From 304ce26dc9ff5ae3487b54b5fdc477a995f635f4 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Thu, 23 Jun 2016 15:42:25 +0200 Subject: [PATCH] TdhGetProperty helper added --- include/WinStd/ETW.h | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/include/WinStd/ETW.h b/include/WinStd/ETW.h index 967e5742..0ae6611d 100644 --- a/include/WinStd/ETW.h +++ b/include/WinStd/ETW.h @@ -32,6 +32,7 @@ inline ULONG TdhGetEventInformation(_In_ PEVENT_RECORD pEvent, _In_ ULONG TdhContextCount, _In_ PTDH_CONTEXT pTdhContext, _Out_ std::unique_ptr &info); inline ULONG TdhGetEventMapInformation(_In_ PEVENT_RECORD pEvent, _In_ LPWSTR pMapName, _Out_ std::unique_ptr &info); +template inline ULONG TdhGetProperty(_In_ PEVENT_RECORD pEvent, _In_ ULONG TdhContextCount, _In_ PTDH_CONTEXT pTdhContext, _In_ ULONG PropertyDataCount, _In_ PPROPERTY_DATA_DESCRIPTOR pPropertyData, _Out_ std::vector<_Ty, _Ax> &aData); namespace winstd { @@ -102,6 +103,28 @@ inline ULONG TdhGetEventMapInformation(_In_ PEVENT_RECORD pEvent, _In_ LPWSTR pM } +/// +/// Retrieves a property value from the event data. +/// +/// \sa [TdhGetProperty function](https://msdn.microsoft.com/en-us/library/windows/desktop/aa964843.aspx) +/// +template +inline ULONG TdhGetProperty(_In_ PEVENT_RECORD pEvent, _In_ ULONG TdhContextCount, _In_ PTDH_CONTEXT pTdhContext, _In_ ULONG PropertyDataCount, _In_ PPROPERTY_DATA_DESCRIPTOR pPropertyData, _Out_ std::vector<_Ty, _Ax> &aData) +{ + ULONG ulSize, ulResult; + + // Query property size. + ulResult = TdhGetPropertySize(pEvent, TdhContextCount, pTdhContext, PropertyDataCount, pPropertyData, &ulSize); + if (ulResult == ERROR_SUCCESS) { + // Query property value. + aData.resize((ulSize + sizeof(_Ty) - 1) / sizeof(_Ty)); + ulResult = TdhGetProperty(pEvent, TdhContextCount, pTdhContext, PropertyDataCount, pPropertyData, ulSize, (LPBYTE)aData.data()); + } + + return ulResult; +} + + namespace winstd { ///