archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/sdktools/trace/samples/tracekmp/tracekmp.c

456 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <ntddk.h>
  4. #include <wmistr.h>
  5. #include <evntrace.h>
  6. #include <wmikm.h>
  8. #define TRACEKMP_NT_DEVICE_NAME L"\\Device\\TraceKmp"
  9. #define TRACEKMP_MOF_FILE L"MofResourceName"
  11. PDEVICE_OBJECT pTracekmpDeviceObject;
  12. UNICODE_STRING KmpRegistryPath;
  15. typedef struct _DEVICE_EXTENSION {
  16. PDEVICE_OBJECT DeviceObject;
  17. } DEVICE_EXTENSION, *PDEVICE_EXTENSION;
  20. //
  21. // ETW Globals
  22. //
  24. // 1. A control guid to identify this driver to ETW. The enable/disable state
  25. // of this Guid controls enable/disable state of tracing for this driver.
  26. GUID ControlGuid = \
  27. {0xce5b1120, 0x8ea9, 0x11d1, 0xa4, 0xec, 0x00, 0xa0, 0xc9, 0x06, 0x29, 0x10};
  29. // 2. EventGuids to fire events with. Can have more than one EventGuid.
  30. GUID TracekmpGuid = \
  31. {0xbc8700cb, 0x120b, 0x4aad, 0xbf, 0xbf, 0x99, 0x6e, 0x57, 0x60, 0xcb, 0x85};
  33. // 3. EtwLoggerHandle to use with IoWMIWriteEvent.
  34. TRACEHANDLE EtwLoggerHandle = 0;
  36. // 4. EtwTraceEnable to indicate whether or not tracing is currently on.
  37. ULONG EtwTraceEnable = 0;
  39. // 5. EtwTraceLevel to indicate the current Level of logging
  40. ULONG EtwTraceLevel = 0;
  42. // Note: EtwLoggerHandle, EtwTraceEnable and EtwTraceLevel are set through
  43. // ENABLE_EVENTS irp.
  44. //
  46. NTSTATUS
  47. DriverEntry(
  48. IN PDRIVER_OBJECT DriverObject,
  49. IN PUNICODE_STRING RegistryPath
  50. );
  52. NTSTATUS
  53. EtwDispatch(
  54. IN PDEVICE_OBJECT pDO,
  55. IN PIRP Irp
  56. );
  58. NTSTATUS
  59. EtwRegisterGuids(
  60. IN PWMIREGINFO WmiRegInfo,
  61. IN ULONG wmiRegInfoSize,
  62. IN PULONG pReturnSize
  63. );
  65. VOID
  66. TracekmpDriverUnload(
  67. IN PDRIVER_OBJECT DriverObject
  68. );
  72. #ifdef ALLOC_PRAGMA
  73. #pragma alloc_text( INIT, DriverEntry )
  74. #pragma alloc_text( PAGE, EtwDispatch )
  75. #pragma alloc_text( PAGE, EtwRegisterGuids )
  76. #pragma alloc_text( PAGE, TracekmpDriverUnload )
  77. #endif // ALLOC_PRAGMA
  81. NTSTATUS
  82. DriverEntry(
  83. IN PDRIVER_OBJECT DriverObject,
  84. IN PUNICODE_STRING RegistryPath
  85. )
  86. /*++
  88. Routine Description:
  90. This is the callback function when we call IoCreateDriver to create a
  91. WMI Driver Object. In this function, we need to remember the
  92. DriverObject.
  94. Arguments:
  95. DriverObject - pointer to the driver object
  96. RegistryPath - pointer to a unicode string representing the path
  97. to driver-specific key in the registry
  99. Return Value:
  101. STATUS_SUCCESS if successful
  102. STATUS_UNSUCCESSFUL otherwise
  104. --*/
  105. {
  106. NTSTATUS status = STATUS_SUCCESS;
  107. UNICODE_STRING deviceName;
  109. KmpRegistryPath.Length = 0;
  110. KmpRegistryPath.MaximumLength = RegistryPath->Length;
  111. KmpRegistryPath.Buffer = ExAllocatePool(PagedPool,
  112. RegistryPath->Length+2);
  113. RtlCopyUnicodeString(&KmpRegistryPath, RegistryPath);
  116. DriverObject->DriverUnload = TracekmpDriverUnload;
  118. //
  119. // STEP 1. Wire a function to start fielding WMI IRPS
  120. //
  122. DriverObject->MajorFunction[ IRP_MJ_SYSTEM_CONTROL ] = EtwDispatch;
  124. RtlInitUnicodeString( &deviceName, TRACEKMP_NT_DEVICE_NAME );
  126. status = IoCreateDevice(
  127. DriverObject,
  128. sizeof( DEVICE_EXTENSION ),
  129. &deviceName,
  130. FILE_DEVICE_UNKNOWN,
  131. 0,
  132. FALSE,
  133. &pTracekmpDeviceObject);
  135. if( !NT_SUCCESS( status )) {
  136. return status;
  137. }
  138. pTracekmpDeviceObject->Flags |= DO_BUFFERED_IO;
  140. //
  141. // STEP 2. Register with ETW here
  142. //
  144. status = IoWMIRegistrationControl(pTracekmpDeviceObject,
  145. WMIREG_ACTION_REGISTER);
  146. if (!NT_SUCCESS(status))
  147. {
  148. KdPrint((
  149. "TRACEKMP: IoWMIRegistrationControl failed with %x\n",
  150. status
  151. ));
  152. }
  155. return STATUS_SUCCESS;
  156. }
  158. VOID
  159. TracekmpDriverUnload(
  160. IN PDRIVER_OBJECT DriverObject
  161. )
  162. /*++
  164. Routine Description:
  166. Unregister from ETW logging and Unload this driver
  168. Arguments:
  170. DriverObject - Supplies a pointer to the driver object
  172. Return Value:
  174. --*/
  175. {
  176. PDEVICE_OBJECT pDevObj;
  177. NTSTATUS status;
  179. ExFreePool(KmpRegistryPath.Buffer);
  181. pDevObj = DriverObject->DeviceObject;
  183. //
  184. // STEP 3: Unregister with ETW.
  185. //
  186. if (pDevObj != NULL) {
  187. status = IoWMIRegistrationControl(pDevObj, WMIREG_ACTION_DEREGISTER);
  188. if (!NT_SUCCESS(status))
  189. {
  190. KdPrint((
  191. "TracekmpDriverUnload: Failed to unregister for ETW support\n"
  192. ));
  193. }
  194. }
  196. IoDeleteDevice( pDevObj );
  198. }
  200. //
  201. // STEP 4: Wire the ETW Dispatch function.
  202. //
  204. NTSTATUS
  205. EtwDispatch(
  206. IN PDEVICE_OBJECT pDO,
  207. IN PIRP Irp
  208. )
  209. /*++
  211. Routine Description:
  213. This is the dispatch routine for MJ_SYSTEM_CONTROL irps.
  216. Arguments:
  218. pDO - Pointer to the target device object.
  219. Irp - Pointer to IRP
  221. Return Value:
  223. NTSTATUS - Completion status.
  224. --*/
  225. {
  227. PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp);
  228. ULONG BufferSize = irpSp->Parameters.WMI.BufferSize;
  229. PVOID Buffer = irpSp->Parameters.WMI.Buffer;
  230. ULONG ReturnSize = 0;
  231. NTSTATUS status = STATUS_SUCCESS;
  233. UNREFERENCED_PARAMETER(pDO);
  236. switch (irpSp->MinorFunction) {
  238. case IRP_MN_REGINFO:
  239. {
  240. status = EtwRegisterGuids( (PWMIREGINFO) Buffer,
  241. BufferSize,
  242. &ReturnSize);
  243. Irp->IoStatus.Information = ReturnSize;
  244. Irp->IoStatus.Status = status;
  246. IoCompleteRequest( Irp, IO_NO_INCREMENT );
  247. return status;
  248. }
  249. case IRP_MN_ENABLE_EVENTS:
  250. {
  251. if ( (BufferSize < sizeof(WNODE_HEADER)) || (Buffer == NULL) ) {
  252. status = STATUS_INVALID_PARAMETER;
  253. }
  254. else {
  255. //
  256. // The Buffer that came is a WNODE_HEADER. Now Validate the
  257. // Wnode before using it.
  258. //
  260. PWNODE_HEADER Wnode = (PWNODE_HEADER)Buffer;
  261. if ( (Wnode->BufferSize < sizeof(WNODE_HEADER)) ||
  262. !IsEqualGUID(&Wnode->Guid, &ControlGuid) )
  263. {
  264. status = STATUS_INVALID_PARAMETER;
  265. }
  267. //
  268. // and the LoggerHandle
  269. // is in its HistoricalContext field.
  270. // We can pick up the Enable Level and Flags by using
  271. // the WmiGetLoggerEnableLevel and WmiGetLoggerEnableFlags calls
  272. //
  274. EtwLoggerHandle = Wnode->HistoricalContext;
  275. EtwTraceLevel = (ULONG) WmiGetLoggerEnableLevel(
  276. EtwLoggerHandle
  277. );
  279. //
  280. // After picking up the LoggerHandle and EnableLevel we can
  281. // set the flag EtwTraceEnable to true.
  282. //
  284. EtwTraceEnable = TRUE;
  286. //
  287. // Now this driver is enabled and ready to send traces to the
  288. // EventTrace session specified by the EtwLoggerHandle.
  289. //
  290. // The commented code fragment below shows a typical example of
  291. // sending an event to an Event Trace session. Insert this code
  292. // fragment (and remove the comments) wherever you want to
  293. // send traces to ETW from this driver.
  294. //
  296. // if (EtwTraceEnable) {
  297. // EVENT_TRACE_HEADER Header;
  298. // PEVENT_TRACE_HEADER Wnode;
  299. // NTSTATUS status;
  300. // Wnode = &Header;
  301. // RtlZeroMemory(Wnode, sizeof(EVENT_TRACE_HEADER));
  302. // Wnode->Size = sizeof(EVENT_TRACE_HEADER);
  303. // Wnode->Flags |= WNODE_FLAG_TRACED_GUID;
  304. // Wnode->Guid = TracekmpGuid;
  305. // ((PWNODE_HEADER)Wnode)->HistoricalContext = EtwLoggerHandle;
  306. // status = IoWMIWriteEvent((PVOID)Wnode);
  307. // }
  309. // STEP 6: Add IoWMIWriteEvent calls from various locations
  310. // of the driver code to trace its operation.
  311. //
  312. }
  314. Irp->IoStatus.Status = status;
  315. Irp->IoStatus.Information = 0;
  316. IoCompleteRequest( Irp, IO_NO_INCREMENT );
  317. return status;
  318. }
  319. case IRP_MN_DISABLE_EVENTS:
  320. {
  321. EtwTraceEnable = FALSE;
  322. EtwTraceLevel = 0;
  323. EtwLoggerHandle = 0;
  325. Irp->IoStatus.Status = status;
  326. Irp->IoStatus.Information = 0;
  327. IoCompleteRequest( Irp, IO_NO_INCREMENT );
  328. return status;
  329. }
  330. default:
  331. {
  332. status = STATUS_INVALID_DEVICE_REQUEST;
  333. Irp->IoStatus.Status = status;
  334. Irp->IoStatus.Information = 0;
  335. IoCompleteRequest( Irp, IO_NO_INCREMENT );
  337. return status;
  338. }
  339. }
  340. return status;
  341. }
  344. //
  345. // STEP 5: RegisterGuids function
  346. //
  349. NTSTATUS
  350. EtwRegisterGuids(
  351. IN PWMIREGINFO EtwRegInfo,
  352. IN ULONG etwRegInfoSize,
  353. IN PULONG pReturnSize
  354. )
  355. /*++
  357. Routine Description:
  359. This function handles ETW GUID registration.
  362. Arguments:
  364. EtwRegInfo
  365. etwRegInfoSize,
  366. pReturnSize
  369. Return Value:
  371. NTSTATUS - Completion status.
  372. --*/
  373. {
  374. //
  375. // Register a Control Guid as a Trace Guid.
  376. //
  378. ULONG SizeNeeded;
  379. PWMIREGGUIDW EtwRegGuidPtr;
  380. ULONG RegistryPathSize;
  381. ULONG MofResourceSize;
  382. PUCHAR ptmp;
  384. //
  385. // We either have a valid buffer to fill up or have at least
  386. // enough room to return the SizeNeeded.
  387. //
  389. if ( (pReturnSize == NULL) ||
  390. (EtwRegInfo == NULL) ||
  391. (etwRegInfoSize < sizeof(ULONG)) ) {
  392. return STATUS_INVALID_PARAMETER;
  393. }
  396. *pReturnSize = 0;
  398. //
  399. // Allocate WMIREGINFO for controlGuid
  400. //
  401. RegistryPathSize = KmpRegistryPath.Length +
  402. sizeof(USHORT);
  403. MofResourceSize = sizeof(TRACEKMP_MOF_FILE) -
  404. sizeof(WCHAR) +
  405. sizeof(USHORT);
  407. SizeNeeded = sizeof(WMIREGINFOW) + sizeof(WMIREGGUIDW) +
  408. RegistryPathSize +
  409. MofResourceSize;
  411. //
  412. // If there is not sufficient space, return the size required as
  413. // a ULONG and WMI will send another request with the right size buffer.
  414. //
  416. if (SizeNeeded > etwRegInfoSize) {
  417. *((PULONG)EtwRegInfo) = SizeNeeded;
  418. *pReturnSize = sizeof(ULONG);
  419. return STATUS_BUFFER_TOO_SMALL;
  420. }
  422. RtlZeroMemory(EtwRegInfo, SizeNeeded);
  423. EtwRegInfo->BufferSize = SizeNeeded;
  424. EtwRegInfo->GuidCount = 1;
  425. EtwRegInfo->RegistryPath = sizeof(WMIREGINFOW) + sizeof(WMIREGGUIDW);
  426. EtwRegInfo->MofResourceName = EtwRegInfo->RegistryPath + RegistryPathSize;
  428. EtwRegGuidPtr = &EtwRegInfo->WmiRegGuid[0];
  429. EtwRegGuidPtr->Guid = ControlGuid;
  430. EtwRegGuidPtr->Flags |= WMIREG_FLAG_TRACED_GUID;
  431. EtwRegGuidPtr->Flags |= WMIREG_FLAG_TRACE_CONTROL_GUID;
  432. EtwRegGuidPtr->InstanceCount = 0;
  433. EtwRegGuidPtr->InstanceInfo = 0;
  435. ptmp = (PUCHAR)&EtwRegInfo->WmiRegGuid[1];
  436. *((PUSHORT)ptmp) = KmpRegistryPath.Length;
  437. ptmp += sizeof(USHORT);
  438. RtlCopyMemory(ptmp,
  439. KmpRegistryPath.Buffer,
  440. KmpRegistryPath.Length);
  442. ptmp = (PUCHAR)EtwRegInfo + EtwRegInfo->MofResourceName;
  443. *((PUSHORT)ptmp) = sizeof(TRACEKMP_MOF_FILE) - sizeof(WCHAR);
  445. ptmp += sizeof(USHORT);
  446. RtlCopyMemory(ptmp,
  447. TRACEKMP_MOF_FILE,
  448. sizeof(TRACEKMP_MOF_FILE) - sizeof(WCHAR)
  449. );
  451. *pReturnSize = SizeNeeded;
  453. return STATUS_SUCCESS;
  454. }