Window起動時に立ち上がるプロセス
ちょっと気になって調べてみた。
方法
ログからdot言語に変換するプログラム
data = open('log.csv'){|f| f.read } data = data.each_line.map{|l| l.chomp.split(',')} node_info = [] edge = [] if false node_info = data.map do |parent, exe, pid| "e#{pid} [label = \"#{exe}\"];" end node_info.unshift("e4 [label = \"System\"];") edge = data.map do |parent, exe, pid| "e#{parent} -> e#{pid};" end else pid_exe = {} edge = {} data.each do |parent, exe, pid| pid_exe[pid] = exe end pid_exe['4'] = 'System' data.each do |parent, exe, pid| edge[pid_exe[pid]] ||= pid_exe[parent] end edge = edge.map do |pid, parent| "\"#{parent}\" -> \"#{pid}\";" end end buf = <<EOS digraph sample { spline = true; rankdir = LR; overlap = false; #{node_info.join("\n ")} #{edge.join("\n ")} } EOS d = nil IO.popen('dot -Tgif', 'rb+') do |io| io.puts buf io.close_write d = io.read end open('test.gif', 'wb'){|f| f.write d}
ついでにデータも(log.csv)
4,smss.exe,276 276,autochk.exe,288 276,smss.exe,372 276,smss.exe,412 372,csrss.exe,380 372,wininit.exe,420 412,csrss.exe,432 412,winlogon.exe,468 420,services.exe,528 420,WerFault.exe,536 420,lsass.exe,544 420,lsm.exe,556 468,LogonUI.exe,836 468,slui.exe,2116 468,userinit.exe,2788 528,svchost.exe,656 528,svchost.exe,720 528,svchost.exe,768 528,svchost.exe,896 528,svchost.exe,920 528,svchost.exe,992 528,svchost.exe,1096 528,spoolsv.exe,1212 528,svchost.exe,1252 528,IMEDICTUPDATE.EXE,1376 528,sqlservr.exe,1444 528,sqlwriter.exe,1572 528,VMUpgradeHelper.exe,1648 528,taskhost.exe,2072 528,svchost.exe,2156 528,taskhost.exe,2200 528,sppsvc.exe,2452 528,SearchIndexer.exe,3340 528,wmpnetwk.exe,3508 528,svchost.exe,1176 656,wmiprvse.exe,1944 656,DllHost.exe,716 656,slui.exe,2396 656,IMECMNT.EXE,2604 656,IMECMNT.EXE,3044 896,Dwm.exe,2796 2788,Explorer.EXE,2804 2804,runonce.exe,2956 2804,VMwareTray.exe,3164 2804,IMEKLMG.EXE,3192 2804,BCSSync.exe,3216 2804,wmpnscfg.exe,3464 2804,wmpnscfg.exe,3532 2956,WerFault.exe,2992 2992,WerFault.exe,3004 3340,SearchProtocolHost.exe,3696 3340,SearchFilterHost.exe,3796
