CEL_MODULE_LOAD (Windows CE 5.0)
This structure identifies a module that was loaded.
typedef __CEL_MODULE_LOAD {HANDLEhProcess;HANDLEhModule;DWORD dwBase;WCHARszName[0];} CEL_MODULE_LOAD, *PCEL_MODULE_LOAD;
Members
hProcess
Handle of the process that loaded the module.In Windows CE 5.0, if this field is INVALID_HANDLE_VALUE (0xFFFFFFFF), the event indicates that the module was loaded for the first time. Before this event, no instances of the module are loaded by any process.
hModule
Handle of the loaded module.dwBase
Base virtual memory address assigned to the loaded module.szName
Null-terminated string that contains the name of the module that was loaded. The length can be inferred from the length given in the event header, CEL_HEADER.
Remarks
CEL_MODULE_LOAD is logged each time a process loads the module for the first time.
When a process is the first process to load a module, the kernel logs two CEL_MODULE_LOAD structures:
- A CEL_MODULE_LOAD structure is logged with an hProcess value of INVALID_HANDLE_VALUE to indicate that the module is being loaded for the first time by any process.
- Another CEL_MODULE_LOAD structure is logged with an hProcess value set to the handle of the first process to load the module.
If subsequent processes also load the module, one CEL_MODULE_LOAD event is logged for each process.
If any process loads the module more than once, only one CEL_MODULE_LOAD event is logged for that process.
Requirements
OS Versions: Windows CE 3.0 and later.
Header: Celog.h.
See Also
Send Feedback on this topic to the authors