aetos382 · August 29, 2015 14:08
diff --git a/Consumer2.cpp b/Consumer2.cpp
 // Consumer2.cpp : コンソール アプリケーションのエントリ ポイントを定義します。
 //

 #include "stdafx.h"
 #include "../Provider0/ProviderManifest0.h"

 VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD eventRecord);

 int _tmain(int argc, _TCHAR* argv[])
 {
 	EVENT_TRACE_LOGFILE logFile = {};
 	logFile.LogFileName = NULL;
 	logFile.LoggerName = L"EtwSamples.Controller2";
 	logFile.ProcessTraceMode =
 		PROCESS_TRACE_MODE_EVENT_RECORD | PROCESS_TRACE_MODE_REAL_TIME;
 	logFile.EventRecordCallback = &EventRecordCallback;
 	logFile.Context = &logFile;

 	TRACEHANDLE hTrace = OpenTrace(&logFile);
 	if (hTrace == INVALID_PROCESSTRACE_HANDLE)
 	{
 		return 1;
 	}

 	ULONG result = ProcessTrace(&hTrace, 1, NULL, NULL);

 	CloseTrace(hTrace);

 	return 0;
 }

 VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD eventRecord)
 {
 	EVENT_HEADER & header = eventRecord->EventHeader;

 	if (!IsEqualGUID(header.ProviderId, PROVIDERID_SampleProvider0))
 	{
 		return;
 	}

 	WCHAR providerId[80] = {};
 	StringFromGUID2(header.ProviderId, providerId, _countof(providerId));

 	wprintf_s(L"Provider : %s\n", providerId);
 	wprintf_s(L"Channel  : %u\n", header.EventDescriptor.Channel);
 	wprintf_s(L"Event    : %u (Version: %u)\n", header.EventDescriptor.Id, header.EventDescriptor.Version);
 	wprintf_s(L"Level    : %u\n", header.EventDescriptor.Level);
 	wprintf_s(L"Task     : %u\n", header.EventDescriptor.Task);
 	wprintf_s(L"Opcode   : %u\n", header.EventDescriptor.Opcode);
 	wprintf_s(L"Keywords : %#0I64x\n", header.EventDescriptor.Keyword);

 	FILETIME time = { header.TimeStamp.LowPart, header.TimeStamp.HighPart };
 	FILETIME localTime = {};
 	SYSTEMTIME st = {};

 	FileTimeToLocalFileTime(&time, &localTime);
 	FileTimeToSystemTime(&localTime, &st);

 	wprintf_s(L"Time     : %04u-%02u-%02u %02u:%02u:%02u.%07u\n",
 		st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,
 		header.TimeStamp.QuadPart % 10000000);

 	wprintf_s(L"Process  : %u\n", header.ProcessId);
 	wprintf_s(L"Thread   : %u\n", header.ThreadId);
 	wprintf_s(L"Flags    : %#0hx\n", header.Flags);

 	if ((header.Flags & EVENT_HEADER_FLAG_EXTENDED_INFO) != 0)
 	{
 		_putws(L"           Extended Info");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_PRIVATE_SESSION) != 0)
 	{
 		_putws(L"           Private Session");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_STRING_ONLY) != 0)
 	{
 		_putws(L"           String Only");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_TRACE_MESSAGE) != 0)
 	{
 		_putws(L"           Trace Message\n");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_NO_CPUTIME) != 0)
 	{
 		_putws(L"           No CPU Time");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_32_BIT_HEADER) != 0)
 	{
 		_putws(L"           32bit Header");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_64_BIT_HEADER) != 0)
 	{
 		_putws(L"           64bit Header");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_CLASSIC_HEADER) != 0)
 	{
 		_putws(L"           Classic Header");
 	}

 	if ((header.Flags & EVENT_HEADER_FLAG_PROCESSOR_INDEX) != 0)
 	{
 		_putws(L"           Processor Index");
 	}

 	wprintf_s(L"Property : %#0hx\n", header.EventProperty);

 	if ((header.EventProperty & EVENT_HEADER_PROPERTY_XML) != 0)
 	{
 		_putws(L"           XML");
 	}

 	if ((header.EventProperty & EVENT_HEADER_PROPERTY_FORWARDED_XML) != 0)
 	{
 		_putws(L"           Forwarded XML");
 	}

 	if ((header.EventProperty & EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG) != 0)
 	{
 		_putws(L"           Legacy");
 	}

 	_putws(L"");
 }
diff --git a/Controller2.cpp b/Controller2.cpp
 // Controller2.cpp : コンソール アプリケーションのエントリ ポイントを定義します。
 //

 #include "stdafx.h"
 #include "../Provider0/ProviderManifest0.h"

 int _tmain(int argc, _TCHAR* argv[])
 {
 	LPCWSTR sessionName = L"EtwSamples.Controller2";

 	const DWORD logFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
 	const DWORD logFileNameLength = MAX_PATH;
 	const DWORD loggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + (sizeof(WCHAR) * logFileNameLength);
 	const DWORD loggerNameLength = 80;

 	const DWORD size = sizeof(EVENT_TRACE_PROPERTIES) + (sizeof(WCHAR) * logFileNameLength) + (sizeof(WCHAR) * loggerNameLength);
 	BYTE buffer[size] = {};

 	EVENT_TRACE_PROPERTIES * prop = reinterpret_cast<EVENT_TRACE_PROPERTIES *>(buffer);

 	prop->Wnode.BufferSize = size;
 	prop->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
 	prop->LogFileMode = EVENT_TRACE_FILE_MODE_SEQUENTIAL | EVENT_TRACE_USE_PAGED_MEMORY | EVENT_TRACE_REAL_TIME_MODE;
 	prop->LogFileNameOffset = logFileNameOffset;
 	prop->LoggerNameOffset = loggerNameOffset;

 	LPWSTR logFileName = reinterpret_cast<LPWSTR>(buffer + logFileNameOffset);
 	LPWSTR loggerName = reinterpret_cast<LPWSTR>(buffer + loggerNameOffset);

 	wcscpy_s(logFileName, logFileNameLength, L"Controller2.etl");
 	wcscpy_s(loggerName, loggerNameLength, sessionName);

 	TRACEHANDLE traceHandle = INVALID_PROCESSTRACE_HANDLE;
 	ULONG result = StartTrace(&traceHandle, sessionName, prop);

 	result = EnableTraceEx(&PROVIDERID_SampleProvider0, NULL, traceHandle, 1, 0, 0, 0, 0, NULL);

 	_putws(L"press any key to continue.");
 	_getwch();

 	result = EnableTraceEx(&PROVIDERID_SampleProvider0, NULL, traceHandle, 0, 0, 0, 0, 0, NULL);

 	result = StopTrace(traceHandle, NULL, prop);

 	return 0;
 }
	// Consumer2.cpp : コンソールアプリケーションのエントリポイントを定義します。
	//

	#include "stdafx.h"
	#include "../Provider0/ProviderManifest0.h"

	VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD eventRecord);

	int _tmain(int argc, _TCHAR* argv[])
	{
	EVENT_TRACE_LOGFILE logFile = {};
	logFile.LogFileName = NULL;
	logFile.LoggerName = L"EtwSamples.Controller2";
	logFile.ProcessTraceMode =
	PROCESS_TRACE_MODE_EVENT_RECORD \| PROCESS_TRACE_MODE_REAL_TIME;
	logFile.EventRecordCallback = &EventRecordCallback;
	logFile.Context = &logFile;

	TRACEHANDLE hTrace = OpenTrace(&logFile);
	if (hTrace == INVALID_PROCESSTRACE_HANDLE)
	{
	return 1;
	}

	ULONG result = ProcessTrace(&hTrace, 1, NULL, NULL);

	CloseTrace(hTrace);

	return 0;
	}

	VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD eventRecord)
	{
	EVENT_HEADER & header = eventRecord->EventHeader;

	if (!IsEqualGUID(header.ProviderId, PROVIDERID_SampleProvider0))
	{
	return;
	}

	WCHAR providerId[80] = {};
	StringFromGUID2(header.ProviderId, providerId, _countof(providerId));

	wprintf_s(L"Provider : %s\n", providerId);
	wprintf_s(L"Channel : %u\n", header.EventDescriptor.Channel);
	wprintf_s(L"Event : %u (Version: %u)\n", header.EventDescriptor.Id, header.EventDescriptor.Version);
	wprintf_s(L"Level : %u\n", header.EventDescriptor.Level);
	wprintf_s(L"Task : %u\n", header.EventDescriptor.Task);
	wprintf_s(L"Opcode : %u\n", header.EventDescriptor.Opcode);
	wprintf_s(L"Keywords : %#0I64x\n", header.EventDescriptor.Keyword);

	FILETIME time = { header.TimeStamp.LowPart, header.TimeStamp.HighPart };
	FILETIME localTime = {};
	SYSTEMTIME st = {};

	FileTimeToLocalFileTime(&time, &localTime);
	FileTimeToSystemTime(&localTime, &st);

	wprintf_s(L"Time : %04u-%02u-%02u %02u:%02u:%02u.%07u\n",
	st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,
	header.TimeStamp.QuadPart % 10000000);

	wprintf_s(L"Process : %u\n", header.ProcessId);
	wprintf_s(L"Thread : %u\n", header.ThreadId);
	wprintf_s(L"Flags : %#0hx\n", header.Flags);

	if ((header.Flags & EVENT_HEADER_FLAG_EXTENDED_INFO) != 0)
	{
	_putws(L" Extended Info");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_PRIVATE_SESSION) != 0)
	{
	_putws(L" Private Session");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_STRING_ONLY) != 0)
	{
	_putws(L" String Only");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_TRACE_MESSAGE) != 0)
	{
	_putws(L" Trace Message\n");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_NO_CPUTIME) != 0)
	{
	_putws(L" No CPU Time");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_32_BIT_HEADER) != 0)
	{
	_putws(L" 32bit Header");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_64_BIT_HEADER) != 0)
	{
	_putws(L" 64bit Header");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_CLASSIC_HEADER) != 0)
	{
	_putws(L" Classic Header");
	}

	if ((header.Flags & EVENT_HEADER_FLAG_PROCESSOR_INDEX) != 0)
	{
	_putws(L" Processor Index");
	}

	wprintf_s(L"Property : %#0hx\n", header.EventProperty);

	if ((header.EventProperty & EVENT_HEADER_PROPERTY_XML) != 0)
	{
	_putws(L" XML");
	}

	if ((header.EventProperty & EVENT_HEADER_PROPERTY_FORWARDED_XML) != 0)
	{
	_putws(L" Forwarded XML");
	}

	if ((header.EventProperty & EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG) != 0)
	{
	_putws(L" Legacy");
	}

	_putws(L"");
	}
	// Controller2.cpp : コンソールアプリケーションのエントリポイントを定義します。
	//

	#include "stdafx.h"
	#include "../Provider0/ProviderManifest0.h"

	int _tmain(int argc, _TCHAR* argv[])
	{
	LPCWSTR sessionName = L"EtwSamples.Controller2";

	const DWORD logFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
	const DWORD logFileNameLength = MAX_PATH;
	const DWORD loggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + (sizeof(WCHAR) * logFileNameLength);
	const DWORD loggerNameLength = 80;

	const DWORD size = sizeof(EVENT_TRACE_PROPERTIES) + (sizeof(WCHAR) * logFileNameLength) + (sizeof(WCHAR) * loggerNameLength);
	BYTE buffer[size] = {};

	EVENT_TRACE_PROPERTIES * prop = reinterpret_cast<EVENT_TRACE_PROPERTIES *>(buffer);

	prop->Wnode.BufferSize = size;
	prop->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
	prop->LogFileMode = EVENT_TRACE_FILE_MODE_SEQUENTIAL \| EVENT_TRACE_USE_PAGED_MEMORY \| EVENT_TRACE_REAL_TIME_MODE;
	prop->LogFileNameOffset = logFileNameOffset;
	prop->LoggerNameOffset = loggerNameOffset;

	LPWSTR logFileName = reinterpret_cast<LPWSTR>(buffer + logFileNameOffset);
	LPWSTR loggerName = reinterpret_cast<LPWSTR>(buffer + loggerNameOffset);

	wcscpy_s(logFileName, logFileNameLength, L"Controller2.etl");
	wcscpy_s(loggerName, loggerNameLength, sessionName);

	TRACEHANDLE traceHandle = INVALID_PROCESSTRACE_HANDLE;
	ULONG result = StartTrace(&traceHandle, sessionName, prop);

	result = EnableTraceEx(&PROVIDERID_SampleProvider0, NULL, traceHandle, 1, 0, 0, 0, 0, NULL);

	_putws(L"press any key to continue.");
	_getwch();

	result = EnableTraceEx(&PROVIDERID_SampleProvider0, NULL, traceHandle, 0, 0, 0, 0, 0, NULL);

	result = StopTrace(traceHandle, NULL, prop);

	return 0;
	}