search

microsoft / krabsetw

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Other
610 stars 149 forks source link

Wrong LogFileMode default flag initialization #39

Closed betobender closed 6 years ago

betobender commented 6 years ago

Noticed this when I was trying to disable EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING in a kernel tracer. When looking by this flag that is actually enabled in the tracer, I didn't find any reference to it. That's when I discovered that the info.properties.LogFileMode is wrongly been filled with a flag that do not belong to it. PROCESS_TRACE_MODE_EVENT_RECORD. This should or removed or changed to EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING as they share the exact same value.

https://github.com/Microsoft/krabsetw/blob/master/krabs/krabs/nightmare.hpp#L204

MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/aa364080(v=vs.85).aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa363780(v=vs.85).aspx

zacbrown commented 6 years ago

Thanks! I think for now, I'll move it to use EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING given I'm not sure what the implications would be for other consumers in removing this as a default flag.