Merged PR 6277720: [Git2Git] Merged PR 6275065: Trace console attach/detatch
As identified by Michael Niksa, our MDE heuristics for understanding relationship between conhost and related processes was incorrect. Exposing trace here to assist in correlation. Related work items: MSFT-32957145 Retrieved from https://microsoft.visualstudio.com os.2020 OS official/rs_wdx_dxp_windev 3c886da66d77d1aa36b52794929e388af292539c
This commit is contained in:
parent
dfda41074d
commit
01b5195275
|
@ -587,3 +587,8 @@ void Telemetry::LogRipMessage(_In_z_ const char* pszMessage, ...) const
|
||||||
TraceLoggingString(szMessageEvaluated, "Message"));
|
TraceLoggingString(szMessageEvaluated, "Message"));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool Telemetry::IsUserInteractive()
|
||||||
|
{
|
||||||
|
return _fUserInteractiveForTelemetry;
|
||||||
|
}
|
||||||
|
|
|
@ -51,6 +51,8 @@ public:
|
||||||
|
|
||||||
void LogRipMessage(_In_z_ const char* pszMessage, ...) const;
|
void LogRipMessage(_In_z_ const char* pszMessage, ...) const;
|
||||||
|
|
||||||
|
bool IsUserInteractive();
|
||||||
|
|
||||||
// Names are from the external API call names. Note that some names can be different
|
// Names are from the external API call names. Note that some names can be different
|
||||||
// than the internal API calls.
|
// than the internal API calls.
|
||||||
// Don't worry about the following APIs, because they are external to our conhost codebase and hard to track through
|
// Don't worry about the following APIs, because they are external to our conhost codebase and hard to track through
|
||||||
|
|
|
@ -21,6 +21,7 @@ enum TraceKeywords
|
||||||
API = 0x400,
|
API = 0x400,
|
||||||
UIA = 0x800,
|
UIA = 0x800,
|
||||||
CookedRead = 0x1000,
|
CookedRead = 0x1000,
|
||||||
|
ConsoleAttachDetach = 0x2000,
|
||||||
All = 0x1FFF
|
All = 0x1FFF
|
||||||
};
|
};
|
||||||
DEFINE_ENUM_FLAG_OPERATORS(TraceKeywords);
|
DEFINE_ENUM_FLAG_OPERATORS(TraceKeywords);
|
||||||
|
@ -416,6 +417,38 @@ void Tracing::s_TraceCookedRead(_In_reads_(cchCookedBufferLength) const wchar_t*
|
||||||
TraceLoggingKeyword(TraceKeywords::CookedRead));
|
TraceLoggingKeyword(TraceKeywords::CookedRead));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void Tracing::s_TraceConsoleAttachDetach(_In_ const ConsoleProcessHandle* pConsoleProcessHandle, _In_ bool bIsAttach)
|
||||||
|
{
|
||||||
|
FILETIME ftCreationTime, ftDummyTime = { 0 };
|
||||||
|
ULARGE_INTEGER creationTime = { 0 };
|
||||||
|
|
||||||
|
if (TraceLoggingProviderEnabled(g_hConhostV2EventTraceProvider,
|
||||||
|
WINEVENT_LEVEL_LOG_ALWAYS,
|
||||||
|
TraceKeywords::ConsoleAttachDetach)) {
|
||||||
|
|
||||||
|
if (::GetProcessTimes(pConsoleProcessHandle->GetRawHandle(),
|
||||||
|
&ftCreationTime,
|
||||||
|
&ftDummyTime,
|
||||||
|
&ftDummyTime,
|
||||||
|
&ftDummyTime)) {
|
||||||
|
creationTime.HighPart = ftCreationTime.dwHighDateTime;
|
||||||
|
creationTime.LowPart = ftCreationTime.dwLowDateTime;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool bIsUserInteractive = Telemetry::Instance().IsUserInteractive();
|
||||||
|
|
||||||
|
TraceLoggingWrite(
|
||||||
|
g_hConhostV2EventTraceProvider,
|
||||||
|
"ConsoleAttachDetach",
|
||||||
|
TraceLoggingUInt32(pConsoleProcessHandle->dwProcessId, "ProcessId"),
|
||||||
|
TraceLoggingUInt64(creationTime.QuadPart, "ProcessCreationTime"),
|
||||||
|
TraceLoggingBool(bIsAttach, "IsAttach"),
|
||||||
|
TraceLoggingBool(bIsUserInteractive, "IsUserInteractive"),
|
||||||
|
TraceLoggingKeyword(TIL_KEYWORD_TRACE),
|
||||||
|
TraceLoggingKeyword(TraceKeywords::ConsoleAttachDetach));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void __stdcall Tracing::TraceFailure(const wil::FailureInfo& failure) noexcept
|
void __stdcall Tracing::TraceFailure(const wil::FailureInfo& failure) noexcept
|
||||||
{
|
{
|
||||||
TraceLoggingWrite(
|
TraceLoggingWrite(
|
||||||
|
|
|
@ -62,7 +62,8 @@ public:
|
||||||
static void s_TraceWindowMessage(const MSG& msg);
|
static void s_TraceWindowMessage(const MSG& msg);
|
||||||
static void s_TraceInputRecord(const INPUT_RECORD& inputRecord);
|
static void s_TraceInputRecord(const INPUT_RECORD& inputRecord);
|
||||||
|
|
||||||
static void Tracing::s_TraceCookedRead(_In_reads_(cchCookedBufferLength) const wchar_t* pwchCookedBuffer, _In_ ULONG cchCookedBufferLength);
|
static void s_TraceCookedRead(_In_reads_(cchCookedBufferLength) const wchar_t* pwchCookedBuffer, _In_ ULONG cchCookedBufferLength);
|
||||||
|
static void s_TraceConsoleAttachDetach(_In_ const ConsoleProcessHandle* pConsoleProcessHandle, _In_ bool bIsAttach);
|
||||||
|
|
||||||
static void __stdcall TraceFailure(const wil::FailureInfo& failure) noexcept;
|
static void __stdcall TraceFailure(const wil::FailureInfo& failure) noexcept;
|
||||||
|
|
||||||
|
|
|
@ -431,6 +431,8 @@ PCONSOLE_API_MSG IoDispatchers::ConsoleHandleConnectionRequest(_In_ PCONSOLE_API
|
||||||
CommandHistory::s_Free((HANDLE)ProcessData);
|
CommandHistory::s_Free((HANDLE)ProcessData);
|
||||||
gci.ProcessHandleList.FreeProcessData(ProcessData);
|
gci.ProcessHandleList.FreeProcessData(ProcessData);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Tracing::s_TraceConsoleAttachDetach(ProcessData, true);
|
||||||
|
|
||||||
UnlockConsole();
|
UnlockConsole();
|
||||||
|
|
||||||
|
@ -470,6 +472,8 @@ PCONSOLE_API_MSG IoDispatchers::ConsoleClientDisconnectRoutine(_In_ PCONSOLE_API
|
||||||
pNotifier->NotifyConsoleEndApplicationEvent(pProcessData->dwProcessId);
|
pNotifier->NotifyConsoleEndApplicationEvent(pProcessData->dwProcessId);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Tracing::s_TraceConsoleAttachDetach(pProcessData, false);
|
||||||
|
|
||||||
LOG_IF_FAILED(RemoveConsole(pProcessData));
|
LOG_IF_FAILED(RemoveConsole(pProcessData));
|
||||||
|
|
||||||
pMessage->SetReplyStatus(STATUS_SUCCESS);
|
pMessage->SetReplyStatus(STATUS_SUCCESS);
|
||||||
|
|
|
@ -65,3 +65,10 @@ const ConsoleShimPolicy ConsoleProcessHandle::GetShimPolicy() const
|
||||||
{
|
{
|
||||||
return _shimPolicy;
|
return _shimPolicy;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Routine Description:
|
||||||
|
// - Retrieves the raw process handle
|
||||||
|
const HANDLE ConsoleProcessHandle::GetRawHandle() const
|
||||||
|
{
|
||||||
|
return _hProcess.get();
|
||||||
|
}
|
||||||
|
|
|
@ -40,6 +40,8 @@ public:
|
||||||
const ConsoleProcessPolicy GetPolicy() const;
|
const ConsoleProcessPolicy GetPolicy() const;
|
||||||
const ConsoleShimPolicy GetShimPolicy() const;
|
const ConsoleShimPolicy GetShimPolicy() const;
|
||||||
|
|
||||||
|
const HANDLE GetRawHandle() const;
|
||||||
|
|
||||||
CD_CONNECTION_INFORMATION GetConnectionInformation(IDeviceComm* deviceComm) const;
|
CD_CONNECTION_INFORMATION GetConnectionInformation(IDeviceComm* deviceComm) const;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
Loading…
Reference in a new issue