Amebis/WinStd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TdhGetEventInformation() helper added

Browse Source
This commit is contained in:
Simon Rozman 2016-06-22 16:24:37 +02:00
parent 5e10b905f9
commit 0c8d8f8931
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
include/WinStd/ETW.h
View File

@ -24,11 +24,14 @@
#include <evntprov.h> #include <evntprov.h>
#include <evntcons.h> #include <evntcons.h>
#include <stdarg.h> #include <stdarg.h>
#include <tdh.h>
#include <memory> #include <memory>
#include <string> #include <string>
#include <vector> #include <vector>
inline ULONG TdhGetEventInformation(_In_ PEVENT_RECORD pEvent, _In_ ULONG TdhContextCount, _In_ PTDH_CONTEXT pTdhContext, _Out_ std::unique_ptr<TRACE_EVENT_INFO> &info);
namespace winstd namespace winstd
{ {
class WINSTD_API event_data; class WINSTD_API event_data;
@ -44,6 +47,33 @@ namespace winstd
#pragma once #pragma once
///
/// Retrieves metadata about an event.
///
/// \sa [TdhGetEventInformation function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa964840.aspx)
///
inline ULONG TdhGetEventInformation(_In_ PEVENT_RECORD pEvent, _In_ ULONG TdhContextCount, _In_ PTDH_CONTEXT pTdhContext, _Out_ std::unique_ptr<TRACE_EVENT_INFO> &info)
{
BYTE szBuffer[WINSTD_STACK_BUFFER_BYTES];
ULONG ulSize = sizeof(szBuffer), ulResult;
// Try with stack buffer first.
ulResult = TdhGetEventInformation(pEvent, TdhContextCount, pTdhContext, (PTRACE_EVENT_INFO)szBuffer, &ulSize);
if (ulResult == ERROR_SUCCESS) {
// Copy from stack.
info.reset((PTRACE_EVENT_INFO)new char[ulSize]);
memcpy(info.get(), szBuffer, ulSize);
return ERROR_SUCCESS;
} else if (ulResult == ERROR_INSUFFICIENT_BUFFER) {
// Create buffer on heap and retry.
info.reset((PTRACE_EVENT_INFO)new char[ulSize]);
return TdhGetEventInformation(pEvent, TdhContextCount, pTdhContext, info.get(), &ulSize);
}
return ulResult;
}
namespace winstd namespace winstd
{ {
/// ///
@ -556,7 +586,7 @@ namespace winstd
/// ///
/// Return status of `EnableTraceEx()` call /// Return result of `EnableTraceEx()` call.
/// ///
/// \sa [EnableTraceEx function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363711.aspx) /// \sa [EnableTraceEx function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363711.aspx)
/// ///
@ -567,14 +597,14 @@ namespace winstd
/// ///
/// Disables event trace /// Disables event trace.
/// ///
/// \sa [EnableTraceEx function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363711.aspx) /// \sa [EnableTraceEx function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa363711.aspx)
/// ///
virtual ~event_trace_enabler(); virtual ~event_trace_enabler();
protected: protected:
ULONG m_status; ///< Status of EnableTraceEx call ULONG m_status; ///< Result of EnableTraceEx call
LPCGUID m_provider_id; ///< Provider ID LPCGUID m_provider_id; ///< Provider ID
LPCGUID m_source_id; ///< Session ID LPCGUID m_source_id; ///< Session ID
TRACEHANDLE m_trace_handle; ///< Trace handle TRACEHANDLE m_trace_handle; ///< Trace handle