// pack the argv data and emit the event using TraceEvent internal unsafe override uint EventWrite(EventTrace.Event eventID, EventTrace.Keyword keywords, EventTrace.Level level, int argc, EventData *argv) { ClassicEtw.EVENT_HEADER header; header.Header.ClientContext = 0; header.Header.Flags = ClassicEtw.WNODE_FLAG_TRACED_GUID | ClassicEtw.WNODE_FLAG_USE_MOF_PTR; header.Header.Guid = EventTrace.GetGuidForEvent(eventID); header.Header.Level = (byte)level; header.Header.Type = (byte)EventTrace.GetOpcodeForEvent(eventID); header.Header.Version = (ushort)EventTrace.GetVersionForEvent(eventID); // Extra copy on XP to move argv to the end of the EVENT_HEADER EventData *eventData = &header.Data; if (argc > ClassicEtw.MAX_MOF_FIELDS) { // Data will be lost on XP argc = ClassicEtw.MAX_MOF_FIELDS; } header.Header.Size = (ushort)(argc * sizeof(EventData) + 48); for (int x = 0; x < argc; x++) { eventData[x].Ptr = argv[x].Ptr; eventData[x].Size = argv[x].Size; } return(ClassicEtw.TraceEvent(_traceHandle, &header)); }
private unsafe uint ClassicShimUnregister() { uint num = ClassicEtw.UnregisterTraceGuids(this.m_regHandle); this.m_regHandle = 0L; this.m_classicControlCallback = null; this.m_classicSessionHandle = 0L; if (this.m_classicEventHeader != null) { Marshal.FreeHGlobal((IntPtr)this.m_classicEventHeader); this.m_classicEventHeader = null; } return(num); }
private unsafe uint ClassicShimRegister(Guid providerId, ManifestEtw.EtwEnableCallback enableCallback) { ClassicEtw.TRACE_GUID_REGISTRATION trace_guid_registration; if (this.m_regHandle != 0L) { throw new Exception(); } this.m_classicEventHeader = (ClassicEtw.EVENT_HEADER *)Marshal.AllocHGlobal(sizeof(ClassicEtw.EVENT_HEADER)); ZeroMemory((IntPtr)this.m_classicEventHeader, sizeof(ClassicEtw.EVENT_HEADER)); trace_guid_registration.RegHandle = null; trace_guid_registration.Guid = &providerId; this.m_classicControlCallback = new ClassicEtw.ControlCallback(this.ClassicControlCallback); return(ClassicEtw.RegisterTraceGuidsW(this.m_classicControlCallback, null, ref providerId, 1, &trace_guid_registration, null, null, out this.m_regHandle)); }
private unsafe uint ClassicControlCallback(ClassicEtw.WMIDPREQUESTCODE requestCode, IntPtr requestContext, IntPtr reserved, ClassicEtw.WNODE_HEADER* data) { int traceEnableFlags = ClassicEtw.GetTraceEnableFlags(data.HistoricalContext); byte traceEnableLevel = ClassicEtw.GetTraceEnableLevel(data.HistoricalContext); int isEnabled = 0; if (requestCode == ClassicEtw.WMIDPREQUESTCODE.EnableEvents) { this.m_classicSessionHandle = ClassicEtw.GetTraceLoggerHandle(data); isEnabled = 1; } else if (requestCode == ClassicEtw.WMIDPREQUESTCODE.DisableEvents) { this.m_classicSessionHandle = 0L; isEnabled = 0; } this.m_etwCallback(ref this.m_providerId, isEnabled, traceEnableLevel, (long) traceEnableFlags, 0L, null, null); return 0; }
private unsafe uint ClassicControlCallback(ClassicEtw.WMIDPREQUESTCODE requestCode, IntPtr requestContext, IntPtr reserved, ClassicEtw.WNODE_HEADER *data) { int traceEnableFlags = ClassicEtw.GetTraceEnableFlags(data.HistoricalContext); byte traceEnableLevel = ClassicEtw.GetTraceEnableLevel(data.HistoricalContext); int isEnabled = 0; if (requestCode == ClassicEtw.WMIDPREQUESTCODE.EnableEvents) { this.m_classicSessionHandle = ClassicEtw.GetTraceLoggerHandle(data); isEnabled = 1; } else if (requestCode == ClassicEtw.WMIDPREQUESTCODE.DisableEvents) { this.m_classicSessionHandle = 0L; isEnabled = 0; } this.m_etwCallback(ref this.m_providerId, isEnabled, traceEnableLevel, (long)traceEnableFlags, 0L, null, null); return(0); }
// // Registers the providerGuid with an inbuilt callback // internal override unsafe void Register(Guid providerGuid) { ulong registrationHandle; ClassicEtw.TRACE_GUID_REGISTRATION guidReg; Guid dummyGuid = new Guid(0xb4955bf0, 0x3af1, 0x4740, 0xb4, 0x75, 0x99, 0x05, 0x5d, 0x3f, 0xe9, 0xaa); _etwProc = new ClassicEtw.ControlCallback(EtwEnableCallback); // This dummyGuid is there for ETW backward compat issues and is the same for all downlevel trace providers guidReg.Guid = &dummyGuid; guidReg.RegHandle = null; ClassicEtw.RegisterTraceGuidsW(_etwProc, IntPtr.Zero, ref providerGuid, 1, ref guidReg, null, null, out registrationHandle); _registrationHandle.Value = registrationHandle; }
// // This callback function is called by ETW to enable or disable this provider // private unsafe uint EtwEnableCallback(ClassicEtw.WMIDPREQUESTCODE requestCode, IntPtr context, IntPtr bufferSize, ClassicEtw.WNODE_HEADER *buffer) { try { switch (requestCode) { case ClassicEtw.WMIDPREQUESTCODE.EnableEvents: _traceHandle = buffer->HistoricalContext; _keywords = (EventTrace.Keyword)ClassicEtw.GetTraceEnableFlags((ulong)buffer->HistoricalContext); _level = (EventTrace.Level)ClassicEtw.GetTraceEnableLevel((ulong)buffer->HistoricalContext); _enabled = true; break; case ClassicEtw.WMIDPREQUESTCODE.DisableEvents: _enabled = false; _traceHandle = 0; _level = EventTrace.Level.LogAlways; _keywords = 0; break; default: _enabled = false; _traceHandle = 0; break; } return(0); } catch (Exception e) { if (CriticalExceptions.IsCriticalException(e)) { throw; } else { return(0); } } }
private unsafe uint ClassicShimEventWrite(ref EventDescriptorInternal eventDescriptor, uint userDataCount, EventData *userData) { this.m_classicEventHeader.Header.ClientContext = 0; this.m_classicEventHeader.Header.Flags = 0x120000; this.m_classicEventHeader.Header.Guid = GenTaskGuidFromProviderGuid(this.m_providerId, (ushort)eventDescriptor.Task); this.m_classicEventHeader.Header.Level = eventDescriptor.Level; this.m_classicEventHeader.Header.Type = eventDescriptor.Opcode; this.m_classicEventHeader.Header.Version = eventDescriptor.Version; EventData *dataPtr = &this.m_classicEventHeader.Data; if (userDataCount > 0x10) { throw new Exception(); } this.m_classicEventHeader.Header.Size = (ushort)(((ulong)0x30L) + (userDataCount * sizeof(EventData))); for (int i = 0; i < userDataCount; i++) { dataPtr[i].Ptr = userData[i].Ptr; dataPtr[i].Size = userData[i].Size; } return(ClassicEtw.TraceEvent(this.m_classicSessionHandle, this.m_classicEventHeader)); }
private uint ClassicControlCallback(ClassicEtw.WMIDPREQUESTCODE requestCode, IntPtr requestContext, IntPtr reserved, ClassicEtw.WNODE_HEADER* data) { int flags = ClassicEtw.GetTraceEnableFlags(data->HistoricalContext); byte level = ClassicEtw.GetTraceEnableLevel(data->HistoricalContext); int enabled = 0; if (requestCode == ClassicEtw.WMIDPREQUESTCODE.EnableEvents) { m_classicSessionHandle = ClassicEtw.GetTraceLoggerHandle(data); enabled = 1; } else if (requestCode == ClassicEtw.WMIDPREQUESTCODE.DisableEvents) { m_classicSessionHandle = 0; enabled = 0; } m_etwCallback(ref m_providerId, enabled, level, flags, 0, null, null); return 0; }