archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/base/wmi/ntdll/ntdlltrc.c

892 lines
22 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997-2000 Microsoft Corporation
  5. Module Name:
  7. HeapEventTracer.c
  9. Abstract:
  11. This file implements Event Tracing for Heap functions .
  13. --*/
  15. #include <nt.h>
  16. #include <ntrtl.h> // for ntutrl.h
  17. #include <nturtl.h> // for RTL_CRITICAL_SECTION in winbase.h/wtypes.h
  18. #include "wmiump.h"
  19. #include "evntrace.h"
  20. #include "ntdlltrc.h"
  21. #include "trcapi.h"
  22. #include "traceump.h"
  23. #include "tracelib.h"
  26. LONG NtdllTraceInitializeLock = 0;
  27. LONG NtdllLoggerLock = 0;
  28. PNTDLL_EVENT_HANDLES NtdllTraceHandles = NULL;
  29. BOOL bNtdllTrace = FALSE; // Flag determines that Tracing is enabled or disabled for this process.
  30. ULONG GlobalCounter = 0; // Used to determine that we have stale information about logger
  31. PWMI_LOGGER_INFORMATION gLoggerInfo = NULL;
  32. LONG TraceLevel = 0;
  34. extern LONG WmipLoggerCount;
  35. extern ULONG WmiTraceAlignment;
  36. extern BOOLEAN LdrpInLdrInit;
  37. extern PWMI_LOGGER_CONTEXT WmipLoggerContext;
  38. extern BOOLEAN EtwLocksInitialized;
  40. #define MAXSTR 1024
  41. #define BUFFER_STATE_FULL 2
  42. #define WmipIsLoggerOn() \
  43. (WmipLoggerContext != NULL) && \
  44. (WmipLoggerContext != (PWMI_LOGGER_CONTEXT) &WmipLoggerContext)
  46. #define WmipLockLogger() InterlockedIncrement(&WmipLoggerCount)
  47. #define WmipUnlockLogger() InterlockedDecrement(&WmipLoggerCount)
  49. NTSTATUS
  50. InitializeWmiHandles(PPNTDLL_EVENT_HANDLES ppWmiHandle)
  51. /*++
  53. Routine Description:
  55. This function does groundwork to start Tracing for Heap and Critcal Section.
  56. With the help of global lock NtdllTraceInitializeLock the function
  57. allocates memory for NtdllTraceHandles and initializes the various variables needed
  58. for heap and critical tracing.
  60. Arguments
  62. ppWmiHandle : OUT Pointer is set to value of NtdllTraceHandles
  65. Return Value:
  67. STATUS_SUCCESS
  68. STATUS_UNSUCCESSFUL
  70. --*/
  71. {
  73. NTSTATUS st = STATUS_UNSUCCESSFUL;
  74. PNTDLL_EVENT_HANDLES pWmiHandle = NULL;
  76. __try {
  78. WmipInitProcessHeap();
  80. pWmiHandle = (PNTDLL_EVENT_HANDLES)WmipAlloc(sizeof(NTDLL_EVENT_HANDLES));
  82. if(pWmiHandle){
  84. pWmiHandle->hRegistrationHandle = (TRACEHANDLE)INVALID_HANDLE_VALUE;
  85. pWmiHandle->pThreadListHead = NULL;
  87. //
  88. // Allocate TLS
  89. //
  91. pWmiHandle->dwTlsIndex = WmipTlsAlloc();
  93. if(pWmiHandle->dwTlsIndex == FAILED_TLSINDEX){
  95. WmipFree(pWmiHandle);
  97. } else {
  99. RtlInitializeCriticalSection(&pWmiHandle->CriticalSection);
  100. *ppWmiHandle = pWmiHandle;
  101. st = STATUS_SUCCESS;
  103. }
  104. }
  105. } __except (EXCEPTION_EXECUTE_HANDLER) {
  107. if(pWmiHandle !=NULL ) {
  108. WmipFree(pWmiHandle);
  109. pWmiHandle = NULL;
  110. }
  111. }
  113. return st;
  114. }
  116. void
  117. CleanOnThreadExit()
  118. /*++
  120. Routine Description:
  122. This function cleans up the Thread buffer and takes its node out of the Link list
  123. which contains information of all threads involved in tracing.
  125. --*/
  126. {
  128. PTHREAD_LOCAL_DATA pThreadLocalData = NULL;
  129. PWMI_BUFFER_HEADER pWmiBuffer;
  131. if(NtdllTraceHandles != NULL ){
  133. pThreadLocalData = (PTHREAD_LOCAL_DATA)WmipTlsGetValue(NtdllTraceHandles->dwTlsIndex);
  135. //
  136. // Remove the node from the Link List
  137. //
  139. if(pThreadLocalData != NULL ){
  141. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  143. __try {
  145. if(pThreadLocalData->BLink == NULL ){
  147. NtdllTraceHandles->pThreadListHead = pThreadLocalData->FLink;
  149. if(NtdllTraceHandles->pThreadListHead){
  151. NtdllTraceHandles->pThreadListHead->BLink = NULL;
  153. }
  155. } else {
  157. pThreadLocalData->BLink->FLink = pThreadLocalData->FLink;
  159. if(pThreadLocalData->FLink != NULL ){
  161. pThreadLocalData->FLink->BLink = pThreadLocalData->BLink;
  163. }
  164. }
  166. pWmiBuffer = pThreadLocalData->pBuffer;
  168. if(pWmiBuffer){
  170. WmipReleaseFullBuffer(pWmiBuffer);
  172. }
  174. pThreadLocalData->pBuffer = NULL;
  175. pThreadLocalData->ReferenceCount = 0;
  177. WmipFree(pThreadLocalData);
  178. WmipTlsSetValue(NtdllTraceHandles->dwTlsIndex, NULL);
  180. } __finally {
  182. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  184. }
  185. }
  186. }
  187. }
  189. void
  190. CleanUpAllThreadBuffers(BOOLEAN Release)
  191. /*++
  193. Routine Description:
  195. This function cleans up the All Thread buffers and sets them to NULL. This
  196. function is called when the tracing is disabled for the process.
  198. --*/
  199. {
  201. PTHREAD_LOCAL_DATA pListHead;
  202. BOOL bAllClear = FALSE;
  203. PWMI_BUFFER_HEADER pWmiBuffer;
  204. int retry = 0;
  206. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  208. __try {
  210. while(bAllClear != TRUE && retry <= 10){
  212. bAllClear = TRUE;
  213. pListHead = NtdllTraceHandles->pThreadListHead;
  215. while(pListHead != NULL ){
  217. if(Release){
  219. pWmiBuffer = pListHead->pBuffer;
  221. if(pWmiBuffer){
  223. if(InterlockedIncrement(&(pListHead->ReferenceCount)) == 1){
  225. WmipReleaseFullBuffer(pWmiBuffer);
  226. pListHead->pBuffer = NULL;
  227. InterlockedDecrement(&(pListHead->ReferenceCount));
  229. } else {
  231. InterlockedDecrement(&(pListHead->ReferenceCount));
  232. bAllClear = FALSE;
  233. }
  234. }
  235. } else {
  236. pListHead->pBuffer = NULL;
  237. pListHead->ReferenceCount = 0;
  238. }
  240. pListHead = pListHead->FLink;
  241. }
  243. retry++;
  245. if(!bAllClear){
  247. WmipSleep(250);
  248. }
  249. }
  251. } __finally {
  253. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  255. }
  256. }
  258. void
  259. ShutDownWmiHandles()
  260. /*++
  262. Routine Description:
  264. This function is called when the process is exiting. This cleans all the thread
  265. buffers and releases the memory allocated for NtdllTraceHandless.
  267. --*/
  269. {
  271. if(NtdllTraceHandles == NULL) return;
  273. bNtdllTrace = FALSE;
  275. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  277. __try {
  279. if(NtdllTraceHandles->hRegistrationHandle != (TRACEHANDLE)INVALID_HANDLE_VALUE){
  281. UnregisterTraceGuids(NtdllTraceHandles->hRegistrationHandle);
  283. }
  285. if(NtdllTraceHandles->pThreadListHead != NULL){
  287. PTHREAD_LOCAL_DATA pListHead, pNextListHead;
  289. pListHead = NtdllTraceHandles->pThreadListHead;
  291. while(pListHead != NULL ){
  293. if(pListHead->pBuffer != NULL){
  295. WmipReleaseFullBuffer(pListHead->pBuffer);
  296. pListHead->pBuffer = NULL;
  297. InterlockedDecrement(&(pListHead->ReferenceCount));
  299. }
  301. pNextListHead = pListHead->FLink;
  302. WmipFree(pListHead);
  303. pListHead = pNextListHead;
  304. }
  305. }
  307. WmipTlsFree(NtdllTraceHandles->dwTlsIndex);
  309. } __finally {
  311. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  313. }
  315. RtlDeleteCriticalSection(&NtdllTraceHandles->CriticalSection);
  317. WmipFree(NtdllTraceHandles);
  318. NtdllTraceHandles = NULL;
  319. }
  321. NTSTATUS
  322. GetLoggerInfo(PWMI_LOGGER_INFORMATION LoggerInfo)
  323. {
  325. ULONG st = STATUS_UNSUCCESSFUL;
  326. WMINTDLLLOGGERINFO NtdllLoggerInfo;
  327. ULONG BufferSize;
  329. if(LoggerInfo == NULL) return st;
  331. NtdllLoggerInfo.LoggerInfo = LoggerInfo;
  332. NtdllLoggerInfo.LoggerInfo->Wnode.Guid = NtdllTraceGuid;
  333. NtdllLoggerInfo.IsGet = TRUE;
  335. st = WmipSendWmiKMRequest(
  336. NULL,
  337. IOCTL_WMI_NTDLL_LOGGERINFO,
  338. &NtdllLoggerInfo,
  339. sizeof(WMINTDLLLOGGERINFO),
  340. &NtdllLoggerInfo,
  341. sizeof(WMINTDLLLOGGERINFO),
  342. &BufferSize,
  343. NULL
  344. );
  346. return st;
  348. }
  350. BOOLEAN
  351. GetPidInfo(ULONG CheckPid, PWMI_LOGGER_INFORMATION LoggerInfo)
  352. {
  354. NTSTATUS st;
  355. BOOLEAN Found = FALSE;
  356. PTRACE_ENABLE_FLAG_EXTENSION FlagExt = NULL;
  358. st = GetLoggerInfo(LoggerInfo);
  360. if(NT_SUCCESS(st)){
  362. PULONG PidArray = NULL;
  363. ULONG count;
  365. FlagExt = (PTRACE_ENABLE_FLAG_EXTENSION) &LoggerInfo->EnableFlags;
  366. PidArray = (PULONG)(FlagExt->Offset + (PCHAR)LoggerInfo);
  368. for(count = 0; count < FlagExt->Length; count++){
  370. if(CheckPid == PidArray[count]){
  371. Found = TRUE;
  372. break;
  373. }
  374. }
  375. }
  377. return Found;
  378. }
  380. ULONG
  381. WINAPI
  382. NtdllCtrlCallback(
  383. WMIDPREQUESTCODE RequestCode,
  384. PVOID Context,
  385. ULONG *InOutBufferSize,
  386. PVOID Buffer
  387. )
  388. /*++
  390. Routine Description:
  392. This is WMI control callback function used at the time of registration.
  394. --*/
  395. {
  396. ULONG ret;
  398. ret = ERROR_SUCCESS;
  400. switch (RequestCode)
  401. {
  402. case WMI_ENABLE_EVENTS: //Enable Provider.
  403. {
  404. if(bNtdllTrace == TRUE) break;
  406. if(WmipIsLoggerOn()){
  408. bNtdllTrace = TRUE;
  409. break;
  411. }
  413. if(InterlockedIncrement(&NtdllLoggerLock) == 1){
  415. if( bNtdllTrace == FALSE ){
  417. BOOLEAN PidEntry = FALSE;
  418. PWMI_LOGGER_INFORMATION LoggerInfo = NULL;
  420. ULONG sizeNeeded = sizeof(WMI_LOGGER_INFORMATION)
  421. + (4 * MAXSTR * sizeof(WCHAR))
  422. + (MAX_PID + 1) * sizeof(ULONG);
  425. //
  426. // Check to see that this process is allowed to log events or not.
  427. //
  430. LoggerInfo = WmipAlloc(sizeNeeded);
  432. if(LoggerInfo){
  434. //
  435. // Check to see that this process is allowed to register or not.
  436. //
  439. RtlZeroMemory(LoggerInfo, sizeNeeded);
  441. if(GetPidInfo(WmipGetCurrentProcessId(), LoggerInfo)){
  443. LoggerInfo->LoggerName.Buffer = (PWCHAR)(((PUCHAR) LoggerInfo)
  444. + sizeof(WMI_LOGGER_INFORMATION));
  446. LoggerInfo->LogFileName.Buffer = (PWCHAR)(((PUCHAR) LoggerInfo)
  447. + sizeof(WMI_LOGGER_INFORMATION)
  448. + LoggerInfo->LoggerName.MaximumLength);
  450. LoggerInfo->InstanceCount = 0;
  451. LoggerInfo->InstanceId = WmipGetCurrentProcessId();
  453. TraceLevel = (LONG)LoggerInfo->Wnode.HistoricalContext;
  454. LoggerInfo->Wnode.HistoricalContext = 0;
  456. //Start Logger Here
  458. ret = WmipStartUmLogger(sizeNeeded,&sizeNeeded, &sizeNeeded,LoggerInfo);
  460. if(ret == ERROR_SUCCESS ){
  462. CleanUpAllThreadBuffers(FALSE);
  463. bNtdllTrace = TRUE;
  464. gLoggerInfo = LoggerInfo;
  465. InterlockedIncrement(&NtdllLoggerLock);
  467. } else {
  469. WmipFree(LoggerInfo);
  471. }
  473. }
  474. }
  475. }
  476. }
  478. InterlockedDecrement(&NtdllLoggerLock);
  479. break;
  480. }
  481. case WMI_DISABLE_EVENTS: //Disable Provider.
  482. {
  484. if( bNtdllTrace == TRUE ){
  486. ULONG WnodeSize,SizeUsed,SizeNeeded;
  488. bNtdllTrace = FALSE;
  490. while( InterlockedIncrement(&NtdllLoggerLock) != 1 ){
  492. WmipSleep(250);
  493. InterlockedDecrement(&NtdllLoggerLock);
  495. }
  497. if(!WmipIsLoggerOn()){
  499. InterlockedDecrement(&NtdllLoggerLock);
  500. break;
  502. }
  504. //
  505. // Now release thread buffer memory here.
  506. //
  508. CleanUpAllThreadBuffers(TRUE);
  510. WnodeSize = gLoggerInfo->Wnode.BufferSize;
  511. SizeUsed = 0;
  512. SizeNeeded = 0;
  514. WmipStopUmLogger(WnodeSize,
  515. &SizeUsed,
  516. &SizeNeeded,
  517. gLoggerInfo);
  519. if(gLoggerInfo){
  521. WmipFree(gLoggerInfo);
  522. gLoggerInfo = NULL;
  524. }
  526. InterlockedDecrement(&NtdllLoggerLock);
  527. }
  529. break;
  530. }
  532. default:
  533. {
  535. ret = ERROR_INVALID_PARAMETER;
  536. break;
  538. }
  539. }
  540. return ret;
  541. }
  544. ULONG
  545. RegisterNtdllTraceEvents()
  546. /*++
  548. Routine Description:
  550. This function registers the guids with WMI for tracing.
  552. Return Value:
  554. The return value of RegisterTraceGuidsA function.
  556. --*/
  557. {
  559. //Create the guid registration array
  560. NTSTATUS status;
  562. TRACE_GUID_REGISTRATION TraceGuidReg[] =
  563. {
  564. {
  565. (LPGUID) &HeapGuid,
  566. NULL
  567. },
  568. {
  569. (LPGUID) &CritSecGuid,
  570. NULL
  571. }
  573. };
  575. //Now register this process as a WMI trace provider.
  576. status = RegisterTraceGuidsA(
  577. (WMIDPREQUEST)NtdllCtrlCallback, // Enable/disable function.
  578. NULL, // RequestContext parameter
  579. (LPGUID)&NtdllTraceGuid, // Provider GUID
  580. 2, // TraceGuidReg array size
  581. TraceGuidReg, // Array of TraceGuidReg structures
  582. NULL, // Optional WMI - MOFImagePath
  583. NULL, // Optional WMI - MOFResourceName
  584. &(NtdllTraceHandles->hRegistrationHandle) // Handle required to unregister.
  585. );
  587. return status;
  588. }
  591. NTSTATUS
  592. InitializeAndRegisterNtdllTraceEvents()
  593. /*++
  595. Routine Description:
  597. This functions checks for global variable NtdllTraceHandles and if not set then calls
  598. fucntion InitializeWmiHandles to initialize it. NtdllTraceHandles contains handles used
  599. for Heap tracing. If NtdllTraceHandles is already initialized then a call is made to
  600. register the guids.
  602. Return Value:
  604. STATUS_SUCCESS
  605. STATUS_UNSUCCESSFUL
  607. --*/
  609. {
  610. NTSTATUS st = STATUS_UNSUCCESSFUL;
  612. if(NtdllTraceHandles == NULL){
  614. if(InterlockedIncrement(&NtdllTraceInitializeLock) == 1){
  616. st = InitializeWmiHandles(&NtdllTraceHandles);
  618. if(NT_SUCCESS(st)){
  620. st = RegisterNtdllTraceEvents();
  622. }
  623. }
  624. }
  626. return st;
  627. }
  630. NTSTATUS
  631. AllocateMemoryForThreadLocalData(PPTHREAD_LOCAL_DATA ppThreadLocalData)
  632. /*++
  634. Routine Description:
  636. This functions allcates memory for tls and adds it to Link list which
  637. contains informations of all threads involved in tracing.
  639. Arguments
  641. ppThreadLocalData : The OUT pointer to the tls.
  643. Return Value:
  645. STATUS_SUCCESS
  646. STATUS_UNSUCCESSFUL
  648. --*/
  649. {
  650. NTSTATUS st = STATUS_UNSUCCESSFUL;
  651. PTHREAD_LOCAL_DATA pThreadLocalData = NULL;
  653. pThreadLocalData = (PTHREAD_LOCAL_DATA)WmipAlloc(sizeof(THREAD_LOCAL_DATA));
  655. if(pThreadLocalData != NULL){
  657. if(WmipTlsSetValue(NtdllTraceHandles->dwTlsIndex, (LPVOID)pThreadLocalData) == TRUE){
  659. pThreadLocalData->pBuffer = NULL;
  660. pThreadLocalData->ReferenceCount = 0;
  662. RtlEnterCriticalSection(&NtdllTraceHandles->CriticalSection);
  664. if(NtdllTraceHandles->pThreadListHead == NULL ){
  666. pThreadLocalData->BLink = NULL;
  667. pThreadLocalData->FLink = NULL;
  669. } else {
  671. pThreadLocalData->FLink = NtdllTraceHandles->pThreadListHead;
  672. pThreadLocalData->BLink = NULL;
  673. NtdllTraceHandles->pThreadListHead->BLink = pThreadLocalData;
  675. }
  677. NtdllTraceHandles->pThreadListHead = pThreadLocalData;
  679. RtlLeaveCriticalSection(&NtdllTraceHandles->CriticalSection);
  681. st = STATUS_SUCCESS;
  682. }
  683. }
  685. if(!NT_SUCCESS(st) && pThreadLocalData != NULL){
  687. WmipFree(pThreadLocalData);
  688. pThreadLocalData = NULL;
  690. }
  692. *ppThreadLocalData = pThreadLocalData;
  694. return st;
  695. }
  698. void
  699. ReleaseBufferLocation(PTHREAD_LOCAL_DATA pThreadLocalData)
  700. {
  702. PWMI_BUFFER_HEADER pWmiBuffer;
  704. pWmiBuffer = pThreadLocalData->pBuffer;
  706. if(pWmiBuffer){
  708. PPERFINFO_TRACE_HEADER EventHeader = (PPERFINFO_TRACE_HEADER) (pWmiBuffer->SavedOffset
  709. + (PCHAR)(pWmiBuffer));
  711. EventHeader->Marker = PERFINFO_TRACE_MARKER;
  712. EventHeader->TS = WmipGetCycleCount();
  714. }
  716. InterlockedDecrement(&(pThreadLocalData->ReferenceCount));
  718. WmipUnlockLogger();
  719. }
  722. PCHAR
  723. ReserveBufferSpace(PTHREAD_LOCAL_DATA pThreadLocalData, PUSHORT ReqSize)
  724. {
  727. PWMI_BUFFER_HEADER TraceBuffer = pThreadLocalData->pBuffer;
  729. *ReqSize = (USHORT) ALIGN_TO_POWER2(*ReqSize, WmiTraceAlignment);
  731. if(TraceBuffer == NULL) return NULL;
  733. if(WmipLoggerContext->BufferSize - TraceBuffer->CurrentOffset < *ReqSize) {
  735. PWMI_BUFFER_HEADER NewTraceBuffer = NULL;
  737. NewTraceBuffer = WmipSwitchFullBuffer(TraceBuffer);
  739. if( NewTraceBuffer == NULL ){
  740. pThreadLocalData->pBuffer = NULL;
  741. return NULL;
  743. } else {
  745. pThreadLocalData->pBuffer = NewTraceBuffer;
  746. TraceBuffer = NewTraceBuffer;
  747. }
  748. }
  750. TraceBuffer->SavedOffset = TraceBuffer->CurrentOffset;
  751. TraceBuffer->CurrentOffset += *ReqSize;
  753. return (PCHAR)( TraceBuffer->SavedOffset + (PCHAR) TraceBuffer );
  754. }
  756. NTSTATUS
  757. AcquireBufferLocation(PVOID *ppEvent, PPTHREAD_LOCAL_DATA ppThreadLocalData, PUSHORT ReqSize)
  758. /*++
  760. Routine Description:
  762. This function is called from heap.c and heapdll.c whenever there is some
  763. Heap activity. It looks up the buffer location where the even can be written
  764. and gives back the pointer.
  766. Arguments:
  768. ppEvent - The pointer to pointer of buffer location
  769. ppThreadLocalData - The pointer to pointer of thread event storing struct.
  771. Return Value:
  773. STATUS_UNSUCCESSFUL if failed otherwise STATUS_SUCCESS
  775. --*/
  776. {
  778. NTSTATUS st = STATUS_SUCCESS;
  779. PWMI_BUFFER_HEADER pWmiBuffer;
  781. if( bNtdllTrace ){
  783. WmipLockLogger();
  785. if(WmipIsLoggerOn()){
  787. *ppThreadLocalData = (PTHREAD_LOCAL_DATA)WmipTlsGetValue(NtdllTraceHandles->dwTlsIndex);
  789. //
  790. //If there is no tls then create one here
  791. //
  793. if(*ppThreadLocalData == NULL ) {
  795. st = AllocateMemoryForThreadLocalData(ppThreadLocalData);
  797. }
  799. //
  800. //If the thread buffer is NULL then get it from logger.
  801. //
  803. if( NT_SUCCESS(st) && (*ppThreadLocalData)->pBuffer == NULL ){
  805. (*ppThreadLocalData)->pBuffer = WmipGetFullFreeBuffer();
  807. if((*ppThreadLocalData)->pBuffer == NULL){
  809. st = STATUS_UNSUCCESSFUL;
  811. }
  812. }
  814. if(NT_SUCCESS(st)){
  816. //
  817. //Check ReferenceCount. If is 1 then the cleaning process might be in progress.
  818. //
  820. pWmiBuffer = (*ppThreadLocalData)->pBuffer;
  822. if(pWmiBuffer){
  824. if(InterlockedIncrement(&((*ppThreadLocalData)->ReferenceCount)) == 1 ){
  826. *ppEvent = ReserveBufferSpace(*ppThreadLocalData, ReqSize );
  828. if(*ppEvent == NULL) {
  830. InterlockedDecrement(&((*ppThreadLocalData)->ReferenceCount));
  831. WmipUnlockLogger();
  833. }
  835. } else {
  837. InterlockedDecrement(&((*ppThreadLocalData)->ReferenceCount));
  839. }
  841. }
  843. }
  844. } else {
  846. WmipUnlockLogger();
  848. }
  849. } else if ( LdrpInLdrInit == FALSE && EtwLocksInitialized && NtdllTraceInitializeLock == 0 ){
  851. //
  852. // Make sure that process is not in initialization phase
  853. // Also we test for NtdllTraceInitializeLock. If is
  854. // greater than 0 then it was registered earlier so no
  855. // need to fire IOCTLS everytime
  856. //
  858. if((UserSharedData->TraceLogging >> 16) != GlobalCounter){
  860. PWMI_LOGGER_INFORMATION LoggerInfo = NULL;
  862. ULONG sizeNeeded = sizeof(WMI_LOGGER_INFORMATION)
  863. + (2 * MAXSTR * sizeof(TCHAR))
  864. + (MAX_PID + 1) * sizeof(ULONG);
  866. GlobalCounter = UserSharedData->TraceLogging >> 16;
  868. WmipInitProcessHeap();
  870. LoggerInfo = WmipAlloc(sizeNeeded);
  872. if(LoggerInfo != NULL){
  874. //
  875. // Check to see that this process is allowed to register or not.
  876. //
  878. if(GetPidInfo(WmipGetCurrentProcessId(), LoggerInfo)){
  880. st = InitializeAndRegisterNtdllTraceEvents();
  882. }
  884. WmipFree(LoggerInfo);
  885. }
  886. }
  887. }
  888. return st;
  889. }