etw_message.h File Reference

#include <glib.h>
#include <windows.h>
#include <SDKDDKVer.h>
#include <strsafe.h>
#include <evntcons.h>
#include <tdh.h>
#include <stdlib.h>
#include <ws2def.h>
#include <ws2ipdef.h>

Go to the source code of this file.

Classes
struct	Property_Key_Value

Macros
#define	MAX_LOG_LINE_LENGTH   1024
#define	MAX_KEY_LENGTH   64

Typedefs
typedef struct Property_Key_Value	PROPERTY_KEY_VALUE

Functions
VOID	format_message (WCHAR *lpszMessage, PROPERTY_KEY_VALUE *propArray, DWORD dwPropertyCount, WCHAR *lpszOutBuffer, DWORD dwOutBufferCount)
	Formats a message using property key-value pairs.
BOOL	get_event_information (PEVENT_RECORD pEvent, PTRACE_EVENT_INFO *pInfo)
	Retrieves information about an event.
PBYTE	extract_property (PEVENT_RECORD pEvent, PTRACE_EVENT_INFO pInfo, DWORD PointerSize, USHORT i, PBYTE pUserData, PBYTE pEndOfUserData, PROPERTY_KEY_VALUE *pExtract)
	Extract a propertiy from an event record.

Detailed Description

Copyright 2020, Odysseus Yang

Wireshark - Network traffic analyzer By Gerald Combs geral.nosp@m.d@wi.nosp@m.resha.nosp@m.rk.o.nosp@m.rg Copyright 1998 Gerald Combs

SPDX-License-Identifier: GPL-2.0-or-later

Function Documentation

extract_property()

PBYTE extract_property	(	PEVENT_RECORD	pEvent,
		PTRACE_EVENT_INFO	pInfo,
		DWORD	PointerSize,
		USHORT	i,
		PBYTE	pUserData,
		PBYTE	pEndOfUserData,
		PROPERTY_KEY_VALUE *	pExtract
	)

Extract a propertiy from an event record.

Parameters

pEvent	Pointer to the EVENT_RECORD structure.
pInfo	Pointer to the TRACE_EVENT_INFO structure.
PointerSize	Size of a pointer in bytes.
i	Index of the property to extract.
pUserData	Pointer to user data buffer.
pEndOfUserData	Pointer to the end of the user data buffer.
pExtract	Pointer to the PROPERTY_KEY_VALUE structure where the extracted property will be stored.

Returns

PBYTE Pointer to the next byte in the user data buffer, or NULL if an error occurred.

format_message()

VOID format_message	(	WCHAR *	lpszMessage,
		PROPERTY_KEY_VALUE *	propArray,
		DWORD	dwPropertyCount,
		WCHAR *	lpszOutBuffer,
		DWORD	dwOutBufferCount
	)

Formats a message using property key-value pairs.

Parameters

lpszMessage	The input message string containing format specifiers.
propArray	Array of property key-value pairs to replace format specifiers.
dwPropertyCount	Number of elements in the property array.
lpszOutBuffer	Buffer to store the formatted message.
dwOutBufferCount	Size of the output buffer.

get_event_information()

BOOL get_event_information	(	PEVENT_RECORD	pEvent,
		PTRACE_EVENT_INFO *	pInfo
	)

Retrieves information about an event.

This function retrieves metadata for a given event record using TdhGetEventInformation. If the initial call indicates insufficient buffer size, it allocates memory and retries.

Parameters

pEvent	Pointer to the EVENT_RECORD structure containing the event data.
pInfo	Pointer to a pointer that receives the TRACE_EVENT_INFO structure containing the event metadata.

Returns

TRUE if successful, FALSE otherwise.