private unsafe uint EventWriteTransfer(ref EventDescriptorInternal eventDescriptor, ref Guid activityId, ref Guid relatedActivityId, uint userDataCount, EventData *userData) { if (!this.m_isClassic) { return(ManifestEtw.EventWriteTransfer(this.m_regHandle, ref eventDescriptor, ref activityId, ref relatedActivityId, userDataCount, userData)); } return(this.ClassicShimEventWriteTransfer(ref eventDescriptor, ref activityId, ref relatedActivityId, userDataCount, userData)); }
internal unsafe override void Register(Guid providerGuid) { _etwEnabledCallback = new ManifestEtw.EtwEnableCallback(EtwEnableCallback); ulong registrationHandle = 0; ManifestEtw.EventRegister(ref providerGuid, _etwEnabledCallback, null, ref registrationHandle); _registrationHandle.Value = registrationHandle; }
private unsafe uint EventWrite(ref EventDescriptorInternal eventDescriptor, uint userDataCount, EventData *userData) { if (!this.m_isClassic) { return(ManifestEtw.EventWrite(this.m_regHandle, ref eventDescriptor, userDataCount, userData)); } return(this.ClassicShimEventWrite(ref eventDescriptor, userDataCount, userData)); }
private unsafe uint EventWriteString(byte level, long keywords, char *message) { if (!this.m_isClassic) { return(ManifestEtw.EventWriteString(this.m_regHandle, level, keywords, message)); } return(this.ClassicShimEventWriteString(level, keywords, message)); }
private static uint EventActivityIdControl(int controlCode, ref Guid activityId) { if (!s_isClassic) { return(ManifestEtw.EventActivityIdControl(controlCode, ref activityId)); } return(ClassicShimEventActivityIdControl(controlCode, ref activityId)); }
private uint EventRegister(ref Guid providerId, ManifestEtw.EtwEnableCallback enableCallback) { s_isClassic = m_isClassic = Environment.OSVersion.Version.Major < 6; // Use classic on XP. m_providerId = providerId; m_etwCallback = enableCallback; if (!m_isClassic) return ManifestEtw.EventRegister(ref providerId, enableCallback, null, ref m_regHandle); else return ClassicShimRegister(providerId, enableCallback); }
private uint EventRegister(ref Guid providerId, ManifestEtw.EtwEnableCallback enableCallback) { s_isClassic = this.m_isClassic = Environment.OSVersion.Version.Major < 6; this.m_providerId = providerId; this.m_etwCallback = enableCallback; if (!this.m_isClassic) { return(ManifestEtw.EventRegister(ref providerId, enableCallback, null, ref this.m_regHandle)); } return(this.ClassicShimRegister(providerId, enableCallback)); }
private uint EventUnregister() { uint num; if (!this.m_isClassic) { num = ManifestEtw.EventUnregister(this.m_regHandle); } else { num = this.ClassicShimUnregister(); } this.m_regHandle = 0L; return(num); }
internal unsafe override uint EventWrite(EventTrace.Event eventID, EventTrace.Keyword keywords, EventTrace.Level level, int argc, EventData *argv) { ManifestEtw.EventDescriptor eventDescriptor; eventDescriptor.Id = (ushort)eventID; eventDescriptor.Version = EventTrace.GetVersionForEvent(eventID); eventDescriptor.Channel = 0x10; // Since Channel isn't supported on XP we only use a single default channel. eventDescriptor.Level = (byte)level; eventDescriptor.Opcode = EventTrace.GetOpcodeForEvent(eventID); eventDescriptor.Task = EventTrace.GetTaskForEvent(eventID); eventDescriptor.Keywords = (long)keywords; if (argc == 0) { argv = null; } return(ManifestEtw.EventWrite(_registrationHandle.Value, ref eventDescriptor, (uint)argc, argv)); }
private unsafe uint ClassicShimRegister(Guid providerId, ManifestEtw.EtwEnableCallback enableCallback) { if (m_regHandle != 0) // registering again illegal throw new Exception(); // m_classicEventHeader = (ClassicEtw.EVENT_HEADER*)Marshal.AllocHGlobal(sizeof(ClassicEtw.EVENT_HEADER)); ZeroMemory((IntPtr)m_classicEventHeader, sizeof(ClassicEtw.EVENT_HEADER)); // We only declare one Task GUID because you don't need to be accurate. ClassicEtw.TRACE_GUID_REGISTRATION registrationInfo; registrationInfo.RegHandle = null; registrationInfo.Guid = &providerId; // We assign it to a field variable to keep it alive until we unregister. m_classicControlCallback = ClassicControlCallback; return ClassicEtw.RegisterTraceGuidsW(m_classicControlCallback, null, ref providerId, 1, ®istrationInfo, null, null, out m_regHandle); }
private unsafe bool GetDataFromController(ManifestEtw.EVENT_FILTER_DESCRIPTOR* filterData, out ControllerCommand command, out byte[] data, out int dataStart) { data = null; if (filterData == null) { string keyName = @"\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{" + this.m_providerId + "}"; if (Marshal.SizeOf(typeof(IntPtr)) == 8) { keyName = @"HKEY_LOCAL_MACHINE\Software\Wow6432Node" + keyName; } else { keyName = @"HKEY_LOCAL_MACHINE\Software" + keyName; } data = Registry.GetValue(keyName, "ControllerData", null) as byte[]; if ((data != null) && (data.Length >= 4)) { command = (ControllerCommand) (((data[3] << ((8 + data[2]) & 0x1f)) << ((8 + data[1]) & 0x1f)) << (8 + data[0])); dataStart = 4; return true; } } else { if (((filterData.Ptr != 0L) && (0 < filterData.Size)) && (filterData.Size <= 0x400)) { data = new byte[filterData.Size]; Marshal.Copy((IntPtr) filterData.Ptr, data, 0, data.Length); } command = (ControllerCommand) filterData.Type; dataStart = 0; return true; } dataStart = 0; command = ControllerCommand.Update; return false; }
private uint EventRegister(ref Guid providerId, ManifestEtw.EtwEnableCallback enableCallback) { s_isClassic = this.m_isClassic = Environment.OSVersion.Version.Major < 6; this.m_providerId = providerId; this.m_etwCallback = enableCallback; if (!this.m_isClassic) { return ManifestEtw.EventRegister(ref providerId, enableCallback, null, ref this.m_regHandle); } return this.ClassicShimRegister(providerId, enableCallback); }
private unsafe uint ClassicShimRegister(Guid providerId, ManifestEtw.EtwEnableCallback enableCallback) { ClassicEtw.TRACE_GUID_REGISTRATION trace_guid_registration; if (this.m_regHandle != 0L) { throw new Exception(); } this.m_classicEventHeader = (ClassicEtw.EVENT_HEADER*) Marshal.AllocHGlobal(sizeof(ClassicEtw.EVENT_HEADER)); ZeroMemory((IntPtr) this.m_classicEventHeader, sizeof(ClassicEtw.EVENT_HEADER)); trace_guid_registration.RegHandle = null; trace_guid_registration.Guid = &providerId; this.m_classicControlCallback = new ClassicEtw.ControlCallback(this.ClassicControlCallback); return ClassicEtw.RegisterTraceGuidsW(this.m_classicControlCallback, null, ref providerId, 1, &trace_guid_registration, null, null, out this.m_regHandle); }
private unsafe bool GetDataFromController(ManifestEtw.EVENT_FILTER_DESCRIPTOR* filterData, out ControllerCommand command, out byte[] data, out int dataStart) { data = null; if (filterData == null) { string regKey = @"\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{" + m_providerId + "}"; if (System.Runtime.InteropServices.Marshal.SizeOf(typeof(IntPtr)) == 8) regKey = @"HKEY_LOCAL_MACHINE\Software" + @"\Wow6432Node" + regKey; else regKey = @"HKEY_LOCAL_MACHINE\Software" + regKey; data = Microsoft.Win32.Registry.GetValue(regKey, "ControllerData", null) as byte[]; if (data != null && data.Length >= 4) { // command = (ControllerCommand)(((data[3] << 8 + data[2]) << 8 + data[1]) << 8 + data[0]); dataStart = 4; return true; } } else { if (filterData->Ptr != 0 && 0 < filterData->Size && filterData->Size <= 1024) { data = new byte[filterData->Size]; Marshal.Copy((IntPtr)filterData->Ptr, data, 0, data.Length); } command = (ControllerCommand) filterData->Type; dataStart = 0; return true; } dataStart = 0; command = ControllerCommand.Update; return false; }