├── ProcMonX
├── ProcMonX.h
├── Settings.cpp
├── TraceData.cpp
├── TraceData.h
├── SortedFilteredVector.cpp
├── res
│ ├── ok.ico
│ ├── Play.ico
│ ├── Stop.ico
│ ├── add.ico
│ ├── file.ico
│ ├── find.ico
│ ├── gear.ico
│ ├── heap.ico
│ ├── job.ico
│ ├── save.ico
│ ├── Driver.ico
│ ├── Modules.ico
│ ├── Pause.ico
│ ├── cancel.ico
│ ├── debug.ico
│ ├── dll-add.ico
│ ├── event.ico
│ ├── event2.ico
│ ├── event3.ico
│ ├── filter.ico
│ ├── handle.ico
│ ├── heap2.ico
│ ├── memory.ico
│ ├── network.ico
│ ├── object.ico
│ ├── rename.ico
│ ├── save_as.ico
│ ├── search.ico
│ ├── stack.ico
│ ├── storage.ico
│ ├── threads.ico
│ ├── tools.ico
│ ├── ProcMonX.ico
│ ├── clip_copy.ico
│ ├── letter-k.ico
│ ├── letter-u.ico
│ ├── ok_button.ico
│ ├── processes.ico
│ ├── registry.ico
│ ├── autoscroll.ico
│ ├── dll-delete.ico
│ ├── execute-info.ico
│ ├── filter-add.ico
│ ├── filter-edit.ico
│ ├── folder_open.ico
│ ├── process-new.ico
│ ├── properties.ico
│ ├── threads-new.ico
│ ├── arrow_up_blue.ico
│ ├── delete_button.ico
│ ├── filter-delete.ico
│ ├── process-delete.ico
│ ├── threads-delete.ico
│ ├── arrow_down_blue.ico
│ └── document_flat-download.ico
├── ProcMonX.rc
├── ClipboardHelper.h
├── SerializerFactory.h
├── pch.cpp
├── Settings.h
├── packages.config
├── FilterFactory.h
├── EventNameFilter.h
├── PropertyNameFilter.h
├── PropertyValueFilter.h
├── DialogHelper.h
├── CSVEventDataSerializer.h
├── ProcessNameFilter.h
├── EventNameFilter.cpp
├── FormatHelper.h
├── ProcessNameFilter.cpp
├── ProcessIdFilter.h
├── SerializerFactory.cpp
├── IEventDataSerializer.h
├── SymbolManager.h
├── CSVEventDataSerializer.cpp
├── PropertyNameFilter.cpp
├── ClipboardHelper.cpp
├── SortHelper.h
├── PropertyValueFilter.cpp
├── EventConfiguration.h
├── AboutDlg.cpp
├── ProcessIdFilter.cpp
├── FilterConfiguration.h
├── IniFile.h
├── Interfaces.h
├── DialogHelper.cpp
├── ProcMonX.cpp
├── BinaryEventDataSerializer.h
├── AboutDlg.h
├── FilterFactory.cpp
├── manifest.xml
├── EventPropertiesDlg.h
├── SymbolsHandler.h
├── SortHelper.cpp
├── QuickFindDlg.h
├── SymbolManager.cpp
├── CallStackDlg.h
├── QuickFindDlg.cpp
├── pch.h
├── ViewBase.h
├── SortedFilteredVector.h
├── FiltersDlg.h
├── ColumnManager.h
├── EventConfiguration.cpp
├── FilterConfiguration.cpp
├── IniFile.cpp
├── EventsDlg.h
├── BinaryEventDataSerializer.cpp
├── EventPropertiesDlg.cpp
├── CallStackDlg.cpp
├── MainFrm.h
├── View.h
├── SymbolsHandler.cpp
├── resource.h
├── ColumnManager.cpp
├── EventsDlg.cpp
├── FiltersDlg.cpp
└── FormatHelper.cpp
├── procmonxv2.png
├── Utils
├── Utils.cpp
├── pch.cpp
├── pch.h
├── CompoundFileReaderWriter.cpp
├── Utils.vcxproj.filters
├── CompoundFile.h
├── CompoundFileReaderWriter.h
├── CompoundFile.cpp
└── Utils.vcxproj
├── EventTracing
├── packages.config
├── pch.cpp
├── StringCompareFilterBase.h
├── pch.h
├── FilterBase.cpp
├── EventParser.h
├── FilterBase.h
├── StringCompareFilterBase.cpp
├── EventTracing.vcxproj.filters
├── EventData.h
├── TraceManager.h
├── EventParser.cpp
├── EventData.cpp
├── KernelEvents.cpp
└── KernelEvents.h
├── ProcMonC
├── packages.config
├── ProcMonC.vcxproj.filters
└── ProcMonC.cpp
├── README.md
├── LICENSE
├── ProcMonX.sln.startup.json
├── .gitattributes
├── ProcMonX.sln
└── .gitignore
/ProcMonX/ProcMonX.h:
--------------------------------------------------------------------------------
1 | // ProcMonX.h
2 |
--------------------------------------------------------------------------------
/ProcMonX/Settings.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "Settings.h"
3 |
--------------------------------------------------------------------------------
/ProcMonX/TraceData.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "TraceData.h"
3 |
--------------------------------------------------------------------------------
/ProcMonX/TraceData.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class TraceData {
4 | };
5 |
6 |
--------------------------------------------------------------------------------
/procmonxv2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/procmonxv2.png
--------------------------------------------------------------------------------
/ProcMonX/SortedFilteredVector.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "SortedFilteredVector.h"
3 |
--------------------------------------------------------------------------------
/ProcMonX/res/ok.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/ok.ico
--------------------------------------------------------------------------------
/ProcMonX/ProcMonX.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/ProcMonX.rc
--------------------------------------------------------------------------------
/ProcMonX/res/Play.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/Play.ico
--------------------------------------------------------------------------------
/ProcMonX/res/Stop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/Stop.ico
--------------------------------------------------------------------------------
/ProcMonX/res/add.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/add.ico
--------------------------------------------------------------------------------
/ProcMonX/res/file.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/file.ico
--------------------------------------------------------------------------------
/ProcMonX/res/find.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/find.ico
--------------------------------------------------------------------------------
/ProcMonX/res/gear.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/gear.ico
--------------------------------------------------------------------------------
/ProcMonX/res/heap.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/heap.ico
--------------------------------------------------------------------------------
/ProcMonX/res/job.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/job.ico
--------------------------------------------------------------------------------
/ProcMonX/res/save.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/save.ico
--------------------------------------------------------------------------------
/ProcMonX/res/Driver.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/Driver.ico
--------------------------------------------------------------------------------
/ProcMonX/res/Modules.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/Modules.ico
--------------------------------------------------------------------------------
/ProcMonX/res/Pause.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/Pause.ico
--------------------------------------------------------------------------------
/ProcMonX/res/cancel.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/cancel.ico
--------------------------------------------------------------------------------
/ProcMonX/res/debug.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/debug.ico
--------------------------------------------------------------------------------
/ProcMonX/res/dll-add.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/dll-add.ico
--------------------------------------------------------------------------------
/ProcMonX/res/event.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/event.ico
--------------------------------------------------------------------------------
/ProcMonX/res/event2.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/event2.ico
--------------------------------------------------------------------------------
/ProcMonX/res/event3.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/event3.ico
--------------------------------------------------------------------------------
/ProcMonX/res/filter.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/filter.ico
--------------------------------------------------------------------------------
/ProcMonX/res/handle.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/handle.ico
--------------------------------------------------------------------------------
/ProcMonX/res/heap2.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/heap2.ico
--------------------------------------------------------------------------------
/ProcMonX/res/memory.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/memory.ico
--------------------------------------------------------------------------------
/ProcMonX/res/network.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/network.ico
--------------------------------------------------------------------------------
/ProcMonX/res/object.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/object.ico
--------------------------------------------------------------------------------
/ProcMonX/res/rename.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/rename.ico
--------------------------------------------------------------------------------
/ProcMonX/res/save_as.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/save_as.ico
--------------------------------------------------------------------------------
/ProcMonX/res/search.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/search.ico
--------------------------------------------------------------------------------
/ProcMonX/res/stack.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/stack.ico
--------------------------------------------------------------------------------
/ProcMonX/res/storage.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/storage.ico
--------------------------------------------------------------------------------
/ProcMonX/res/threads.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/threads.ico
--------------------------------------------------------------------------------
/ProcMonX/res/tools.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/tools.ico
--------------------------------------------------------------------------------
/ProcMonX/res/ProcMonX.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/ProcMonX.ico
--------------------------------------------------------------------------------
/ProcMonX/res/clip_copy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/clip_copy.ico
--------------------------------------------------------------------------------
/ProcMonX/res/letter-k.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/letter-k.ico
--------------------------------------------------------------------------------
/ProcMonX/res/letter-u.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/letter-u.ico
--------------------------------------------------------------------------------
/ProcMonX/res/ok_button.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/ok_button.ico
--------------------------------------------------------------------------------
/ProcMonX/res/processes.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/processes.ico
--------------------------------------------------------------------------------
/ProcMonX/res/registry.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/registry.ico
--------------------------------------------------------------------------------
/ProcMonX/res/autoscroll.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/autoscroll.ico
--------------------------------------------------------------------------------
/ProcMonX/res/dll-delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/dll-delete.ico
--------------------------------------------------------------------------------
/ProcMonX/res/execute-info.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/execute-info.ico
--------------------------------------------------------------------------------
/ProcMonX/res/filter-add.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/filter-add.ico
--------------------------------------------------------------------------------
/ProcMonX/res/filter-edit.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/filter-edit.ico
--------------------------------------------------------------------------------
/ProcMonX/res/folder_open.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/folder_open.ico
--------------------------------------------------------------------------------
/ProcMonX/res/process-new.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/process-new.ico
--------------------------------------------------------------------------------
/ProcMonX/res/properties.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/properties.ico
--------------------------------------------------------------------------------
/ProcMonX/res/threads-new.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/threads-new.ico
--------------------------------------------------------------------------------
/ProcMonX/res/arrow_up_blue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/arrow_up_blue.ico
--------------------------------------------------------------------------------
/ProcMonX/res/delete_button.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/delete_button.ico
--------------------------------------------------------------------------------
/ProcMonX/res/filter-delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/filter-delete.ico
--------------------------------------------------------------------------------
/ProcMonX/res/process-delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/process-delete.ico
--------------------------------------------------------------------------------
/ProcMonX/res/threads-delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/threads-delete.ico
--------------------------------------------------------------------------------
/Utils/Utils.cpp:
--------------------------------------------------------------------------------
1 | // Utils.cpp : Defines the functions for the static library.
2 | //
3 |
4 | #include "pch.h"
5 |
6 |
--------------------------------------------------------------------------------
/ProcMonX/res/arrow_down_blue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/arrow_down_blue.ico
--------------------------------------------------------------------------------
/ProcMonX/res/document_flat-download.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonXv2/HEAD/ProcMonX/res/document_flat-download.ico
--------------------------------------------------------------------------------
/ProcMonX/ClipboardHelper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class ClipboardHelper final {
4 | public:
5 | static bool CopyText(HWND hWnd, const CString& text);
6 | };
7 |
8 |
--------------------------------------------------------------------------------
/EventTracing/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/ProcMonC/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/Utils/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 |
3 | #include "pch.h"
4 |
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 |
--------------------------------------------------------------------------------
/EventTracing/pch.cpp:
--------------------------------------------------------------------------------
1 | // pch.cpp: source file corresponding to the pre-compiled header
2 |
3 | #include "pch.h"
4 |
5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed.
6 |
--------------------------------------------------------------------------------
/ProcMonX/SerializerFactory.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "IEventDataSerializer.h"
4 |
5 | struct SerializerFactory {
6 | static std::unique_ptr CreateFromExtension(const CString& ext);
7 | };
8 |
9 |
--------------------------------------------------------------------------------
/ProcMonX/pch.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // ProcMonX.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 |
5 | #include "pch.h"
6 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Process Monitor X v2
2 |
3 | Procmon-like tool that uses Event Tracing for Windows (ETW) instead of a kernel driver to provide event information.
4 |
5 | 
6 |
--------------------------------------------------------------------------------
/ProcMonX/Settings.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct Settings {
4 | WINDOWPLACEMENT WindowPlacement{ sizeof(WindowPlacement) };
5 | LOGFONT Font{};
6 | bool AlwaysOnTop{ false };
7 |
8 | bool Save(PCWSTR path);
9 | bool Load(PCWSTR path);
10 | };
11 |
--------------------------------------------------------------------------------
/ProcMonX/packages.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
--------------------------------------------------------------------------------
/ProcMonX/FilterFactory.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "FilterBase.h"
4 |
5 | struct FilterFactory {
6 | static std::vector GetFilterNames();
7 | static std::shared_ptr CreateFilter(PCWSTR name, CompareType compare, PCWSTR params, FilterAction action);
8 | };
9 |
10 |
--------------------------------------------------------------------------------
/ProcMonX/EventNameFilter.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "StringCompareFilterBase.h"
3 |
4 | class EventNameFilter : public StringCompareFilterBase {
5 | public:
6 | EventNameFilter(std::wstring name, CompareType type, FilterAction action);
7 |
8 | virtual FilterAction Eval(FilterContext& context) const override;
9 |
10 | };
11 |
12 |
--------------------------------------------------------------------------------
/ProcMonX/PropertyNameFilter.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "StringCompareFilterBase.h"
3 |
4 | class PropertyNameFilter : public StringCompareFilterBase {
5 | public:
6 | PropertyNameFilter(std::wstring name, CompareType type, FilterAction action);
7 |
8 | virtual FilterAction Eval(FilterContext& context) const override;
9 |
10 | };
11 |
12 |
--------------------------------------------------------------------------------
/ProcMonX/PropertyValueFilter.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "StringCompareFilterBase.h"
3 |
4 | class PropertyValueFilter final : public StringCompareFilterBase {
5 | public:
6 | PropertyValueFilter(std::wstring name, CompareType type, FilterAction action);
7 |
8 | virtual FilterAction Eval(FilterContext& context) const override;
9 | };
10 |
11 |
--------------------------------------------------------------------------------
/ProcMonX/DialogHelper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | constexpr WCHAR SaveLoadIniFilter[] = L"ini files (*.ini)\0*.ini\0All Files\0*.*\0";
4 |
5 | class DialogHelper abstract {
6 | public:
7 | static void AdjustOKCancelButtons(CWindow* dlg);
8 | static bool AddIconToButton(CWindow* dlg, WORD id, WORD icon);
9 | static void SetDialogIcon(CWindow* dlg, UINT icon);
10 | };
11 |
12 |
--------------------------------------------------------------------------------
/ProcMonX/CSVEventDataSerializer.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "IEventDataSerializer.h"
3 |
4 | class CSVEventDataSerializer : public IEventDataSerializer {
5 | public:
6 | virtual bool Save(const std::vector>& events, const EventDataSerializerOptions& options, PCWSTR path) override;
7 | virtual std::vector> Load(PCWSTR path) override;
8 | };
9 |
10 |
--------------------------------------------------------------------------------
/ProcMonX/ProcessNameFilter.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "StringCompareFilterBase.h"
3 |
4 | class ProcessNameFilter final : public StringCompareFilterBase {
5 | public:
6 | using StringCompareFilterBase::StringCompareFilterBase;
7 |
8 | ProcessNameFilter(std::wstring name, CompareType type, FilterAction action);
9 |
10 | virtual FilterAction Eval(FilterContext& context) const override;
11 |
12 | };
13 |
14 |
--------------------------------------------------------------------------------
/ProcMonX/EventNameFilter.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "EventNameFilter.h"
3 | #include "EventData.h"
4 |
5 | EventNameFilter::EventNameFilter(std::wstring name, CompareType type, FilterAction action) :
6 | StringCompareFilterBase(L"Event Name", name, type, action) {
7 | }
8 |
9 | FilterAction EventNameFilter::Eval(FilterContext& context) const {
10 | return Compare(context.Data->GetEventName());
11 | }
12 |
--------------------------------------------------------------------------------
/ProcMonX/FormatHelper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "EventData.h"
3 |
4 | struct FormatHelper {
5 | static std::wstring FormatProperty(const EventData* data, const EventProperty& prop);
6 | static CString FormatTime(LONGLONG ts);
7 | static CString VirtualAllocFlagsToString(DWORD flags, bool withNumeric = false);
8 | static CString MajorFunctionToString(UCHAR mf);
9 | static PCWSTR ObjectTypeToString(int type);
10 | };
11 |
12 |
--------------------------------------------------------------------------------
/ProcMonX/ProcessNameFilter.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ProcessNameFilter.h"
3 | #include "EventData.h"
4 |
5 | ProcessNameFilter::ProcessNameFilter(std::wstring name, CompareType type, FilterAction action) :
6 | StringCompareFilterBase(L"Process Name", name, type, action) {
7 | }
8 |
9 | FilterAction ProcessNameFilter::Eval(FilterContext& context) const {
10 | return Compare(context.Data->GetProcessName());
11 | }
12 |
13 |
--------------------------------------------------------------------------------
/ProcMonX/ProcessIdFilter.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "FilterBase.h"
4 |
5 | class ProcessIdFilter : public FilterBase {
6 | public:
7 | ProcessIdFilter(DWORD pid, CompareType compare, FilterAction action);
8 |
9 | void SetProcessId(DWORD pid);
10 |
11 | // Inherited via FilterBase
12 | virtual FilterAction Eval(FilterContext& context) const override;
13 | virtual bool InitFromParams(const std::wstring& params) override;
14 | virtual std::wstring GetParams() override;
15 |
16 | private:
17 | DWORD _pid;
18 | };
19 |
20 |
--------------------------------------------------------------------------------
/ProcMonX/SerializerFactory.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "SerializerFactory.h"
3 | #include "CSVEventDataSerializer.h"
4 | #include "BinaryEventDataSerializer.h"
5 |
6 | std::unique_ptr SerializerFactory::CreateFromExtension(const CString& ext) {
7 | auto str(ext);
8 | str.MakeLower();
9 |
10 | if (str == "pmx")
11 | return std::make_unique();
12 | if (str == "csv")
13 | return std::make_unique();
14 |
15 | return nullptr;
16 | }
17 |
--------------------------------------------------------------------------------
/ProcMonX/IEventDataSerializer.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "EventData.h"
4 |
5 | struct EventDataSerializerOptions {
6 | bool ResolveSymbols{ false };
7 | bool WriteHeaderLine{ true };
8 | bool CompressOutput{ false };
9 | uint32_t StartIndex{ (uint32_t)-1 };
10 | };
11 |
12 | struct IEventDataSerializer abstract {
13 | virtual bool Save(const std::vector>& events, const EventDataSerializerOptions& options, PCWSTR path) = 0;
14 | virtual std::vector> Load(PCWSTR path) = 0;
15 | };
16 |
17 |
--------------------------------------------------------------------------------
/EventTracing/StringCompareFilterBase.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #include "FilterBase.h"
3 |
4 | class StringCompareFilterBase abstract : public FilterBase {
5 | public:
6 | using FilterBase::FilterBase;
7 |
8 | protected:
9 | StringCompareFilterBase(std::wstring name, std::wstring text, CompareType type, FilterAction action);
10 | FilterAction Compare(const std::wstring& str) const;
11 |
12 | virtual bool InitFromParams(const std::wstring& params) override;
13 | virtual std::wstring GetParams() override;
14 |
15 | private:
16 | std::wstring _text;
17 | };
18 |
19 |
--------------------------------------------------------------------------------
/ProcMonX/SymbolManager.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "SymbolsHandler.h"
4 |
5 | class SymbolManager {
6 | public:
7 | static SymbolManager& Get();
8 | ~SymbolManager();
9 | void Term();
10 |
11 | SymbolsHandler* GetCommon();
12 | SymbolsHandler* GetForProcess(DWORD pid);
13 |
14 | std::unique_ptr GetSymbolFromAddress(DWORD pid, DWORD64 address, PDWORD64 offset = nullptr);
15 |
16 | private:
17 | SymbolManager();
18 |
19 | SymbolsHandler _commonSymbols;
20 | std::unordered_map> _procSymbols;
21 | };
22 |
23 |
--------------------------------------------------------------------------------
/ProcMonX/CSVEventDataSerializer.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "CSVEventDataSerializer.h"
3 | #include
4 |
5 | bool CSVEventDataSerializer::Save(const std::vector>& events, const EventDataSerializerOptions& options, PCWSTR path) {
6 | std::ofstream out;
7 | out.open(path);
8 | if(out.fail())
9 | return false;
10 |
11 | for (auto& evt : events) {
12 | }
13 | return false;
14 | }
15 |
16 | std::vector> CSVEventDataSerializer::Load(PCWSTR path) {
17 | return std::vector>();
18 | }
19 |
--------------------------------------------------------------------------------
/ProcMonX/PropertyNameFilter.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "EventData.h"
3 | #include "PropertyNameFilter.h"
4 |
5 | PropertyNameFilter::PropertyNameFilter(std::wstring name, CompareType type, FilterAction action)
6 | : StringCompareFilterBase(L"Property Value", name, type, action) {
7 | }
8 |
9 | FilterAction PropertyNameFilter::Eval(FilterContext& context) const {
10 | auto action = FilterAction::None;
11 | for (auto& prop : context.Data->GetProperties()) {
12 | action = Compare(prop.Name);
13 | if (action == GetAction())
14 | return action;
15 | }
16 | return action;
17 | }
18 |
--------------------------------------------------------------------------------
/ProcMonX/ClipboardHelper.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ClipboardHelper.h"
3 |
4 |
5 | bool ClipboardHelper::CopyText(HWND hWnd, const CString& text) {
6 | if (::OpenClipboard(hWnd)) {
7 | ::EmptyClipboard();
8 | auto size = (text.GetLength() + 1) * sizeof(WCHAR);
9 | auto hData = ::GlobalAlloc(GMEM_MOVEABLE, size);
10 | if (hData) {
11 | auto p = ::GlobalLock(hData);
12 | if (p) {
13 | ::memcpy(p, text, size);
14 | ::GlobalUnlock(p);
15 | ::SetClipboardData(CF_UNICODETEXT, hData);
16 | }
17 | }
18 | ::CloseClipboard();
19 | if (hData)
20 | return true;
21 | }
22 | return false;
23 | }
24 |
--------------------------------------------------------------------------------
/Utils/pch.h:
--------------------------------------------------------------------------------
1 | // pch.h: This is a precompiled header file.
2 | // Files listed below are compiled only once, improving build performance for future builds.
3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
6 |
7 | #ifndef PCH_H
8 | #define PCH_H
9 |
10 | #define WIN32_LEAN_AND_MEAN
11 |
12 | #include
13 | #include
14 |
15 | #endif //PCH_H
16 |
--------------------------------------------------------------------------------
/ProcMonX/SortHelper.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct SortHelper final abstract {
4 | static bool SortStrings(const ATL::CString& s1, const ATL::CString& s2, bool ascending);
5 | static bool SortStrings(const std::string& s1, const std::string& s2, bool ascending);
6 | static bool SortStrings(const std::wstring& s1, const std::wstring& s2, bool ascending);
7 | static bool SortStrings(PCWSTR s1, PCWSTR s2, bool ascending);
8 | static bool SortBoolean(bool a, bool b, bool asc);
9 |
10 | template
11 | static bool SortNumbers(const Number& n1, const Number& n2, bool ascending) {
12 | return ascending ? n2 > n1 : n2 < n1;
13 | }
14 | };
15 |
16 |
17 |
--------------------------------------------------------------------------------
/ProcMonX/PropertyValueFilter.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "PropertyValueFilter.h"
3 | #include "EventData.h"
4 | #include "FormatHelper.h"
5 |
6 | PropertyValueFilter::PropertyValueFilter(std::wstring name, CompareType type, FilterAction action)
7 | : StringCompareFilterBase(L"Property Value", name, type, action){
8 | }
9 |
10 | FilterAction PropertyValueFilter::Eval(FilterContext& context) const {
11 | auto action = FilterAction::None;
12 | for (auto& prop : context.Data->GetProperties()) {
13 | action = Compare(FormatHelper::FormatProperty(context.Data, prop));
14 | if (action == GetAction())
15 | return action;
16 | }
17 | return action;
18 | }
19 |
--------------------------------------------------------------------------------
/ProcMonX/EventConfiguration.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "KernelEvents.h"
4 |
5 | struct EventConfigCategory {
6 | std::wstring Name;
7 | std::vector Opcodes;
8 |
9 | bool Contains(int opcode) const;
10 | };
11 |
12 | class EventsConfiguration {
13 | public:
14 | void AddCategory(EventConfigCategory cat);
15 | void Clear();
16 | const std::vector& GetCategories() const;
17 | const EventConfigCategory* const GetCategory(PCWSTR name) const;
18 | EventConfigCategory* GetCategory(PCWSTR name);
19 | int RemoveAdvanced(bool advanced);
20 |
21 | bool Save(PCWSTR path);
22 | bool Load(PCWSTR path, bool clean = true);
23 |
24 | private:
25 | std::vector _categories;
26 | };
27 |
28 |
--------------------------------------------------------------------------------
/ProcMonX/AboutDlg.cpp:
--------------------------------------------------------------------------------
1 | // aboutdlg.cpp : implementation of the CAboutDlg class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #include "pch.h"
6 | #include "aboutdlg.h"
7 |
8 | LRESULT CAboutDlg::OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/) {
9 | CenterWindow(GetParent());
10 | return TRUE;
11 | }
12 |
13 | LRESULT CAboutDlg::OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/) {
14 | EndDialog(wID);
15 | return 0;
16 | }
17 |
18 | LRESULT CAboutDlg::OnClickSyslink(int, LPNMHDR, BOOL&) {
19 | ::ShellExecute(nullptr, L"open", L"https://github.com/zodiacon/procmonxv2", nullptr, nullptr, SW_SHOWDEFAULT);
20 |
21 | return 0;
22 | }
23 |
--------------------------------------------------------------------------------
/EventTracing/pch.h:
--------------------------------------------------------------------------------
1 | // pch.h: This is a precompiled header file.
2 | // Files listed below are compiled only once, improving build performance for future builds.
3 | // This also affects IntelliSense performance, including code completion and many code browsing features.
4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds.
5 | // Do not add files here that you will be updating frequently as this negates the performance advantage.
6 |
7 | #ifndef PCH_H
8 | #define PCH_H
9 |
10 | #define _HAS_EXCEPTIONS 0
11 |
12 | #include
13 |
14 | #define INITGUID
15 |
16 | #include
17 | #include
18 | #include
19 | #include
20 | #include
21 | #include
22 |
23 | #endif //PCH_H
24 |
--------------------------------------------------------------------------------
/ProcMonX/ProcessIdFilter.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "ProcessIdFilter.h"
3 | #include "EventData.h"
4 |
5 | ProcessIdFilter::ProcessIdFilter(DWORD pid, CompareType compare, FilterAction action) : FilterBase(L"ProcessId", compare, action), _pid(pid) {
6 | }
7 |
8 | void ProcessIdFilter::SetProcessId(DWORD pid) {
9 | _pid = pid;
10 | }
11 |
12 | FilterAction ProcessIdFilter::Eval(FilterContext& context) const {
13 | return _pid == context.Data->GetProcessId() ? GetAction() : GetDefaultAction();
14 | }
15 |
16 | bool ProcessIdFilter::InitFromParams(const std::wstring& params) {
17 | if (params.empty())
18 | return false;
19 |
20 | _pid = _wtoi(params.c_str());
21 | return true;
22 | }
23 |
24 | std::wstring ProcessIdFilter::GetParams() {
25 | return std::to_wstring(_pid);
26 | }
27 |
--------------------------------------------------------------------------------
/ProcMonX/FilterConfiguration.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "FilterBase.h"
4 |
5 | struct FilterDescription {
6 | std::wstring Name;
7 | FilterAction Action{ FilterAction::None };
8 | FilterAction DefaultAction{ FilterAction::None };
9 | CompareType Compare{ CompareType::Equals };
10 | std::wstring Parameters;
11 | bool Enabled{ true };
12 | };
13 |
14 | class FilterConfiguration {
15 | public:
16 | bool AddFilter(FilterDescription desc);
17 | int GetFilterCount() const;
18 | bool SwapFilters(int index1, int index2);
19 | bool RemoveFilter(int index);
20 | FilterDescription* GetFilter(int index);
21 | const FilterDescription* GetFilter(int index) const;
22 |
23 | void Clear();
24 |
25 | bool Save(PCWSTR path);
26 | bool Load(PCWSTR path);
27 |
28 | private:
29 | std::vector _filters;
30 | };
31 |
32 |
--------------------------------------------------------------------------------
/ProcMonX/IniFile.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class IniFile {
4 | public:
5 | IniFile(PCWSTR path);
6 |
7 | CString ReadString(PCWSTR section, PCWSTR name, PCWSTR defaultValue = nullptr);
8 | int ReadInt(PCWSTR section, PCWSTR name, int defaultValue = 0);
9 | COLORREF ReadColor(PCWSTR section, PCWSTR name, COLORREF defaultValue = CLR_INVALID);
10 | std::vector ReadSection(PCWSTR section);
11 | bool ReadBool(PCWSTR section, PCWSTR name, bool defaultValue = false);
12 |
13 | bool WriteString(PCWSTR section, PCWSTR name, PCWSTR value);
14 | bool WriteInt(PCWSTR section, PCWSTR name, int value, bool hex = false);
15 | bool WriteBool(PCWSTR section, PCWSTR name, bool value);
16 |
17 | protected:
18 | COLORREF ParseHexColor(const CString& hex);
19 | COLORREF ParseDecColor(const CString& text);
20 |
21 | private:
22 | CString _path;
23 | };
24 |
25 |
--------------------------------------------------------------------------------
/ProcMonX/Interfaces.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class TraceManager;
4 |
5 | struct QuickFindOptions {
6 | bool CaseSensitive : 1;
7 | bool SearchProcesses : 1 { true};
8 | bool SearchEvents : 1 { true };
9 | bool SearchDetails : 1;
10 | bool SearchDown : 1 { true };
11 | bool FindNext : 1 { true };
12 | };
13 |
14 | struct IMainFrame {
15 | virtual BOOL TrackPopupMenu(HMENU hMenu, HWND hWnd, POINT* pt = nullptr, UINT flags = 0) = 0;
16 | virtual void ViewDestroyed(void* p) = 0;
17 | virtual TraceManager& GetTraceManager() = 0;
18 | virtual HFONT GetMonoFont() = 0;
19 | virtual BOOL SetPaneText(int index, PCWSTR text) = 0;
20 | virtual BOOL SetPaneIcon(int index, HICON hIcon) = 0;
21 | virtual CUpdateUIBase* GetUpdateUI() = 0;
22 | };
23 |
24 | struct IQuickFind {
25 | virtual void DoFind(PCWSTR text, const QuickFindOptions& options) = 0;
26 | virtual void WindowClosed() = 0;
27 | };
28 |
--------------------------------------------------------------------------------
/ProcMonX/DialogHelper.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "DialogHelper.h"
3 | #include "resource.h"
4 |
5 | void DialogHelper::AdjustOKCancelButtons(CWindow* dlg) {
6 | CButton ok(dlg->GetDlgItem(IDOK));
7 | if (ok) {
8 | ok.SetWindowText(L" OK");
9 | ok.SetIcon(AtlLoadIconImage(IDI_OK, 0, 16, 16));
10 | }
11 |
12 | CButton cancel(dlg->GetDlgItem(IDCANCEL));
13 | if (cancel) {
14 | cancel.SetWindowText(L" Cancel");
15 | cancel.SetIcon(AtlLoadIconImage(IDI_CANCEL, 0, 16, 16));
16 | }
17 | }
18 |
19 | bool DialogHelper::AddIconToButton(CWindow* dlg, WORD id, WORD icon) {
20 | CButton button(dlg->GetDlgItem(id));
21 | if (button) {
22 | button.SetIcon(AtlLoadIconImage(icon, 0, 16, 16));
23 | CString text;
24 | button.GetWindowText(text);
25 | button.SetWindowText(L" " + text);
26 | }
27 | return (bool)button;
28 | }
29 |
30 | void DialogHelper::SetDialogIcon(CWindow* dlg, UINT icon) {
31 | dlg->SetIcon(AtlLoadIconImage(icon, 0, 16, 16), FALSE);
32 | dlg->SetIcon(AtlLoadIconImage(icon, 0, 32, 32), TRUE);
33 | }
34 |
--------------------------------------------------------------------------------
/EventTracing/FilterBase.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "FilterBase.h"
3 |
4 | FilterBase::FilterBase(std::wstring name, CompareType compare, FilterAction action) : _name(std::move(name)), _compare(compare), _action(action) {
5 | }
6 |
7 | FilterBase::~FilterBase() = default;
8 |
9 | const std::wstring& FilterBase::GetName() const {
10 | return _name;
11 | }
12 |
13 | void FilterBase::Enable(bool enable) {
14 | _enabled = enable;
15 | }
16 |
17 | bool FilterBase::IsEnabled() const {
18 | return _enabled;
19 | }
20 |
21 | void FilterBase::SetAction(FilterAction action) {
22 | _action = action;
23 | }
24 |
25 | CompareType FilterBase::GetCompareType() const {
26 | return _compare;
27 | }
28 |
29 | void FilterBase::SetCompareType(CompareType compare) {
30 | _compare = compare;
31 | }
32 |
33 | FilterAction FilterBase::GetAction() const {
34 | return _action;
35 | }
36 |
37 | FilterAction FilterBase::GetDefaultAction() {
38 | return _defaultAction;
39 | }
40 |
41 | void FilterBase::SetDefaultAction(FilterAction action) {
42 | _defaultAction = action;
43 | }
44 |
--------------------------------------------------------------------------------
/ProcMonX/ProcMonX.cpp:
--------------------------------------------------------------------------------
1 | // ProcMonX.cpp : main source file for ProcMonX.exe
2 | //
3 |
4 | #include "pch.h"
5 | #include "MainFrm.h"
6 |
7 | CAppModule _Module;
8 |
9 | int Run(LPTSTR /*lpstrCmdLine*/ = NULL, int nCmdShow = SW_SHOWDEFAULT) {
10 | CMessageLoop theLoop;
11 | _Module.AddMessageLoop(&theLoop);
12 |
13 | CMainFrame wndMain;
14 |
15 | if (wndMain.CreateEx() == nullptr) {
16 | ATLTRACE(_T("Main window creation failed!\n"));
17 | return 0;
18 | }
19 |
20 | wndMain.ShowWindow(nCmdShow);
21 |
22 | int nRet = theLoop.Run();
23 |
24 | _Module.RemoveMessageLoop();
25 | return nRet;
26 | }
27 |
28 | int WINAPI _tWinMain(HINSTANCE hInstance, HINSTANCE /*hPrevInstance*/, LPTSTR lpstrCmdLine, int nCmdShow) {
29 | HRESULT hRes = ::CoInitialize(nullptr);
30 | ATLASSERT(SUCCEEDED(hRes));
31 |
32 | AtlInitCommonControls(ICC_BAR_CLASSES | ICC_LISTVIEW_CLASSES | ICC_TREEVIEW_CLASSES);
33 |
34 | hRes = _Module.Init(nullptr, hInstance);
35 | ATLASSERT(SUCCEEDED(hRes));
36 |
37 | int nRet = Run(lpstrCmdLine, nCmdShow);
38 |
39 | _Module.Term();
40 | ::CoUninitialize();
41 |
42 | return nRet;
43 | }
44 |
--------------------------------------------------------------------------------
/ProcMonC/ProcMonC.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2020 Pavel Yosifovich
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/ProcMonX/BinaryEventDataSerializer.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "IEventDataSerializer.h"
4 | #include "CompoundFile.h"
5 |
6 | class BinaryEventDataSerializer : public IEventDataSerializer {
7 | public:
8 | // Inherited via IEventDataSerializer
9 | virtual bool Save(const std::vector>& events, const EventDataSerializerOptions& options, PCWSTR path) override;
10 | virtual std::vector> Load(PCWSTR path) override;
11 |
12 | private:
13 | void WriteMetadata(StructuredStorage::CompoundFile* file, const std::vector>& events);
14 | void WriteEventData(StructuredStorage::StructuredDirectory* dir, const EventData* data);
15 | void WriteSimpleData(StructuredStorage::StructuredDirectory* dir, PCWSTR streamName, const void* data, int size);
16 | void WriteSimpleData(StructuredStorage::StructuredDirectory* dir, PCWSTR streamName, const std::wstring& value);
17 | template
18 | void WriteSimpleData(StructuredStorage::StructuredDirectory* dir, PCWSTR streamName, const T& data) {
19 | static_assert(std::is_trivially_constructible::value);
20 | WriteSimpleData(dir, streamName, &data, sizeof(data));
21 | }
22 | };
23 |
24 |
--------------------------------------------------------------------------------
/Utils/CompoundFileReaderWriter.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "CompoundFileReaderWriter.h"
3 |
4 | using namespace std;
5 | using namespace StructuredStorage;
6 |
7 | CompoundFileReaderWriter::CompoundFileReaderWriter(StructuredFile& file) : m_File(file) {
8 | }
9 |
10 | void CompoundFileReaderWriter::Write(const std::wstring & value) {
11 | auto len = static_cast(value.size());
12 | m_File.Write(&len, sizeof(len));
13 | m_File.Write(value.c_str(), len * sizeof(wchar_t));
14 | }
15 |
16 | void CompoundFileReaderWriter::Read(std::wstring & value) {
17 | uint32_t len;
18 | m_File.Read(&len, sizeof(len));
19 | auto buffer = make_unique(len);
20 | m_File.Read(buffer.get(), len * 2);
21 | value.assign(buffer.get(), len);
22 | }
23 |
24 | void CompoundFileReaderWriter::Write(const std::string & value) {
25 | auto len = static_cast(value.size());
26 | m_File.Write(&len, sizeof(len));
27 | m_File.Write(value.c_str(), len * sizeof(char));
28 | }
29 |
30 | void CompoundFileReaderWriter::Read(std::string & value) {
31 | uint32_t len;
32 | m_File.Read(&len, sizeof(len));
33 | auto buffer = make_unique(len);
34 | m_File.Read(buffer.get(), len);
35 | value.assign(buffer.get(), len);
36 | }
37 |
--------------------------------------------------------------------------------
/EventTracing/EventParser.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | struct EventProperty {
4 | friend class EventParser;
5 |
6 | EventProperty(EVENT_PROPERTY_INFO& info);
7 | ~EventProperty();
8 |
9 | std::wstring Name;
10 | BYTE* Data;
11 | ULONG Length;
12 | EVENT_PROPERTY_INFO& Info;
13 |
14 | template
15 | T GetValue() const {
16 | static_assert(std::is_pod() && !std::is_pointer());
17 | return *(T*)Data;
18 | }
19 |
20 | PCWSTR GetUnicodeString() const;
21 | PCSTR GetAnsiString() const;
22 |
23 | private:
24 | void Allocate(ULONG size);
25 | bool _allocated{ false };
26 |
27 | };
28 |
29 | class EventParser {
30 | public:
31 | EventParser(PEVENT_RECORD record);
32 |
33 | PTRACE_EVENT_INFO GetEventInfo() const;
34 | PEVENT_RECORD GetEventRecord() const;
35 | const EVENT_HEADER& GetEventHeader() const;
36 | const std::vector& GetProperties() const;
37 | const EventProperty* GetProperty(PCWSTR name) const;
38 |
39 | DWORD GetProcessId() const;
40 |
41 | static std::wstring GetDosNameFromNtName(PCWSTR name);
42 |
43 | private:
44 | std::unique_ptr _buffer;
45 | PTRACE_EVENT_INFO _info{ nullptr };
46 | PEVENT_RECORD _record;
47 | mutable std::vector _properties;
48 | };
49 |
50 |
--------------------------------------------------------------------------------
/ProcMonX/AboutDlg.h:
--------------------------------------------------------------------------------
1 | // aboutdlg.h : interface of the CAboutDlg class
2 | //
3 | /////////////////////////////////////////////////////////////////////////////
4 |
5 | #pragma once
6 |
7 | #include "resource.h"
8 |
9 | class CAboutDlg : public CDialogImpl {
10 | public:
11 | enum { IDD = IDD_ABOUTBOX };
12 |
13 | BEGIN_MSG_MAP(CAboutDlg)
14 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
15 | COMMAND_ID_HANDLER(IDOK, OnCloseCmd)
16 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
17 | NOTIFY_CODE_HANDLER(NM_CLICK, OnClickSyslink)
18 | NOTIFY_CODE_HANDLER(NM_RETURN, OnClickSyslink)
19 | END_MSG_MAP()
20 |
21 | // Handler prototypes (uncomment arguments if needed):
22 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
23 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
24 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
25 |
26 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
27 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
28 | LRESULT OnClickSyslink(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
29 | };
30 |
--------------------------------------------------------------------------------
/EventTracing/FilterBase.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | class EventData;
4 |
5 | enum class CompareType {
6 | Equals,
7 | NotEqual,
8 | Contains,
9 | NotContains,
10 | GreaterThan,
11 | LessThan,
12 | };
13 |
14 | struct FilterContext {
15 | EventData* Data;
16 | };
17 |
18 | enum class FilterAction {
19 | None,
20 | Include,
21 | Exclude,
22 | };
23 |
24 | class FilterBase abstract {
25 | public:
26 | FilterBase(std::wstring name, CompareType compare, FilterAction action = FilterAction::None);
27 | ~FilterBase();
28 |
29 | virtual FilterAction Eval(FilterContext& context) const = 0;
30 |
31 | const std::wstring& GetName() const;
32 | void Enable(bool enable);
33 | bool IsEnabled() const;
34 |
35 | FilterAction GetAction() const;
36 | void SetAction(FilterAction action);
37 |
38 | CompareType GetCompareType() const;
39 | void SetCompareType(CompareType compare);
40 |
41 | static FilterAction GetDefaultAction();
42 | static void SetDefaultAction(FilterAction action);
43 |
44 | virtual bool InitFromParams(const std::wstring& params) = 0;
45 | virtual std::wstring GetParams() = 0;
46 |
47 | private:
48 | FilterAction _action;
49 | CompareType _compare;
50 | inline static FilterAction _defaultAction = FilterAction::None;
51 | std::wstring _name;
52 | bool _enabled{ true };
53 | };
54 |
55 |
--------------------------------------------------------------------------------
/ProcMonX/FilterFactory.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "FilterFactory.h"
3 | #include "EventNameFilter.h"
4 | #include "ProcessIdFilter.h"
5 | #include "ProcessNameFilter.h"
6 | #include "PropertyValueFilter.h"
7 | #include "PropertyNameFilter.h"
8 |
9 | static PCWSTR names[] = {
10 | L"Process Name", L"Process Id", L"Event Name", L"Property Value", L"Property Name"
11 | };
12 |
13 | std::vector FilterFactory::GetFilterNames() {
14 | return std::vector(std::begin(names), std::end(names));
15 | }
16 |
17 | std::shared_ptr FilterFactory::CreateFilter(PCWSTR name, CompareType compare, PCWSTR params, FilterAction action) {
18 | std::shared_ptr filter;
19 |
20 | for (int i = 0; i < _countof(names); i++) {
21 | if (::wcscmp(name, names[i]) == 0) {
22 | switch (i) {
23 | case 0:
24 | filter = std::make_shared(params, compare, action);
25 | break;
26 |
27 | case 1:
28 | filter = std::make_shared(_wtoi(params), compare, action);
29 | break;
30 |
31 | case 2:
32 | filter = std::make_shared(params, compare, action);
33 | break;
34 |
35 | case 3:
36 | filter = std::make_shared(params, compare, action);
37 | break;
38 |
39 | case 4:
40 | filter = std::make_shared(params, compare, action);
41 | break;
42 | }
43 | }
44 | }
45 | return filter;
46 | }
47 |
--------------------------------------------------------------------------------
/ProcMonX/manifest.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/ProcMonX/EventPropertiesDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 |
5 | class EventData;
6 |
7 | class CEventPropertiesDlg :
8 | public CDialogImpl,
9 | public CDialogResize {
10 | public:
11 | enum { IDD = IDD_EVENT_PROPS };
12 |
13 | CEventPropertiesDlg(EventData* data);
14 |
15 | BEGIN_DLGRESIZE_MAP(CCallStackDlg)
16 | DLGRESIZE_CONTROL(IDC_LIST, DLSZ_SIZE_Y | DLSZ_SIZE_X)
17 | END_DLGRESIZE_MAP()
18 |
19 | BEGIN_MSG_MAP(CEventPropertiesDlg)
20 | NOTIFY_CODE_HANDLER(LVN_COLUMNCLICK, OnColumnClick)
21 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
22 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
23 | COMMAND_ID_HANDLER(IDC_COPY, OnCopy)
24 | COMMAND_ID_HANDLER(IDC_STACK, OnCallStack)
25 | CHAIN_MSG_MAP(CDialogResize)
26 | END_MSG_MAP()
27 |
28 | private:
29 | int InsertItem(PCWSTR name, PCWSTR value);
30 |
31 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
32 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
33 | LRESULT OnCopy(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
34 | LRESULT OnColumnClick(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
35 | LRESULT OnCallStack(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
36 |
37 | private:
38 | EventData* m_pData;
39 | CListViewCtrl m_List;
40 | bool m_Ascending{ false };
41 | };
42 |
43 |
--------------------------------------------------------------------------------
/ProcMonX/SymbolsHandler.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #pragma warning(disable:4091)
4 | #include
5 | #pragma warning(default:4091)
6 |
7 | class SymbolInfo {
8 | public:
9 | SymbolInfo();
10 | ~SymbolInfo();
11 |
12 | operator PSYMBOL_INFO() const {
13 | return m_Symbol;
14 | }
15 |
16 | SYMBOL_INFO* GetSymbolInfo() const {
17 | return m_Symbol;
18 | }
19 |
20 | IMAGEHLP_MODULE64 ModuleInfo;
21 |
22 | private:
23 | SYMBOL_INFO* m_Symbol;
24 | };
25 |
26 | class SymbolsHandler final {
27 | public:
28 | SymbolsHandler(HANDLE hProcess = ::GetCurrentProcess(), PCSTR searchPath = nullptr, DWORD symOptions =
29 | SYMOPT_UNDNAME | SYMOPT_CASE_INSENSITIVE | SYMOPT_AUTO_PUBLICS | SYMOPT_INCLUDE_32BIT_MODULES | SYMOPT_OMAP_FIND_NEAREST | SYMOPT_DEFERRED_LOADS);
30 | static std::unique_ptr CreateForProcess(DWORD pid, PCSTR searchPath = nullptr);
31 | ~SymbolsHandler();
32 |
33 | HANDLE GetHandle() const;
34 | ULONG64 LoadSymbolsForModule(PCSTR moduleName, DWORD64 baseAddress = 0);
35 | std::unique_ptr GetSymbolFromName(PCSTR name);
36 | std::unique_ptr GetSymbolFromAddress(DWORD64 address, PDWORD64 offset = nullptr);
37 | IMAGEHLP_MODULE64 GetModuleInfo(DWORD64 address) const;
38 | bool LoadDefaultModules();
39 | DWORD64 LoadKernelModule(DWORD64 address);
40 |
41 | private:
42 | BOOL Callback(ULONG code, ULONG64 data);
43 |
44 | HANDLE m_hProcess;
45 | };
46 |
47 |
--------------------------------------------------------------------------------
/ProcMonC/ProcMonC.cpp:
--------------------------------------------------------------------------------
1 | // ProcMonC.cpp : This file contains the 'main' function. Program execution begins and ends there.
2 | //
3 |
4 | #include
5 | #include
6 | #include
7 | #include "TraceManager.h"
8 | #include
9 | #include "EventData.h"
10 |
11 | void OnEvent(std::shared_ptr data) {
12 | printf("%-15ws PID: %5u (%ws) TID: %5u",
13 | data->GetEventName().c_str(), data->GetProcessId(), data->GetProcessName().c_str(), data->GetThreadId());
14 |
15 | //switch (data->GetHeader().EventDescriptor.Opcode) {
16 | // case 1: // process created
17 | // printf(" Created: %u (%s)", data->GetProperty(L"ProcessId")->GetValue(), data->GetProperty(L"ImageFileName")->GetAnsiString());
18 | // break;
19 | //}
20 | printf("\n");
21 | }
22 |
23 | TraceManager* g_pMgr;
24 | HANDLE g_hEvent;
25 |
26 | int main(int argc, const char* argv[]) {
27 | TraceManager tm;
28 | tm.AddKernelEventTypes({ KernelEventTypes::ImageLoad, KernelEventTypes::Process });
29 |
30 | g_pMgr = &tm;
31 | g_hEvent = ::CreateEvent(nullptr, FALSE, FALSE, nullptr);
32 |
33 | if (!tm.Start(OnEvent)) {
34 | printf("Failed to start session");
35 | return 1;
36 | }
37 |
38 | ::SetConsoleCtrlHandler([](auto type) {
39 | if (type == CTRL_C_EVENT) {
40 | g_pMgr->Stop();
41 | ::SetEvent(g_hEvent);
42 | return TRUE;
43 | }
44 | return FALSE;
45 | }, TRUE);
46 |
47 | ::WaitForSingleObject(g_hEvent, INFINITE);
48 | ::CloseHandle(g_hEvent);
49 |
50 | return 0;
51 | }
52 |
53 |
--------------------------------------------------------------------------------
/ProcMonX/SortHelper.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "SortHelper.h"
3 |
4 | bool SortHelper::SortStrings(const CString& s1, const CString& s2, bool ascending) {
5 | if (s1.IsEmpty() && s2.IsEmpty())
6 | return false;
7 | if (s1.IsEmpty())
8 | return false;
9 | if (s2.IsEmpty())
10 | return true;
11 |
12 | return ascending ? s2.CompareNoCase(s1) > 0 : s2.CompareNoCase(s1) < 0;
13 | }
14 |
15 | bool SortHelper::SortStrings(const std::string& s1, const std::string& s2, bool ascending) {
16 | if (s1.empty() && s2.empty())
17 | return false;
18 | if (s1.empty())
19 | return false;
20 | if (s2.empty())
21 | return true;
22 |
23 | auto compare = ::_stricmp(s2.c_str(), s1.c_str());
24 | return ascending ? compare > 0 : compare < 0;
25 | }
26 |
27 | bool SortHelper::SortStrings(const std::wstring& s1, const std::wstring& s2, bool ascending) {
28 | if (s1.empty() && s2.empty())
29 | return false;
30 | if (s1.empty())
31 | return false;
32 | if (s2.empty())
33 | return true;
34 |
35 | auto compare = ::_wcsicmp(s2.c_str(), s1.c_str());
36 | return ascending ? compare > 0 : compare < 0;
37 | }
38 |
39 | bool SortHelper::SortStrings(PCWSTR s1, PCWSTR s2, bool ascending) {
40 | if ((s1 == nullptr || *s1 == 0) && (s2 == nullptr || *s2 == 0))
41 | return false;
42 | if (s1 == nullptr || *s1 == 0)
43 | return false;
44 | if (s2 == nullptr || *s2 == 0)
45 | return true;
46 |
47 | auto compare = ::_wcsicmp(s2, s1);
48 | return ascending ? compare > 0 : compare < 0;
49 | }
50 |
51 | bool SortHelper::SortBoolean(bool a, bool b, bool asc) {
52 | return asc ? b > a : a > b;
53 | }
54 |
--------------------------------------------------------------------------------
/ProcMonX/QuickFindDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 | #include "Interfaces.h"
5 |
6 | class CQuickFindDlg : public CDialogImpl {
7 | public:
8 | enum { IDD = IDD_FIND };
9 |
10 | CQuickFindDlg(IQuickFind* qf) : m_QuickFind(qf) {}
11 |
12 | static const QuickFindOptions& GetSearchOptions();
13 | static const CString& GetSearchText();
14 |
15 | void OnFinalMessage(HWND) override;
16 |
17 | BEGIN_MSG_MAP(CQuickFindDlg)
18 | COMMAND_CODE_HANDLER(EN_CHANGE, OnTextChanged)
19 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
20 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
21 | COMMAND_ID_HANDLER(IDC_FINDNEXT, OnFindNext)
22 | END_MSG_MAP()
23 |
24 | // Handler prototypes (uncomment arguments if needed):
25 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
26 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
27 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
28 | private:
29 | void CheckButton(UINT id, bool check);
30 | bool IsChecked(UINT id) const;
31 |
32 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
33 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
34 | LRESULT OnFindNext(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
35 | LRESULT OnTextChanged(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
36 |
37 | IQuickFind* m_QuickFind;
38 | inline static QuickFindOptions m_Options;
39 | inline static CString m_SearchText;
40 | };
41 |
--------------------------------------------------------------------------------
/EventTracing/StringCompareFilterBase.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "StringCompareFilterBase.h"
3 |
4 | StringCompareFilterBase::StringCompareFilterBase(std::wstring name, std::wstring text, CompareType type, FilterAction action) :
5 | FilterBase(std::move(name), type, action), _text(std::move(text)) {
6 | }
7 |
8 | FilterAction StringCompareFilterBase::Compare(const std::wstring& str) const {
9 | auto compare = GetCompareType();
10 | switch (compare) {
11 | case CompareType::Equals:
12 | case CompareType::NotEqual:
13 | {
14 | auto equal = ::_wcsicmp(str.c_str(), _text.c_str()) == 0;
15 | if (compare == CompareType::Equals && equal)
16 | return GetAction();
17 | if (compare == CompareType::NotEqual && !equal)
18 | return GetAction();
19 | }
20 | break;
21 |
22 | case CompareType::Contains:
23 | case CompareType::NotContains:
24 | {
25 | auto text2(_text);
26 | ::_wcslwr_s(text2.data(), text2.size() + 1);
27 | auto str2(str);
28 | ::_wcslwr_s(str2.data(), str2.size() + 1);
29 |
30 | auto substr = str2.find(text2) != std::wstring::npos;
31 | if (compare == CompareType::Contains && substr)
32 | return GetAction();
33 | if (compare == CompareType::NotContains && !substr)
34 | return GetAction();
35 | }
36 | break;
37 |
38 | default:
39 | return FilterAction::None;
40 | }
41 | if (GetAction() == FilterAction::Include)
42 | return FilterAction::Exclude;
43 |
44 | return GetDefaultAction();
45 | }
46 |
47 | bool StringCompareFilterBase::InitFromParams(const std::wstring& params) {
48 | if (params.empty())
49 | return false;
50 |
51 | _text = params;
52 |
53 | return true;
54 | }
55 |
56 | std::wstring StringCompareFilterBase::GetParams() {
57 | return _text;
58 | }
59 |
60 |
--------------------------------------------------------------------------------
/ProcMonX/SymbolManager.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "SymbolManager.h"
3 |
4 | SymbolManager& SymbolManager::Get() {
5 | static SymbolManager mgr;
6 | return mgr;
7 | }
8 |
9 | SymbolManager::~SymbolManager() {
10 | Term();
11 | }
12 |
13 | void SymbolManager::Term() {
14 | _procSymbols.clear();
15 | }
16 |
17 | SymbolsHandler* SymbolManager::GetCommon() {
18 | return &_commonSymbols;
19 | }
20 |
21 | SymbolsHandler* SymbolManager::GetForProcess(DWORD pid) {
22 | auto it = _procSymbols.find(pid);
23 | if (it == _procSymbols.end()) {
24 | // attempt to get one
25 |
26 | auto symbols = SymbolsHandler::CreateForProcess(pid);
27 | if (symbols == nullptr)
28 | return nullptr;
29 | auto sym = symbols.get();
30 | _procSymbols.insert({ pid, std::move(symbols) });
31 | return sym;
32 | }
33 | if (::WaitForSingleObject(it->second->GetHandle(), 0) == WAIT_OBJECT_0) {
34 | // process dead, remove and try again
35 | _procSymbols.erase(pid);
36 | return GetForProcess(pid);
37 | }
38 | return it->second.get();
39 | }
40 |
41 | std::unique_ptr SymbolManager::GetSymbolFromAddress(DWORD pid, DWORD64 address, PDWORD64 offset) {
42 | if ((int64_t)address < 0) {
43 | // kernel address
44 | _commonSymbols.LoadKernelModule(address);
45 | return _commonSymbols.GetSymbolFromAddress(address, offset);
46 | }
47 |
48 | auto handler = GetForProcess(pid);
49 | if (handler) {
50 | auto symbol = handler->GetSymbolFromAddress(address, offset);
51 | if (symbol)
52 | return symbol;
53 | }
54 | return nullptr;
55 | }
56 |
57 | SymbolManager::SymbolManager() {
58 | }
59 |
--------------------------------------------------------------------------------
/ProcMonX/CallStackDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 | #include
5 | #include
6 |
7 | class EventData;
8 | class SymbolsHandler;
9 |
10 | class CCallStackDlg :
11 | public CDialogImpl,
12 | public CDialogResize {
13 | public:
14 | enum { IDD = IDD_STACK };
15 |
16 | CCallStackDlg(EventData* data);
17 |
18 | BEGIN_DLGRESIZE_MAP(CCallStackDlg)
19 | BEGIN_DLGRESIZE_GROUP()
20 | DLGRESIZE_CONTROL(IDC_LIST, DLSZ_SIZE_Y | DLSZ_SIZE_X)
21 | END_DLGRESIZE_GROUP()
22 | END_DLGRESIZE_MAP()
23 |
24 | BEGIN_MSG_MAP(CCallStackDlg)
25 | MESSAGE_HANDLER(WM_USER + 100, OnSymbolLoaded)
26 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
27 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
28 | COMMAND_ID_HANDLER(IDC_COPY, OnCopy)
29 | CHAIN_MSG_MAP(CDialogResize)
30 | END_MSG_MAP()
31 |
32 | private:
33 | DWORD LoadSymbolsThread();
34 |
35 | // Handler prototypes (uncomment arguments if needed):
36 | // LRESULT MessageHandler(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/)
37 | // LRESULT CommandHandler(WORD /*wNotifyCode*/, WORD /*wID*/, HWND /*hWndCtl*/, BOOL& /*bHandled*/)
38 | // LRESULT NotifyHandler(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/)
39 |
40 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
41 | LRESULT OnSymbolLoaded(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
42 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
43 | LRESULT OnCopy(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
44 |
45 | private:
46 | std::atomic m_ExitSymbolThread{ false };
47 | EventData* m_pData;
48 | CListViewCtrl m_List;
49 | wil::unique_handle m_hThread;
50 | };
51 |
52 |
--------------------------------------------------------------------------------
/ProcMonX/QuickFindDlg.cpp:
--------------------------------------------------------------------------------
1 | #include "pch.h"
2 | #include "QuickFindDlg.h"
3 | #include "DialogHelper.h"
4 |
5 | const QuickFindOptions& CQuickFindDlg::GetSearchOptions() {
6 | return m_Options;
7 | }
8 |
9 | const CString& CQuickFindDlg::GetSearchText() {
10 | return m_SearchText;
11 | }
12 |
13 | void CQuickFindDlg::OnFinalMessage(HWND) {
14 | m_QuickFind->WindowClosed();
15 | delete this;
16 | }
17 |
18 | void CQuickFindDlg::CheckButton(UINT id, bool check) {
19 | CheckDlgButton(id, check ? BST_CHECKED : BST_UNCHECKED);
20 | }
21 |
22 | bool CQuickFindDlg::IsChecked(UINT id) const {
23 | return IsDlgButtonChecked(id) == BST_CHECKED;
24 | }
25 |
26 | LRESULT CQuickFindDlg::OnInitDialog(UINT, WPARAM, LPARAM, BOOL&) {
27 | DialogHelper::SetDialogIcon(this, IDI_FIND);
28 |
29 | CheckButton(IDC_CASESENSITIVE, m_Options.CaseSensitive);
30 | CheckButton(IDC_DOWN, m_Options.SearchDown);
31 | CheckButton(IDC_PROCESSES, m_Options.SearchProcesses);
32 | CheckButton(IDC_EVENT, m_Options.SearchEvents);
33 | CheckButton(IDC_DETAILS, m_Options.SearchDetails);
34 |
35 | return 0;
36 | }
37 |
38 | LRESULT CQuickFindDlg::OnCloseCmd(WORD, WORD wID, HWND, BOOL&) {
39 | m_Options.CaseSensitive = IsChecked(IDC_CASESENSITIVE);
40 | m_Options.SearchDetails = IsChecked(IDC_DETAILS);
41 | m_Options.SearchProcesses = IsChecked(IDC_PROCESSES);
42 | m_Options.SearchEvents = IsChecked(IDC_EVENT);
43 | m_Options.SearchDown = IsChecked(IDC_DOWN);
44 |
45 | DestroyWindow();
46 | return 0;
47 | }
48 |
49 | LRESULT CQuickFindDlg::OnFindNext(WORD, WORD wID, HWND, BOOL&) {
50 | m_QuickFind->DoFind(m_SearchText, m_Options);
51 |
52 | return 0;
53 | }
54 |
55 | LRESULT CQuickFindDlg::OnTextChanged(WORD, WORD wID, HWND, BOOL&) {
56 | GetDlgItem(IDC_TEXT).GetWindowText(m_SearchText);
57 | GetDlgItem(IDC_FINDNEXT).EnableWindow(!m_SearchText.IsEmpty());
58 |
59 | return 0;
60 | }
61 |
--------------------------------------------------------------------------------
/ProcMonX.sln.startup.json:
--------------------------------------------------------------------------------
1 | /*
2 | This is a configuration file for the SwitchStartupProject Visual Studio Extension
3 | See https://bitbucket.org/thirteen/switchstartupproject/src/tip/Configuration.md
4 | */
5 | {
6 | /* Configuration File Version */
7 | "Version": 3,
8 |
9 | /* Create an item in the dropdown list for each project in the solution? */
10 | "ListAllProjects": true,
11 |
12 | /*
13 | Dictionary of named configurations with one or multiple startup projects
14 | and optional parameters like command line arguments and working directory.
15 | Example:
16 |
17 | "MultiProjectConfigurations": {
18 | "A + B (Ext)": {
19 | "Projects": {
20 | "MyProjectA": {},
21 | "MyProjectB": {
22 | "CommandLineArguments": "1234",
23 | "WorkingDirectory": "%USERPROFILE%\\test",
24 | "StartExternalProgram": "c:\\myprogram.exe"
25 | }
26 | }
27 | },
28 | "A + B": {
29 | "Projects": {
30 | "MyProjectA": {},
31 | "MyProjectB": {
32 | "CommandLineArguments": "",
33 | "WorkingDirectory": "",
34 | "StartProject": true
35 | }
36 | }
37 | },
38 | "D (Debug x86)": {
39 | "Projects": {
40 | "MyProjectD": {}
41 | },
42 | "SolutionConfiguration": "Debug",
43 | "SolutionPlatform": "x86",
44 | },
45 | "D (Release x64)": {
46 | "Projects": {
47 | "MyProjectD": {}
48 | },
49 | "SolutionConfiguration": "Release",
50 | "SolutionPlatform": "x64",
51 | }
52 | }
53 | */
54 | "MultiProjectConfigurations": {}
55 | }
56 |
--------------------------------------------------------------------------------
/ProcMonX/pch.h:
--------------------------------------------------------------------------------
1 | // stdafx.h : include file for standard system include files,
2 | // or project specific include files that are used frequently, but
3 | // are changed infrequently
4 | //
5 |
6 | #pragma once
7 |
8 | // Change these values to use different versions
9 | #define WINVER 0x0601
10 | #define _WIN32_WINNT 0x0601
11 | #define _WIN32_IE 0x0700
12 | #define _RICHEDIT_VER 0x0500
13 | #define _HAS_EXCEPTIONS 0
14 |
15 | #include
16 | #include
17 | #include
18 | #include
19 | #include
20 | #include
21 |
22 | extern CAppModule _Module;
23 |
24 | #include
25 |
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 |
33 | #include
34 | #include
35 | #include
36 | #include
37 | #include
38 |
39 | #include
40 | #include
41 |
42 | #if defined _M_IX86
43 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"")
44 | #elif defined _M_IA64
45 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='ia64' publicKeyToken='6595b64144ccf1df' language='*'\"")
46 | #elif defined _M_X64
47 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"")
48 | #else
49 | #pragma comment(linker, "/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='*' publicKeyToken='6595b64144ccf1df' language='*'\"")
50 | #endif
51 |
--------------------------------------------------------------------------------
/Utils/Utils.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 | {b2e43b8d-c28c-4840-a05c-5bf26cbe0945}
18 |
19 |
20 |
21 |
22 | Header Files
23 |
24 |
25 | StructuredStorage
26 |
27 |
28 | StructuredStorage
29 |
30 |
31 |
32 |
33 | Source Files
34 |
35 |
36 | Source Files
37 |
38 |
39 | StructuredStorage
40 |
41 |
42 | StructuredStorage
43 |
44 |
45 |
--------------------------------------------------------------------------------
/ProcMonX/ViewBase.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "Interfaces.h"
4 |
5 | template>
6 | class CViewBase abstract :
7 | public TBase,
8 | public CAutoUpdateUI,
9 | public CIdleHandler {
10 | public:
11 | // DECLARE_WND_CLASS(nullptr)
12 |
13 | CViewBase(IMainFrame* frame) : m_pFrame(frame) {
14 | ATLASSERT(frame);
15 | }
16 |
17 | protected:
18 | BEGIN_MSG_MAP(CViewBase)
19 | CHAIN_MSG_MAP(TBase)
20 | END_MSG_MAP()
21 |
22 | BOOL OnIdle() override {
23 | this->UIUpdateToolBar();
24 | return FALSE;
25 | }
26 |
27 | IMainFrame* GetFrame() const {
28 | return m_pFrame;
29 | }
30 |
31 | LRESULT OnDestroy(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM lParam, BOOL& bHandled) {
32 | bHandled = FALSE;
33 | if(this->m_hWndToolBar)
34 | _Module.GetMessageLoop()->RemoveIdleHandler(this);
35 | return 0;
36 | }
37 |
38 | struct ToolBarButtonInfo {
39 | UINT id;
40 | int image;
41 | BYTE style = BTNS_BUTTON;
42 | PCWSTR text = nullptr;
43 | };
44 |
45 | HWND CreateAndInitToolBar(const ToolBarButtonInfo* buttons, int count) {
46 | auto pT = static_cast(this);
47 | CToolBarCtrl tb;
48 | auto hWndToolBar = tb.Create(pT->m_hWnd, pT->rcDefault, nullptr, ATL_SIMPLE_TOOLBAR_PANE_STYLE | TBSTYLE_LIST, 0, ATL_IDW_TOOLBAR);
49 | tb.SetExtendedStyle(TBSTYLE_EX_MIXEDBUTTONS);
50 |
51 | CImageList tbImages;
52 | tbImages.Create(24, 24, ILC_COLOR32, 4, 4);
53 | tb.SetImageList(tbImages);
54 |
55 | for (int i = 0; i < count; i++) {
56 | auto& b = buttons[i];
57 | if (b.id == 0)
58 | tb.AddSeparator(0);
59 | else {
60 | int image = b.image == 0 ? I_IMAGENONE : tbImages.AddIcon(AtlLoadIconImage(b.image, 0, 24, 24));
61 | tb.AddButton(b.id, b.style | (b.text ? BTNS_SHOWTEXT : 0), TBSTATE_ENABLED, image, b.text, 0);
62 | }
63 | }
64 | pT->CreateSimpleReBar(ATL_SIMPLE_REBAR_NOBORDER_STYLE);
65 | pT->AddSimpleReBarBand(tb);
66 |
67 | pT->UIAddToolBar(hWndToolBar);
68 | _Module.GetMessageLoop()->AddIdleHandler(this);
69 |
70 | return hWndToolBar;
71 | }
72 |
73 | private:
74 | IMainFrame* m_pFrame;
75 | };
76 |
--------------------------------------------------------------------------------
/ProcMonX/SortedFilteredVector.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 |
7 | template
8 | class SortedFilteredVector {
9 | public:
10 | SortedFilteredVector(size_t capacity = 16) {
11 | _items.reserve(capacity);
12 | _indices.reserve(capacity);
13 | }
14 |
15 | void reserve(size_t capacity) {
16 | _items.reserve(capacity);
17 | _indices.reserve(capacity);
18 | }
19 |
20 | void clear() {
21 | _items.clear();
22 | _indices.clear();
23 | }
24 |
25 | void push_back(const T& value) {
26 | _items.push_back(value);
27 | _indices.push_back(_indices.size());
28 | }
29 |
30 | void shrink_to_fit() {
31 | _items.shrink_to_fit();
32 | _indices.shrink_to_fit();
33 | }
34 |
35 | typename std::vector::const_iterator begin() const {
36 | return _items.begin();
37 | }
38 |
39 | typename std::vector::const_iterator end() const {
40 | return _items.end();
41 | }
42 |
43 | void Set(std::vector items) {
44 | _items = std::move(items);
45 | auto count = _items.size();
46 | _indices.clear();
47 | _indices.reserve(count);
48 | for (decltype(count) i = 0; i < count; i++)
49 | _indices.push_back(i);
50 | }
51 |
52 | const T& operator[](size_t index) const {
53 | return _items[_indices[index]];
54 | }
55 |
56 | T& operator[](size_t index) {
57 | return _items[_indices[index]];
58 | }
59 |
60 | void Sort(std::function compare) {
61 | std::sort(_indices.begin(), _indices.end(), [&](size_t i1, size_t i2) {
62 | return compare(_items[i1], _items[i2]);
63 | });
64 | }
65 |
66 | size_t size() const {
67 | return _items.size();
68 | }
69 |
70 | size_t FilteredSize() const {
71 | return _indices.size();
72 | }
73 |
74 | void Filter(std::function predicate) {
75 | _indices.clear();
76 | auto count = _items.size();
77 | if (predicate == nullptr) {
78 | for (decltype(count) i = 0; i < count; i++)
79 | _indices.push_back(i);
80 | }
81 | else {
82 | for (decltype(count) i = 0; i < count; i++)
83 | if (predicate(_items[i]))
84 | _indices.push_back(i);
85 | }
86 | }
87 |
88 | private:
89 | std::vector _items;
90 | std::vector _indices;
91 | };
92 |
93 |
--------------------------------------------------------------------------------
/EventTracing/EventTracing.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Header Files
20 |
21 |
22 | Header Files
23 |
24 |
25 | Header Files
26 |
27 |
28 | Header Files
29 |
30 |
31 | Header Files
32 |
33 |
34 | Header Files
35 |
36 |
37 |
38 |
39 | Source Files
40 |
41 |
42 | Source Files
43 |
44 |
45 | Source Files
46 |
47 |
48 | Source Files
49 |
50 |
51 | Source Files
52 |
53 |
54 | Source Files
55 |
56 |
57 |
58 |
59 |
60 |
--------------------------------------------------------------------------------
/ProcMonX/FiltersDlg.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include "resource.h"
4 | #include "FilterBase.h"
5 | #include "FilterConfiguration.h"
6 |
7 | class CFiltersDlg :
8 | public CDialogImpl {
9 | public:
10 | enum { IDD = IDD_FILTERS };
11 |
12 | CFiltersDlg(FilterConfiguration& fc);
13 |
14 | BEGIN_MSG_MAP(CFiltersDlg)
15 | COMMAND_CODE_HANDLER(CBN_EDITCHANGE, OnValueChanged)
16 | NOTIFY_CODE_HANDLER(LVN_ITEMCHANGED, OnItemChanged)
17 | MESSAGE_HANDLER(WM_INITDIALOG, OnInitDialog)
18 | COMMAND_ID_HANDLER(IDCANCEL, OnCloseCmd)
19 | COMMAND_ID_HANDLER(IDOK, OnCloseCmd)
20 | COMMAND_ID_HANDLER(IDC_UP, OnMoveUp)
21 | COMMAND_ID_HANDLER(IDC_DOWN, OnMoveDown)
22 | COMMAND_ID_HANDLER(IDC_DELETE, OnDelete)
23 | COMMAND_ID_HANDLER(IDC_ADD, OnAdd)
24 | COMMAND_ID_HANDLER(IDC_SAVE, OnSave)
25 | COMMAND_ID_HANDLER(IDC_LOAD, OnLoad)
26 | COMMAND_ID_HANDLER(IDC_EDIT, OnEdit)
27 | END_MSG_MAP()
28 |
29 | private:
30 | static CString CompareTypeToString(CompareType compare);
31 | static CString GetComboText(CComboBox& cb);
32 | static bool SwapItems(CListViewCtrl& lv, int i1, int i2);
33 |
34 | void InitList(const FilterConfiguration& config);
35 | void UpdateUI();
36 | void UpdateConfig(FilterConfiguration& config);
37 |
38 | LRESULT OnInitDialog(UINT /*uMsg*/, WPARAM /*wParam*/, LPARAM /*lParam*/, BOOL& /*bHandled*/);
39 | LRESULT OnCloseCmd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
40 | LRESULT OnAdd(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
41 | LRESULT OnSave(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
42 | LRESULT OnLoad(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
43 | LRESULT OnEdit(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
44 | LRESULT OnMoveUp(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
45 | LRESULT OnMoveDown(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
46 | LRESULT OnDelete(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
47 | LRESULT OnValueChanged(WORD /*wNotifyCode*/, WORD wID, HWND /*hWndCtl*/, BOOL& /*bHandled*/);
48 | LRESULT OnItemChanged(int /*idCtrl*/, LPNMHDR /*pnmh*/, BOOL& /*bHandled*/);
49 |
50 | FilterConfiguration& m_Config;
51 | CListViewCtrl m_List;
52 | CComboBox m_FilterNames;
53 | CComboBox m_CompareTypes;
54 | CComboBox m_Text;
55 | CComboBox m_IncExc;
56 | };
57 |
--------------------------------------------------------------------------------
/EventTracing/EventData.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include
4 | #include
5 | #include
6 |
7 | struct EventProperty {
8 | friend class EventData;
9 |
10 | EventProperty(EVENT_PROPERTY_INFO& info);
11 |
12 | std::wstring Name;
13 | EVENT_PROPERTY_INFO& Info;
14 | ULONG GetLength() const {
15 | return (ULONG)Data.size();
16 | }
17 |
18 | template
19 | T GetValue() const {
20 | static_assert(std::is_trivially_copyable() && !std::is_pointer());
21 | assert(sizeof(T) == Data.size());
22 | return *(T*)Data.data();
23 | }
24 |
25 | BYTE* GetData() {
26 | return Data.data();
27 | }
28 |
29 | const BYTE* GetData() const {
30 | return Data.data();
31 | }
32 |
33 | PCWSTR GetUnicodeString() const;
34 | PCSTR GetAnsiString() const;
35 |
36 | private:
37 | std::vector Data;
38 | void* Allocate(ULONG size);
39 | };
40 |
41 | class EventData {
42 | friend class TraceManager;
43 | public:
44 | EventData(PEVENT_RECORD rec, std::wstring processName, const std::wstring& eventName, uint32_t index);
45 |
46 | void* operator new(size_t size);
47 | void operator delete(void* p);
48 |
49 | DWORD GetProcessId() const;
50 | DWORD GetThreadId() const;
51 | ULONGLONG GetTimeStamp() const;
52 | const GUID& GetProviderId() const;
53 | const EVENT_DESCRIPTOR& GetEventDescriptor() const;
54 | const std::wstring& GetProcessName() const;
55 | const std::wstring& GetEventName() const;
56 | uint32_t GetIndex() const;
57 |
58 | const std::vector& GetProperties() const;
59 | const EventProperty* GetProperty(PCWSTR name) const;
60 | const EventData* GetStackEventData() const;
61 | std::wstring FormatProperty(const EventProperty& prop) const;
62 | uint64_t GetEventKey() const;
63 |
64 | protected:
65 | void SetStackEventData(std::shared_ptr data);
66 | void SetProcessName(std::wstring name);
67 |
68 | private:
69 | inline static HANDLE s_hHeap = nullptr;
70 | inline static CRITICAL_SECTION s_HeapLock = {0};
71 | inline static volatile uint32_t s_Count = 0;
72 |
73 | ULONG _threadId, _processId;
74 | EVENT_DESCRIPTOR _eventDescriptor;
75 | ULONGLONG _timeStamp;
76 | ULONG _kernelTime, _userTime;
77 | GUID _providerId;
78 | std::wstring _processName;
79 | USHORT _headerFlags;
80 | const std::wstring& _eventName;
81 | mutable std::unique_ptr _buffer;
82 | PEVENT_RECORD _record;
83 | mutable std::vector _properties;
84 | uint32_t _index;
85 | std::shared_ptr _stackData;
86 | };
87 |
88 |
--------------------------------------------------------------------------------
/ProcMonX/ColumnManager.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #include