Registering an Event Tracking Library (Windows CE 5.0)
The following code example shows how your CeLog event-tracking library can register with the kernel and begin receiving CeLog events.
In this example, MyDLLEntry refers to the function name of your DLL entry point. When MyDLLEntry is called, the Reserved parameter is a pointer to the KernelLibIoControl function.
// Global structure contains the interface provided by the kernel
CeLogImportTable imports;
// Global variable contains current zone settings for this DLL
DWORD dwZoneCE;
// DLL entry point
BOOL WINAPI MyDLLEntry(HINSTANCE DllInstance, INT Reason, LPVOID Reserved)
{
switch (Reason) {
case DLL_PROCESS_ATTACH:
if (Reserved) {
// Reserved parameter is a pointer to KernelLibIoControl
if (MyInitLibrary((FARPROC)Reserved)) {
imports.pNKDbgPrintfW(TEXT("CeLog DLL initialized!\r\n"));
return TRUE;
}
}
return FALSE;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
BOOL MyInitLibrary(FARPROC pfnKernelLibIoControl)
{
CeLogExportTable exports;
// Begin with all zones enabled except CELZONE_KCALL
dwZoneCE = 0xFFBFFFFF;
//
// KernelLibIoControl provides the interface we need to obtain kernel
// function pointers and register logging functions.
//
// Get imports from the kernel
imports.dwVersion = 4;
if (!pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_IMPORT,
&imports, sizeof(CeLogImportTable),
NULL, 0, NULL)) {
return FALSE;
}
// Check preset zones in the desktop computer's registry
pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_GETDESKTOPZONE,
TEXT("CeLogZoneCE"), 11*sizeof(WCHAR),
&(dwZoneCE), sizeof(DWORD), NULL);
// Force CELZONE_ALWAYSON to always be turned on
dwZoneCE |= CELZONE_ALWAYSON;
// Register logging functions with the kernel
exports.dwVersion = 2;
exports.pfnCeLogData = MyCeLogData;
exports.pfnCeLogInterrupt = MyCeLogInterrupt;
exports.pfnCeLogSetZones = MyCeLogSetZones;
exports.pfnCeLogQueryZones = MyCeLogQueryZones;
exports.dwCeLogTimerFrequency = 0;
if (!pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_REGISTER,
&exports, sizeof(CeLogExportTable), NULL, 0, NULL)) {
imports.pNKDbgPrintfW(TEXT("Unable to register logging functions with kernel\r\n"));
return FALSE;
}
// Now that the logging functions will receive data from the kernel,
// request a re-sync to get the kernel to log all existing processes,
// threads and modules to the MyCeLogData function.
imports.pCeLogReSync();
See Also
Implementing an Event Tracking Library | NKDbgPrintfW
Send Feedback on this topic to the authors