fix parent id occupied by someone

onlyJinx · Jul 18, 2019 · 1c4bb7f · 1c4bb7f
1 parent 29d5ade
commit 1c4bb7f
Show file tree

Hide file tree

Showing 6 changed files with 36 additions and 9 deletions.
diff --git a/src/OpenArk/OpenArk.vcxproj b/src/OpenArk/OpenArk.vcxproj
@@ -109,7 +109,7 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <TreatWChar_tAsBuiltInType>true</TreatWChar_tAsBuiltInType>
-      <DisableSpecificWarnings>4099</DisableSpecificWarnings>
+      <DisableSpecificWarnings>4099;4091</DisableSpecificWarnings>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -144,7 +144,7 @@
       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
       <TreatWChar_tAsBuiltInType>true</TreatWChar_tAsBuiltInType>
-      <DisableSpecificWarnings>4099</DisableSpecificWarnings>
+      <DisableSpecificWarnings>4099;4091</DisableSpecificWarnings>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -178,7 +178,7 @@
       <DebugInformationFormat />
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <TreatWChar_tAsBuiltInType>true</TreatWChar_tAsBuiltInType>
-      <DisableSpecificWarnings>4099</DisableSpecificWarnings>
+      <DisableSpecificWarnings>4099;4091</DisableSpecificWarnings>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>
@@ -216,7 +216,7 @@
       </DebugInformationFormat>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <TreatWChar_tAsBuiltInType>true</TreatWChar_tAsBuiltInType>
-      <DisableSpecificWarnings>4099</DisableSpecificWarnings>
+      <DisableSpecificWarnings>4099;4091</DisableSpecificWarnings>
     </ClCompile>
     <Link>
       <SubSystem>Windows</SubSystem>

diff --git a/src/OpenArk/common/cache/cache.cpp b/src/OpenArk/common/cache/cache.cpp
@@ -33,6 +33,15 @@ ProcInfo CacheGetProcInfo(unsigned int pid, ProcInfo& info)
 	static bool is_os64 = UNONE::OsIs64();
 	info.pid = pid;
 	if (info.ppid == -1) info.ppid = UNONE::PsGetParentPid(pid);
+	if (info.parent_existed == -1) {
+		// May be parent id occupied by someone implies parent not existed
+		info.parent_existed = 1;
+		auto ppid = info.ppid;
+		auto tm1 = ProcessCreateTimeValue(pid);
+		auto tm2 = ProcessCreateTimeValue(ppid);
+		if (UNONE::PsIsDeleted(ppid) || (tm1 && tm2 && tm1 < tm2))
+			info.parent_existed = 0;
+	}
 	auto &&path = UNONE::PsGetProcessPathW(pid);
 	info.path = WStrToQ(path);
 	std::wstring corp, desc;
@@ -54,7 +63,7 @@ void CacheGetProcChilds(unsigned int pid, QVector<ProcInfo>& infos)
 	}
 	QMutexLocker locker(&proc_info.lck);
 	for (auto &info : proc_info.d) {
-		if (info.ppid == pid) {
+		if (info.parent_existed == 1 && info.ppid == pid) {
 			infos.push_back(info);
 		}
 	}

diff --git a/src/OpenArk/common/cache/cache.h b/src/OpenArk/common/cache/cache.h
@@ -23,7 +23,8 @@
 
 struct ProcInfo {
 	DWORD pid;
-	DWORD ppid;
+	DWORD ppid = -1;
+	DWORD parent_existed = -1;
 	QString name;
 	QString desc;
 	QString corp;

diff --git a/src/OpenArk/common/win-wrapper/win-wrapper.cpp b/src/OpenArk/common/win-wrapper/win-wrapper.cpp
@@ -85,6 +85,23 @@ std::wstring ProcessCreateTime(__in DWORD pid)
 	return FormatFileTime(&create_tm);
 }
 
+LONGLONG ProcessCreateTimeValue(__in DWORD pid)
+{
+	HANDLE Process = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid);
+	if (!Process) return 0;
+
+	FILETIME create_tm;
+	FILETIME exit_tm;
+	FILETIME kern_tm;
+	FILETIME user_tm;
+	if (!GetProcessTimes(Process, &create_tm, &exit_tm, &kern_tm, &user_tm)) {
+		CloseHandle(Process);
+		return 0;
+	}
+	CloseHandle(Process);
+	return UNONE::TmFileTimeToMs(create_tm);
+}
+
 #include <Dbghelp.h>
 #pragma comment(lib, "Dbghelp.lib")
 bool CreateDump(DWORD pid, const std::wstring& path, bool mini)
@@ -97,8 +114,7 @@ bool CreateDump(DWORD pid, const std::wstring& path, bool mini)
 	if (mini) {
 		dmp_type = (MINIDUMP_TYPE)(MiniDumpWithThreadInfo | MiniDumpWithFullMemoryInfo |
 			MiniDumpWithProcessThreadData | MiniDumpWithHandleData | MiniDumpWithDataSegs);
-	}
-	else {
+	} else {
 		dmp_type = (MINIDUMP_TYPE)(MiniDumpWithThreadInfo | MiniDumpWithFullMemoryInfo | MiniDumpWithTokenInformation |
 			MiniDumpWithProcessThreadData | MiniDumpWithDataSegs | MiniDumpWithFullMemory | MiniDumpWithHandleData);
 	}

diff --git a/src/OpenArk/common/win-wrapper/win-wrapper.h b/src/OpenArk/common/win-wrapper/win-wrapper.h
@@ -28,6 +28,7 @@
 bool RetrieveThreadTimes(DWORD tid, std::wstring& ct, std::wstring& kt, std::wstring& ut);
 std::wstring FormatFileTime(FILETIME *file_tm);
 std::wstring ProcessCreateTime(__in DWORD pid);
+LONGLONG ProcessCreateTimeValue(__in DWORD pid);
 bool CreateDump(DWORD pid, const std::wstring& path, bool mini);
 void ClipboardCopyData(const std::string &data);
 std::vector<HWND> GetSystemWnds();

diff --git a/src/OpenArk/process-mgr/process-mgr.cpp b/src/OpenArk/process-mgr/process-mgr.cpp
@@ -1030,7 +1030,7 @@ void ProcessMgr::ShowProcessTree()
 		auto ppid = info.ppid = entry.th32ParentProcessID;
 		info.name = WCharsToQ(entry.szExeFile);
 		CacheGetProcInfo(pid, info);
-		if (ppid == 0 || UNONE::PsIsDeleted(ppid)) {
+		if (ppid == 0 || !info.parent_existed) {
 			pis.push_back(info);
 		}
 		return true;