ULONG UpdateDotNetTraceInfo( _In_ PASMPAGE_QUERY_CONTEXT Context, _In_ BOOLEAN ClrV2 ) { static _EnableTraceEx EnableTraceEx_I = NULL; ULONG result; TRACEHANDLE sessionHandle; PEVENT_TRACE_PROPERTIES properties; PGUID guidToEnable; if (!EnableTraceEx_I) EnableTraceEx_I = PhGetModuleProcAddress(L"advapi32.dll", "EnableTraceEx"); if (!EnableTraceEx_I) return ERROR_NOT_SUPPORTED; result = StartDotNetTrace(&sessionHandle, &properties); if (result != 0) return result; if (!ClrV2) guidToEnable = &ClrRundownProviderGuid; else guidToEnable = &ClrRuntimeProviderGuid; EnableTraceEx_I( guidToEnable, NULL, sessionHandle, 1, TRACE_LEVEL_INFORMATION, CLR_LOADER_KEYWORD | CLR_STARTENUMERATION_KEYWORD, 0, 0, NULL ); result = ProcessDotNetTrace(Context); ControlTrace(sessionHandle, NULL, properties, EVENT_TRACE_CONTROL_STOP); PhFree(properties); return result; }
NTSTATUS UpdateDotNetTraceInfoThreadStart( _In_ PVOID Parameter ) { PASMPAGE_QUERY_CONTEXT context = Parameter; TRACEHANDLE sessionHandle; PEVENT_TRACE_PROPERTIES properties; PGUID guidToEnable; context->TraceResult = StartDotNetTrace(&sessionHandle, &properties); if (context->TraceResult != 0) return context->TraceResult; if (!context->TraceClrV2) guidToEnable = &ClrRundownProviderGuid; else guidToEnable = &ClrRuntimeProviderGuid; EnableTraceEx( guidToEnable, NULL, sessionHandle, 1, TRACE_LEVEL_INFORMATION, CLR_LOADER_KEYWORD | CLR_STARTENUMERATION_KEYWORD, 0, 0, NULL ); context->TraceResult = ProcessDotNetTrace(context); ControlTrace(sessionHandle, NULL, properties, EVENT_TRACE_CONTROL_STOP); PhFree(properties); return context->TraceResult; }