Exemplos de ProcessTrace em C++ (Cpp)

Exemplo n.º 1

Arquivo: etwmon.c Projeto: Azarien/processhacker2

NTSTATUS EtpRundownEtwMonitorThreadStart(
    _In_ PVOID Parameter
    )
{
    EVENT_TRACE_LOGFILE logFile;
    TRACEHANDLE traceHandle;

    memset(&logFile, 0, sizeof(EVENT_TRACE_LOGFILE));
    logFile.LoggerName = EtpRundownLoggerName.Buffer;
    logFile.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
    logFile.BufferCallback = EtpRundownEtwBufferCallback;
    logFile.EventRecordCallback = EtpRundownEtwEventCallback;
    logFile.Context = &traceHandle;

    traceHandle = OpenTrace(&logFile);

    if (traceHandle != INVALID_PROCESSTRACE_HANDLE)
    {
        ProcessTrace(&traceHandle, 1, NULL, NULL);

        if (traceHandle != 0)
            CloseTrace(traceHandle);
    }

    NtClose(EtpRundownEtwMonitorThreadHandle);
    EtpRundownEtwMonitorThreadHandle = NULL;

    return STATUS_SUCCESS;
}

Exemplo n.º 2

Arquivo: asmpage.c Projeto: TETYYS/processhacker2

ULONG ProcessDotNetTrace(
    _In_ PASMPAGE_QUERY_CONTEXT Context
    )
{
    ULONG result;
    TRACEHANDLE traceHandle;
    EVENT_TRACE_LOGFILE logFile;

    memset(&logFile, 0, sizeof(EVENT_TRACE_LOGFILE));
    logFile.LoggerName = DotNetLoggerName.Buffer;
    logFile.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
    logFile.BufferCallback = DotNetBufferCallback;
    logFile.EventRecordCallback = DotNetEventCallback;
    logFile.Context = Context;

    traceHandle = OpenTrace(&logFile);

    if (traceHandle == INVALID_PROCESSTRACE_HANDLE)
        return GetLastError();

    Context->TraceHandleActive = 1;
    Context->TraceHandle = traceHandle;
    result = ProcessTrace(&traceHandle, 1, NULL, NULL);

    if (_InterlockedExchange(&Context->TraceHandleActive, 0) == 1)
    {
        CloseTrace(traceHandle);
    }

    return result;
}

Exemplo n.º 3

Arquivo: EtwLiveLog.cpp Projeto: mrcslws/EtwLiveLog

int __cdecl wmain(int argc, wchar_t* argv[])
{
    bool fPrintUsage = true;
    if (argc == 2)
    {
        if (!SetConsoleCtrlHandler([](_In_ DWORD) {
            _s_fIsEnding = true;
            return TRUE;
        }, TRUE /*Add*/))
        {
            wprintf(L"Erm, looks like ctrl+c isn't going to exit cleanly.");
        }

        TRACEHANDLE hTrace = 0;

        // Open the session
        EVENT_TRACE_LOGFILE etlTrace = { 0 };
        etlTrace.LoggerName = argv[1];
        etlTrace.ProcessTraceMode = PROCESS_TRACE_MODE_EVENT_RECORD | PROCESS_TRACE_MODE_REAL_TIME;
        etlTrace.EventRecordCallback = (PEVENT_RECORD_CALLBACK)&_HandleEvent;
        etlTrace.Context = &hTrace;

        hTrace = OpenTrace(&etlTrace);
        if (hTrace != INVALID_PROCESSTRACE_HANDLE)
        {
            TRACEHANDLE rghTrace[] = { hTrace };
            ULONG ulProcessTrace = ProcessTrace(rghTrace, ARRAYSIZE(rghTrace), nullptr, nullptr);
            if (ulProcessTrace == ERROR_SUCCESS)
            {
                fPrintUsage = false;
            }
            else
            {
                wprintf(L"ProcessTrace failed. (%u)\r\n", ulProcessTrace);
            }

            if (!_s_fIsClosed)
            {
                CloseTrace(hTrace);
                _s_fIsClosed = true;
            }
        }
        else
        {
            wprintf(L"OpenTrace failed.\r\n");
        }
    }

    if (fPrintUsage)
    {
        wprintf(USAGE);
    }
}

Exemplo n.º 4

Arquivo: TraceZler.cpp Projeto: jason-shi/ZGames

void CTraceZler::OnCrackEnd(WPARAM wParam, LPARAM lParam)
{
	KillAllTimer();

	TCrackResult tCrackResult = WChess_GetCrackResult();
	switch (m_nTraceStage)
	{
	case 0:
		if (wParam == REDLOSE)
			ProcessTrace(0);
		else
			ProcessTrace(tCrackResult.nRound);
		break;
	case 1:
		TrList1[m_nIdxBlk - 1].flag = wParam != REDLOSE;
		ProcessTrList1();
		break;
	case 2:
		TrList2[m_nIdxRed - 1].flag = wParam == REDLOSE;
		ProcessTrList2();
		break;
	}
}

Exemplo n.º 5

Arquivo: etwmon.c Projeto: Azarien/processhacker2

NTSTATUS EtpEtwMonitorThreadStart(
    _In_ PVOID Parameter
    )
{
    ULONG result;
    EVENT_TRACE_LOGFILE logFile;
    TRACEHANDLE traceHandle;

    // See comment in EtEtwProcessesUpdatedCallback.
    if (WindowsVersion >= WINDOWS_8)
        EtUpdateProcessInformation();

    memset(&logFile, 0, sizeof(EVENT_TRACE_LOGFILE));
    logFile.LoggerName = EtpActualKernelLoggerName->Buffer;
    logFile.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
    logFile.BufferCallback = EtpEtwBufferCallback;
    logFile.EventRecordCallback = EtpEtwEventCallback;

    while (TRUE)
    {
        result = ERROR_SUCCESS;
        traceHandle = OpenTrace(&logFile);

        if (traceHandle != INVALID_PROCESSTRACE_HANDLE)
        {
            while (!EtpEtwExiting && (result = ProcessTrace(&traceHandle, 1, NULL, NULL)) == ERROR_SUCCESS)
                NOTHING;

            CloseTrace(traceHandle);
        }

        if (EtpEtwExiting)
            break;

        if (result == ERROR_WMI_INSTANCE_NOT_FOUND)
        {
            // The session was stopped by another program. Try to start it again.
            EtStartEtwSession();
        }

        // Some error occurred, so sleep for a while before trying again.
        // Don't sleep if we just successfully started a session, though.
        if (!EtpEtwActive)
            Sleep(250);
    }

    return STATUS_SUCCESS;
}

Exemplo n.º 6

Arquivo: Gordon.c Projeto: duarten/Gordon

static
BOOL
StartTraceListening (
    __out PTRACEHANDLE SessionHandle,
    __out PTRACE_PROPERTIES Properties,
    __out PTRACEHANDLE ConsumingHandle
    )
{
    EVENT_TRACE_LOGFILE TraceLogfile;

    RtlZeroMemory(Properties, sizeof(*Properties));
    Properties->TraceProperties.Wnode.BufferSize = sizeof(*Properties);
    Properties->TraceProperties.Wnode.Flags = WNODE_FLAG_TRACED_GUID;
    Properties->TraceProperties.Wnode.Guid = SESSION_GUID;    
    Properties->TraceProperties.LogFileMode = EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 
                                            | EVENT_TRACE_USE_PAGED_MEMORY 
                                            | EVENT_TRACE_REAL_TIME_MODE;
    Properties->TraceProperties.LogFileNameOffset = 0;
    Properties->TraceProperties.LoggerNameOffset = FIELD_OFFSET(TRACE_PROPERTIES, LoggerName);

    if (StartTrace(SessionHandle, LOGGER_NAME, &Properties->TraceProperties) != ERROR_SUCCESS) {
        PrintError("StartTrace failed", GetLastError());
        return FALSE;
    }

    if (EnableTrace(TRUE, 0, TRACE_LEVEL_INFORMATION, &PROVIDER_GUID, *SessionHandle) != ERROR_SUCCESS) {
        PrintError("EnableTrace failed", GetLastError());
        return FALSE;
    }

    RtlZeroMemory(&TraceLogfile, sizeof(TraceLogfile));
    TraceLogfile.LoggerName = LOGGER_NAME;
    TraceLogfile.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME;
    TraceLogfile.EventCallback = TraceCallback;

    if ((*ConsumingHandle = OpenTrace(&TraceLogfile)) == INVALID_PROCESSTRACE_HANDLE) {
        PrintError("OpenTrace failed", GetLastError());
        return FALSE;
    }

    if (ProcessTrace(ConsumingHandle, 1, NULL, NULL) != ERROR_SUCCESS) {
        PrintError("ProcessTrace failed", GetLastError());
        return FALSE;
    }

    return TRUE;
}

Exemplo n.º 7

Arquivo: TraceZler.cpp Projeto: jason-shi/ZGames

void CTraceZler::OnCrackTout()
{
	KillAllTimer();
	WChess_ExitThreadCrack();
	switch (m_nTraceStage)
	{
	case 0:
		ProcessTrace(0); //荒唐小倒推
		break;
	case 1:
		m_bToutFlag = true; //标记小倒推超时
		TrList1[m_nIdxBlk - 1].flag = false;
		ProcessTrList1();
		break;
	case 2:
		m_bToutFlag = true; //标记小倒推超时
		TrList2[m_nIdxRed - 1].flag = false;
		ProcessTrList2();
		break;
	}
}

Exemplo n.º 8

Arquivo: EtwConsumer.cpp Projeto: dbremner/Windows-classic-samples

ULONG
DecodeFile(
    __in PWSTR FileName,
    __inout PPROCESSING_CONTEXT LogContext
)

/*++

Routine Description:

    The main initialization on processing the ETL file is done here.
    First, a handle to the specified trace (the ETL file in this case)
    is obtained, then an ETW Api call, ProcessTrace(), is made. ProcessTrace()
    will invoke the Buffer and Event callback functions after processing
    each buffer and event, respectively. In the end, CloseTrace() is called.

Arguments:

    FileName - Supplies the name of the ETL file to be decoded.

    LogContext - Supplies the structure that persists contextual information
                 across callbacks.

Return Value:

    ERROR_SUCCESS - Success.

    Win32 error code - Calls to OpenTrace, ProcessTrace or CloseTrace failed.

--*/

{
    ULONG Status;
    EVENT_TRACE_LOGFILE LogFile = {0};
    TRACEHANDLE Handle;

    LogFile.LogFileName = FileName;
    LogFile.ProcessTraceMode |= PROCESS_TRACE_MODE_EVENT_RECORD;
    LogFile.EventRecordCallback = EventCallback;
    LogFile.BufferCallback = BufferCallback;
    LogFile.Context = (PVOID)LogContext;

    Handle = OpenTrace(&LogFile);
    if (Handle == INVALID_PROCESSTRACE_HANDLE) {
        Status = GetLastError();
        wprintf(L"\nOpenTrace failed. Error code: %u.\n", Status);
        return Status;
    }

    Status = ProcessTrace(&Handle, 1, NULL, NULL);
    if (Status != ERROR_SUCCESS) {
        wprintf(L"\nProcessTrace failed. Error code: %u.\n", Status);
    }

    Status = CloseTrace(Handle);
    if (Status != ERROR_SUCCESS) {
        wprintf(L"\nCloseTrace failed. Error code: %u.\n", Status);
    }

    return Status;
}

Exemplo n.º 9

Arquivo: consumer.cpp Projeto: xiaoyiyue/EtwTracing

BOOL CConsumer::ConsumerProcessTrace(TRACEHANDLE hTrace, DWORD processId, LPWSTR logFilePath)
{


// 	HRESULT hr = ConnectToETWNameSpace(_bstr_t(L"root\\wmi"));
// 	if(FAILED(hr))
// 	{
// 		wprintf(L"ConnectoETWNameSpace failed with 0x%x\r\n", hr);	
// 	}
	m_logFilePath = logFilePath;
	m_processId = processId;

	SymSetOptions(SYMOPT_DEBUG);

	HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE, m_processId);
	if(hProcess == NULL)
	{
		wprintf(L"OpenProcess Failed with %lu\r\n", GetLastError());
	}
	else
	{

		HMODULE hMod[1024];
		DWORD	cbNeeded;
		TCHAR	szModName[MAX_PATH] = {0};
		std::string pdbSerchPath = "\\\\192.168.14.181\\public\\symbols\\";
		std::string finalSearchPath = "d:\\symbolslocal";
		if(EnumProcessModules(hProcess, hMod, sizeof(hMod), &cbNeeded))
		{
			for(int i = 0; i < cbNeeded / sizeof(HMODULE); ++i)
			{
				pdbSerchPath = "\\\\192.168.14.181\\public\\symbols\\";
				ZeroMemory(szModName, sizeof(szModName));
				if(GetModuleFileNameEx(hProcess, hMod[i], szModName, sizeof(szModName)))
				{
					CFileVersion fileVer;
					if(fileVer.Open(szModName))
					{
						CString strVer = fileVer.GetFixedProductVersion();
						std::wstring modName = szModName;
						DWORD index = modName.rfind(L'\\');
						DWORD suffixIndex = modName.rfind(L'.');
						if(index)
						{
							modName = modName.substr(index+1,suffixIndex - index -1);
						}
						modName += L"\\";
						modName += strVer.GetBuffer();
						strVer.ReleaseBuffer();

						char modPdbPath[MAX_PATH] = {0};
						WideCharToMultiByte(CP_ACP,0, modName.c_str(), -1, modPdbPath, MAX_PATH, NULL, FALSE);

						pdbSerchPath += modPdbPath;
						if(PathFileExistsA(pdbSerchPath.c_str()))
						{
							finalSearchPath = finalSearchPath + ";" + pdbSerchPath;
						}

					}
				}
			}
			finalSearchPath = finalSearchPath + ";" + "\\\\192.168.14.181\\public\\symbols\\Thunder\\7.9.19.4736";
			BOOL bRet = SymInitialize ( 
				hProcess, // Process handle
				finalSearchPath.c_str(),       // user-defined search path -> use default 
				TRUE                 // load symbols for modules in the current process 
				); 
			m_processHandle = hProcess;
		}

		//std::string pdbSerchPath = "\\\\192.168.14.181\\public\\symbols\\Thunder\\7.9.19.4736;D:\\develop\\thunder\\pdb\\Release";		
	}
	

	ULONG status = ProcessTrace(&hTrace, 1, 0, 0);
	if(ERROR_SUCCESS != status && ERROR_CANCELLED != status)
	{
		wprintf(L"ProcessTrace failed with %u\r\n", status);
	}
	else
	{
		OutputResult();
	}
	//CoUninitialize();
	return TRUE;
}

Exemplo n.º 10

Arquivo: ETWWindows.cpp Projeto: bfierz/brofiler

DWORD WINAPI ETW::RunProcessTraceThreadFunction( LPVOID parameter )
{
	ETW* etw = (ETW*)parameter;
	ProcessTrace(&etw->openedHandle, 1, 0, 0);
	return 0;
}

Exemplo n.º 11

Arquivo: tracesession.cpp Projeto: mattpodwysocki/node-etw

bool TraceSession::Process()
{
    _status = ProcessTrace(&_hTrace, 1, NULL, NULL);
    return (_status == ERROR_SUCCESS);
}