注册事件跟踪提供程序。 驱动程序应在调用记录事件之前调用此函数。
语法
void UMDEtwRegister(
PFNUMDETW_RUNDOWN CbRundown
);
参数
CbRundown
指向回调函数的指针,该函数返回有关用户模式驱动程序的当前状态的信息。
此回调函数应为每个当前分配映射调用 UMDEtwLogMapAllocation 函数。
返回值
没有
言论
CbRundown 参数的数据类型定义为:
typedef void (*PFNUMDETW_RUNDOWN)();
UMDEtwRegister 在 Umdprovider.h 中内联定义为:
// GUID for UMD ETW provider
// {A688EE40-D8D9-4736-B6F9-6B74935BA3B1}
static const GUID UMDEtwProviderId =
{ 0xa688ee40, 0xd8d9, 0x4736, { 0xb6, 0xf9, 0x6b, 0x74, 0x93, 0x5b, 0xa3, 0xb1 } };
// Registration handle, returned by EventRegister and passed to EventUnregister
__declspec(selectany) REGHANDLE RegHandle = NULL;
// Whether any level of logging is enabled.
__declspec(selectany) BOOLEAN Enabled = FALSE;
// Whether we are currently in a rundown
__declspec(selectany) BOOLEAN InRundown = FALSE;
// Callback to the driver when a rundown is needed
__declspec(selectany) PFNUMDETW_RUNDOWN Rundown = NULL;
FORCEINLINE void NTAPI EnableCallback(
__in LPCGUID SourceId,
__in ULONG IsEnabled,
__in UCHAR Level,
__in ULONGLONG MatchAnyKeyword,
__in ULONGLONG MatchAllKeywords,
__in_opt PEVENT_FILTER_DESCRIPTOR FilterData,
__in_opt PVOID CallbackContext
)
{
switch (IsEnabled)
{
case EVENT_CONTROL_CODE_DISABLE_PROVIDER:
Enabled = FALSE;
break;
case EVENT_CONTROL_CODE_ENABLE_PROVIDER:
Enabled = TRUE;
break;
case EVENT_CONTROL_CODE_CAPTURE_STATE:
// Temporarily enable logging during the rundown
BOOLEAN OldEnabled = Enabled;
Enabled = TRUE;
InRundown = TRUE;
Rundown();
InRundown = FALSE;
// Restore Enabled to its original state
Enabled = OldEnabled;
break;
}
}
FORCEINLINE void UMDEtwRegister(PFNUMDETW_RUNDOWN RundownCb)
{
Rundown = RundownCb;
// Register the provider
EventRegister(&UMDEtwProviderId,
EnableCallback,
NULL,
&RegHandle);
}
Windows 事件 文档中介绍了 EventRegister 函数和 EVENT_CONTROL_CODE_XXX 值。
要求
| 要求 | 价值 |
|---|---|
| 最低支持的客户端 | Windows 8 |
| 支持的最低服务器 | Windows Server 2012 |
| 目标平台 | 桌面 |
| 标头 | umdprovider.h(包括 Umdprovider.h) |