Open 0xhellord opened 1 year ago
img_load event kernel stackwalk enabled by: CLASSIC_EVENT_ID event[1] = { 0 }; event[0].EventGuid = krabs::guids::image_load; event[0].Type = EVENT_TRACE_TYPE_LOAD; set_trace_information(TraceStackTracingInfo, &event, sizeof(event));
CLASSIC_EVENT_ID event[1] = { 0 }; event[0].EventGuid = krabs::guids::image_load; event[0].Type = EVENT_TRACE_TYPE_LOAD; set_trace_information(TraceStackTracingInfo, &event, sizeof(event));
SE_SYSTEM_PROFILE_NAME also enabled, but no stackwalk events received in callback.
If I change EVENT_TRACE_TYPE_LOAD to EVENT_TRACE_TYPE_END, then I can get image_unload stackwalk successfully.
Really strange, anybody can help?
img_load event kernel stackwalk enabled by:
CLASSIC_EVENT_ID event[1] = { 0 }; event[0].EventGuid = krabs::guids::image_load; event[0].Type = EVENT_TRACE_TYPE_LOAD; set_trace_information(TraceStackTracingInfo, &event, sizeof(event));SE_SYSTEM_PROFILE_NAME also enabled, but no stackwalk events received in callback.
If I change EVENT_TRACE_TYPE_LOAD to EVENT_TRACE_TYPE_END, then I can get image_unload stackwalk successfully.
Really strange, anybody can help?