- 0xB - return address of EtwpDiskIoNotifyRoutines. TraceInformationLength eq sizeof(PVOID)
- 0xC - copy content of EtwpAllNotifyRoutines. TraceInformationLength eq 0xD * sizeof(PVOID) (on w8 consumer preview size must be 0xE * sizeof(PVOID))
- 0xD - return address of EtwpFltIoNotifyRoutines. TraceInformationLength eq sizeof(PVOID)
- 0xE - return address of EtwpTraceHypervisorStackwalk function. TraceInformationLength eq sizeof(PVOID)
- 0xF - copy address of EtwpWdfNotifyRoutines. TraceInformationLength eq sizeof(PVOID)
суббота, 23 июня 2012 г.
new TRACE_INFORMATION_CLASS in w8
The official documentation for WmiQueryTraceInformation says that TRACE_INFORMATION_CLASS has only 10 values. Although build date of this documentation is 6/11/2012 in reality there are some more values
Комментариев нет:
Отправить комментарий