|
| 1 | +#include "../../cache.h" |
| 2 | +#include "../../json-writer.h" |
| 3 | +#include <Psapi.h> |
| 4 | +#include <tlHelp32.h> |
| 5 | + |
| 6 | +#define NR_PIDS_LIMIT 42 |
| 7 | + |
| 8 | +/* |
| 9 | + * Find the process data for the given PID in the given snapshot |
| 10 | + * and update the PROCESSENTRY32 data. |
| 11 | + */ |
| 12 | +static int find_pid(DWORD pid, HANDLE hSnapshot, PROCESSENTRY32 *pe32) |
| 13 | +{ |
| 14 | + pe32->dwSize = sizeof(PROCESSENTRY32); |
| 15 | + |
| 16 | + if (Process32First(hSnapshot, pe32)) { |
| 17 | + do { |
| 18 | + if (pe32->th32ProcessID == pid) |
| 19 | + return 1; |
| 20 | + } while (Process32Next(hSnapshot, pe32)); |
| 21 | + } |
| 22 | + return 0; |
| 23 | +} |
| 24 | + |
| 25 | +/* |
| 26 | + * Accumulate JSON array of our parent processes: |
| 27 | + * [ |
| 28 | + * exe-name-parent, |
| 29 | + * exe-name-grand-parent, |
| 30 | + * ... |
| 31 | + * ] |
| 32 | + * |
| 33 | + * We artificially limit this to NR_PIDS_LIMIT to quickly guard against cycles |
| 34 | + * in the parent PIDs without a lot of fuss and because we just want some |
| 35 | + * context and don't need an absolute answer. |
| 36 | + * |
| 37 | + * Note: we only report the filename of the process executable; the |
| 38 | + * only way to get its full pathname is to use OpenProcess() |
| 39 | + * and GetModuleFileNameEx() or QueryfullProcessImageName() |
| 40 | + * and that seems rather expensive (on top of the cost of |
| 41 | + * getting the snapshot). |
| 42 | + */ |
| 43 | +static void get_processes(struct json_writer *jw, HANDLE hSnapshot) |
| 44 | +{ |
| 45 | + PROCESSENTRY32 pe32; |
| 46 | + DWORD pid; |
| 47 | + DWORD pid_list[NR_PIDS_LIMIT]; |
| 48 | + int k, nr_pids = 0; |
| 49 | + |
| 50 | + pid = GetCurrentProcessId(); |
| 51 | + while (find_pid(pid, hSnapshot, &pe32)) { |
| 52 | + /* Only report parents. Omit self from the JSON output. */ |
| 53 | + if (nr_pids) |
| 54 | + jw_array_string(jw, pe32.szExeFile); |
| 55 | + |
| 56 | + /* Check for cycle in snapshot. (Yes, it happened.) */ |
| 57 | + for (k = 0; k < nr_pids; k++) |
| 58 | + if (pid == pid_list[k]) { |
| 59 | + jw_array_string(jw, "(cycle)"); |
| 60 | + return; |
| 61 | + } |
| 62 | + |
| 63 | + if (nr_pids == NR_PIDS_LIMIT) { |
| 64 | + jw_array_string(jw, "(truncated)"); |
| 65 | + return; |
| 66 | + } |
| 67 | + |
| 68 | + pid_list[nr_pids++] = pid; |
| 69 | + |
| 70 | + pid = pe32.th32ParentProcessID; |
| 71 | + } |
| 72 | +} |
| 73 | + |
| 74 | +/* |
| 75 | + * Emit JSON data for the current and parent processes. Individual |
| 76 | + * trace2 targets can decide how to actually print it. |
| 77 | + */ |
| 78 | +static void get_ancestry(void) |
| 79 | +{ |
| 80 | + HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); |
| 81 | + |
| 82 | + if (hSnapshot != INVALID_HANDLE_VALUE) { |
| 83 | + struct json_writer jw = JSON_WRITER_INIT; |
| 84 | + |
| 85 | + jw_array_begin(&jw, 0); |
| 86 | + get_processes(&jw, hSnapshot); |
| 87 | + jw_end(&jw); |
| 88 | + |
| 89 | + trace2_data_json("process", the_repository, "windows/ancestry", |
| 90 | + &jw); |
| 91 | + |
| 92 | + jw_release(&jw); |
| 93 | + CloseHandle(hSnapshot); |
| 94 | + } |
| 95 | +} |
| 96 | + |
| 97 | +/* |
| 98 | + * Is a debugger attached to the current process? |
| 99 | + * |
| 100 | + * This will catch debug runs (where the debugger started the process). |
| 101 | + * This is the normal case. Since this code is called during our startup, |
| 102 | + * it will not report instances where a debugger is attached dynamically |
| 103 | + * to a running git process, but that is relatively rare. |
| 104 | + */ |
| 105 | +static void get_is_being_debugged(void) |
| 106 | +{ |
| 107 | + if (IsDebuggerPresent()) |
| 108 | + trace2_data_intmax("process", the_repository, |
| 109 | + "windows/debugger_present", 1); |
| 110 | +} |
| 111 | + |
| 112 | +void trace2_collect_process_info(void) |
| 113 | +{ |
| 114 | + if (!trace2_is_enabled()) |
| 115 | + return; |
| 116 | + |
| 117 | + get_is_being_debugged(); |
| 118 | + get_ancestry(); |
| 119 | +} |
0 commit comments