private unsafe bool GetDataFromController(ManifestEtw.EVENT_FILTER_DESCRIPTOR *filterData, out ControllerCommand command, out byte[] data, out int dataStart) { data = null; if (filterData == null) { string keyName = @"\Microsoft\Windows\CurrentVersion\Winevt\Publishers\{" + this.m_providerId + "}"; if (Marshal.SizeOf(typeof(IntPtr)) == 8) { keyName = @"HKEY_LOCAL_MACHINE\Software\Wow6432Node" + keyName; } else { keyName = @"HKEY_LOCAL_MACHINE\Software" + keyName; } data = Registry.GetValue(keyName, "ControllerData", null) as byte[]; if ((data != null) && (data.Length >= 4)) { command = (ControllerCommand)(((data[3] << ((8 + data[2]) & 0x1f)) << ((8 + data[1]) & 0x1f)) << (8 + data[0])); dataStart = 4; return(true); } } else { if (((filterData.Ptr != 0L) && (0 < filterData.Size)) && (filterData.Size <= 0x400)) { data = new byte[filterData.Size]; Marshal.Copy((IntPtr)filterData.Ptr, data, 0, data.Length); } command = (ControllerCommand)filterData.Type; dataStart = 0; return(true); } dataStart = 0; command = ControllerCommand.Update; return(false); }
private unsafe void EtwEnableCallback(ref Guid sourceId, int isEnabled, byte level, long matchAnyKeywords, long matchAllKeywords, ManifestEtw.EVENT_FILTER_DESCRIPTOR *filterData, void *callbackContext) { _enabled = isEnabled > 0; _level = (EventTrace.Level)level; _keywords = (EventTrace.Keyword)matchAnyKeywords; _matchAllKeyword = (EventTrace.Keyword)matchAllKeywords; // parse data from EVENT_FILTER_DESCRIPTOR - see CLR EventProvider::GetDataFromController }
private unsafe void EtwEnableCallBack([In] ref Guid sourceId, [In] int isEnabled, [In] byte setLevel, [In] long anyKeyword, [In] long allKeyword, [In] ManifestEtw.EVENT_FILTER_DESCRIPTOR *filterData, [In] void *callbackContext) { byte[] buffer; int num; this.m_enabled = isEnabled; this.m_level = setLevel; this.m_anyKeywordMask = anyKeyword; this.m_allKeywordMask = allKeyword; ControllerCommand update = ControllerCommand.Update; IDictionary <string, string> arguments = null; if (this.GetDataFromController(filterData, out update, out buffer, out num)) { arguments = new Dictionary <string, string>(4); while (num < buffer.Length) { int num2 = FindNull(buffer, num); int idx = num2 + 1; int num4 = FindNull(buffer, idx); if (num4 < buffer.Length) { string str = Encoding.UTF8.GetString(buffer, num, num2 - num); string str2 = Encoding.UTF8.GetString(buffer, idx, num4 - idx); arguments[str] = str2; } num = num4 + 1; } } this.OnControllerCommand(update, arguments); }