microsoft
/
MSIX-PackageSupportFramework
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updates to resolve Pull Request comments, except for "Interpret"

This commit is contained in:
Tim Mangan 2018-11-28 12:15:53 -05:00
Родитель 32e71436a9
Коммит 727a9e9856
18 изменённых файлов: 570 добавлений и 971 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

248
PsfLauncher/main.cpp
Просмотреть файл

@ -20,40 +20,40 @@ void LaunchMonitorInBackground(std::filesystem::path packageRoot, const wchar_t
void Log(const char* fmt, ...)
{
std::string str;
str.resize(256);
std::string str;
str.resize(256);
va_list args;
va_start(args, fmt);
std::size_t count = std::vsnprintf(str.data(), str.size() + 1, fmt, args);
assert(count >= 0);
va_end(args);
va_list args;
va_start(args, fmt);
std::size_t count = std::vsnprintf(str.data(), str.size() + 1, fmt, args);
assert(count >= 0);
va_end(args);
if (count > str.size())
{
str.resize(count);
if (count > str.size())
{
str.resize(count);
va_list args2;
va_start(args2, fmt);
count = std::vsnprintf(str.data(), str.size() + 1, fmt, args2);
assert(count >= 0);
va_end(args2);
}
va_list args2;
va_start(args2, fmt);
count = std::vsnprintf(str.data(), str.size() + 1, fmt, args2);
assert(count >= 0);
va_end(args2);
}
str.resize(count);
::OutputDebugStringA(str.c_str());
str.resize(count);
::OutputDebugStringA(str.c_str());
}
void LogString(const char* name, const char* value)
{
Log("\t%s=%s\n", name, value);
Log("\t%s=%s\n", name, value);
}
void LogStringW(const char* name, const wchar_t* value)
{
Log("\t%s=%ls\n", name, value);
Log("\t%s=%ls\n", name, value);
}
int launcher_main(PWSTR args, int cmdShow) noexcept try
{
Log("in Launcher_main()");
Log("in Launcher_main()");
auto appConfig = PSFQueryCurrentAppLaunchConfig();
if (!appConfig)
{
@ -63,52 +63,46 @@ int launcher_main(PWSTR args, int cmdShow) noexcept try
auto exeName = appConfig->get("executable").as_string().wide();
auto dirPtr = appConfig->try_get("workingDirectory");
auto dirStr = dirPtr ? dirPtr->as_string().wide() : nullptr;
auto monitor = PSFQueryAppMonitorConfig();
auto monitor = PSFQueryAppMonitorConfig();
// At least for now, configured launch paths are relative to the package root
std::filesystem::path packageRoot = PSFQueryPackageRootPath();
auto exePath = packageRoot / exeName;
std::wstring cmdLine = L"\"" + exePath.filename().native() + L"\" " + args;
if (monitor != nullptr )
{
// A monitor is an optional additional program to run, such as the PSFShimMonitor. This program is run prior to the "main application".
bool asadmin = false;
bool wait = false;
auto monitor_executable = monitor->try_get("executable");
auto monitor_arguments = monitor->try_get("arguments");
auto monitor_asadmin = monitor->try_get("asadmin");
auto monitor_wait = monitor->try_get("wait");
if (monitor_asadmin)
asadmin = monitor_asadmin->as_boolean().get();
if (monitor_wait)
wait = monitor_wait->as_boolean().get();
////Log("Launching monitor %ls...", monitor_executable->as_string().wide());
LaunchMonitorInBackground(packageRoot, monitor_executable->as_string().wide(), monitor_arguments->as_string().wide(), wait, asadmin);
}
if (monitor != nullptr )
{
// A monitor is an optional additional program to run, such as the PSFShimMonitor. This program is run prior to the "main application".
bool asadmin = false;
bool wait = false;
auto monitor_executable = monitor->try_get("executable");
auto monitor_arguments = monitor->try_get("arguments");
auto monitor_asadmin = monitor->try_get("asadmin");
auto monitor_wait = monitor->try_get("wait");
if (monitor_asadmin)
asadmin = monitor_asadmin->as_boolean().get();
if (monitor_wait)
wait = monitor_wait->as_boolean().get();
LaunchMonitorInBackground(packageRoot, monitor_executable->as_string().wide(), monitor_arguments->as_string().wide(), wait, asadmin);
}
// Fixup for no working directory
// By default, we should use the directory of the executable.
std::wstring wd;
if (dirStr == nullptr)
{
//Log("empty working directory");
std::wstring wdwd = exePath.parent_path().native() ; // force working directory to exe's folder
wdwd.resize(wdwd.size() - 1); // remove trailing slash
wd = L"\"" + wdwd + L"\"";
}
else
{
// Use requested path, relative to the package root folder.
std::wstring wdwd = (packageRoot / dirStr).native();
wdwd.resize(wdwd.size() - 1); // remove trailing slash
wd = wdwd ;
}
std::wstring quotedapp = exePath.native(); // L"\"" + exePath.native() + L"\"";
////wd = L"C:\\Windows\\System32";
//wchar_t * newcmdLine = (wchar_t *)cmdLine.c_str();
//wchar_t * newwd = (wchar_t *)wd.c_str();
// Fixup for no working directory
// By default, we should use the directory of the executable.
std::wstring wd;
if (dirStr == nullptr)
{
std::wstring wdwd = exePath.parent_path().native() ; // force working directory to exe's folder
wdwd.resize(wdwd.size() - 1); // remove trailing slash
wd = L"\"" + wdwd + L"\"";
}
else
{
// Use requested path, relative to the package root folder.
std::wstring wdwd = (packageRoot / dirStr).native();
wdwd.resize(wdwd.size() - 1); // remove trailing slash
wd = wdwd ;
}
std::wstring quotedapp = exePath.native(); // L"\"" + exePath.native() + L"\"";
STARTUPINFO startupInfo = { sizeof(startupInfo) };
startupInfo.dwFlags = STARTF_USESHOWWINDOW;
@ -168,78 +162,78 @@ catch (...)
void LaunchMonitorInBackground(std::filesystem::path packageRoot, const wchar_t * executable, const wchar_t * arguments, bool wait, bool asadmin )
{
std::wstring cmd = L"\"" + (packageRoot / executable).native() + L"\"";
std::wstring cmd = L"\"" + (packageRoot / executable).native() + L"\"";
if (asadmin)
{
// This happens when the program is requested for elevation.
SHELLEXECUTEINFOW shExInfo = { 0 };
shExInfo.cbSize = sizeof(shExInfo);
if (wait)
shExInfo.fMask = SEE_MASK_NOCLOSEPROCESS;
else
shExInfo.fMask = SEE_MASK_NOCLOSEPROCESS|SEE_MASK_WAITFORINPUTIDLE; // make sure we wait a bit for the monitor to be running before continuing on.
shExInfo.hwnd = 0;
shExInfo.lpVerb = L"runas"; // Operation to perform
shExInfo.lpFile = cmd.c_str(); // Application to start
shExInfo.lpParameters = arguments; // Additional parameters
shExInfo.lpDirectory = 0;
shExInfo.nShow = 1;
shExInfo.hInstApp = 0;
if (asadmin)
{
// This happens when the program is requested for elevation.
SHELLEXECUTEINFOW shExInfo = { 0 };
shExInfo.cbSize = sizeof(shExInfo);
if (wait)
shExInfo.fMask = SEE_MASK_NOCLOSEPROCESS;
else
shExInfo.fMask = SEE_MASK_NOCLOSEPROCESS|SEE_MASK_WAITFORINPUTIDLE; // make sure we wait a bit for the monitor to be running before continuing on.
shExInfo.hwnd = 0;
shExInfo.lpVerb = L"runas"; // Operation to perform
shExInfo.lpFile = cmd.c_str(); // Application to start
shExInfo.lpParameters = arguments; // Additional parameters
shExInfo.lpDirectory = 0;
shExInfo.nShow = 1;
shExInfo.hInstApp = 0;
if (ShellExecuteEx(&shExInfo))
{
if (wait)
{
WaitForSingleObject(shExInfo.hProcess, INFINITE);
CloseHandle(shExInfo.hProcess);
}
else
{
WaitForInputIdle(shExInfo.hProcess, 1000);
// Due to elevation, the process starts, relaunches, and the main process ends in under 1ms.
// So we'll just toss in an ugly sleep here for now.
Sleep(5000);
}
}
else
{
//Log("error starting monitor using SellExecuteEx also. Error=0x%x\n", ::GetLastError());
}
}
else
{
STARTUPINFO startupInfo = { sizeof(startupInfo) };
startupInfo.dwFlags = STARTF_USESHOWWINDOW;
startupInfo.wShowWindow = static_cast<WORD>(1);
if (ShellExecuteEx(&shExInfo))
{
if (wait)
{
WaitForSingleObject(shExInfo.hProcess, INFINITE);
CloseHandle(shExInfo.hProcess);
}
else
{
WaitForInputIdle(shExInfo.hProcess, 1000);
// Due to elevation, the process starts, relaunches, and the main process ends in under 1ms.
// So we'll just toss in an ugly sleep here for now.
Sleep(5000);
}
}
else
{
//Log("error starting monitor using SellExecuteEx also. Error=0x%x\n", ::GetLastError());
}
}
else
{
STARTUPINFO startupInfo = { sizeof(startupInfo) };
startupInfo.dwFlags = STARTF_USESHOWWINDOW;
startupInfo.wShowWindow = static_cast<WORD>(1);
PROCESS_INFORMATION processInfo;
PROCESS_INFORMATION processInfo;
std::wstring cmdarg = cmd + L" " + arguments;
std::wstring cmdarg = cmd + L" " + arguments;
if (!::CreateProcessW(
nullptr, //quotedapp.data(),
(wchar_t *)cmdarg.c_str(),
nullptr, nullptr, // Process/ThreadAttributes
true, // InheritHandles
0, // CreationFlags
nullptr, // Environment
nullptr,
&startupInfo,
&processInfo))
{
if (::GetLastError() == ERROR_ELEVATION_REQUIRED)
;//Log("error starting monitor using CreateProcessW. You must specify 'monitor/asadmin' in config.json\n");
else
;//Log("error starting monitor using CreateProcessW. Error=0x%x\n", ::GetLastError());
}
else
{
if (wait)
WaitForSingleObject(processInfo.hProcess, INFINITE);
}
}
if (!::CreateProcessW(
nullptr, //quotedapp.data(),
(wchar_t *)cmdarg.c_str(),
nullptr, nullptr, // Process/ThreadAttributes
true, // InheritHandles
0, // CreationFlags
nullptr, // Environment
nullptr,
&startupInfo,
&processInfo))
{
if (::GetLastError() == ERROR_ELEVATION_REQUIRED)
Log("error starting monitor using CreateProcessW. You must specify 'monitor/asadmin' in config.json\n");
else
Log("error starting monitor using CreateProcessW. Error=0x%x\n", ::GetLastError());
}
else
{
if (wait)
WaitForSingleObject(processInfo.hProcess, INFINITE);
}
}
}
int __stdcall wWinMain(HINSTANCE, HINSTANCE, PWSTR args, int cmdShow)
{

4
PsfShimMonitor/App.xaml
Просмотреть файл

@ -1,7 +1,7 @@
<Application x:Class="TraceShimMonitor.App"
<Application x:Class="PsfMonitor.App"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:local="clr-namespace:TraceShimMonitor"
xmlns:local="clr-namespace:PsfMonitor"
StartupUri="MainWindow.xaml">
<Application.Resources>

12
PsfShimMonitor/App.xaml.cs
Просмотреть файл

@ -1,19 +1,13 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: TraceShimMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
// NOTE: PsfMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Threading.Tasks;
using System.Windows;
namespace TraceShimMonitor
namespace PsfMonitor
{
/// <summary>
/// Interaction logic for App.xaml

4
PsfShimMonitor/ColumnSelector.xaml
Просмотреть файл

@ -1,9 +1,9 @@
<Window x:Class="TraceShimMonitor.ColumnSelector"
<Window x:Class="PsfMonitor.ColumnSelector"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
xmlns:local="clr-namespace:TraceShimMonitor"
xmlns:local="clr-namespace:PsfMonitor"
mc:Ignorable="d"
ResizeMode="NoResize"
Title="Select Columns" Height="120" Width="200">

14
PsfShimMonitor/ColumnSelector.xaml.cs
Просмотреть файл

@ -1,18 +1,8 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Collections.Generic;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Shapes;
namespace TraceShimMonitor
namespace PsfMonitor
{
/// <summary>
/// Interaction logic for ColumnSelector.xaml

36
PsfShimMonitor/Debug.cs
Просмотреть файл

@ -1,37 +1,15 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: TraceShimMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
// NOTE: PsfMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Navigation;
using System.Windows.Shapes;
using Microsoft.Diagnostics.Tracing; // consumer
using Microsoft.Diagnostics.Tracing.Session; // controller
using Microsoft.Diagnostics.Tracing.Parsers;
using System.ComponentModel; // backgroundworker
using System.Threading;
using System.Collections.ObjectModel; // ObservableCollection
//using System.Security.Principal; // checkifadmin
using System.Diagnostics; //debugPrivs
using System.Runtime.InteropServices; // debugprivs
namespace TraceShimMonitor
namespace PsfMonitor
{
public partial class MainWindow : Window
@ -50,9 +28,6 @@ namespace TraceShimMonitor
public int PrivilegeCount;
}
//[DllImport("advapi32.dll", SetLastError = true)]
//private static extern bool LogonUser(string username, string domainname, string password, int logontype, int logonprovider, ref IntPtr token);
[DllImport("advapi32.dll", SetLastError = true)]
static extern int OpenProcessToken(
System.IntPtr ProcessHandle, // handle to process
@ -60,7 +35,6 @@ namespace TraceShimMonitor
ref IntPtr TokenHandle // handle to open access token
);
[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
public extern static int LookupPrivilegeValue(string lpsystemname, string lpname, [MarshalAs(UnmanagedType.Struct)] ref LUID lpLuid);
@ -107,8 +81,8 @@ namespace TraceShimMonitor
CloseHandle(hToken);
}
else
MessageBox.Show("no curr proc", "Debug")
; } // RaiseDebug
MessageBox.Show("no curr proc", "Debug");
} // RaiseDebug
}

39
PsfShimMonitor/EventItem.cs
Просмотреть файл

@ -1,17 +1,13 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: Class to hold an event item sent from the PSF TraceShim vie ETW. This class is used for displaying data as part of a DataGrid.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace TraceShimMonitor
namespace PsfMonitor
{
public class EventItem
{
@ -80,6 +76,37 @@ namespace TraceShimMonitor
public string EventIsResultClass { get { return _EventIsResultClass; } set { _EventIsResultClass = value; } }
public EventItem(Microsoft.Diagnostics.Tracing.TraceEvent data, string inputs, string result, string outputs, string caller)
{
// CTOR Used for received kernel events
_Index = (int)data.EventIndex;
_Start = (int)data.TimeStampRelativeMSec;
_End = (int)data.TimeStampRelativeMSec;
if (data.TimeStamp != null)
_Timestamp = data.TimeStamp;
else
_Timestamp = DateTime.Now;
if (data.ProcessName != null && data.ProcessName.Length > 0)
_ProcessName = data.ProcessName;
else
_ProcessName = "unknown(" + data.ProcessID.ToString() + ")";
_ProcessID = data.ProcessID;
_ThreadID = data.ThreadID;
if (data.ProviderName != null)
_EventSource = data.ProviderName;
if (data.EventName != null)
_Event = data.EventName;
if (inputs != null)
_Inputs = inputs;
if (result != null)
_Result = result;
if (outputs != null)
_Outputs = outputs;
if (caller != null)
_Caller = caller;
}
public EventItem(int index, Int64 start, Int64 end, DateTime timestamp, string processname, int processid, int threadid, string eventsource, string sevent, string inputs, string result, string outputs, string caller)
{
_Index = index;

20
PsfShimMonitor/EventModel.cs
Просмотреть файл

@ -1,30 +1,16 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: TraceShimMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
// NOTE: PsfMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Navigation;
using System.Windows.Shapes;
using System.Collections.ObjectModel; // ObservableCollection
namespace TraceShimMonitor
namespace PsfMonitor
{
public partial class MainWindow : Window
{

29
PsfShimMonitor/EventView.cs
Просмотреть файл

@ -1,30 +1,15 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: TraceShimMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
// NOTE: PsfMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Navigation;
using System.Windows.Shapes;
using System.Collections.ObjectModel; // ObservableCollection
namespace TraceShimMonitor
namespace PsfMonitor
{
public partial class MainWindow : Window
{
@ -52,12 +37,6 @@ namespace TraceShimMonitor
private void Update_Captured()
{
//int visible = 0;
//foreach (EventItem ei in _EventItems)
//{
// if (!ei.IsHidden)
// visible++;
//}
Captured.Text = _FilteredEventItems.Count.ToString() + " of " + _ModelEventItems.Count.ToString() + " Events";
Other.Text = "Kernel KCBs=" + _KCBs.Count.ToString();
}

334
PsfShimMonitor/KernelTrace.cs
Просмотреть файл

@ -1,9 +1,9 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: TraceShimMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
// NOTE: PsfMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
using Microsoft.Diagnostics.Tracing; // consumer
using Microsoft.Diagnostics.Tracing.Parsers;
@ -15,7 +15,7 @@ using System.Windows;
using System.Collections.Generic;
using System.Collections.ObjectModel; // ObservableCollection
namespace TraceShimMonitor
namespace PsfMonitor
{
public partial class MainWindow : Window
{
@ -42,14 +42,7 @@ namespace TraceShimMonitor
else
kerneleventbgw = new BackgroundWorker();
try
{
/////RaiseDebug();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Exception Debug - TraceShimMonitor");
}
// Do processing in the background
kerneleventbgw.WorkerSupportsCancellation = true;
@ -200,6 +193,7 @@ namespace TraceShimMonitor
}
catch (Exception ex)
{
;
}
if (!restarted)
{
@ -242,19 +236,7 @@ namespace TraceShimMonitor
string outputs = "ProcessID=\t" + data.PayloadStringByName("ProcessID");
outputs += "\nUniqueProcessKey=\t" + data.PayloadStringByName("UniqueProcessKey");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName, data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -276,20 +258,7 @@ namespace TraceShimMonitor
string outputs = "ExitStatus=\t" + data.PayloadStringByName("ExitStatus");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -309,20 +278,7 @@ namespace TraceShimMonitor
string inputs = "FileName= \t" + data.PayloadStringByName("FileName");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -364,20 +320,7 @@ namespace TraceShimMonitor
string outputs = "FileObject=\t0x" + ((ulong)data.PayloadByName("FileObject")).ToString("x");
outputs += "\nIrpPtr= \t0x" + ((ulong)data.PayloadByName("IrpPtr")).ToString("x");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -415,20 +358,8 @@ namespace TraceShimMonitor
string outputs = "FileObject=\t0x" + ((ulong)data.PayloadByName("FileObject")).ToString("x");
outputs += "\nIrpPtr= \t0x" + ((ulong)data.PayloadByName("IrpPtr")).ToString("x");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "" );
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -455,20 +386,7 @@ namespace TraceShimMonitor
string inputs = "FileName= \t" + data.PayloadStringByName("FileName");
string outputs = "FileKey= \t0x" + ((ulong)data.PayloadByName("FileKey")).ToString("x");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // TODO: where is the result code?
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -501,20 +419,7 @@ namespace TraceShimMonitor
string outputs = "FileObject= \t0x" + ((ulong)data.PayloadByName("FileObject")).ToString("x");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // TODO: where is the result code?
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -547,20 +452,7 @@ namespace TraceShimMonitor
inputs += "\nIoSize= \t0x" + ((int)data.PayloadByName("IoSize")).ToString("x");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // TODO: where is the result code?
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -590,20 +482,7 @@ namespace TraceShimMonitor
inputs += "\nFileKey= \t0x" + ((ulong)data.PayloadByName("FileKey")).ToString("x");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // TODO: where is the result code?
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -633,20 +512,7 @@ namespace TraceShimMonitor
inputs += "\nFileKey= \t0x" + ((ulong)data.PayloadByName("FileKey")).ToString("x");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -675,20 +541,7 @@ namespace TraceShimMonitor
string outputs = "NtStatus= \t0x" + ((int)data.PayloadByName("NtStatus")).ToString("x");
outputs += "\nExtraInfo= \t0x" + ((ulong)data.PayloadByName("ExtraInfo")).ToString("x");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -722,20 +575,8 @@ namespace TraceShimMonitor
outputs += "\nFileIndex= \t0x" + ((int)data.PayloadByName("FileIndex")).ToString("x");
outputs += "\nLength= \t0x" + ((int)data.PayloadByName("Length")).ToString("x");
outputs += "\nInfoClass= \t0x" + ((int)data.PayloadByName("InfoClass")).ToString("x");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -768,20 +609,7 @@ namespace TraceShimMonitor
inputs += "\nFileName= \t" + data.PayloadStringByName("FileName");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -813,20 +641,7 @@ namespace TraceShimMonitor
inputs += "\nFileName= \t" + data.PayloadStringByName("FileName");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -855,20 +670,7 @@ namespace TraceShimMonitor
inputs += "\nFileName= \t" + data.PayloadStringByName("FileName");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -897,20 +699,7 @@ namespace TraceShimMonitor
inputs += "\nFileName= \t" + data.PayloadStringByName("FileName");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -941,20 +730,7 @@ namespace TraceShimMonitor
inputs += "\nFileName= \t" + data.PayloadStringByName("FileName");
string outputs = "";
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -1034,20 +810,7 @@ namespace TraceShimMonitor
outputs += "\nValueName=\t" + data.PayloadStringByName("ValueName");
outputs += "\nElapsedTimeMS=\t" + ((double)data.PayloadByName("ElapsedTimeMSec")).ToString();
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -1073,20 +836,7 @@ namespace TraceShimMonitor
"\nValueName=\t" + data.PayloadStringByName("ValueName");
string outputs = "Status=" + data.PayloadStringByName("Status");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // No result codes on kernel events
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -1098,7 +848,6 @@ namespace TraceShimMonitor
else if (data.EventName.StartsWith("EventTrace"))
{
//MainWindow.DumpToTextLog(29, "ETWTraceInBackground_DoWork_ProcsKernel: newtype=" + data.EventName);
// EventTrace/Extension
// EventTrace/EndExtension
// EventTrace/RundownComplete // end of a previously running process
@ -1139,20 +888,7 @@ namespace TraceShimMonitor
outputs += "\nDiskServiceTimeMS=\t" + data.PayloadStringByName("DiskServiceTimeMSec");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // TODO: where is the result code?
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -1193,20 +929,7 @@ namespace TraceShimMonitor
outputs += "\nDiskServiceTimeMS=\t" + data.PayloadStringByName("DiskServiceTimeMSec");
EventItem ei = new EventItem((int)data.EventIndex,
(int)data.TimeStampRelativeMSec,
(int)data.TimeStampRelativeMSec,
data.TimeStamp,
data.ProcessName,
data.ProcessID,
data.ThreadID,
data.ProviderName,
data.EventName,
inputs,
"", // TODO: where is the result code?
outputs,
""
);
EventItem ei = new EventItem(data, inputs, "", outputs, "");
lock (_TKernelEventListsLock)
{
_TKernelEventListItems.Add(ei);
@ -1254,7 +977,6 @@ namespace TraceShimMonitor
}
else
{
//MainWindow.DumpToTextLog(29, "ETWTraceInBackground_DoWork_ProcsKernel: Newtype=" + data.EventName);
//[Process,Thread,Image]/DCStart : THese are associated with previously running processes.
if (data.EventName.StartsWith("Image/DC"))
{

61
PsfShimMonitor/MainWindow.xaml
Просмотреть файл

@ -1,11 +1,11 @@
<Window x:Class="TraceShimMonitor.MainWindow"
<Window x:Class="PsfMonitor.MainWindow"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:d="http://schemas.microsoft.com/expression/blend/2008"
xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"
xmlns:local="clr-namespace:TraceShimMonitor"
xmlns:local="clr-namespace:PsfMonitor"
mc:Ignorable="d"
Title="PSF TraceShimMonitor" Height="450" Width="1200">
Title="PSF Monitor" Height="450" Width="1200">
<Window.Resources>
<ResourceDictionary>
@ -162,32 +162,6 @@
</ContextMenu>
</Button.ContextMenu>
</Button>
<!-- <Grid Grid.Column="4">
<Grid.ColumnDefinitions>
<ColumnDefinition Width="70"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
</Grid.ColumnDefinitions>
<Label Grid.Column="0" Content="Show " Foreground="{StaticResource ChromeText}" Margin="5,-2,1,4" FontSize="10" FontWeight="Bold" HorizontalContentAlignment="Right"/>
<Label Grid.Column="0" Content="Events:" Foreground="{StaticResource ChromeText}" Margin="5,8,1,1" FontSize="10" FontWeight="Bold" HorizontalContentAlignment="Right"/>
<CheckBox Grid.Column="1" Name="cbCatFile" Content="Files" Foreground="{StaticResource ChromeText}" Margin="5,7,5 4" IsThreeState="False"
Checked="Cb_Event_Checked_or_Unchecked" Unchecked="Cb_Event_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="2" Name="cbCatReg" Content="Registry" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Event_Checked_or_Unchecked" Unchecked="Cb_Event_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="3" Name="cbCatProcess" Content="Process" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Event_Checked_or_Unchecked" Unchecked="Cb_Event_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="4" Name="cbCatDll" Content="Dlls" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Event_Checked_or_Unchecked" Unchecked="Cb_Event_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="5" Name="cbCatWinternl" Content="NTxxx" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Event_Checked_or_Unchecked" Unchecked="Cb_Event_Checked_or_Unchecked" IsChecked="False"/>
<CheckBox Grid.Column="6" Name="cbCatOther" Content="Other" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Event_Checked_or_Unchecked" Unchecked="Cb_Event_Checked_or_Unchecked" IsChecked="True"/>
</Grid>
-->
<Button Grid.Column="5" Name="bResults" Content="Results" Click="bResults_Click" Style="{StaticResource ButtonMenu}" >
<Button.ContextMenu>
@ -221,32 +195,7 @@
</ContextMenu>
</Button.ContextMenu>
</Button>
<!--
<Grid Grid.Column="5">
<Grid.ColumnDefinitions>
<ColumnDefinition Width="70"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
<ColumnDefinition Width="Auto"/>
</Grid.ColumnDefinitions>
<Label Grid.Column="0" Content="Show " Foreground="{StaticResource ChromeText}" Margin="5,-2,1,4" FontSize="10" FontWeight="Bold" HorizontalContentAlignment="Right"/>
<Label Grid.Column="0" Content="Results:" Foreground="{StaticResource ChromeText}" Margin="5,8,1,1" FontSize="10" FontWeight="Bold" HorizontalContentAlignment="Right"/>
<CheckBox Grid.Column="1" Name="cbSuccesss" Content="Success" Foreground="{StaticResource ChromeText}" Margin="5,7,5 4" IsThreeState="False"
Checked="Cb_Result_Checked_or_Unchecked" Unchecked="Cb_Result_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="2" Name="cbIntermediate" Content="Intermediate" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Result_Checked_or_Unchecked" Unchecked="Cb_Result_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="3" Name="cbExpectedFailure" Content="Expected Failure" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Result_Checked_or_Unchecked" Unchecked="Cb_Result_Checked_or_Unchecked" IsChecked="True"/>
<CheckBox Grid.Column="4" Name="cbFailure" Content="Failure" Foreground="{StaticResource ChromeText}" Margin="5,7,5,4" IsThreeState="False"
Checked="Cb_Result_Checked_or_Unchecked" Unchecked="Cb_Result_Checked_or_Unchecked" IsChecked="True"/>
</Grid>
-->
</Grid>
<!--
<ScrollContentPresenter Grid.Row="1" CanContentScroll="True" >
<ScrollContentPresenter.Content>
-->
<DataGrid Name="EventsGrid" ItemsSource="{Binding}"
Grid.Row="1" HorizontalScrollBarVisibility="Auto" VerticalScrollBarVisibility="Auto"
AlternatingRowBackground="#E0E8E0" AlternationCount="2"
@ -384,10 +333,6 @@
</DataGridTemplateColumn>
</DataGrid.Columns>
</DataGrid>
<!--
</ScrollContentPresenter.Content>
</ScrollContentPresenter>
-->
<Grid Grid.Row="2" Background="{StaticResource ChromeBackground}">
<Grid.ColumnDefinitions>

19
PsfShimMonitor/MainWindow.xaml.cs
Просмотреть файл

@ -1,34 +1,22 @@
//-------------------------------------------------------------------------------------------------------
// Copyright (C) TMurgent Technologies. All rights reserved.path
// Copyright (C) TMurgent Technologies. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
//
// NOTE: TraceShimMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
// NOTE: PsfMonitor is a "procmon"-like display of events captured via the PSF TraceShim.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Navigation;
using System.Windows.Shapes;
using Microsoft.Diagnostics.Tracing; // consumer
using Microsoft.Diagnostics.Tracing.Session; // controller
using Microsoft.Diagnostics.Tracing.Parsers;
using System.ComponentModel; // backgroundworker
using System.Threading;
using System.Collections.ObjectModel; // ObservableCollection
namespace TraceShimMonitor
namespace PsfMonitor
{
public class Provider
{
@ -68,7 +56,6 @@ namespace TraceShimMonitor
InitializeComponent();
// This is done to enable ETW Kernel Debugging
EventsGrid.ItemsSource = FilteredEventItems;
ETWTraceInBackground_Start(etwprovider);

4
PsfShimMonitor/Properties/AssemblyInfo.cs
Просмотреть файл

@ -7,11 +7,11 @@ using System.Windows;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("TraceShimMonitor")]
[assembly: AssemblyTitle("PsfShimMonitor")]
[assembly: AssemblyDescription("Monitor GUI for Package Support Framework TraceShim")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("TraceShimMonitor")]
[assembly: AssemblyProduct("PsfShimMonitor")]
[assembly: AssemblyCopyright("Copyright © 2018")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]

4
PsfShimMonitor/Properties/Resources.Designer.cs сгенерированный
Просмотреть файл

@ -8,7 +8,7 @@
// </auto-generated>
//------------------------------------------------------------------------------
namespace TraceShimMonitor.Properties
namespace PsfMonitor.Properties
{
@ -44,7 +44,7 @@ namespace TraceShimMonitor.Properties
{
if ((resourceMan == null))
{
global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("TraceShimMonitor.Properties.Resources", typeof(Resources).Assembly);
global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("PsfMonitor.Properties.Resources", typeof(Resources).Assembly);
resourceMan = temp;
}
return resourceMan;

2
PsfShimMonitor/Properties/Settings.Designer.cs сгенерированный
Просмотреть файл

@ -8,7 +8,7 @@
// </auto-generated>
//------------------------------------------------------------------------------
namespace TraceShimMonitor.Properties
namespace PsfMonitor.Properties
{

1
PsfShimMonitor/PsfShimMonitor.csproj
Просмотреть файл

@ -1,6 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!--<Import Project="..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.29\build\Microsoft.Diagnostics.Tracing.TraceEvent.props" Condition="Exists('..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.29\build\Microsoft.Diagnostics.Tracing.TraceEvent.props')" /> -->
<Import Project="..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.29\build\Microsoft.Diagnostics.Tracing.TraceEvent.props" Condition="Exists('..\packages\Microsoft.Diagnostics.Tracing.TraceEvent.2.0.29\build\Microsoft.Diagnostics.Tracing.TraceEvent.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>

243
tests/fixups/TraceFixup/CreateProcessFixup.cpp
Просмотреть файл

@ -26,79 +26,79 @@ BOOL __stdcall CreateProcessFixup(
_In_ startupinfo_t<CharT> startupInfo,
_Out_ LPPROCESS_INFORMATION processInformation)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = CreateProcessImpl(applicationName, commandLine, processAttributes, threadAttributes, inheritHandles, creationFlags, environment, currentDirectory, startupInfo, processInformation);
preserve_last_error preserveError;
QueryPerformanceCounter(&TickEnd);
preserve_last_error preserveError;
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result);
if (auto lock = acquire_output_lock(function_type::process_and_thread, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "Application Name=" + InterpretStringA(applicationName) +
"\nCommand Line=" + InterpretStringA(commandLine);
std::string outputs = "Working Directory=" + InterpretStringA(currentDirectory)
+ "\nInheritHandles-" + bool_to_string(inheritHandles)
+ "\n" + InterpretProcessCreationFlags(creationFlags);
std::string results = "";
if (processAttributes)
outputs += "ProcessAttributes present.\n"; // cheap way out for now.
if (environment)
{
outputs += "Environment:\n";
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
{
outputs += "\t" + InterpretStringA(ptr) + "\n";
}
}
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("CreateProcess", inputs.c_str(), results.c_str() , outputs.c_str(),cm.c_str(), TickStart, TickEnd);
}
else
{
Log("CreateProcess:\n");
if (applicationName) LogString("Application Name", applicationName);
if (commandLine) LogString("Command Line", commandLine);
if (currentDirectory) LogString("Working Directory", currentDirectory);
LogBool("Inherit Handles", inheritHandles);
LogProcessCreationFlags(creationFlags);
if (environment)
if (output_method == trace_method::eventlog)
{
Log("\tEnvironment:\n");
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
std::string inputs = "Application Name=" + InterpretStringA(applicationName) +
"\nCommand Line=" + InterpretStringA(commandLine);
std::string outputs = "Working Directory=" + InterpretStringA(currentDirectory)
+ "\nInheritHandles-" + bool_to_string(inheritHandles)
+ "\n" + InterpretProcessCreationFlags(creationFlags);
std::string results = "";
if (processAttributes)
outputs += "ProcessAttributes present.\n"; // cheap way out for now.
if (environment)
{
if constexpr (psf::is_ansi<CharT>)
outputs += "Environment:\n";
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
{
Log("\t\t%s\n", ptr);
}
else
{
Log("\t\t%ls\n", ptr);
outputs += "\t" + InterpretStringA(ptr) + "\n";
}
}
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("CreateProcess", inputs.c_str(), results.c_str() , outputs.c_str(),cm.c_str(), TickStart, TickEnd);
}
LogFunctionResult(functionResult);
if (function_failed(functionResult))
else
{
LogLastError();
Log("CreateProcess:\n");
if (applicationName) LogString("Application Name", applicationName);
if (commandLine) LogString("Command Line", commandLine);
if (currentDirectory) LogString("Working Directory", currentDirectory);
LogBool("Inherit Handles", inheritHandles);
LogProcessCreationFlags(creationFlags);
if (environment)
{
Log("\tEnvironment:\n");
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
{
if constexpr (psf::is_ansi<CharT>)
{
Log("\t\t%s\n", ptr);
}
else
{
Log("\t\t%ls\n", ptr);
}
}
}
LogFunctionResult(functionResult);
if (function_failed(functionResult))
{
LogLastError();
}
LogCallingModule();
}
LogCallingModule();
}
}
return result;
@ -120,82 +120,83 @@ BOOL __stdcall CreateProcessAsUserFixup(
_In_ startupinfo_t<CharT> startupInfo,
_Out_ LPPROCESS_INFORMATION processInformation)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart); auto entry = LogFunctionEntry();
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = CreateProcessAsUserImpl(token, applicationName, commandLine, processAttributes, threadAttributes, inheritHandles, creationFlags, environment, currentDirectory, startupInfo, processInformation);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
preserve_last_error preserveError;
auto functionResult = from_win32_bool(result);
if (auto lock = acquire_output_lock(function_type::process_and_thread, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "Application Name=" + InterpretStringA(applicationName) +
"\nCommand Line=" + InterpretStringA(commandLine);
std::string outputs = "Working Directory=" + InterpretStringA(currentDirectory)
+ "\nInheritHandles-" + bool_to_string(inheritHandles)
+ "\n" + InterpretProcessCreationFlags(creationFlags);
std::string results = "";
if (processAttributes)
outputs += "\nProcessAttributes present."; // cheap way out for now.
if (environment)
{
outputs += "\nEnvironment:";
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
{
outputs += "\n\t" + InterpretStringA(ptr);
}
}
std::ostringstream sout1;
sout1 << "\nToken=0x" << std::uppercase << std::setfill('0') << std::setw(16) << std::hex << token;
outputs += sout1.str();
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += "\n" + InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("CreateProcessAsUser", inputs.c_str(), results.c_str(), outputs.c_str(),cm.c_str(), TickStart, TickEnd);
}
else
{
Log("CreateProcessAsUser:\n");
if (applicationName) LogString("Application Name", applicationName);
if (commandLine) LogString("Command Line", commandLine);
if (currentDirectory) LogString("Working Directory", currentDirectory);
Log("\tToken=%p\n", token);
LogBool("Inherit Handles", inheritHandles);
LogProcessCreationFlags(creationFlags);
if (environment)
if (output_method == trace_method::eventlog)
{
Log("\tEnvironment:\n");
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
std::string inputs = "Application Name=" + InterpretStringA(applicationName) +
"\nCommand Line=" + InterpretStringA(commandLine);
std::string outputs = "Working Directory=" + InterpretStringA(currentDirectory)
+ "\nInheritHandles-" + bool_to_string(inheritHandles)
+ "\n" + InterpretProcessCreationFlags(creationFlags);
std::string results = "";
if (processAttributes)
outputs += "\nProcessAttributes present."; // cheap way out for now.
if (environment)
{
if constexpr (psf::is_ansi<CharT>)
outputs += "\nEnvironment:";
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
{
Log("\t\t%s\n", ptr);
}
else
{
Log("\t\t%ls\n", ptr);
outputs += "\n\t" + InterpretStringA(ptr);
}
}
std::ostringstream sout1;
sout1 << "\nToken=0x" << std::uppercase << std::setfill('0') << std::setw(16) << std::hex << token;
outputs += sout1.str();
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += "\n" + InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("CreateProcessAsUser", inputs.c_str(), results.c_str(), outputs.c_str(),cm.c_str(), TickStart, TickEnd);
}
LogFunctionResult(functionResult);
if (function_failed(functionResult))
else
{
LogLastError();
Log("CreateProcessAsUser:\n");
if (applicationName) LogString("Application Name", applicationName);
if (commandLine) LogString("Command Line", commandLine);
if (currentDirectory) LogString("Working Directory", currentDirectory);
Log("\tToken=%p\n", token);
LogBool("Inherit Handles", inheritHandles);
LogProcessCreationFlags(creationFlags);
if (environment)
{
Log("\tEnvironment:\n");
for (auto ptr = reinterpret_cast<const CharT*>(environment); *ptr; ptr += std::char_traits<CharT>::length(ptr) + 1)
{
if constexpr (psf::is_ansi<CharT>)
{
Log("\t\t%s\n", ptr);
}
else
{
Log("\t\t%ls\n", ptr);
}
}
}
LogFunctionResult(functionResult);
if (function_failed(functionResult))
{
LogLastError();
}
LogCallingModule();
}
LogCallingModule();
}
}
return result;

467
tests/fixups/TraceFixup/DynamicLinkLibraryFixup.cpp
Просмотреть файл

@ -13,51 +13,52 @@
auto AddDllDirectoryImpl = &::AddDllDirectory;
DLL_DIRECTORY_COOKIE __stdcall AddDllDirectoryFixup(_In_ PCWSTR newDirectory)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = AddDllDirectoryImpl(newDirectory);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result != 0);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "Directory=" + InterpretStringA(newDirectory);
results = InterpretReturn(functionResult, result!=0).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("AddDllDirectory", inputs.c_str(), results.c_str(), outputs.c_str(),cm.c_str(), TickStart, TickEnd);
}
else
{ Log("AddDllDirectory:\n");
LogString("New Directory", newDirectory);
LogFunctionResult(functionResult);
if (function_failed(functionResult))
if (output_method == trace_method::eventlog)
{
LogLastError();
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "Directory=" + InterpretStringA(newDirectory);
results = InterpretReturn(functionResult, result!=0).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("AddDllDirectory", inputs.c_str(), results.c_str(), outputs.c_str(),cm.c_str(), TickStart, TickEnd);
}
else
{
Log("\tCookie=%d\n", result);
Log("AddDllDirectory:\n");
LogString("New Directory", newDirectory);
LogFunctionResult(functionResult);
if (function_failed(functionResult))
{
LogLastError();
}
else
{
Log("\tCookie=%d\n", result);
}
LogCallingModule();
}
LogCallingModule();
}
}
return result;
@ -68,39 +69,39 @@ auto LoadLibraryImpl = psf::detoured_string_function(&::LoadLibraryA, &::LoadLib
template <typename CharT>
HMODULE __stdcall LoadLibraryFixup(_In_ const CharT* libFileName)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = LoadLibraryImpl(libFileName);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result != NULL);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "File Name=" + InterpretStringA(libFileName);
inputs = "File Name=" + InterpretStringA(libFileName);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("LoadLibrary", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log_ETW_PostMsgOperationA("LoadLibrary", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("LoadLibrary:\n");
LogString("File Name", libFileName);
LogFunctionResult(functionResult);
@ -109,7 +110,7 @@ QueryPerformanceCounter(&TickEnd);
LogLastError();
}
LogCallingModule();
}
}
}
return result;
@ -120,40 +121,40 @@ auto LoadLibraryExImpl = psf::detoured_string_function(&::LoadLibraryExA, &::Loa
template <typename CharT>
HMODULE __stdcall LoadLibraryExFixup(_In_ const CharT* libFileName, _Reserved_ HANDLE file, _In_ DWORD flags)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = LoadLibraryExImpl(libFileName, file, flags);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result != NULL);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "File Name=" + InterpretStringA(libFileName);
inputs += "\n" + InterpretLoadLibraryFlags(flags);
inputs = "File Name=" + InterpretStringA(libFileName);
inputs += "\n" + InterpretLoadLibraryFlags(flags);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("LoadLibraryEx", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log_ETW_PostMsgOperationA("LoadLibraryEx", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("LoadLibraryEx:\n");
LogString("File Name", libFileName);
LogLoadLibraryFlags(flags);
@ -163,7 +164,7 @@ HMODULE __stdcall LoadLibraryExFixup(_In_ const CharT* libFileName, _Reserved_ H
LogLastError();
}
LogCallingModule();
}
}
}
return result;
@ -173,39 +174,39 @@ DECLARE_STRING_FIXUP(LoadLibraryExImpl, LoadLibraryExFixup);
auto LoadModuleImpl = &::LoadModule;
DWORD __stdcall LoadModuleFixup(_In_ LPCSTR moduleName, _In_ LPVOID parameterBlock)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = LoadModuleImpl(moduleName, parameterBlock);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = (result > 31) ? function_result::success : (result == 0) ? function_result::failure : from_win32(result);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "Module Name=" + InterpretStringA(moduleName);
inputs = "Module Name=" + InterpretStringA(moduleName);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("LoadModule", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log_ETW_PostMsgOperationA("LoadModule", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("LoadModule:\n");
LogString("Module Name", moduleName);
LogFunctionResult(functionResult);
@ -214,7 +215,7 @@ DWORD __stdcall LoadModuleFixup(_In_ LPCSTR moduleName, _In_ LPVOID parameterBlo
LogLastError();
}
LogCallingModule();
}
}
}
return result;
@ -224,39 +225,39 @@ DECLARE_FIXUP(LoadModuleImpl, LoadModuleFixup);
auto LoadPackagedLibraryImpl = &::LoadPackagedLibrary;
HMODULE __stdcall LoadPackagedLibraryFixup(_In_ LPCWSTR libFileName, _Reserved_ DWORD reserved)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = LoadPackagedLibraryImpl(libFileName, reserved);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result != NULL);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "File Name=" + InterpretStringA(libFileName);
inputs = "File Name=" + InterpretStringA(libFileName);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("LoadPackagedLibrary", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log_ETW_PostMsgOperationA("LoadPackagedLibrary", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("LoadPackagedLibrary:\n");
LogString("File Name", libFileName);
LogFunctionResult(functionResult);
@ -265,7 +266,7 @@ HMODULE __stdcall LoadPackagedLibraryFixup(_In_ LPCWSTR libFileName, _Reserved_
LogLastError();
}
LogCallingModule();
}
}
}
return result;
@ -275,48 +276,48 @@ DECLARE_FIXUP(LoadPackagedLibraryImpl, LoadPackagedLibraryFixup);
auto RemoveDllDirectoryImpl = &::RemoveDllDirectory;
BOOL __stdcall RemoveDllDirectoryFixup(_In_ DLL_DIRECTORY_COOKIE cookie)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = RemoveDllDirectoryImpl(cookie);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = InterpretAsHex("Cookie", cookie);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("RemoveDllDirectory", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("RemoveDllDirectory:\n");
Log("\tCookie=%d\n", cookie);
LogFunctionResult(functionResult);
if (function_failed(functionResult))
if (output_method == trace_method::eventlog)
{
LogLastError();
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = InterpretAsHex("Cookie", cookie);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("RemoveDllDirectory", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("RemoveDllDirectory:\n");
Log("\tCookie=%d\n", cookie);
LogFunctionResult(functionResult);
if (function_failed(functionResult))
{
LogLastError();
}
LogCallingModule();
}
LogCallingModule();
}
}
return result;
@ -326,48 +327,48 @@ DECLARE_FIXUP(RemoveDllDirectoryImpl, RemoveDllDirectoryFixup);
auto SetDefaultDllDirectoriesImpl = &::SetDefaultDllDirectories;
BOOL __stdcall SetDefaultDllDirectoriesFixup(_In_ DWORD directoryFlags)
{
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto entry = LogFunctionEntry();
auto result = SetDefaultDllDirectoriesImpl(directoryFlags);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = InterpretLoadLibraryFlags(directoryFlags, "Directory Flags");
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("SetDefaultDllDirectories", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("SetDefaultDllDirectories:\n");
LogLoadLibraryFlags(directoryFlags, "Directory Flags");
LogFunctionResult(functionResult);
if (function_failed(functionResult))
if (output_method == trace_method::eventlog)
{
LogLastError();
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = InterpretLoadLibraryFlags(directoryFlags, "Directory Flags");
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("SetDefaultDllDirectories", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("SetDefaultDllDirectories:\n");
LogLoadLibraryFlags(directoryFlags, "Directory Flags");
LogFunctionResult(functionResult);
if (function_failed(functionResult))
{
LogLastError();
}
LogCallingModule();
}
LogCallingModule();
}
}
return result;
@ -379,47 +380,47 @@ template <typename CharT>
BOOL __stdcall SetDllDirectoryFixup(_In_opt_ const CharT* pathName)
{
auto entry = LogFunctionEntry();
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
LARGE_INTEGER TickStart, TickEnd;
QueryPerformanceCounter(&TickStart);
auto result = SetDllDirectoryImpl(pathName);
QueryPerformanceCounter(&TickEnd);
QueryPerformanceCounter(&TickEnd);
auto functionResult = from_win32_bool(result);
if (auto lock = acquire_output_lock(function_type::dynamic_link_library, functionResult))
{
if (output_method == trace_method::eventlog)
{
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "Path Name" + InterpretStringA(pathName);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("SetDllDirectory", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("SetDllDirectory:\n");
LogString("Path Name", pathName);
LogFunctionResult(functionResult);
if (function_failed(functionResult))
if (output_method == trace_method::eventlog)
{
LogLastError();
std::string inputs = "";
std::string outputs = "";
std::string results = "";
inputs = "Path Name" + InterpretStringA(pathName);
results = InterpretReturn(functionResult, result).c_str();
if (function_failed(functionResult))
{
outputs += InterpretLastError();
}
std::ostringstream sout;
InterpretCallingModulePart1()
sout << InterpretCallingModulePart2()
InterpretCallingModulePart3()
std::string cm = sout.str();
Log_ETW_PostMsgOperationA("SetDllDirectory", inputs.c_str(), results.c_str(), outputs.c_str(), cm.c_str(), TickStart, TickEnd);
}
else
{
Log("SetDllDirectory:\n");
LogString("Path Name", pathName);
LogFunctionResult(functionResult);
if (function_failed(functionResult))
{
LogLastError();
}
LogCallingModule();
}
LogCallingModule();
}
}
return result;