18 my %processes; |
18 my %processes; |
19 my %threadcount; |
19 my %threadcount; |
20 my %instancecount; |
20 my %instancecount; |
21 my %originalname; |
21 my %originalname; |
22 my @deathlist; |
22 my @deathlist; |
|
23 my %loaded_exes; |
23 |
24 |
24 my $line; |
25 my $line; |
25 while ($line = <>) |
26 while ($line = <>) |
26 { |
27 { |
27 # AddThread ekern.exe::NVMem-ecc10dce to ekern.exe |
28 # AddThread ekern.exe::NVMem-ecc10dce to ekern.exe |
28 # Process FLogSvr.exe Die: 0 0 Kill |
29 # Process FLogSvr.exe Die: 0 0 Kill |
29 # DLibrary domainSrv.exe::domainpolicy2.dll Close m=-1 |
30 # DLibrary domainSrv.exe::domainpolicy2.dll Close m=-1 |
30 # Thread MTMInit::Via Infrared Via Infrared Panic MTMInit 5 |
31 # Thread MTMInit::Via Infrared Via Infrared Panic MTMInit 5 |
31 # DProcess::Rename MSexe.exe to !MsvServer |
32 # DProcess::Rename MSexe.exe to !MsvServer |
32 if ( $line =~ /^(AddThread |Process \S+ Die: |DLibrary |Thread |DProcess::Rename )/o) |
33 # DCodeSeg::Create c809aac8 file Z:\SYS\BIN\BmpAnSrv.dll ver 000a0000 process EwSrv.exe |
|
34 # Thread sysstatemgr.exe::!CleSrv_22f5d001 Logon to process matrixmenu.exe, status at 00800a74 rdv=1 |
|
35 |
|
36 if ( $line =~ /^(AddThread |Process \S+ Die: |DLibrary |Thread |DProcess::Rename |DCodeSeg::Create )/o) |
33 { |
37 { |
34 |
38 |
|
39 if ($line =~ /^DCodeSeg::Create \S+ file z:\\sys\\bin\\(\S+) ver \S+ process (\S+)/io) |
|
40 { |
|
41 my $exe = $1; |
|
42 my $process = $2; |
|
43 my $truename = $originalname{$process}; |
|
44 $truename = $process if (!defined $truename); |
|
45 $loaded_exes{"$exe\t$truename"} = 1; |
|
46 next; |
|
47 } |
35 if ($line =~ /^DProcess::Rename (\S+) to (\S+)/o) |
48 if ($line =~ /^DProcess::Rename (\S+) to (\S+)/o) |
36 { |
49 { |
37 my $oldname = $1; |
50 my $oldname = $1; |
38 my $process = $2; |
51 my $process = $2; |
39 printf "Renaming %s (%d,%d) to %s\n", $oldname, $processes{$oldname}, $threadcount{$oldname}, $process; |
52 printf "Renaming %s (%d,%d) to %s\n", $oldname, $processes{$oldname}, $threadcount{$oldname}, $process; |
40 $processes{$process} = $processes{$oldname}; |
53 $processes{$process} = $processes{$oldname}; |
41 $threadcount{$process} = $threadcount{$oldname}; |
54 $threadcount{$process} = $threadcount{$oldname}; |
42 $instancecount{$process} = $instancecount{$oldname}; |
55 $instancecount{$process} = $instancecount{$oldname}; |
43 |
56 |
44 $originalname{$process} = $oldname; |
57 $originalname{$process} = $originalname{$oldname}; |
45 delete $processes{$oldname}; |
58 delete $processes{$oldname}; |
46 delete $threadcount{$oldname}; |
59 delete $threadcount{$oldname}; |
47 } |
60 } |
48 if ($line =~ /^AddThread (\S+)::(\S+) to (\S+)$/o) |
61 if ($line =~ /^AddThread (\S+)::(\S+) to (\S+)$/o) |
49 { |
62 { |
53 if ($thread eq "Main" || $thread eq "Null") |
66 if ($thread eq "Main" || $thread eq "Null") |
54 { |
67 { |
55 # New process created |
68 # New process created |
56 $processes{$process} = $.; |
69 $processes{$process} = $.; |
57 $threadcount{$process} = 0; |
70 $threadcount{$process} = 0; |
|
71 $originalname{$process} = $process; |
58 } |
72 } |
59 $threadcount{$process} += 1; |
73 $threadcount{$process} += 1; |
60 if (!defined $instancecount{$process}) |
74 if (!defined $instancecount{$process}) |
61 { |
75 { |
62 $instancecount{$process} = 0; |
76 $instancecount{$process} = 0; |
63 } |
77 } |
64 $instancecount{$process} += 1; |
78 $instancecount{$process} += 1; |
65 } |
79 } |
66 print "$.: $line"; |
80 print "$.: $line"; |
67 |
81 |
|
82 # Thread sysstatemgr.exe::!CleSrv_22f5d001 Logon to process matrixmenu.exe, status at 00800a74 rdv=1 |
|
83 if ($line =~ /^Thread (.*)::.* Logon to process ([^,]+),/o) |
|
84 { |
|
85 my $parentprocess = $originalname{$1}; |
|
86 my $childprocess = $2; |
|
87 $loaded_exes{"$childprocess\t$parentprocess"} = 2; |
|
88 next; |
|
89 } |
68 if ($line =~ /^Process (\S+) Die: (.*)$/o) |
90 if ($line =~ /^Process (\S+) Die: (.*)$/o) |
69 { |
91 { |
70 my $process = $1; |
92 my $process = $1; |
71 my $details = $2; |
93 my $details = $2; |
72 my $summary = sprintf "#%d, %d threads, lifetime %d-%d", |
94 my $summary = sprintf "#%d, %d threads, lifetime %d-%d", |
101 } |
123 } |
102 |
124 |
103 printf "\n\nActive processes (%d):\n", scalar keys %processes; |
125 printf "\n\nActive processes (%d):\n", scalar keys %processes; |
104 foreach my $process (sort keys %processes) |
126 foreach my $process (sort keys %processes) |
105 { |
127 { |
106 printf "%-25s\t%d threads, created at line %d\n", $process, $threadcount{$process}, $processes{$process}; |
128 printf "%-30s\t%d threads, created at line %d\n", $process, $threadcount{$process}, $processes{$process}; |
107 } |
129 } |
108 |
130 |
109 printf "\n\nDead processes (%d)\n", scalar @deathlist; |
131 printf "\n\nDead processes (%d)\n", scalar @deathlist; |
110 print join("\n", sort @deathlist, ""); |
132 print join("\n", sort @deathlist, ""); |
|
133 |
|
134 printf "\n\nLoaded executables (%d)\n", scalar keys %loaded_exes; |
|
135 foreach my $exepair (sort keys %loaded_exes) |
|
136 { |
|
137 my ($exe,$parent) = split /\t/, $exepair; |
|
138 printf "%-30s\t%s\n", $exe, $parent; |
|
139 } |