Simple perl script for this tedious task:
#!perl -w # Lame script to find hidden processes from wincheck log # 15 Jan 2013 (C) RedPlait use strict; use warnings; sub parse_log { my $fname = shift; my $fh; if ( !open($fh, '<', $fname) ) { warn("Cannot open log file $fname, error $!\n"); return; } my($str, %pids, $state, $pid); $state = 0; while( $str = <$fh> ) { chomp $str; if ( !$state ) { $state = 1 if ( $str eq '' ); if ( $str =~ /^PID (\d+) / ) { $pid = int($1); $pids{$pid} ||= $str; } next; } if ( (1 == $state) && $str =~ /^Scheduler: \d+/ ) { $state = 2; next; } if ( 2 == $state ) { $state = 1 if ( $str eq '' ); if ( $str =~ /^ Thread .+ ProcID ([0-9A-F]+) ThreadID ([0-9A-F]+)/ ) { $pid = hex($1); printf("Unknown process %d, TID %d\n", $pid, hex($2))
if ( !exists $pids{$pid} ); } } } close $fh; } # main foreach (@ARGV) { if ( $_ =~ /\*/ ) { my $iter; foreach $iter ( glob($_) ) { parse_log($iter); } } else { parse_log($_); } }
Results:
Unknown process 2180, TID 27344
Комментариев нет:
Отправить комментарий