Compartilhar via


Registering an Event Tracking Library (Windows CE 5.0)

Send Feedback

The following code example shows how your CeLog event-tracking library can register with the kernel and begin receiving CeLog events.

In this example, MyDLLEntry refers to the function name of your DLL entry point. When MyDLLEntry is called, the Reserved parameter is a pointer to the KernelLibIoControl function.

// Global structure contains the interface provided by the kernel
CeLogImportTable imports;
// Global variable contains current zone settings for this DLL 
DWORD dwZoneCE;

// DLL entry point
BOOL WINAPI MyDLLEntry(HINSTANCE DllInstance, INT Reason, LPVOID Reserved)
{
    switch (Reason) {
    case DLL_PROCESS_ATTACH:
        if (Reserved) {
            // Reserved parameter is a pointer to KernelLibIoControl 
            if (MyInitLibrary((FARPROC)Reserved)) {
                imports.pNKDbgPrintfW(TEXT("CeLog DLL initialized!\r\n"));
                return TRUE;
            }
        }
        return FALSE;

    case DLL_PROCESS_DETACH:
        break;
    }
    
    return TRUE;
}

BOOL MyInitLibrary(FARPROC pfnKernelLibIoControl)
{
    CeLogExportTable exports;

    // Begin with all zones enabled except CELZONE_KCALL
    dwZoneCE = 0xFFBFFFFF;

    //
    // KernelLibIoControl provides the interface we need to obtain kernel
    // function pointers and register logging functions.
    //
    
    // Get imports from the kernel
    imports.dwVersion = 4;
    if (!pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_IMPORT,
                               &imports, sizeof(CeLogImportTable),
                               NULL, 0, NULL)) {
        return FALSE;
    }

    // Check preset zones in the desktop computer's registry
    pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_GETDESKTOPZONE,
                          TEXT("CeLogZoneCE"), 11*sizeof(WCHAR),
                          &(dwZoneCE), sizeof(DWORD), NULL);
    // Force CELZONE_ALWAYSON to always be turned on
    dwZoneCE |= CELZONE_ALWAYSON;
    
    // Register logging functions with the kernel
    exports.dwVersion          = 2;
    exports.pfnCeLogData       = MyCeLogData;
    exports.pfnCeLogInterrupt  = MyCeLogInterrupt;
    exports.pfnCeLogSetZones   = MyCeLogSetZones;
    exports.pfnCeLogQueryZones = MyCeLogQueryZones;
    exports.dwCeLogTimerFrequency = 0;
    if (!pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_REGISTER,
                                &exports, sizeof(CeLogExportTable), NULL, 0, NULL)) {
        imports.pNKDbgPrintfW(TEXT("Unable to register logging functions with kernel\r\n"));
        return FALSE;
    }

    // Now that the logging functions will receive data from the kernel,
    // request a re-sync to get the kernel to log all existing processes,
    // threads and modules to the MyCeLogData function.
    imports.pCeLogReSync();

See Also

Implementing an Event Tracking Library | NKDbgPrintfW

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.