ETWAnalyzer 2.5.13.

Fixes #68 -Dump Process -ProcessName xx.exe prints more than xx.exe
Siemens-Healthineers · Sep 26, 2023 · 2e0fbcf · 2e0fbcf
1 parent b942d2b
commit 2e0fbcf
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 14 deletions.
diff --git a/ETWAnalyzer/Commands/DumpCommand.cs b/ETWAnalyzer/Commands/DumpCommand.cs
@@ -744,7 +744,12 @@ internal enum ZeroTimeModes
         public bool Crash { get; private set; }
         public bool ShowUser { get; private set; }
         public MinMaxRange<double> MinMaxStart { get; private set; } = new();
-        public Func<string, bool> Parent { get; private set; } = _ => true;
+
+        /// <summary>
+        /// Parent filter must be null by default to not alter behavior during dumping parent processes.
+        /// </summary>
+        public Func<string, bool> Parent { get; private set; } = null;
+
         public Func<string, bool> Session { get; private set; } = _ => true;
 
         // Dump CPU specific Flags

diff --git a/ETWAnalyzer/ETWAnalyzer.csproj b/ETWAnalyzer/ETWAnalyzer.csproj
@@ -22,7 +22,7 @@
     <PackageRequireLicenseAcceptance>True</PackageRequireLicenseAcceptance>
     <PackageProjectUrl>https://github.com/Siemens-Healthineers/ETWAnalyzer</PackageProjectUrl>
     <PackageReadmeFile>ProgramaticAccess.md</PackageReadmeFile>
-    <Version>2.5.12.0</Version>
+    <Version>2.5.13.0</Version>
     <Platforms>x64</Platforms>
   </PropertyGroup>
   <PropertyGroup Condition="'$(TargetFramework)' == 'net6.0-windows'">

diff --git a/ETWAnalyzer/EventDump/DumpProcesses.cs b/ETWAnalyzer/EventDump/DumpProcesses.cs
@@ -30,7 +30,13 @@ class DumpProcesses : DumpFileEtlBase<DumpProcesses.MatchData>
         public bool ShowAllProcesses { get; internal set; }
 
         public bool Crash { get; internal set; }
-        public Func<string, bool> Parent { get; set; } = _ => true;
+
+        /// <summary>
+        /// Parent process regular expression filter. By default is must be null to differentiate between a not set filter which 
+        /// would otherwise add parent processes to output regardless of process name filter!
+        /// </summary>
+        public Func<string, bool> Parent { get; set; } = null;
+
         public Func<string, bool> Session { get; set; } = _ => true;
         public DumpCommand.SortOrders SortOrder { get; internal set; }
         public bool Merge { get; internal set; }
@@ -399,7 +405,7 @@ protected override List<MatchData> DumpJson(TestDataFile json)
                 HashSet<ETWProcess> processes = processGroup.Where(ProcessFilter).Where(x => ParentFilter(x, extract.Processes, foundParentProcesses)).Where(SessionIdFilter).ToHashSet();
 
                 // Add parents to list and remove already printed ones
-                processes.UnionWith(foundParentProcesses);
+                processes.UnionWith(foundParentProcesses.Where(SessionIdFilter));
                 processes.ExceptWith(alreadyPrinted);
 
                 // update alradyPrinted list with current and parents 
@@ -578,27 +584,33 @@ bool ProcessFilter(ETWProcess process)
         /// </summary>
         /// <param name="process">child process to check</param>
         /// <param name="all">Full list of processes</param>
-        /// <param name="parents">If parent process was found it is added to list of known parents.</param>
+        /// <param name="parents">If parent process was found it is added to list of known parents, but only if Parent Filter is not null.</param>
         /// <returns>true if process passes <see cref="Parent"/> filter, false otherwise.</returns>
         internal bool ParentFilter(ETWProcess process, IReadOnlyList<ETWProcess> all, HashSet<ETWProcess> parents)
         {
-            ETWProcess parent = all.FirstOrDefault(x => process.ParentPid == x.ProcessID && process.StartTime >= x.StartTime && process.EndTime <= x.EndTime);
-
-            bool lret = Parent(parent?.GetProcessName(UsePrettyProcessName)) ||   // filter by process name like cmd.exe and with pid like cmd.exe(100)
-                        Parent(parent?.GetProcessWithId(UsePrettyProcessName));
+            bool lret = true;
 
-            if( lret && parent != null)
+            // Only add parent processes when user did add -parent filter at command line
+            // otherwise we would add always all parent processes of the selected processes.
+            if (Parent != null)
             {
-                parents.Add(parent);
+                ETWProcess parent = all.FirstOrDefault(x => process.ParentPid == x.ProcessID && process.StartTime >= x.StartTime && process.EndTime <= x.EndTime);
+
+                lret = Parent(parent?.GetProcessName(UsePrettyProcessName)) ||   // filter by process name like cmd.exe and with pid like cmd.exe(100)
+                       Parent(parent?.GetProcessWithId(UsePrettyProcessName));
+
+                if (lret && parent != null)
+                {
+                    parents.Add(parent);
+                }
             }
 
             return lret;
         }
 
         internal bool SessionIdFilter(ETWProcess process)
         {
-            bool lret =
-                (Session(process.SessionId.ToString()));
+            bool lret = Session( process.SessionId.ToString() );
             return lret;
         }
 

diff --git a/ETWAnalyzer/Properties/AssemblyInfo.cs b/ETWAnalyzer/Properties/AssemblyInfo.cs
@@ -42,4 +42,4 @@
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
 [assembly: AssemblyVersion("1.0.0.0")]
-[assembly: AssemblyFileVersion("2.5.12.0")]
+[assembly: AssemblyFileVersion("2.5.13.0")]
diff --git a/ETWAnalyzer_uTest/EventDump/DumpProcessesTests.cs b/ETWAnalyzer_uTest/EventDump/DumpProcessesTests.cs
@@ -136,6 +136,64 @@ public void Verify_Process_Tree_Output()
         }
 
 
+        [Fact]
+        public void Process_Filter_DisplaysJustMatchingProcesses_When_ParentFilter_Is_NotActive()
+        {
+            using var testOutput = new ExceptionalPrinter(myWriter, true);
+            DumpProcesses dumper = new DumpProcesses()
+            {
+                ProcessNameFilter = Matcher.CreateMatcher("ImmortalChild", MatchingMode.CaseInsensitive, true),
+            };
+
+            dumper.myPreloadedTests = new Lazy<SingleTest>[] { new Lazy<SingleTest>(() => CreateProcessTree()) };
+
+            List<DumpProcesses.MatchData> matching = dumper.ExecuteInternal();
+
+            testOutput.Flush();
+            string[] expectedOutput = new string[]
+            {
+                "1/1/2000 12:00:00 AM   test ",
+                "PID: 5001   Start:  Stop:  Duration:  RCode:  Parent:  5000  ImmortalChild.exe "
+            };
+
+            var lines = testOutput.GetSingleLines();
+            Assert.Equal(expectedOutput.Length, lines.Count);
+            for (int i = 0; i < expectedOutput.Length; i++)
+            {
+                Assert.Equal(expectedOutput[i], lines[i]);
+            }
+        }
+
+
+        [Fact]
+        public void SessionFilter_Matches_Numbers_Exactly()
+        {
+            DumpProcesses dumper = new DumpProcesses()
+            {
+                //  Parent = Matcher.CreateMatcher("Parent", MatchingMode.CaseInsensitive, true),
+                Session = Matcher.CreateMatcher("1"),
+            };
+
+            var procSession0 = new ETWProcess
+            {
+                SessionId = 0,
+            };
+
+            var procSession1 = new ETWProcess
+            {
+                SessionId = 1,
+            };
+
+            var procSession2 = new ETWProcess
+            {
+                SessionId = 2,
+            };
+
+            Assert.False(dumper.SessionIdFilter(procSession0));
+            Assert.True( dumper.SessionIdFilter(procSession1));
+            Assert.False(dumper.SessionIdFilter(procSession2));
+        }
+
         DateTimeOffset TenClock = new DateTimeOffset(2000, 1, 1, 10, 0, 0, TimeSpan.Zero); // start at 10:00:00
 
         SingleTest CreateSingleTest()