private void Parser_ALPCReceiveMessage(ALPCReceiveMessageTraceData obj)
{
if (!IsRunning)
{
return;
}
AddEvent(new AlpcEvent(obj)
{
Type = AlpcEventType.ReceiveMessage,
MessageId = obj.MessageID,
});
ALPCSendMessageTraceData source;
lock (_sendMessages) {
source = _sendMessages.FirstOrDefault(msg => msg.MessageID == obj.MessageID);
}
if (source == null)
{
//Console.WriteLine($"Receive without Send {obj.ProcessName} ({obj.ProcessID}) msg: {obj.MessageID}");
return;
}
var message = new AlpcMessage {
SourceProcess = source.ProcessID,
SourceProcessName = source.ProcessName,
TargetProcess = obj.ProcessID,
TargetProcessName = obj.ProcessName,
MessageId = obj.MessageID,
SourceThread = source.ThreadID,
TargetThread = obj.ThreadID,
SendTime = source.TimeStamp,
ReceiveTime = obj.TimeStamp,
};
lock (_messages) {
_messages.Add(message);
}
_sendMessages.Remove(source);
//Dump(message);
}
private void Dump(AlpcMessage message)
{
Console.WriteLine($"{message.SourceProcessName} ({message.SourceProcess} TID={message.SourceThread}) -> {message.MessageId}" +
$" -> {message.TargetProcessName} ({message.TargetProcess})");
}
