Compartilhar via


CEL_MODULE_LOAD (Windows Embedded CE 6.0)

1/6/2010

This structure identifies a module that was loaded.

Syntax

typedef __CEL_MODULE_LOAD {
  HANDLE hProcess;
  HANDLE hModule;
  DWORD dwBase;
  WCHAR szName[0];
} CEL_MODULE_LOAD, *PCEL_MODULE_LOAD;

Members

  • hProcess
    Handle of the process that loaded the module.

    In Windows CE 5.0, if this field is INVALID_HANDLE_VALUE (0xFFFFFFFF), the event indicates that the module was loaded for the first time. Before this event, no instances of the module are loaded by any process.

  • hModule
    Handle of the loaded module.
  • dwBase
    Base virtual memory address assigned to the loaded module.
  • szName
    Null-terminated string that contains the name of the module that was loaded. The length can be inferred from the length given in the event header, CEL_HEADER.

Remarks

CEL_MODULE_LOAD is logged each time a process loads the module for the first time.

When a process is the first process to load a module, the kernel logs two CEL_MODULE_LOAD structures:

  • A CEL_MODULE_LOAD structure is logged with an hProcess value of INVALID_HANDLE_VALUE to indicate that the module is being loaded for the first time by any process.
  • Another CEL_MODULE_LOAD structure is logged with an hProcess value set to the handle of the first process to load the module.

If subsequent processes also load the module, one CEL_MODULE_LOAD event is logged for each process.

If any process loads the module more than once, only one CEL_MODULE_LOAD event is logged for that process.

Requirements

Header celog.h
Windows Embedded CE Windows CE 3.0 and later

See Also

Reference

CeLog Event Tracking Structures
CEL_HEADER