// pack the argv data and emit the event using TraceEvent
internal unsafe override uint EventWrite(EventTrace.Event eventID, EventTrace.Keyword keywords, EventTrace.Level level, int argc, EventData *argv)
{
ClassicEtw.EVENT_HEADER header;
header.Header.ClientContext = 0;
header.Header.Flags = ClassicEtw.WNODE_FLAG_TRACED_GUID | ClassicEtw.WNODE_FLAG_USE_MOF_PTR;
header.Header.Guid = EventTrace.GetGuidForEvent(eventID);
header.Header.Level = (byte)level;
header.Header.Type = (byte)EventTrace.GetOpcodeForEvent(eventID);
header.Header.Version = (ushort)EventTrace.GetVersionForEvent(eventID);
// Extra copy on XP to move argv to the end of the EVENT_HEADER
EventData *eventData = &header.Data;
if (argc > ClassicEtw.MAX_MOF_FIELDS)
{
// Data will be lost on XP
argc = ClassicEtw.MAX_MOF_FIELDS;
}
header.Header.Size = (ushort)(argc * sizeof(EventData) + 48);
for (int x = 0; x < argc; x++)
{
eventData[x].Ptr = argv[x].Ptr;
eventData[x].Size = argv[x].Size;
}
return(ClassicEtw.TraceEvent(_traceHandle, &header));
}
internal unsafe override uint EventWrite(EventTrace.Event eventID, EventTrace.Keyword keywords, EventTrace.Level level, int argc, EventData *argv)
{
ManifestEtw.EventDescriptor eventDescriptor;
eventDescriptor.Id = (ushort)eventID;
eventDescriptor.Version = EventTrace.GetVersionForEvent(eventID);
eventDescriptor.Channel = 0x10; // Since Channel isn't supported on XP we only use a single default channel.
eventDescriptor.Level = (byte)level;
eventDescriptor.Opcode = EventTrace.GetOpcodeForEvent(eventID);
eventDescriptor.Task = EventTrace.GetTaskForEvent(eventID);
eventDescriptor.Keywords = (long)keywords;
if (argc == 0)
{
argv = null;
}
return(ManifestEtw.EventWrite(_registrationHandle.Value, ref eventDescriptor, (uint)argc, argv));
}