API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 19th, 2025
41
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.61 KB | None | 0 0
raw download clone embed print report
  1. VOID
  2. EtwpAddDebugInfoEvents(PEPROCESS Process,
  3.                        PPROCESS_DIAGNOSTIC_INFORMATION_WOW64 DiagInfo,
  4.                        ULONG DiagInfoSize)
  5. {
  6.     UNICODE_STRING BuildLabEx;
  7.     ULONG BytesAvailable;
  8.     ULONG BytesWritten;
  9.     ULONG Length;
  10.     NTSTATUS Status;
  11.     PDBG_MODULE_INFORMATION_WOW64 Module;
  12.  
  13.     /* Calculate the number of bytes available for writing events */
  14.     BytesAvailable = DiagInfoSize - DiagInfo->NextEventOffset;
  15.  
  16.     /* Query the registry for the build number */
  17.     Status = EtwpQueryRegString(L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
  18.                                 L"BuildLabEx",
  19.                                 BuildLabExData,
  20.                                 sizeof(BuildLabExData));
  21.  
  22.     if (!NT_SUCCESS(Status))
  23.         goto Quit;
  24.  
  25.     /* Validate the heap before using it */
  26.     if (!(RtlValidateHeap((PVOID)&BuildLabEx, sizeof(BuildLabExData), 0) >= 0))
  27.         goto Quit;
  28.  
  29.     /* Initialize the unicode string */
  30.     BuildLabEx.Buffer = (PWSTR)&BuildLabExData;
  31.     BuildLabEx.Length = 0;
  32.     BuildLabEx.MaximumLength = 0;
  33.  
  34.     /* Calculate the length of the string */
  35.     Length = 0;
  36.     while (BuildLabExData[Length] != 0)
  37.         Length++;
  38.  
  39.     /* Add the build number event */
  40.     if (EtwpAddEventToBuffer(DiagInfo,
  41.                              0x42,
  42.                              &DiagInfo->NextEventGuid,
  43.                              BuildLabEx.Buffer,
  44.                              Length + 1,
  45.                              BytesAvailable,
  46.                              &BytesWritten) < 0)
  47.         goto Quit;
  48.  
  49.     /* Update the number of bytes available */
  50.     BytesAvailable -= ((BytesWritten + 7) & ~0x7);
  51.  
  52.     /* Add the debug module events */
  53.     Module = (PDBG_MODULE_INFORMATION_WOW64)Process->Peb.Wow64Information.DbglProcessData;
  54.     while (Module != (PDBG_MODULE_INFORMATION_WOW64)&Process->Peb.Wow64Information.DbglProcessData)
  55.     {
  56.         /* Add the module event */
  57.         if (EtwpAddEventToBuffer(DiagInfo,
  58.                                  0x40,
  59.                                  &DiagInfo->NextEventGuid,
  60.                                  (PCHAR)&Module->BaseAddress,
  61.                                  Module->ModuleSize - sizeof(ULONG),
  62.                                  BytesAvailable,
  63.                                  &BytesWritten) < 0)
  64.             goto Quit;
  65.  
  66.         /* Update the number of bytes available */
  67.         BytesAvailable -= ((BytesWritten + 7) & ~0x7);
  68.  
  69.         /* Get the next module */
  70.         Module = (PDBG_MODULE_INFORMATION_WOW64)Module->Next;
  71.     }
  72.  
  73. Quit:
  74.     return;
  75. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!