| <!DOCTYPE html> |
| <!-- |
| Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style license that can be |
| found in the LICENSE file. |
| --> |
| |
| <link rel="import" href="/core/test_utils.html"> |
| <link rel="import" href="/extras/importer/etw/etw_importer.html"> |
| <link rel="import" href="/extras/importer/etw/process_parser.html"> |
| |
| <script> |
| 'use strict'; |
| |
| tv.b.unittest.testSuite(function() { // @suppress longLineCheck |
| // Constants for Process events. |
| var guid = '3D6FA8D0-FE05-11D0-9DDA-00C04FD7BA7C'; |
| var kProcessStartOpcode = 1; |
| var kProcessDefunctOpcode = 39; |
| |
| var kProcessStartPayload32bitV1 = |
| 'AAAAAPAGAADcAwAAAQAAAAMBAAAAAAAAAAAAAAEFAAAAAAAFFQAAAJYs7Cxo/TEG8dyk0' + |
| '+gDAABub3RlcGFkLmV4ZQA='; |
| |
| var kProcessStartPayload32bitV2 = |
| 'AAAAAPAGAADcAwAAAQAAAAMBAAAAAAAAAAAAAAEFAAAAAAAFFQAAAJYs7Cxo/TEG8dyk0' + |
| '+gDAABub3RlcGFkLmV4ZQAiAEMAOgBcAFcAaQBuAGQAbwB3AHMAXABzAHkAcwB0AGUAbQ' + |
| 'AzADIAXABuAG8AdABlAHAAYQBkAC4AZQB4AGUAIgAgAAAA'; |
| |
| var kProcessStartPayload32bitV3 = |
| 'AAAAAPAGAADcAwAAAQAAAAMBAAAAAAAAAAAAAAAAAAABBQAAAAAABRUAAACWLOwsaP0xB' + |
| 'vHcpNPoAwAAbm90ZXBhZC5leGUAIgBDADoAXABXAGkAbgBkAG8AdwBzAFwAcwB5AHMAdA' + |
| 'BlAG0AMwAyAFwAbgBvAHQAZQBwAGEAZAAuAGUAeABlACIAIAAAAA=='; |
| |
| var kProcessStartPayload64bitV3 = |
| 'YIBiD4D6//8AGgAAoBwAAAEAAAADAQAAAPBDHQEAAAAwVlMVoPj//wAAAACg+P//AQUAA' + |
| 'AAAAAUVAAAAAgMBAgMEBQYHCAkKCwwAAHhwZXJmLmV4ZQB4AHAAZQByAGYAIAAgAC0AZA' + |
| 'AgAG8AdQB0AC4AZQB0AGwAAAA='; |
| |
| var kProcessStartPayload64bitV4 = |
| 'gED8GgDg//+MCgAACBcAAAUAAAADAQAAALCiowAAAAAAAAAAkPBXBADA//8AAAAAAAAAA' + |
| 'AEFAAAAAAAFFQAAAAECAwQFBgcICQoLBukDAAB4cGVyZi5leGUAeABwAGUAcgBmACAAIA' + |
| 'AtAHMAdABvAHAAAAAAAAAA'; |
| |
| var kProcessDefunctPayload64bitV5 = |
| 'wMXyBgDg//9IGQAAEAgAAAEAAAAAAAAAAGDLTwAAAAAAAAAA8OU7AwDA//8AAAAAAAAMA' + |
| 'AEFAAAAAAAFFQAAAMDBwsPExcbH0NHS09QDAABjaHJvbWUuZXhlAAAAAAAAAI1Jovns+s' + |
| '4B'; |
| |
| test('DecodeFields', function() { |
| |
| var importer = new tv.e.importer.etw.EtwImporter('dummy', []); |
| var decoder = importer.decoder_; |
| var parser = new tv.e.importer.etw.ProcessParser(importer); |
| var header; |
| var fields; |
| |
| // Validate a version 1 32-bit payload. |
| header = { guid: guid, opcode: kProcessStartOpcode, version: 1, is64: 0 }; |
| decoder.reset(kProcessStartPayload32bitV1); |
| fields = parser.decodeFields(header, decoder); |
| |
| assert.equal(fields.pageDirectoryBase, 0); |
| assert.equal(fields.processId, 1776); |
| assert.equal(fields.parentId, 988); |
| assert.equal(fields.sessionId, 1); |
| assert.equal(fields.exitStatus, 259); |
| assert.strictEqual(fields.imageFileName, 'notepad.exe'); |
| |
| // Validate a version 2 32-bit payload. |
| header = { guid: guid, opcode: kProcessStartOpcode, version: 2, is64: 0 }; |
| decoder.reset(kProcessStartPayload32bitV2); |
| fields = parser.decodeFields(header, decoder); |
| |
| assert.equal(fields.uniqueProcessKey, 0); |
| assert.equal(fields.processId, 1776); |
| assert.equal(fields.parentId, 988); |
| assert.equal(fields.sessionId, 1); |
| assert.equal(fields.exitStatus, 259); |
| assert.strictEqual(fields.imageFileName, 'notepad.exe'); |
| assert.strictEqual(fields.commandLine, |
| '\"C:\\Windows\\system32\\notepad.exe\" '); |
| |
| // Validate a version 3 32-bit payload. |
| header = { guid: guid, opcode: kProcessStartOpcode, version: 3, is64: 0 }; |
| decoder.reset(kProcessStartPayload32bitV3); |
| fields = parser.decodeFields(header, decoder); |
| |
| assert.equal(fields.uniqueProcessKey, 0); |
| assert.equal(fields.processId, 1776); |
| assert.equal(fields.parentId, 988); |
| assert.equal(fields.sessionId, 1); |
| assert.equal(fields.exitStatus, 259); |
| assert.equal(fields.directoryTableBase, 0); |
| assert.strictEqual(fields.imageFileName, 'notepad.exe'); |
| assert.strictEqual(fields.commandLine, |
| '\"C:\\Windows\\system32\\notepad.exe\" '); |
| |
| // Validate a version 3 64-bit payload. |
| header = { guid: guid, opcode: kProcessStartOpcode, version: 3, is64: 1 }; |
| decoder.reset(kProcessStartPayload64bitV3); |
| fields = parser.decodeFields(header, decoder); |
| |
| assert.strictEqual(fields.uniqueProcessKey, 'fffffa800f628060'); |
| assert.equal(fields.processId, 6656); |
| assert.equal(fields.parentId, 7328); |
| assert.equal(fields.sessionId, 1); |
| assert.equal(fields.exitStatus, 259); |
| assert.strictEqual(fields.directoryTableBase, '000000011d43f000'); |
| assert.strictEqual(fields.imageFileName, 'xperf.exe'); |
| assert.strictEqual(fields.commandLine, 'xperf -d out.etl'); |
| |
| // Validate a version 4 64-bit payload. |
| header = { guid: guid, opcode: kProcessStartOpcode, version: 4, is64: 1 }; |
| decoder.reset(kProcessStartPayload64bitV4); |
| fields = parser.decodeFields(header, decoder); |
| |
| assert.equal(fields.uniqueProcessKey, 'ffffe0001afc4080'); |
| assert.equal(fields.processId, 2700); |
| assert.equal(fields.parentId, 5896); |
| assert.equal(fields.sessionId, 5); |
| assert.equal(fields.exitStatus, 259); |
| assert.equal(fields.directoryTableBase, '00000000a3a2b000'); |
| assert.equal(fields.flags, 0); |
| assert.strictEqual(fields.imageFileName, 'xperf.exe'); |
| assert.strictEqual(fields.commandLine, 'xperf -stop'); |
| assert.strictEqual(fields.packageFullName, ''); |
| assert.strictEqual(fields.applicationId, ''); |
| |
| // Validate a version 5 64-bit payload. |
| header = { guid: guid, opcode: kProcessDefunctOpcode, version: 5, is64: 1 }; |
| decoder.reset(kProcessDefunctPayload64bitV5); |
| fields = parser.decodeFields(header, decoder); |
| |
| assert.strictEqual(fields.uniqueProcessKey, 'ffffe00006f2c5c0'); |
| assert.equal(fields.processId, 6472); |
| assert.equal(fields.parentId, 2064); |
| assert.equal(fields.sessionId, 1); |
| assert.equal(fields.exitStatus, 0); |
| assert.strictEqual(fields.directoryTableBase, '000000004fcb6000'); |
| assert.equal(fields.flags, 0); |
| assert.strictEqual(fields.imageFileName, 'chrome.exe'); |
| assert.strictEqual(fields.commandLine, ''); |
| assert.strictEqual(fields.packageFullName, ''); |
| assert.strictEqual(fields.applicationId, ''); |
| assert.strictEqual(fields.exitTime, '01cefaecf9a2498d'); |
| }); |
| }); |
| </script> |
| |