Ejemplo n.º 1
0
        // pack the argv data and emit the event using TraceEvent
        internal unsafe override uint EventWrite(EventTrace.Event eventID, EventTrace.Keyword keywords, EventTrace.Level level, int argc, EventData *argv)
        {
            ClassicEtw.EVENT_HEADER header;
            header.Header.ClientContext = 0;
            header.Header.Flags         = ClassicEtw.WNODE_FLAG_TRACED_GUID | ClassicEtw.WNODE_FLAG_USE_MOF_PTR;
            header.Header.Guid          = EventTrace.GetGuidForEvent(eventID);
            header.Header.Level         = (byte)level;
            header.Header.Type          = (byte)EventTrace.GetOpcodeForEvent(eventID);
            header.Header.Version       = (ushort)EventTrace.GetVersionForEvent(eventID);
            // Extra copy on XP to move argv to the end of the EVENT_HEADER
            EventData *eventData = &header.Data;

            if (argc > ClassicEtw.MAX_MOF_FIELDS)
            {
                // Data will be lost on XP
                argc = ClassicEtw.MAX_MOF_FIELDS;
            }

            header.Header.Size = (ushort)(argc * sizeof(EventData) + 48);
            for (int x = 0; x < argc; x++)
            {
                eventData[x].Ptr  = argv[x].Ptr;
                eventData[x].Size = argv[x].Size;
            }

            return(ClassicEtw.TraceEvent(_traceHandle, &header));
        }