-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathObjectProfiler.h
91 lines (77 loc) · 2.68 KB
/
ObjectProfiler.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
// ObjectProfiler.h
#pragma once
#include <windows.h>
#include <string>
#include <map>
#include <vector>
#include <chrono>
#include <mutex>
#include <functional>
#include <psapi.h>
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK DesiredAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreationTime;
} OBJECT_BASIC_INFORMATION, * POBJECT_BASIC_INFORMATION;
struct ObjectLifetimeStats {
std::chrono::system_clock::time_point creationTime;
std::chrono::duration<double> lifetime;
uint64_t totalHandleOpenCount;
uint64_t handleCount;
uint64_t currentHandleCount;
uint64_t peakHandleCount;
uint64_t referenceCount;
SIZE_T memoryUsage;
SYSTEMTIME lastAccessTime;
};
struct ObjectUsagePattern {
std::vector<std::chrono::system_clock::time_point> accessTimes;
std::vector<std::wstring> accessingProcesses;
std::map<DWORD, uint64_t> processAccessCount;
};
struct AnomalyRecord {
std::chrono::system_clock::time_point timestamp;
std::wstring objectName;
std::wstring anomalyType;
std::wstring description;
};
using AnomalyHandler = std::function<void(const AnomalyRecord&)>;
class ObjectProfiler {
public:
ObjectProfiler();
~ObjectProfiler();
void startProfiling(const std::wstring& targetObject);
void stopProfiling(const std::wstring& targetObject);
ObjectLifetimeStats getLifetimeStats(const std::wstring& objectName);
ObjectUsagePattern getUsagePattern(const std::wstring& objectName);
void detectAnomalies(const std::wstring& objectName);
void exportProfilingData(const std::wstring& filepath);
void setAnomalyHandler(AnomalyHandler handler) { anomalyHandler = handler; }
private:
std::map<std::wstring, HANDLE> stopEvents; // Äëÿ çáåð³ãàííÿ ïîä³é çóïèíêè
struct ProfilingContext {
ObjectLifetimeStats stats;
ObjectUsagePattern pattern;
bool isActive;
};
std::map<std::wstring, ProfilingContext> profiledObjects;
std::vector<AnomalyRecord> anomalyHistory;
std::mutex profilerMutex;
SYSTEMTIME lastResetTime;
AnomalyHandler anomalyHandler;
void updateStats(const std::wstring& objectName);
void startStatisticsUpdate(const std::wstring& objectName);
bool isAnomalous(const ObjectUsagePattern& pattern);
std::wstring getProcessName(DWORD processId);
std::wstring getCurrentTimeString();
std::wstring formatTimePoint(const std::chrono::system_clock::time_point& timePoint);
std::wstring formatMemorySize(SIZE_T bytes);
};