave));
}
remainder = outBufLeave.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
tr.BodyText = body.ToString ();
}
else if (codeStr == "IOCTL_KS_READ_STREAM")
{
XmlNode dataNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[5]/value");
string body = KsReadStreamDataToString (dataNode, "in");
if (retValStr.ToUpper () == "TRUE")
{
dataNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument[1]/value");
body += KsReadStreamDataToString (dataNode, "out");
}
else if (lastErrStr == "ERROR_IO_PENDING")
{
pendingReadStreamRequests[ev.Id] = true;
}
tr.BodyText = body;
}
else if (codeStr == "IOCTL_KS_ENABLE_EVENT" && inBuf != null)
{
StringBuilder body = new StringBuilder ();
body.AppendFormat ("[lpInBuffer]\r\nKSEVENT: {0} {1} {2}",
inBuf.ReadGuid (), inBuf.ReadU32LE (),
BitfieldToString (ksEventFlags, inBuf.ReadU32LE ()));
string remainder = inBuf.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
if (outBufEnter != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on entry]");
remainder = outBufEnter.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
if (outBufLeave != null)
{
body.Append ("\r\n\r\n[lpOutBuffer on exit]");
remainder = outBufLeave.ReadRemainingBytesAsHexDump ();
if (remainder != null)
body.AppendFormat ("\r\n{0}", remainder);
}
tr.BodyText = body.ToString ();
}
else
{
List<string> blobs = new List<string> ();
if (inBuf != null)
blobs.Add (inBuf.ReadRemainingBytesAsHexDump ());
if (outBufEnter != null)
blobs.Add (outBufEnter.ReadRemainingBytesAsHexDump ());
if (blobs.Count > 0)
tr.BodyText = String.Join ("\r\n\r\n", blobs.ToArray ());
}
return tr;
}
private VisualTransaction CreateTransactionFromCloseHandle (Event ev, XmlElement eventRoot)
{
string handleStr = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[1]/value").Attributes["value"].Value;
if (!interestingHandles.Contains (handleStr))
return null;
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.In, ev.Timestamp);
tr.AddHeaderField ("Id", ev.Id);
string retValStr = eventRoot.SelectSingleNode ("/event/returnValue/value").Attributes["value"].Value;
tr.ContextID = handleStr;
tr.HeadlineText = String.Format ("CloseHandle ({0}) => {1}", handleStr, retValStr);
return tr;
}
private VisualTransaction CreateTransactionFromKsOpenDefaultDevice (Event ev, XmlElement eventRoot)
{
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.In, ev.Timestamp);
XmlNode node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[1]/value/value");
Guid category = new Guid (Convert.FromBase64String (node.InnerText));
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[2]/value");
string access = node.Attributes["value"].Value;
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[3]/value");
string deviceHandleStr = node.Attributes["value"].Value;
node = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument[1]/value/value");
if (node != null)
{
tr.ContextID = node.Attributes["value"].Value;
deviceHandleStr += String.Format (" => {0}", tr.ContextID);
}
string retValStr = eventRoot.SelectSingleNode ("/event/returnValue/value").Attributes["value"].Value;
tr.HeadlineText = String.Format ("KsOpenDefaultDevice ({0}, {1}, {2}) => {3}", CategoryToString (category), access, deviceHandleStr, retValStr);
tr.AddHeaderField ("Id", ev.Id);
return tr;
}
private VisualTransaction CreateTransactionFromKsCreatePin (Event ev, XmlElement eventRoot)
{
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.In, ev.Timestamp);
string retValStr = eventRoot.SelectSingleNode ("/event/returnValue/value").Attributes["value"].Value;
string lastErrStr = ErrorCodeToString (Convert.ToUInt32 (eventRoot.SelectSingleNode ("/event/lastError").Attributes["value"].Value));
XmlNodeList inNodes = eventRoot.SelectNodes ("/event/arguments[@direction='in']/argument/value");
string filterHandle = inNodes[0].Attributes["value"].Value;
string desiredAccess = inNodes[2].Attributes["value"].Value;
string connHandle = "";
XmlNode outNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='out']/argument/value/value");
if (outNode != null)
{
connHandle = " => " + outNode.Attributes["value"].Value;
}
tr.ContextID = filterHandle;
tr.HeadlineText = String.Format ("KsCreatePin ({0}, &Connect, {1}, &ConnectionHandle{2}) => {3}", filterHandle, desiredAccess, connHandle, retValStr);
tr.AddHeaderField ("Id", ev.Id);
tr.AddHeaderField ("LastError", lastErrStr);
StringBuilder body = new StringBuilder ();
byte[] connBytes = Convert.FromBase64String (inNodes[1].SelectSingleNode ("value[@type='KSPIN_CONNECT']").InnerText);
ByteArrayReader connReader = new ByteArrayReader (connBytes);
body.Append ("[Connect]:\r\nKSPIN_CONNECT:");
body.AppendFormat ("\r\n Interface: ({0}, {1}, {2})", connReader.ReadGuid (), connReader.ReadU32LE (), connReader.ReadU32LE ());
body.AppendFormat ("\r\n Medium: ({0}, {1}, {2})", connReader.ReadGuid (), connReader.ReadU32LE (), connReader.ReadU32LE ());
body.AppendFormat ("\r\n PinId: {0}", connReader.ReadU32LE ());
body.AppendFormat ("\r\n PinToHandle: {0}", connReader.ReadU32LE ());
body.AppendFormat ("\r\n Priority: ({0}, {1})", connReader.ReadU32LE (), connReader.ReadU32LE ());
if (connReader.Remaining > 0)
throw new Exception ("KSPIN_CONNECT parse error");
byte[] formatRaw = Convert.FromBase64String (inNodes[1].SelectSingleNode ("value[@type='KSDATAFORMAT']").InnerText);
ByteArrayReader formatReader = new ByteArrayReader (formatRaw);
body.AppendFormat ("\r\nKSDATAFORMAT:{0}", KsDataFormatToString (formatReader));
tr.BodyText = body.ToString ();
return tr;
}
private VisualTransaction CreateTransactionFromGetOverlappedResult (Event ev, XmlElement eventRoot)
{
VisualTransaction tr = new VisualTransaction (ev.Id, TransactionDirection.In, ev.Timestamp);
string retValStr = eventRoot.SelectSingleNode ("/event/returnValue/value").Attributes["value"].Value;
string lastErrStr = ErrorCodeToString (Convert.ToUInt32 (eventRoot.SelectSingleNode ("/event/lastError").Attributes["value"].Value));
tr.HeadlineText = String.Format ("GetOverlappedResult ({0}) => {1}", FunctionCallArgListToString (eventRoot), retValStr.ToUpper ());
tr.AddHeaderField ("Id", ev.Id);
tr.AddHeaderField ("LastError", lastErrStr);
XmlNode handleNode = eventRoot.SelectSingleNode ("/event/arguments[@direction='in']/argument[1]/value");
tr.ContextID = handleNode.Attributes["value"].Value;
return tr;
}
protected abstract bool IsResourceAllocationEvent(Event ev);
protected abstract uint GetResourceHandleFromEvent(Event ev);
private string CreateEventDescription (Event ev)
{
switch (ev.Type)
{
case DumpEventType.FunctionCall:
string fullName = ev.Data.SelectSingleNode ("/event/name").InnerText;
string[] tokens = fullName.Split (new string[] { "::" }, 2, StringSplitOptions.None);
string shortName = tokens[tokens.Length - 1];
List<string> argList = new List<string> ();
foreach (XmlNode node in ev.Data.SelectNodes ("/event/arguments[@direction='in']/argument/value"))
{
if (node.Attributes["value"] != null)
argList.Add (node.Attributes["value"].Value);
else
argList.Add ("<FIXME>");
}
string retVal = "";
XmlNode retValNode = ev.Data.SelectSingleNode ("/event/returnValue/value");
if (retValNode != null)
retVal = String.Format (" => {0}", retValNode.Attributes["value"].Value);
return String.Format ("{0}({1}){2}", shortName, String.Join (", ", argList.ToArray ()), retVal);
case DumpEventType.AsyncResult:
uint requestEventId = Convert.ToUInt32 (ev.Data.SelectSingleNode ("/event/requestId").InnerText);
return String.Format ("AsyncResult for event {0}", requestEventId);
/* TODO: extend */
}
return "";
}
public void AddEvent(Event ev)
{
if (m_events.ContainsKey(ev.Id))
throw new System.IO.InvalidDataException(String.Format("id {0} is already in the dump", ev.Id));
m_events[ev.Id] = ev;
}