Clipboard Chaos!

Note: this content originally from http://mygreenpaste.blogspot.com. If you are reading it from some other site, please take the time to visit My Green Paste, Inc. Thank you.

OK, so perhaps chaos is a bit of a harsh word here. But the clipboard was recently driving me nuts! All I was trying to do was copy some text to it, and the operation was failing. Of course, as it was an ad hoc app, I didn't have any kind of error handling. The app worked just fine on one system, but running the app on another system (a virtual machine) consistently resulted in failure to copy the text to the clipboard.

Ultimately, I was able to determine what process was preventing my app from putting data in the clipboard, but I haven't yet found a decent workaround for when the problem happens. It's not critical for me, as the act of copying the text to the clipboard is more of a nicety than a requirement.

Anyway, using P/Invoke and System.Diagnostics, I found that vmusrvc.exe - the Virtual PC "Virtual Machine User Services" - had the clipboard open. Using the timestamps from Process Monitor's Profiling Events (generated at 100 ms intervals), and the timestamp of the failed operation from my app, I was able to determine the stack of vmusrvc.exe:

ntdll.dll	KiFastSystemCallRet
vmusrvc.exe	vmusrvc.exe + 0x9a17
vmusrvc.exe	vmusrvc.exe + 0x9c24
vmusrvc.exe	vmusrvc.exe + 0x91f8
vmusrvc.exe	vmusrvc.exe + 0x907f
USER32.dll	InternalCallWinProc + 0x28
USER32.dll	UserCallWinProcCheckWow + 0x150
USER32.dll	DispatchClientMessage + 0xa3
USER32.dll	__fnDWORD + 0x24
ntdll.dll	KiUserCallbackDispatcher + 0x13
vmusrvc.exe	vmusrvc.exe + 0x2d29
vmusrvc.exe	vmusrvc.exe + 0xdba6
kernel32.dll	BaseProcessStart + 0x23

No parameters, of course, and symbol information for vmusrvc.exe does not appear to be available, but obviously user32.dll is processing some message. I may look into this more at a later point.

To find the process that was interfering with my clipboard work, I used P/Invoke to call GetOpenClipboardWindow() and then GetWindowThreadProcessId(), passing in the handle returned by GetOpenClipboardWindow(). Then, finding the process' executable name was just a matter of using the Modules collection of the Process instance returned by passing in the process id retrieved by GetWindowThreadProcessId() to System.Diagnostics.Process.GetProcessById().

The following code:

using System.Runtime.InteropServices;
using System.Diagnostics;
...
string data = "aasdlkjasdlk alkjsdl kajsdlkj al";
try
{
    Clipboard.SetData( System.Windows.Forms.DataFormats.Text, data );
}
catch( ExternalException ee )
{
    LogIt( ee.ToString() );
    IntPtr hWnd = GetOpenClipboardWindow();
    if( IntPtr.Zero != hWnd )
    {
        uint pid = 0;
        uint tid = GetWindowThreadProcessId( hWnd, out pid );
        LogIt( "Process with hWnd {0}, PID {1} ({1:x}), TID {2} ({2:x}), " +
                "name {3} has the clipboard", hWnd, pid, tid,
                Process.GetProcessById( (int)pid ).Modules[0].FileName );
    }
}

Resulted in the following output:

2008-03-25 00:54:45.4938864--> System.Runtime.InteropServices.ExternalException: Requested Clipboard operation did not succeed.
 at System.Windows.Forms.Clipboard.ThrowIfFailed(Int32 hr)
 at System.Windows.Forms.Clipboard.SetDataObject(Object data, Boolean copy, Int32 retryTimes, Int32 retryDelay)
 at System.Windows.Forms.Clipboard.SetData(String format, Object data)
 at Clippy.Form1.button1_Click(Object sender, EventArgs e)
2008-03-25 00:54:45.5339440--> Process with hWnd 65716 (65716), PID 1492 (5d4), TID 1496 (5d8), name C:\Program Files\Virtual Machine Additions\vmusrvc.exe has the clipboard

Interestingly, trying an alternative method of the Clipboard to set the content also failed. The Clipboard.SetDataObject() overload that takes a retryTimes and retryDelay parameter failed in the same fashion after roughly ten seconds when invoked as follows:

Clipboard.SetDataObject( data, false, 100, 100 );

I tried variations on retryTimes and retryDelay, to no avail.

Not sure what vmusrvc.exe is doing with the clipboard (probably has to do with monitoring it for host / guest VM interaction), but the act of setting the contents of the clipboard didn't fail 100% of the time in the VM. Often enough to make it extremely unreliable, though. During "normal" system usage, I was not able to cause a failure when running the app on a non-virtual (actual?) system.

Set the Priority of a Process By Name Automatically, in Vista - Part 2

This isn't what I want to be writing about. But a recent discovery compels me to do so. So, I've decided to make this an experiment, and beg your apologies that this will not have much technical merit despite the title.

After the last post, Set the Priority of a Process By Name Automatically, in Vista (which probably could have been named a lot better), I discovered that the post had made its way to some other sites. These sites appear to pull content from all over the web, package it up as their own, and toss ads all over it. One is lucky if the site even references the original author or links back to the original location of the post. It's frustrating, to say the least. I'm all for distribution of knowledge and the like, but that's taking it too far. Maybe I shouldn't feel this way, but I (like others) put brain sweat and time into the work I do, and it would be nice if the source of the information would at least be cited if they're going to republish it without the author's consent.

So I visited two of these sites (which I have not yet decided if I will mention or not, for what I hope are obvious reasons) and attempted to leave comments. Of course the comments are moderated - don't want any upset victims coming in and raising he. The comments were along the line of:

As the author of the original article referenced here, I kindly request that those interested in it please read it at MY blog, <a href="http://mygreenpaste.blogspot.com">My Green Paste, Inc.</a>

My site does not currently have ads, and I am NOT even considering ads at this time.

–«/\/\Øö±ò\/»®© (molotov)

Can you guess what happened? Yep - the comments were not approved, and were never published on the sites in question. I then attempted to leave another comment at each copy of my posting. This time, one site saw fit to allow the comment, and the other one did not. I suspected NO comments would have been allowed through either site, so I was a bit surprised. The comment was a bit ridiculous given the content of the posting, and rather generic; perhaps that's why it was allowed. The comment was simply:

does this work for other os like XP or server 2003? 

Amazing. It was posted at 2008-01-31 2:37 GMT. The comment, like this post, is a part of the experiment. See, if I mention things that I mentioned in the previous post, like CpuPriorityClass, image file execution options, IoPriority, PagePriority, PerfOptions, powershell, priority, Process Monitor, setpriorityclass, Sysinternals, Vista, WorkingSetLimitInKB, Vista, Windows Vista, Windows Vista Ultimate, etc. (sorry to get carried away there), will this post make it to these sites as well? If so, wouldn't that be somewhat funny? The comment falls in there, too - if the now published comment magically disappears from the copy of my previous post, won't that be a bit odd?

I think I'll have to start embedding a "this content originally from http://mygreenpaste.blogspot.com/" statement into the middle of each of my posts from now on. I'm sure I'll forget, and I've probably only got one shot. That'll make for some nice, flowing reading. We'll see.

I do have some more thoughts about the Set the Priority of a Process By Name Automatically, in Vista topic that I expect to get out in my next post. I apologize for this distraction, and hope you'll stay tuned...

BTW - I may also have a follow up to this fork in the saga as well.

Set the Priority of a Process By Name Automatically, in Vista

The other day I was playing around with the Image File Execution Options and Sysinternals' Process Monitor, in Vista. I saw an interesting query take place. Using notepad.exe as an example, I saw a query for a key called "PerfOptions" in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe] when I ran notepad. The result was NAME NOT FOUND, so I decided to rectify that. After adding a key named "PerfOptions", I ran notepad again. In Process Monitor, I saw queries for four values:

• IoPriority
• PagePriority
• CpuPriorityClass
• WorkingSetLimitInKB

Because of recent explorations with process priorities*, CpuPriorityClass grabbed me right away. Looking at the SetPriorityClass function, one can see the different values for the dwPriorityClass parameter. I created a REG_DWORD named CpuPriorityClass in PerfOptions, and set the value to 0x80 in the hopes that notepad would launch with "HIGH_PRIORITY_CLASS". Instead, it launched with a priority of NORMAL_PRIORITY_CLASS (8) - the setting had not made any impact. Then, I set the value to 8 and launched notepad. Notepad launched with a priority of 8. I changed the value to 4, and that had no impact. I changed the value to 0 - no impact. I tried 10 - no impact. I couldn't see any tie in to any other listings of process priorities that I knew about, so I decided to try trial and error, starting from 0, with the following results:

CpuPriorityClass Value	Priority of Notepad	Priority Class
1	4	Idle
3	13	High
5	6	BelowNormal
6	10	AboveNormal
Anything else^	8	Normal

^= I'm currently running a PowerShell script to iterate through all possible values (there's only about 2^32...) so it may be a while before the CpuPriorityClass value for REALTIME_PRIORITY_CLASS, should it exist, be uncovered. There may also be other values that can be used to specify a priority class that's been uncovered. I'll update or post a new topic if I uncover anything new...

The PowerShell script (don't laugh, it's my first substantial attempt at one):

$cpc=0
set-itemproperty "hklm:\software\microsoft\windows nt\currentversion\image file execution options\notepad.exe\perfoptions" cpupriorityclass $cpc
do
{
    $pp = [diagnostics.process]::start("notepad.exe", "")
    $ppc = $pp.PriorityClass
    $pp.Kill()
    if( $ppc -ne "Normal" )
    {
        Write-Host $cpc $ppc
    }
    $cpc++
    set-itemproperty "hklm:\software\microsoft\windows nt\currentversion\image file execution options\notepad.exe\perfoptions" cpupriorityclass $cpc
}
while( $cpc -lt 4294967295 )

Hopefully, I'll find time to do some digging into the other values in PerfOptions - IoPriority, PagePriority, and WorkingSetLimitInKB. IoPriority and PagePriority sound like they may have something to do with memory prioritization and IO prioritization in Vista. WorkingSetLimitInKB sounds self-explanatory, but how it's applied or how it's used, and other circumstances, are quite vague.

*= SetThreadPriority, Vista, and Autostart Locations, Setting the Priority of a Service Process via Script

Ideas For Features / Enhancements to Sysinternals' Process Monitor

I've written about Sysinternals' Process Monitor utility before:

• Microsoft / Sysinternals Process Monitor
• Using Process Monitor to Troubleshoot Internet Explorer 7 Performance Issues

I have had a few months now to work with Process Monitor, and it certainly is amazing. The filtering capabilities are great, and the fact that the filters are not destructive makes slicing and dicing the data many ways quite simple. The ability to capture all of the data that the utility can capture makes it quite powerful, and the ability to get stack traces for each event is extremely useful.

Going off the observation that Process Monitor is currently at version 1.01, and the assumption that the utility will see further development, I have hopes that the following relatively small ideas will be taken into consideration for future releases, and that further discussion and conversation is sparked.

1) Allow for the use of CTRL+C to copy selected data to the clipboard. Some data can be copied in this fashion, but from my experience not much. In many cases, one can right-click and choose "Copy" from the context menu, but that's inconvenient. For example, on Event properties, on the Event tab for a Profiling Interrupt, I can select the User and Kernel times and press CTRL+C, and the data will go to the clipboard. However, if I select the date, the result, or the sequence #, the only way to copy the selection is by using the mouse.

2) Along the same lines, it would be useful to have a "Copy details to clipboard" button on each tab of the Event properties - it would simply grab all of the displayed data and copy it to the clipboard with the click of a button. Or the use of a hotkey accelerator. This would have come in handy on the Stack tab, but there I was at least able to save the data to a CSV file and work with it in that fashion.

3) I would like to be able to sort by each of the columns displayed on Process tab of the Event's properties, in the "DLLs" section. It might also be nice to toggle display of path (this would affect sort as well), or perhaps add another column for just the module name.

4) In Options --> "History Depth", the edit part of the spin control could be a bit wider - there is plenty of room on the dialog...

5) It might be inferred that I prefer to avoid using the mouse. As such, it pains me when there are no hotkeys on a dialog box. I find myself constantly wanting to "ALT+A" to add a filter on the "Process Monitor Filter" dialog, or "ALT+R" to remove, or whatever. Other dialogs, such as Configure Symbols, Select Columns, Show Unique Values, etc, could also benefit from hotkeys. I do love the fact that so many things in the main UI are accessible with the CTRL key - CTRL+L for the filter, CTRL+J for jump to, etc.

For further exploration / discussion:
-- I realize it can be difficult to determine what to do for an implementation of "Jump to" for certain classes - what would one "jump to" for a profiling interrupt, for example? For Process and Thread activity, one might wish to "Jump to" Dependency Walker for "Process Create" and "Load Image" operations. For "Thread Create" and "Thread Exit" events, however, a relevant action is not clear. Does anyone have any thoughts or ideas?

[Note: The spirit of the above was posted by me to the Process Monitor forum on Sysinternals' Forums at "Process Monitor - Feature Requests". Reprinting here with my own permission. Apologies if you've seen this before. I also apologize for my client's rude behavior.]

»

Using Process Monitor to Troubleshoot Internet Explorer 7 Performance Issues

[Added 2007-01-18: Fix Available for Performance Problems with Internet Explorer 7's Phishing Filter ...]

Previously, I wrote about sluggish behavior with Internet Explorer 7. I had used Process Explorer to help pinpoint the cause of the sluggishness - in this case, it was Internet Explorer 7's (anti)phishing filter. I could also have used a relatively new tool from Microsoft's Windows Sysinternals - Process Monitor.

In Process Monitor, it is easy to get inundated with all of the data that the tool collects. Filters are very critical to enabling one to find the desired information, and the implementation of filters in Process Monitor is top notch. For this exercise, after starting Process Monitor and checking "Generate Profiling Events" on the "Options" menu, I captured events while exercising the web application with the Phishing Filter set to "Turn off automatic website checking" and "Enabled" for the Security zone the web application was in. After capturing events for a minute or so, I set the following filters:
-Process Name is iexplore.exe then Include
-Event Class is Registry then Exclude
-Event Class is File System then Exclude
-Event Class is Process then Exclude

This displayed all "profiling" events for the iexplore.exe process. I double-clicked an event to bring up the "Event Properties" dialog and clicked on the "Stack" tab, which had the following information:

ntdll.dll!KiFastSystemCallRet
kernel32.dll!WaitForSingleObject + 0x12
ole32.dll!GetToSTA + 0x6f
ole32.dll!CRpcChannelBuffer::SwitchAptAndDispatchCall + 0xf6
ole32.dll!CRpcChannelBuffer::SendReceive2 + 0xb9
ole32.dll!CAptRpcChnl::SendReceive + 0xab
ole32.dll!CCtxComChnl::SendReceive + 0x113
RPCRT4.dll!NdrProxySendReceive + 0x43
RPCRT4.dll!NdrClientCall2 + 0x1fa
OLEAUT32.dll!IDispatch_RemoteInvoke_Proxy + 0x1b
OLEAUT32.dll!IDispatch_Invoke_Proxy + 0xb6
ieapfltr.dll!ATL::CComPtr::GetProperty + 0x56
ieapfltr.dll!FieldContainer::VisitInput + 0x1b9
ieapfltr.dll!FieldContainer::VisitAllElements + 0x21d
ieapfltr.dll!FieldContainer::ExtractFieldCount + 0x10e
ieapfltr.dll!FieldContainer::InitFieldCount + 0x9
ieapfltr.dll!PageDetails::Init + 0x315
ieapfltr.dll!PageDetails::Factory + 0x59
ieapfltr.dll!HeuristicsFeatures::InnerExecute + 0x15b
ieapfltr.dll!HeuristicsFeatures::Execute + 0x55
ieapfltr.dll!ProcessingThread::RunPageAnalysis + 0x1b4
ieapfltr.dll!ProcessingThread::RunUrlAndPageAnalysis + 0xdb
ieapfltr.dll!ProcessingThread::Analyze + 0xd3
ieapfltr.dll!ProcessingThread::AnalyzeFrame + 0x249
ieapfltr.dll!ProcessingThread::EnumerateFrames + 0x2e5
ieapfltr.dll!ProcessingThread::EnumerateFrames + 0x249
ieapfltr.dll!ProcessingThread::Evaluate + 0x1ec
ieapfltr.dll!ProcessingThread::Execute + 0x78
ieapfltr.dll!ProcessingThread::Process + 0x24e
ieapfltr.dll!ProcessingThread::Start + 0x72
ieapfltr.dll!Evaluator::ContinueProcessing + 0x21f
ieapfltr.dll!Evaluator::ContinueProcessingWrapper + 0x21
ntdll.dll!RtlpWorkerCallout + 0x70
ntdll.dll!RtlpExecuteWorkerRequest + 0x1a
ntdll.dll!RtlpApcCallout + 0x11
ntdll.dll!RtlpWorkerThread + 0x87
kernel32.dll!BaseThreadStart + 0x37

With this information from Process Monitor, one could come to a similar conclusion - the Phishing Filter in Internet Explorer 7 seems to cause Internet Explorer 7's performance to degrade in certain environments.

»