通过

UMDEtwRegister 函数 (umdprovider.h)

  • 项目

注册事件跟踪提供程序。 驱动程序应在调用日志事件之前调用此函数。

语法

void UMDEtwRegister(
  PFNUMDETW_RUNDOWN CbRundown
);

参数

CbRundown

指向回调函数的指针,该函数返回有关用户模式驱动程序的当前状态的信息。

此回调函数应为每个当前分配映射调用 UMDEtwLogMapAllocation 函数。

返回值

备注

CbRundown 参数的数据类型定义为:

typedef void (*PFNUMDETW_RUNDOWN)();

UMDEtwRegister 在 Umdprovider.h 中内联定义为:

// GUID for UMD ETW provider
// {A688EE40-D8D9-4736-B6F9-6B74935BA3B1}
static const GUID UMDEtwProviderId = 
{ 0xa688ee40, 0xd8d9, 0x4736, { 0xb6, 0xf9, 0x6b, 0x74, 0x93, 0x5b, 0xa3, 0xb1 } };

// Registration handle, returned by EventRegister and passed to EventUnregister
__declspec(selectany) REGHANDLE RegHandle = NULL;

// Whether any level of logging is enabled.
__declspec(selectany) BOOLEAN Enabled = FALSE;

// Whether we are currently in a rundown
__declspec(selectany) BOOLEAN InRundown = FALSE;

// Callback to the driver when a rundown is needed
__declspec(selectany) PFNUMDETW_RUNDOWN Rundown = NULL;

FORCEINLINE void NTAPI EnableCallback(
  __in      LPCGUID SourceId,
  __in      ULONG IsEnabled,
  __in      UCHAR Level,
  __in      ULONGLONG MatchAnyKeyword,
  __in      ULONGLONG MatchAllKeywords,
  __in_opt  PEVENT_FILTER_DESCRIPTOR FilterData,
  __in_opt  PVOID CallbackContext
)
{
    switch (IsEnabled)
    {
        case EVENT_CONTROL_CODE_DISABLE_PROVIDER:
            Enabled = FALSE;
            break;
        case EVENT_CONTROL_CODE_ENABLE_PROVIDER:
            Enabled = TRUE;
            break;
        case EVENT_CONTROL_CODE_CAPTURE_STATE:
            // Temporarily enable logging during the rundown
            BOOLEAN OldEnabled = Enabled;
            Enabled = TRUE;
            
            InRundown = TRUE;
            Rundown();
            InRundown = FALSE;

            // Restore Enabled to its original state
            Enabled = OldEnabled;
            
            break;
    }
}

FORCEINLINE void UMDEtwRegister(PFNUMDETW_RUNDOWN RundownCb)
{
    Rundown = RundownCb;

    // Register the provider
    EventRegister(&UMDEtwProviderId,
                  EnableCallback,
                  NULL,
                  &RegHandle);
}

Windows 事件文档中介绍了 EventRegister 函数和EVENT_CONTROL_CODE_XXX值。

要求

要求
最低受支持的客户端 Windows 8
最低受支持的服务器 Windows Server 2012
目标平台 桌面
标头 umdprovider.h (包括 Umdprovider.h)

另请参阅

UMDEtwLogMapAllocation

UMDEtwUnregister