ULONG BtrWriteHandleStream( IN PPF_REPORT_HEAD Head, IN HANDLE FileHandle, IN LARGE_INTEGER Start, OUT PLARGE_INTEGER End ) { ULONG Count; ULONG Size; PPF_STREAM_HANDLE Handle; PLIST_ENTRY ListEntry; PLIST_ENTRY ListHead; PPF_HANDLE_RECORD Record; ULONG Complete; ULONG Status; ULONG i, j; LIST_ENTRY Queue; Count = MmHandleTable.NumberOfAllocs - MmHandleTable.NumberOfFrees; ASSERT(Count >= 0); Size = FIELD_OFFSET(PF_STREAM_HANDLE, Records[Count]); Handle = BtrMalloc(Size); Handle->NumberOfRecords = Count; Handle->NumberOfAllocs = MmHandleTable.NumberOfAllocs; Handle->NumberOfFrees = MmHandleTable.NumberOfFrees; GetProcessHandleCount(GetCurrentProcess(), &Handle->HandleCount); // // Copy type entries // RtlCopyMemory(Handle->Types, MmHandleTable.Types, sizeof(Handle->Types)); if (Count > 0) { for(i = 0, j = 0; i < MAX_HANDLE_BUCKET; i++) { BtrAcquireSpinLock(&MmHandleTable.ListHead[i].SpinLock); ListHead = &MmHandleTable.ListHead[i].ListHead; if (IsListEmpty(ListHead)) { BtrReleaseSpinLock(&MmHandleTable.ListHead[i].SpinLock); continue; } Queue.Flink = ListHead->Flink; Queue.Blink = ListHead->Blink; ListHead->Flink->Blink = &Queue; ListHead->Blink->Flink = &Queue; BtrReleaseSpinLock(&MmHandleTable.ListHead[i].SpinLock); while (IsListEmpty(&Queue) != TRUE) { ListEntry = RemoveHeadList(&Queue); Record = CONTAINING_RECORD(ListEntry, PF_HANDLE_RECORD, ListEntry); Handle->Records[j] = *Record; BtrFreeLookaside(LOOKASIDE_HANDLE, Record); j += 1; } } } Status = WriteFile(FileHandle, Handle, Size, &Complete, NULL); if (Status != TRUE) { Status = GetLastError(); } else { End->QuadPart = Start.QuadPart + Size; Status = S_OK; } BtrFree(Handle); return Status; }
PLUGIN_EXPORT double Update(void* data) { MeasureData* measure = (MeasureData*)data; // count the existing window objects if (measure->type == WINDOW_COUNT) { g_WindowCount = 0; EnumChildWindows(NULL, EnumWindowProc, 0); return g_WindowCount; } const WCHAR* processName = measure->process.c_str(); bool name = !measure->process.empty(); DWORD aProcesses[1024]; DWORD bytesNeeded; WCHAR buffer[1024]; HMODULE hMod[1024]; DWORD cbNeeded; if (!EnumProcesses(aProcesses, sizeof(aProcesses), &bytesNeeded)) { return 0.0; } // step through the running processes DWORD flags = PROCESS_QUERY_INFORMATION; if (name) { flags |= PROCESS_VM_READ; } UINT resourceCount = 0; for (UINT i = 0, isize = bytesNeeded / sizeof(DWORD); i < isize; ++i) { HANDLE hProcess = OpenProcess(flags, true, aProcesses[i]); if (hProcess != NULL) { if (name) { if (EnumProcessModules(hProcess, hMod, sizeof(hMod), &cbNeeded)) { if (GetModuleBaseName(hProcess, hMod[0], buffer, sizeof(buffer))) { if (_wcsicmp(buffer, processName) != 0) { CloseHandle(hProcess); continue; } } else { CloseHandle(hProcess); continue; } } else { CloseHandle(hProcess); continue; } } if (measure->type == GDI_COUNT) { resourceCount += GetGuiResources(hProcess, GR_GDIOBJECTS); } else if (measure->type == USER_COUNT) { resourceCount += GetGuiResources(hProcess, GR_USEROBJECTS); } else if (measure->type == HANDLE_COUNT) { DWORD tempHandleCount = 0; GetProcessHandleCount(hProcess, &tempHandleCount); resourceCount += tempHandleCount; } } CloseHandle(hProcess); } return resourceCount; }
void getProcessInfo(const char * name, cgmProcessInfo * procInfo) { NTSTATUS rc = 0; DWORD len = MAX_PATH; ULONG retLen = 0; char * p= 0; char * start=0; // PROCESS_BASIC_INFORMATION pbInfo; // PEB pebInfo; // pfnNtQueryInformationProcess gNtQueryInformationProcess; // HMODULE hNtDll; // RTL_USER_PROCESS_PARAMETERS rtl; //UNICODE_STRING commandLine; //UNICODE_STRING imagePath; //WCHAR *commandLineContents; //WCHAR *imagePathContents; PROCESS_MEMORY_COUNTERS memoryCounters; HANDLE hProcess = NULL; DWORD werFault = 0; DWORD processID = 0; if (procInfo == NULL) { debug_log(LOG_ERR, "getProcessInfo(): Invalid procInfo handle."); return; } memset(procInfo, 0, sizeof(cgmProcessInfo)); werFault = getProcessID("WerFault.exe"); processID = getProcessID(name); procInfo->processID = processID; procInfo->werFaultID = werFault; if (procInfo->processID == 0) { debug_log(LOG_SVR, "getProcessInfo(): unable to find process: %s, processId: %d, werFault: %d", name, procInfo->processID, procInfo->werFaultID); return; } //hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, processID ); if (hProcess != NULL) { strcpy_s(procInfo->szProcessName, sizeof(procInfo->szProcessName), name); // ----------------- // Get Handle Count. // ----------------- procInfo->handleCount = 0; rc = GetProcessHandleCount(hProcess, &procInfo->handleCount); if (rc == 0) { debug_log(LOG_ERR, "getProcessInfo(): unable to retrieve handle count for process: \'%s\', rc: %d", name, GetLastError()); procInfo->handleCount = 0; CloseHandle(hProcess); return; } // -------------------------------- // Get the size of the Working Set. // -------------------------------- procInfo->workingSetSize = 0; memset(&memoryCounters, 0, sizeof(memoryCounters)); rc = GetProcessMemoryInfo(hProcess, &memoryCounters, sizeof(memoryCounters)); if (rc == 0) { debug_log(LOG_ERR, "getProcessInfo(): unable to retrieve the size of the working set for process: \'%s\', rc: %d", name, GetLastError()); procInfo->workingSetSize = 0; CloseHandle(hProcess); return; } procInfo->workingSetSize = memoryCounters.WorkingSetSize; /* hNtDll = LoadLibrary(_T("ntdll.dll")); if (hNtDll == NULL) { debug_log("getProcessInfo(): Unable to load ntdll.dll"); CloseHandle(hProcess); return; } gNtQueryInformationProcess = (pfnNtQueryInformationProcess) GetProcAddress(hNtDll, "NtQueryInformationProcess"); if(gNtQueryInformationProcess == NULL) { debug_log("getProcessInfo(): NtQueryInformationProcess() call failed."); FreeLibrary(hNtDll); CloseHandle(hProcess); return ; } rc = gNtQueryInformationProcess(hProcess, ProcessBasicInformation, &pbInfo, sizeof(pbInfo), &retLen); if(pbInfo.PebBaseAddress == NULL) { debug_log("getProcessInfo(): PEB address is null."); FreeLibrary(hNtDll); CloseHandle(hProcess); return; } // ------------------------------------------------------------------------------ // We need to read PEB of the process to find out the command line and full path. // ------------------------------------------------------------------------------ if(pbInfo.PebBaseAddress) { if(ReadProcessMemory(hProcess, pbInfo.PebBaseAddress, &pebInfo, sizeof(pebInfo) , NULL)) { if(ReadProcessMemory(hProcess, pebInfo.ProcessParameters, &rtl, sizeof(rtl) , NULL)) { rc = ReadProcessMemory(hProcess, &rtl.CommandLine, &commandLine, sizeof(commandLine), NULL); if(rc != 0 || (rc == 0 && GetLastError() == ERROR_PARTIAL_COPY)) { // allocate memory to hold the command line commandLineContents = (WCHAR *)malloc(rtl.CommandLine.Length); // read the command line if (!ReadProcessMemory(hProcess, rtl.CommandLine.Buffer, commandLineContents, rtl.CommandLine.Length, NULL)) { debug_log("getProcessInfo(): Could not read the command line string!"); free(commandLineContents); FreeLibrary(hNtDll); CloseHandle(hProcess); return ; } if (rtl.CommandLine.Length < sizeof(procInfo->szCmd)) wcstombs(procInfo->szCmd, commandLineContents, rtl.CommandLine.Length); free(commandLineContents); } else { debug_log("getProcessInfo(): Failed to read PEBs command line, rc: %d", GetLastError()); } rc = ReadProcessMemory(hProcess, &rtl.ImagePathName, &imagePath, sizeof(imagePath), NULL); if(rc != 0 || (rc == 0 && GetLastError() == ERROR_PARTIAL_COPY)) { // allocate memory to hold the image path imagePathContents = (WCHAR *)malloc(rtl.ImagePathName.Length); // read the path if (!ReadProcessMemory(hProcess, rtl.ImagePathName.Buffer, imagePathContents, rtl.ImagePathName.Length, NULL)) { debug_log("getProcessInfo(): Could not read the image path line string!"); free(imagePathContents); FreeLibrary(hNtDll); CloseHandle(hProcess); return ; } if (rtl.ImagePathName.Length < sizeof(procInfo->szImage)) wcstombs(procInfo->szImage, imagePathContents, rtl.ImagePathName.Length); free(imagePathContents); start = procInfo->szImage; p = strstr(procInfo->szImage, name); if (p != NULL) strncpy(procInfo->szCWD, start, p-start); } else { debug_log("getProcessInfo(): Failed to read PEBs image path line, rc: %d", GetLastError()); } } } } FreeLibrary(hNtDll); */ CloseHandle(hProcess); } else { debug_log(LOG_ERR, "getProcessInfo(): unable to open process: \'%s\', rc: %d", name, GetLastError()); return; } }