Commit ae3b8ec7 authored by ussrhero's avatar ussrhero
Browse files

added process filter

parent bd6af5c0
......@@ -2,6 +2,7 @@
import pykd
import argparse
import os
import os.path
import multiprocessing
import json
from datetime import datetime
......@@ -14,6 +15,8 @@ moduleInfoProvider = None
defaultModuleFilter = 'not ( manufactor in ("Microsoft") and type in ("system") )'
defaultProcessFilter = 'not processName.lower() in ("svchost.exe", "system", "csrss.exe", "winlogon.exe", "wininit.exe", "lsass.exe", "services.exe", "smss.exe", "spoolsv.exe", "userinit.exe", "explorer.exe", "dwm.exe", "taskhost.exe", "taskeng.exe" )'
class DumpStatus:
Error = 0
......@@ -81,6 +84,32 @@ def buildDumpDesc(name):
moduleInfoProvider = getModuleInfoProvider()
return DumpDesc(name)
class ProcessInfo(object):
def getProcessName(self, process):
try:
if not hasattr(process, "ImageFilePointer") or process.ImageFilePointer == 0:
return pykd.loadCStr(process.ImageFileName)
else:
return os.path.split(pykd.loadUnicodeString(process.ImageFilePointer.FileName))[1]
except:
return None
def ifContainProcess(self, processName):
return processName in self.processList
def __init__(self):
self.processList = []
try:
nt = pykd.module('nt')
for p in nt.typedVarList(nt.PsActiveProcessHead, "_EPROCESS", "ActiveProcessLinks.Flink"):
processName = self.getProcessName(p)
if processName:
self.processList.append(processName)
except:
pass
class DumpDesc(object):
......@@ -95,6 +124,7 @@ class DumpDesc(object):
self.modules = [ DumpModule(m) for m in targetSystem.currentProcess().modules() if ( m.begin() & 0x8000000000000000 ) != 0 ]
self.desc = pykd.getSystemVersion().buildString
self.crashInfo = DumpCrashInfo()
self.processInfo = ProcessInfo()
self.status = DumpStatus.Success
except:
......@@ -176,6 +206,18 @@ def getUniqueBugCheck(dumpDescList, crashFilter):
return list(bugCheckList)
def getUniqueProcessList(dumpDescList, processFilter):
uniqueProcesses = set()
for dump in dumpDescList:
for processName in dump.processInfo.processList:
if processFilter == '' or eval(processFilter, globals(), { "processName" : processName }):
uniqueProcesses.add(processName)
return uniqueProcesses
def printModuleDiff(dumpDescList, moduleFilter, verbose, rate):
......@@ -297,7 +339,24 @@ def printCrashDiff(dumpDescList, crashFilter, moduleFilter, verbose, rate):
if len(dumps) < len(dumpDescList):
for dump in dumps:
print ("\t%s" % dump.dumpName)
def printProcessDiff(dumpDescList, processFilter, rate):
print("")
print( "============ Process diff ===============")
processList = sorted( getUniqueProcessList(dumpDescList, processFilter), key = lambda m: m.lower() )
for processName in processList:
processRate = len( [ d for d in dumpDescList if d.processInfo.ifContainProcess(processName) ] ) * 100 / len( dumpDescList )
if processRate < rate:
continue
print( "process %s in %d%% dumps" % (processName, processRate) )
def printDiff(args):
......@@ -346,6 +405,9 @@ def printDiff(args):
if args.crashFilter !="off":
printCrashDiff(dumpDescList, args.crashFilter, args.moduleFilter, args.verbose, args.rate)
if args.processFilter != "off":
printProcessDiff(dumpDescList, args.processFilter, args.rate)
def printHeader():
......@@ -363,9 +425,10 @@ def main():
parser.add_argument('-d', '--dir', metavar='DIRECTORY', help='directory with dump files')
parser.add_argument('-m', '--module', metavar='FILTER', nargs='?', dest='moduleFilter', help='module filter', default=defaultModuleFilter )
parser.add_argument('-c', '--crash', dest = 'crashFilter', nargs='?', help='crash filter')
parser.add_argument('-p', '--process', dest = 'processFilter', nargs='?', help='process filter', default=defaultProcessFilter )
parser.add_argument('-v', '--verbose', help='verbose output', action='store_true', default=False)
parser.add_argument('-r', '--rate', help='filter dump by rate', type=int, default=0)
parser.add_argument('-p', '--processes', help='load dump on multi core', dest='processNumber', type=int, default=-1)
parser.add_argument('-n', '--cpunumber', help='load dump on multi core', dest='processNumber', type=int, default=-1)
args = parser.parse_args()
......
......@@ -86,6 +86,19 @@ moduleDB = r'''
{"name" : "nvhda64v", "manufactor" : "NVIDIA", "type" : "hardware", "desc" : "nVidia HDMI Audio Device (nForce chipset driver)"},
{"name" : "ATMFD", "manufactor" : "Microsoft", "type" : "system" },
{"name" : "amdxata", "manufactor" : "AMD", "type" : "hardware", "desc" : "AMD Storage Controller Driver"},
{"name" : "Rt64win7", "manufactor" : "Realtek", "desc" : "Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC"}
{"name" : "Rt64win7", "manufactor" : "Realtek", "desc" : "Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC"},
{"name" : "msahci", "manufactor" : "Microsoft", "desc" : "AHCI 1.0 Standard Driver" , "type" : "system"},
{"name" : "winhv", "manufactor" : "Microsoft", "desc" : "Windows Hypervisor Interface Driver" , "type" : "hyperv"},
{"name" : "iusb3hcs", "manufactor" : "Intel", "desc" : "Intel(R) USB 3.0 Host Controller Switch Driver" , "type" : "hardware"},
{"name" : "iusb3hub", "manufactor" : "Intel", "desc" : "Intel(R) USB 3.0 Hub Driver" , "type" : "hardware"},
{"name" : "iusb3xhc", "manufactor" : "Intel", "desc" : "Intel(R) USB 3.0 eXtensible Host Controller Driver" , "type" : "hardware"},
{"name" : "atikmdag", "manufactor" : "ATI", "desc" : "ATI Video driver" , "type" : "hardware"},
{"name" : "atikmpag", "manufactor" : "ATI", "desc" : "ATI Video driver" , "type" : "hardware"},
{"name" : "vmbus", "manufactor" : "Microsoft", "desc" : "Virtual Machine Bus" , "type" : "hyperv"},
{"name" : "asyncmac", "manufactor" : "Microsoft", "desc" : "MS Remote Access serial network driver" , "type" : "system"},
{"name" : "SynTP", "manufactor" : "Synaptic", "desc" : "Synaptic Touch Pad Driver", "type" : "hardware"},
{"name" : "mshidkmdf", "manufactor" : "Microsoft", "desc" : "Pass-through HID to KMDF Filter Driver", "type" : "system"},
{"name" : "CAD", "manufactor" : "Microsoft", "desc" : "Charge Arbiration Driver", "type" : "system"},
{"name" : "rtbth", "manufactor" : "Ralink", "desc" : "Ralink Bluetooth Adapter" }
]
'''
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment