procViewer 1.5.1 beta

shadows · Post by *shadows » 2012-11-04, 09:24 UTC

procViewer 1.5.1 beta

This plugin allows to view/kill processes that are running currently on the system. This plugin can view list of processes, kill ANY process (including system).
F3 - show memory usage, and loaded modules.
ALT-ENTER (properties) show default win32 property dialog for main executable file (if it's available)

Any feedback is appreciated.

ChangeLog:
1.5.1
[+] 32bit version
[+] first step on CustomColumns Support added PID column
[-] mostly remove ANSI support

1.4
[+] ALT-ENTER (properties) now show default win32 property dialog for main execautable file (if it available)

1.3
[*] fixed huge memleak, (thanks to tbeu for the report)
[*] significantly improved time to refresh (F2) of process list

1.1
[+] F3 - show memory statistics and loaded modules
[*] minor unicode improvements

1.0 beta - initial release

pelsta · Post by *pelsta » 2012-11-04, 10:03 UTC

And what about x32 version?

tbeu · Post by *tbeu » 2012-11-27, 09:46 UTC

I observed a crash of TC x64 when pressing F2 (refresh) very often for procViewer 1.1. You can download Dump file from http://tbeu.de/forum/dmp.rar

Code: Select all

FAULTING_IP: 
PROCFS!FsGetFile+2ee
00000000`0dffd74e 488b8a00100000  mov     rcx,qword ptr [rdx+1000h]

EXCEPTION_RECORD:  ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 000000000dffd74e (PROCFS!FsGetFile+0x00000000000002ee)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 0000000000000000
   Parameter[1]: 000000000feb1720
Attempt to read from address 000000000feb1720

PROCESS_NAME:  TOTALCMD64.EXE

ADDITIONAL_DEBUG_TEXT:  
Use '!findthebuild' command to search for the target build information.
If the build information is available, run '!findthebuild -s ; .reload' to set symbol path and load symbols.

MODULE_NAME: PROCFS

FAULTING_MODULE: 0000000077870000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP:  5094c63d

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in 0x%08lx verweist auf Speicher 0x%08lx. Der Vorgang %s konnte nicht im Speicher durchgef hrt werden.

EXCEPTION_PARAMETER1:  0000000000000000

EXCEPTION_PARAMETER2:  000000000feb1720

READ_ADDRESS:  000000000feb1720 

FOLLOWUP_IP: 
PROCFS!FsGetFile+2ee
00000000`0dffd74e 488b8a00100000  mov     rcx,qword ptr [rdx+1000h]

MOD_LIST: <ANALYSIS/>

FAULTING_THREAD:  000000000000144c

BUGCHECK_STR:  APPLICATION_FAULT_INVALID_POINTER_READ_WRONG_SYMBOLS

PRIMARY_PROBLEM_CLASS:  INVALID_POINTER_READ

DEFAULT_BUCKET_ID:  INVALID_POINTER_READ

LAST_CONTROL_TRANSFER:  from 0000000000679ab7 to 000000000dffd74e

STACK_TEXT:  
00000000`01c002b0 00000000`00679ab7 : 00000000`01c0c324 00000000`01c027a0 00000000`0a41ba80 00000000`00000000 : PROCFS!FsGetFile+0x2ee
00000000`01c002e0 00000000`01c0c324 : 00000000`01c027a0 00000000`0a41ba80 00000000`00000000 00000000`37cce000 : TOTALCMD64+0x279ab7
00000000`01c002e8 00000000`01c027a0 : 00000000`0a41ba80 00000000`00000000 00000000`37cce000 00000000`00000000 : 0x1c0c324
00000000`01c002f0 00000000`0a41ba80 : 00000000`00000000 00000000`37cce000 00000000`00000000 01cdcc82`7f1aec4e : 0x1c027a0
00000000`01c002f8 00000000`00000000 : 00000000`37cce000 00000000`00000000 01cdcc82`7f1aec4e 00000000`0000005a : 0xa41ba80


STACK_COMMAND:  ~0s; .ecxr ; kb

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  procfs!FsGetFile+2ee

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  PROCFS.wfx64

BUCKET_ID:  WRONG_SYMBOLS

FAILURE_BUCKET_ID:  INVALID_POINTER_READ_c0000005_PROCFS.wfx64!FsGetFile

WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/TOTALCMD64_EXE/8_0_1_0/_______0/PROCFS_wfx64/0_0_0_0/5094c63d/c0000005/0000d74e.htm?Retriage=1

shadows · Post by *shadows » 2012-11-28, 19:47 UTC

tbeu wrote:I observed a crash of TC x64 when pressing F2 (refresh) very often for procViewer 1.1. You can download Dump file from...

big thanks, for so detailed report!
unfortunately dump usually fully unusable without pdb file, which I forgot to keep. I will keep this in mind for next releases.

BTW, looks I able to reproduce issue and it looks stupid memleak in my case totalcmd64.exe eat about 1gb then crash. I fixed leak and will publish new version in next couple of days.

tbeu · Post by *tbeu » 2012-11-28, 21:21 UTC

Thanks for proposed fix. I removed the link to the dump file.

iana · Post by *iana » 2012-12-03, 16:01 UTC

+1 for a 32bit version
Isn't this compiled with vs2005? a 32bit port shouldn't be that difficult.
@pelsta in the meantime you can try AceHelper http://www.totalcmd.net/plugring/AceHelper.html
not sure if it works under Vista/7/8

pelsta · Post by *pelsta » 2012-12-03, 17:04 UTC

@iana

Thanks for AceHelper,
Still using Windows XP

How can I give +1 to you?

Axe1 · Post by *Axe1 » 2012-12-03, 17:13 UTC

I wish the author post x86 build and add some useful custom columns. Thanks.

iana · Post by *iana » 2012-12-03, 17:31 UTC

@pelsta
with +1 I meant one more vote for 32 bit there's no rating system here

in theory x86 should be easy but I'm not a developer so what do I know

tbeu · Post by *tbeu » 2012-12-03, 18:50 UTC

Axe1 wrote:I wish the author post x86 build and add some useful custom columns. Thanks.

There is already a x86 build with lot more features: http://www.totalcmd.net/plugring/procfs.html. But custom columns should be definitely added.

shadows · Post by *shadows » 2012-12-04, 03:07 UTC

tbeu wrote:
Axe1 wrote:I wish the author post x86 build and add some useful custom columns. Thanks.
There is already a x86 build with lot more features: http://www.totalcmd.net/plugring/procfs.html. But custom columns should be definitely added.

Plugin used some not fully documented Microsoft API and some data structures a bit of different between x64 and x86, I'm working to figure out complex solution.
In meantime I also could recommend to use procFS as at least at this moment it's more functional 32bit plugin.

What exact custom columns you need?

P.S. Does "procFS"'s window management functional like show/change title of windows, move it position, etc... interesting for somebody?

Axe1 · Post by *Axe1 » 2012-12-05, 19:44 UTC

shadows wrote: What exact custom columns you need?

I would love to have the following:

Code: Select all

User name
Description
Company Name
Image Path
Command Line (very useful)
Autostart location
Private Bytes (memory)
Working Set (memory)
Parent Process Name
Parent Process ID
CPU Usage
Image Type (x86 or x64)

shadows wrote: P.S. Does "procFS"'s window management functional like show/change title of windows, move it position, etc... interesting for somebody?

Not for me.

tbeu · Post by *tbeu » 2012-12-10, 20:37 UTC

Code: Select all

Max Working Set (memory)

is also of interest for me.