archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/wmi/ntdll/ntdlltrc.c

943 lines
25 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997-2000 Microsoft Corporation
  5. Module Name:
  7. ntdlltrc.c
  9. Abstract:
  11. This file implements Event Tracing for Heap functions .
  13. --*/
  15. #include <nt.h>
  16. #include <ntrtl.h> // for ntutrl.h
  17. #include <nturtl.h> // for RTL_CRITICAL_SECTION in winbase.h/wtypes.h
  18. #include "wmiump.h"
  19. #include "evntrace.h"
  20. #include "ntdlltrc.h"
  21. #include "trcapi.h"
  22. #include "traceump.h"
  23. #include "tracelib.h"
  26. LONG NtdllTraceInitializeLock = 0;
  27. LONG NtdllLoggerLock = 0;
  28. PNTDLL_EVENT_HANDLES NtdllTraceHandles = NULL;
  29. BOOL bNtdllTrace = FALSE; // Flag determines that Tracing is enabled or disabled for this process.
  30. ULONG GlobalCounter = 0; // Used to determine that we have stale information about logger
  31. LONG TraceLevel = 0;
  33. extern LONG EtwpLoggerCount;
  34. extern ULONG WmiTraceAlignment;
  35. extern BOOLEAN LdrpInLdrInit;
  36. extern PWMI_LOGGER_CONTEXT EtwpLoggerContext;
  37. extern BOOLEAN EtwLocksInitialized;
  39. extern PWMI_BUFFER_HEADER FASTCALL EtwpSwitchFullBuffer(IN PWMI_BUFFER_HEADER OldBuffer );
  40. extern ULONG EtwpReleaseFullBuffer( IN PWMI_BUFFER_HEADER Buffer );
  41. extern PWMI_BUFFER_HEADER FASTCALL EtwpGetFullFreeBuffer( VOID );
  42. extern ULONG EtwpStopUmLogger( IN ULONG WnodeSize, IN OUT ULONG *SizeUsed,
  43. OUT ULONG *SizeNeeded,IN OUT PWMI_LOGGER_INFORMATION LoggerInfo );
  44. extern ULONG EtwpStartUmLogger( IN ULONG WnodeSize, IN OUT ULONG *SizeUsed, OUT ULONG *SizeNeeded,
  45. IN OUT PWMI_LOGGER_INFORMATION LoggerInfo );
  46. extern
  47. ULONG
  48. WMIAPI
  49. EtwRegisterTraceGuidsA(
  50. IN WMIDPREQUEST RequestAddress,
  51. IN PVOID RequestContext,
  52. IN LPCGUID ControlGuid,
  53. IN ULONG GuidCount,
  54. IN PTRACE_GUID_REGISTRATION GuidReg,
  55. IN LPCSTR MofImagePath,
  56. IN LPCSTR MofResourceName,
  57. IN PTRACEHANDLE RegistrationHandle
  58. );
  60. extern
  61. ULONG
  62. WMIAPI
  63. EtwUnregisterTraceGuids(
  64. IN TRACEHANDLE RegistrationHandle
  65. );
  67. #define MAXSTR 1024
  68. #define BUFFER_STATE_FULL 2
  69. #define EtwpIsLoggerOn() \
  70. (EtwpLoggerContext != NULL) && \
  71. (EtwpLoggerContext != (PWMI_LOGGER_CONTEXT) &EtwpLoggerContext)
  73. #define EtwpLockLogger() InterlockedIncrement(&EtwpLoggerCount)
  74. #define EtwpUnlockLogger() InterlockedDecrement(&EtwpLoggerCount)
  76. NTSTATUS
  77. InitializeEtwHandles(PPNTDLL_EVENT_HANDLES ppEtwHandle)
  78. /*++
  80. Routine Description:
  82. This function does groundwork to start Tracing for Heap and Critcal Section.
  83. With the help of global lock NtdllTraceInitializeLock the function
  84. allocates memory for NtdllTraceHandles and initializes the various variables needed
  85. for heap and critical tracing.
  87. Arguments
  89. ppEtwHandle : OUT Pointer is set to value of NtdllTraceHandles
  92. Return Value:
  94. STATUS_SUCCESS
  95. STATUS_UNSUCCESSFUL
  97. --*/
  98. {
  100. NTSTATUS st = STATUS_UNSUCCESSFUL;
  101. PNTDLL_EVENT_HANDLES pEtwHandle = NULL;
  103. __try {
  105. EtwpInitProcessHeap();
  107. pEtwHandle = (PNTDLL_EVENT_HANDLES)EtwpAlloc(sizeof(NTDLL_EVENT_HANDLES));
  109. if(pEtwHandle){
  111. pEtwHandle->hRegistrationHandle = (TRACEHANDLE)INVALID_HANDLE_VALUE;
  112. pEtwHandle->pThreadListHead = NULL;
  114. //
  115. // Allocate TLS
  116. //
  118. pEtwHandle->dwTlsIndex = EtwpTlsAlloc();
  120. if(pEtwHandle->dwTlsIndex == FAILED_TLSINDEX){
  122. EtwpFree(pEtwHandle);
  124. } else {
  126. st = RtlInitializeCriticalSection(&pEtwHandle->CriticalSection);
  127. if (NT_SUCCESS (st)) {
  128. *ppEtwHandle = pEtwHandle;
  129. st = STATUS_SUCCESS;
  130. }
  131. else {
  132. EtwpFree(pEtwHandle);
  133. *ppEtwHandle = NULL;
  134. }
  136. }
  137. }
  138. } __except (EXCEPTION_EXECUTE_HANDLER) {
  140. if(pEtwHandle !=NULL ) {
  141. EtwpFree(pEtwHandle);
  142. pEtwHandle = NULL;
  143. }
  145. EtwpDebugPrint(("InitializeEtwHandles threw an exception %d\n", GetExceptionCode()));
  146. }
  148. return st;
  149. }
  151. void
  152. CleanOnThreadExit()
  153. /*++
  155. Routine Description:
  157. This function cleans up the Thread buffer and takes its node out of the Link list
  158. which contains information of all threads involved in tracing.
  160. --*/
  161. {
  163. PTHREAD_LOCAL_DATA pThreadLocalData = NULL;
  164. PWMI_BUFFER_HEADER pEtwBuffer;
  166. if(NtdllTraceHandles != NULL ){
  168. pThreadLocalData = (PTHREAD_LOCAL_DATA)EtwpTlsGetValue(NtdllTraceHandles->dwTlsIndex);
  170. //
  171. // Remove the node from the Link List
  172. //
  174. if(pThreadLocalData != NULL ){
  176. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  178. __try {
  180. if(pThreadLocalData->BLink == NULL ){
  182. NtdllTraceHandles->pThreadListHead = pThreadLocalData->FLink;
  184. if(NtdllTraceHandles->pThreadListHead){
  186. NtdllTraceHandles->pThreadListHead->BLink = NULL;
  188. }
  190. } else {
  192. pThreadLocalData->BLink->FLink = pThreadLocalData->FLink;
  194. if(pThreadLocalData->FLink != NULL ){
  196. pThreadLocalData->FLink->BLink = pThreadLocalData->BLink;
  198. }
  199. }
  201. pEtwBuffer = pThreadLocalData->pBuffer;
  203. if(pEtwBuffer){
  205. EtwpReleaseFullBuffer(pEtwBuffer);
  207. }
  209. pThreadLocalData->pBuffer = NULL;
  210. pThreadLocalData->ReferenceCount = 0;
  212. EtwpFree(pThreadLocalData);
  213. EtwpTlsSetValue(NtdllTraceHandles->dwTlsIndex, NULL);
  215. } __finally {
  217. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  219. }
  220. }
  221. }
  222. }
  224. void
  225. CleanUpAllThreadBuffers(BOOLEAN Release)
  226. /*++
  228. Routine Description:
  230. This function cleans up the All Thread buffers and sets them to NULL. This
  231. function is called when the tracing is disabled for the process.
  233. --*/
  234. {
  236. PTHREAD_LOCAL_DATA pListHead;
  237. BOOL bAllClear = FALSE;
  238. PWMI_BUFFER_HEADER pEtwBuffer;
  239. int retry = 0;
  241. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  243. __try {
  245. while(bAllClear != TRUE && retry <= 10){
  247. bAllClear = TRUE;
  248. pListHead = NtdllTraceHandles->pThreadListHead;
  250. while(pListHead != NULL ){
  252. if(Release){
  254. pEtwBuffer = pListHead->pBuffer;
  256. if(pEtwBuffer){
  258. if(InterlockedIncrement(&(pListHead->ReferenceCount)) == 1){
  260. EtwpReleaseFullBuffer(pEtwBuffer);
  261. pListHead->pBuffer = NULL;
  262. InterlockedDecrement(&(pListHead->ReferenceCount));
  264. } else {
  266. InterlockedDecrement(&(pListHead->ReferenceCount));
  267. bAllClear = FALSE;
  268. }
  269. }
  270. } else {
  271. pListHead->pBuffer = NULL;
  272. pListHead->ReferenceCount = 0;
  273. }
  275. pListHead = pListHead->FLink;
  276. }
  278. retry++;
  280. if(!bAllClear){
  282. EtwpSleep(250);
  283. }
  284. }
  286. } __finally {
  288. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  290. }
  291. }
  293. void
  294. ShutDownEtwHandles()
  295. /*++
  297. Routine Description:
  299. This function is called when the process is exiting. This cleans all the thread
  300. buffers and releases the memory allocated for NtdllTraceHandless.
  302. --*/
  304. {
  306. if(NtdllTraceHandles == NULL) return;
  308. bNtdllTrace = FALSE;
  310. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  312. __try {
  314. if(NtdllTraceHandles->hRegistrationHandle != (TRACEHANDLE)INVALID_HANDLE_VALUE){
  316. EtwUnregisterTraceGuids(NtdllTraceHandles->hRegistrationHandle);
  318. }
  320. if(NtdllTraceHandles->pThreadListHead != NULL){
  322. PTHREAD_LOCAL_DATA pListHead, pNextListHead;
  324. pListHead = NtdllTraceHandles->pThreadListHead;
  326. while(pListHead != NULL ){
  328. if(pListHead->pBuffer != NULL){
  330. EtwpReleaseFullBuffer(pListHead->pBuffer);
  331. pListHead->pBuffer = NULL;
  332. InterlockedDecrement(&(pListHead->ReferenceCount));
  334. }
  336. pNextListHead = pListHead->FLink;
  337. EtwpFree(pListHead);
  338. pListHead = pNextListHead;
  339. }
  340. }
  342. EtwpTlsFree(NtdllTraceHandles->dwTlsIndex);
  344. } __finally {
  346. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  348. }
  350. RtlDeleteCriticalSection(&NtdllTraceHandles->CriticalSection);
  352. EtwpFree(NtdllTraceHandles);
  353. NtdllTraceHandles = NULL;
  354. }
  356. NTSTATUS
  357. GetLoggerInfo(PWMI_LOGGER_INFORMATION LoggerInfo)
  358. {
  360. ULONG st = STATUS_UNSUCCESSFUL;
  361. WMINTDLLLOGGERINFO NtdllLoggerInfo;
  362. ULONG BufferSize;
  364. if(LoggerInfo == NULL) return st;
  366. NtdllLoggerInfo.LoggerInfo = LoggerInfo;
  367. NtdllLoggerInfo.LoggerInfo->Wnode.Guid = NtdllTraceGuid;
  368. NtdllLoggerInfo.IsGet = TRUE;
  370. st = EtwpSendWmiKMRequest(
  371. NULL,
  372. IOCTL_WMI_NTDLL_LOGGERINFO,
  373. &NtdllLoggerInfo,
  374. sizeof(WMINTDLLLOGGERINFO),
  375. &NtdllLoggerInfo,
  376. sizeof(WMINTDLLLOGGERINFO),
  377. &BufferSize,
  378. NULL
  379. );
  381. return st;
  383. }
  385. BOOLEAN
  386. GetPidInfo(ULONG CheckPid, PWMI_LOGGER_INFORMATION LoggerInfo)
  387. {
  389. NTSTATUS st;
  390. BOOLEAN Found = FALSE;
  391. PTRACE_ENABLE_FLAG_EXTENSION FlagExt = NULL;
  393. st = GetLoggerInfo(LoggerInfo);
  395. if(NT_SUCCESS(st)){
  397. PULONG PidArray = NULL;
  398. ULONG count;
  400. FlagExt = (PTRACE_ENABLE_FLAG_EXTENSION) &LoggerInfo->EnableFlags;
  401. PidArray = (PULONG)(FlagExt->Offset + (PCHAR)LoggerInfo);
  403. for(count = 0; count < FlagExt->Length; count++){
  405. if(CheckPid == PidArray[count]){
  406. Found = TRUE;
  407. break;
  408. }
  409. }
  410. }
  412. return Found;
  413. }
  415. ULONG
  416. WINAPI
  417. NtdllCtrlCallback(
  418. WMIDPREQUESTCODE RequestCode,
  419. PVOID Context,
  420. ULONG *InOutBufferSize,
  421. PVOID Buffer
  422. )
  423. /*++
  425. Routine Description:
  427. This is WMI control callback function used at the time of registration.
  429. --*/
  430. {
  431. ULONG ret;
  433. ret = ERROR_SUCCESS;
  435. switch (RequestCode)
  436. {
  437. case WMI_ENABLE_EVENTS: //Enable Provider.
  438. {
  439. if(bNtdllTrace == TRUE) break;
  441. if(EtwpIsLoggerOn()){
  443. bNtdllTrace = TRUE;
  444. break;
  446. }
  448. if(InterlockedIncrement(&NtdllLoggerLock) == 1){
  450. if( bNtdllTrace == FALSE ){
  452. BOOLEAN PidEntry = FALSE;
  453. PWMI_LOGGER_INFORMATION LoggerInfo = NULL;
  455. ULONG sizeNeeded = sizeof(WMI_LOGGER_INFORMATION)
  456. + (2 * MAXSTR * sizeof(WCHAR))
  457. + (MAX_PID + 1) * sizeof(ULONG);
  459. //
  460. // Check to see that this process is allowed to log events
  461. // or not.
  462. //
  464. LoggerInfo = EtwpAlloc(sizeNeeded);
  466. if(LoggerInfo){
  468. //
  469. // Check to see that this process is allowed to
  470. // register or not.
  471. //
  474. RtlZeroMemory(LoggerInfo, sizeNeeded);
  476. if(GetPidInfo(EtwpGetCurrentProcessId(), LoggerInfo)){
  478. LoggerInfo->LoggerName.Buffer =
  479. (PWCHAR)(((PUCHAR) LoggerInfo)
  480. + sizeof(WMI_LOGGER_INFORMATION));
  482. LoggerInfo->LogFileName.Buffer =
  483. (PWCHAR)(((PUCHAR) LoggerInfo)
  484. + sizeof(WMI_LOGGER_INFORMATION)
  485. + LoggerInfo->LoggerName.MaximumLength);
  487. LoggerInfo->InstanceCount = 0;
  488. LoggerInfo->InstanceId = EtwpGetCurrentProcessId();
  490. TraceLevel = (LONG)LoggerInfo->Wnode.HistoricalContext;
  491. LoggerInfo->Wnode.HistoricalContext = 0;
  492. LoggerInfo->Wnode.ClientContext =
  493. EVENT_TRACE_CLOCK_CPUCYCLE;
  495. //Start Logger Here
  497. ret = EtwpStartUmLogger(sizeNeeded,
  498. &sizeNeeded,
  499. &sizeNeeded,
  500. LoggerInfo
  501. );
  503. if(ret == ERROR_SUCCESS ){
  505. CleanUpAllThreadBuffers(FALSE);
  506. bNtdllTrace = TRUE;
  507. InterlockedIncrement(&NtdllLoggerLock);
  508. }
  509. }
  511. EtwpFree(LoggerInfo);
  513. } else {
  514. EtwpDebugPrint(("LoggerInfo failed to get Heap Allocation during Enable Events\n"));
  515. }
  516. }
  517. }
  519. InterlockedDecrement(&NtdllLoggerLock);
  520. break;
  521. }
  522. case WMI_DISABLE_EVENTS: //Disable Provider.
  523. {
  525. if( bNtdllTrace == TRUE ){
  527. ULONG WnodeSize,SizeUsed,SizeNeeded;
  528. WMI_LOGGER_INFORMATION LoggerInfo;
  530. bNtdllTrace = FALSE;
  532. //
  533. // The above boolean bNtdllTrace is turned off as this
  534. // function will again be called back by EtwpStopUmLogger
  535. // so it will fall into endless loop of incrementing and
  536. // decrementing NtdllLoggerLock.( see below ).
  537. // This assignment SHOULD NOT BE MOVED FROM THIS PLACE.
  538. //
  540. while( InterlockedIncrement(&NtdllLoggerLock) != 1 ){
  542. InterlockedDecrement(&NtdllLoggerLock);
  543. EtwpSleep(250);
  545. }
  547. if(!EtwpIsLoggerOn()){
  549. InterlockedDecrement(&NtdllLoggerLock);
  550. break;
  552. }
  554. //
  555. // Now release thread buffer memory here.
  556. //
  558. CleanUpAllThreadBuffers(TRUE);
  559. WnodeSize = sizeof(WMI_LOGGER_INFORMATION);
  560. RtlZeroMemory(&LoggerInfo, WnodeSize);
  561. LoggerInfo.Wnode.CountLost = ((PWNODE_HEADER)Buffer)->CountLost;
  562. LoggerInfo.Wnode.BufferSize = WnodeSize;
  563. SizeUsed = 0;
  564. SizeNeeded = 0;
  566. EtwpStopUmLogger(WnodeSize,
  567. &SizeUsed,
  568. &SizeNeeded,
  569. &LoggerInfo);
  571. InterlockedDecrement(&NtdllLoggerLock);
  572. }
  574. break;
  575. }
  577. default:
  578. {
  580. ret = ERROR_INVALID_PARAMETER;
  581. break;
  583. }
  584. }
  585. return ret;
  586. }
  589. ULONG
  590. RegisterNtdllTraceEvents()
  591. /*++
  593. Routine Description:
  595. This function registers the guids with WMI for tracing.
  597. Return Value:
  599. The return value of RegisterTraceGuidsA function.
  601. --*/
  602. {
  604. //Create the guid registration array
  605. NTSTATUS status;
  607. TRACE_GUID_REGISTRATION TraceGuidReg[] =
  608. {
  609. {
  610. (LPGUID) &HeapGuid,
  611. NULL
  612. },
  613. {
  614. (LPGUID) &CritSecGuid,
  615. NULL
  616. }
  618. };
  620. //Now register this process as a WMI trace provider.
  621. status = EtwRegisterTraceGuidsA(
  622. (WMIDPREQUEST)NtdllCtrlCallback, // Enable/disable function.
  623. NULL, // RequestContext parameter
  624. (LPGUID)&NtdllTraceGuid, // Provider GUID
  625. 2, // TraceGuidReg array size
  626. TraceGuidReg, // Array of TraceGuidReg structures
  627. NULL, // Optional WMI - MOFImagePath
  628. NULL, // Optional WMI - MOFResourceName
  629. &(NtdllTraceHandles->hRegistrationHandle) // Handle unregister
  630. );
  632. return status;
  633. }
  636. NTSTATUS
  637. InitializeAndRegisterNtdllTraceEvents()
  638. /*++
  640. Routine Description:
  642. This functions checks for global variable NtdllTraceHandles and if not set then
  643. calls fucntion InitializeEtwHandles to initialize it. NtdllTraceHandles
  644. contains handles used for Heap tracing. If NtdllTraceHandles is already
  645. initialized then a call is made to register the guids.
  647. Return Value:
  649. STATUS_SUCCESS
  650. STATUS_UNSUCCESSFUL
  652. --*/
  654. {
  655. NTSTATUS st = STATUS_UNSUCCESSFUL;
  657. if(NtdllTraceHandles == NULL){
  659. if(InterlockedIncrement(&NtdllTraceInitializeLock) == 1){
  661. st = InitializeEtwHandles(&NtdllTraceHandles);
  663. if(NT_SUCCESS(st)){
  665. st = RegisterNtdllTraceEvents();
  667. }
  668. }
  669. }
  671. return st;
  672. }
  675. NTSTATUS
  676. AllocateMemoryForThreadLocalData(PPTHREAD_LOCAL_DATA ppThreadLocalData)
  677. /*++
  679. Routine Description:
  681. This functions allcates memory for tls and adds it to Link list which
  682. contains informations of all threads involved in tracing.
  684. Arguments
  686. ppThreadLocalData : The OUT pointer to the tls.
  688. Return Value:
  690. STATUS_SUCCESS
  691. STATUS_UNSUCCESSFUL
  693. --*/
  694. {
  695. NTSTATUS st = STATUS_UNSUCCESSFUL;
  696. PTHREAD_LOCAL_DATA pThreadLocalData = NULL;
  698. pThreadLocalData = (PTHREAD_LOCAL_DATA)EtwpAlloc(sizeof(THREAD_LOCAL_DATA));
  700. if(pThreadLocalData != NULL){
  702. if(EtwpTlsSetValue(NtdllTraceHandles->dwTlsIndex, (LPVOID)pThreadLocalData) == TRUE){
  704. pThreadLocalData->pBuffer = NULL;
  705. pThreadLocalData->ReferenceCount = 0;
  707. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  709. if(NtdllTraceHandles->pThreadListHead == NULL ){
  711. pThreadLocalData->BLink = NULL;
  712. pThreadLocalData->FLink = NULL;
  714. } else {
  716. pThreadLocalData->FLink = NtdllTraceHandles->pThreadListHead;
  717. pThreadLocalData->BLink = NULL;
  718. NtdllTraceHandles->pThreadListHead->BLink = pThreadLocalData;
  720. }
  722. NtdllTraceHandles->pThreadListHead = pThreadLocalData;
  724. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  726. st = STATUS_SUCCESS;
  727. }
  729. } else {
  730. EtwpDebugPrint(("pThreadLocalData failed to get Heap Allocation\n"));
  731. }
  733. if(!NT_SUCCESS(st) && pThreadLocalData != NULL){
  735. EtwpFree(pThreadLocalData);
  736. pThreadLocalData = NULL;
  738. }
  740. *ppThreadLocalData = pThreadLocalData;
  742. return st;
  743. }
  746. void
  747. ReleaseBufferLocation(PTHREAD_LOCAL_DATA pThreadLocalData)
  748. {
  750. PWMI_BUFFER_HEADER pEtwBuffer;
  752. pEtwBuffer = pThreadLocalData->pBuffer;
  754. if(pEtwBuffer){
  756. PPERFINFO_TRACE_HEADER EventHeader = (PPERFINFO_TRACE_HEADER) (pEtwBuffer->SavedOffset
  757. + (PCHAR)(pEtwBuffer));
  759. EventHeader->Marker = PERFINFO_TRACE_MARKER;
  760. EventHeader->TS = EtwpGetCycleCount();
  762. }
  764. InterlockedDecrement(&(pThreadLocalData->ReferenceCount));
  766. EtwpUnlockLogger();
  767. }
  770. PCHAR
  771. ReserveBufferSpace(PTHREAD_LOCAL_DATA pThreadLocalData, PUSHORT ReqSize)
  772. {
  775. PWMI_BUFFER_HEADER TraceBuffer = pThreadLocalData->pBuffer;
  777. *ReqSize = (USHORT) ALIGN_TO_POWER2(*ReqSize, WmiTraceAlignment);
  779. if(TraceBuffer == NULL) return NULL;
  781. if(EtwpLoggerContext->BufferSize - TraceBuffer->CurrentOffset < *ReqSize) {
  783. PWMI_BUFFER_HEADER NewTraceBuffer = NULL;
  785. NewTraceBuffer = EtwpSwitchFullBuffer(TraceBuffer);
  787. if( NewTraceBuffer == NULL ){
  788. pThreadLocalData->pBuffer = NULL;
  789. return NULL;
  791. } else {
  793. pThreadLocalData->pBuffer = NewTraceBuffer;
  794. TraceBuffer = NewTraceBuffer;
  795. }
  796. }
  798. TraceBuffer->SavedOffset = TraceBuffer->CurrentOffset;
  799. TraceBuffer->CurrentOffset += *ReqSize;
  801. return (PCHAR)( TraceBuffer->SavedOffset + (PCHAR) TraceBuffer );
  802. }
  804. NTSTATUS
  805. AcquireBufferLocation(PVOID *ppEvent, PPTHREAD_LOCAL_DATA ppThreadLocalData, PUSHORT ReqSize)
  806. /*++
  808. Routine Description:
  810. This function is called from heap.c and heapdll.c whenever there is some
  811. Heap activity. It looks up the buffer location where the even can be written
  812. and gives back the pointer.
  814. Arguments:
  816. ppEvent - The pointer to pointer of buffer location
  817. ppThreadLocalData - The pointer to pointer of thread event storing struct.
  819. Return Value:
  821. STATUS_UNSUCCESSFUL if failed otherwise STATUS_SUCCESS
  823. --*/
  824. {
  826. NTSTATUS st = STATUS_SUCCESS;
  827. PWMI_BUFFER_HEADER pEtwBuffer;
  829. if( bNtdllTrace ){
  831. EtwpLockLogger();
  833. if(EtwpIsLoggerOn()){
  835. *ppThreadLocalData = (PTHREAD_LOCAL_DATA)EtwpTlsGetValue(NtdllTraceHandles->dwTlsIndex);
  837. //
  838. //If there is no tls then create one here
  839. //
  841. if(*ppThreadLocalData == NULL ) {
  843. st = AllocateMemoryForThreadLocalData(ppThreadLocalData);
  845. }
  847. //
  848. //If the thread buffer is NULL then get it from logger.
  849. //
  851. if( NT_SUCCESS(st) && (*ppThreadLocalData)->pBuffer == NULL ){
  853. (*ppThreadLocalData)->pBuffer = EtwpGetFullFreeBuffer();
  855. if((*ppThreadLocalData)->pBuffer == NULL){
  857. st = STATUS_UNSUCCESSFUL;
  859. }
  860. }
  862. if(NT_SUCCESS(st)){
  864. //
  865. // Check ReferenceCount. If is 1 then the cleaning process
  866. // might be in progress.
  867. //
  869. pEtwBuffer = (*ppThreadLocalData)->pBuffer;
  871. if(pEtwBuffer){
  873. if(InterlockedIncrement(&((*ppThreadLocalData)->ReferenceCount)) == 1 ){
  875. *ppEvent = ReserveBufferSpace(*ppThreadLocalData, ReqSize );
  877. if(*ppEvent == NULL) {
  879. InterlockedDecrement(&((*ppThreadLocalData)->ReferenceCount));
  880. EtwpUnlockLogger();
  882. }
  884. } else {
  886. InterlockedDecrement(&((*ppThreadLocalData)->ReferenceCount));
  888. }
  890. }
  892. }
  893. } else {
  895. EtwpUnlockLogger();
  897. }
  898. } else if ( LdrpInLdrInit == FALSE && EtwLocksInitialized && NtdllTraceInitializeLock == 0 ){
  900. //
  901. // Make sure that process is not in initialization phase
  902. // Also we test for NtdllTraceInitializeLock. If is
  903. // greater than 0 then it was registered earlier so no
  904. // need to fire IOCTLS everytime
  905. //
  907. if((UserSharedData->TraceLogging >> 16) != GlobalCounter){
  909. PWMI_LOGGER_INFORMATION LoggerInfo = NULL;
  911. ULONG sizeNeeded = sizeof(WMI_LOGGER_INFORMATION)
  912. + (2 * MAXSTR * sizeof(TCHAR))
  913. + (MAX_PID + 1) * sizeof(ULONG);
  915. GlobalCounter = UserSharedData->TraceLogging >> 16;
  917. EtwpInitProcessHeap();
  919. LoggerInfo = EtwpAlloc(sizeNeeded);
  921. if(LoggerInfo != NULL){
  923. //
  924. // Check to see that this process is allowed to register or not.
  925. //
  927. if(GetPidInfo(EtwpGetCurrentProcessId(), LoggerInfo)){
  929. st = InitializeAndRegisterNtdllTraceEvents();
  931. }
  933. EtwpFree(LoggerInfo);
  934. } else {
  935. EtwpDebugPrint(("LoggerInfo failed to get Heap Allocation \n"));
  936. }
  937. }
  938. }
  939. return st;
  940. }