142 lines
3.3 KiB
C
142 lines
3.3 KiB
C
/*++
|
|
|
|
THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
|
|
ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
|
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
|
|
PARTICULAR PURPOSE.
|
|
|
|
Copyright (c) Microsoft Corporation. All rights reserved
|
|
|
|
Module Name:
|
|
|
|
common.h
|
|
|
|
Abstract:
|
|
|
|
Definitions on the decoding context structure, and utility function for determining
|
|
if the running operating system is prior Windows 7.
|
|
|
|
--*/
|
|
|
|
extern "C" {
|
|
|
|
#include <windows.h>
|
|
#include <tchar.h>
|
|
#include <strsafe.h>
|
|
|
|
#include <initguid.h>
|
|
#include <wmistr.h>
|
|
#include <evntcons.h>
|
|
#include <evntrace.h>
|
|
#include <Tdh.h>
|
|
|
|
}
|
|
|
|
#include <comutil.h>
|
|
|
|
|
|
CONST ULONG STRLEN_GUID = 39;
|
|
CONST ULONG STRLEN_UTC_DATETIME = 64;
|
|
CONST ULONG ONE_HUNDRED_NANOSECONDS_PER_SECOND = 10000000;
|
|
CONST PWSTR FORMAT_STRING_DATE = L"yyyy'-'MM'-'dd";
|
|
CONST PWSTR FORMAT_STRING_TIME = L"HH':'mm':'ss";
|
|
|
|
CONST ULONG WIN7_MAJOR_VERSION = 6;
|
|
CONST ULONG WIN7_MINOR_VERSION = 1;
|
|
|
|
BOOLEAN
|
|
IsOSPriorWin7(
|
|
VOID
|
|
);
|
|
|
|
//
|
|
// Following is a user-defined structure that can be passed to the
|
|
// ProcessTrace API. EventCallback() and BufferCallback() functions can
|
|
// retrieve a pointer to this structure from EVENT_RECORD::UserContext
|
|
// and EVENT_TRACE_LOGFILE::Context respectively. It is a way to pass
|
|
// around logfile-specific information between Callbacks. Better than
|
|
// using globals.
|
|
//
|
|
|
|
CONST ULONG INITIAL_FORMATBUFFER_SIZE = 65536;
|
|
|
|
typedef struct _PROCESSING_CONTEXT {
|
|
|
|
PWSTR TMFFile;
|
|
ULONG PointerSize;
|
|
__field_bcount(BufferSize) PBYTE Buffer;
|
|
ULONG BufferSize;
|
|
ULONG BufferCount;
|
|
ULONGLONG EventCount;
|
|
TDH_CONTEXT TdhContexts[2];
|
|
BOOLEAN OSPriorWin7;
|
|
|
|
_PROCESSING_CONTEXT()
|
|
:TMFFile(NULL)
|
|
,PointerSize(sizeof(PVOID))
|
|
,BufferSize(INITIAL_FORMATBUFFER_SIZE)
|
|
,BufferCount(0)
|
|
,EventCount(0)
|
|
{
|
|
Buffer = (PBYTE)malloc(BufferSize);
|
|
if (Buffer == NULL) {
|
|
throw (ERROR_OUTOFMEMORY);
|
|
}
|
|
OSPriorWin7 = IsOSPriorWin7();
|
|
}
|
|
|
|
~_PROCESSING_CONTEXT()
|
|
{
|
|
free(Buffer);
|
|
}
|
|
|
|
} PROCESSING_CONTEXT, *PPROCESSING_CONTEXT;
|
|
|
|
BOOLEAN
|
|
IsOSPriorWin7(
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine determines if the version of the running operating system is
|
|
prior Windows 7 or not. This information is needed for making the decision
|
|
to use some Tdh API functions which are new in Windows 7.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
TRUE - The operating system is prior Windows 7.
|
|
|
|
FALSE - The operating system is Windows 7 or later.
|
|
|
|
--*/
|
|
|
|
{
|
|
BOOL VersionQuerySuccess;
|
|
OSVERSIONINFO OperatingSystemInfo;
|
|
|
|
ZeroMemory(&OperatingSystemInfo, sizeof(OSVERSIONINFO));
|
|
OperatingSystemInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
|
|
|
|
VersionQuerySuccess = GetVersionEx(&OperatingSystemInfo);
|
|
|
|
if (VersionQuerySuccess == TRUE) {
|
|
if (OperatingSystemInfo.dwMajorVersion < WIN7_MAJOR_VERSION) {
|
|
return TRUE;
|
|
}
|
|
if ((OperatingSystemInfo.dwMajorVersion == WIN7_MAJOR_VERSION) &&
|
|
(OperatingSystemInfo.dwMinorVersion < WIN7_MINOR_VERSION)) {
|
|
|
|
return TRUE;
|
|
}
|
|
}
|
|
return FALSE;
|
|
}
|
|
|