Set ETW provider info so it's always treated as TraceLogging

Signed-off-by: Kevin Parsons <[email protected]>
microsoft · Jan 17, 2019 · 7dba96a · 7dba96a
1 parent 6c8aa41
commit 7dba96a
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 3 deletions.
diff --git a/internal/etw/etw.go b/internal/etw/etw.go
@@ -12,3 +12,4 @@ package etw
 //sys eventRegister(providerId *windows.GUID, callback uintptr, callbackContext uintptr, providerHandle *providerHandle) (win32err error) = advapi32.EventRegister
 //sys eventUnregister(providerHandle providerHandle) (win32err error) = advapi32.EventUnregister
 //sys eventWriteTransfer(providerHandle providerHandle, descriptor *EventDescriptor, activityID *windows.GUID, relatedActivityID *windows.GUID, dataDescriptorCount uint32, dataDescriptors *eventDataDescriptor) (win32err error) = advapi32.EventWriteTransfer
+//sys eventSetInformation(providerHandle providerHandle, class eventInfoClass, information uintptr, length uint32) (win32err error) = advapi32.EventSetInformation
diff --git a/internal/etw/eventopt.go b/internal/etw/eventopt.go
@@ -36,6 +36,12 @@ func WithKeyword(keyword uint64) EventOpt {
 	}
 }
 
+func WithChannel(channel Channel) EventOpt {
+	return func(options *eventOptions) {
+		options.descriptor.Channel = channel
+	}
+}
+
 // WithTags specifies the tags of the event to be written. Tags is a 28-bit
 // value (top 4 bits are ignored) which are interpreted by the event consumer.
 func WithTags(newTags uint32) EventOpt {

diff --git a/internal/etw/provider.go b/internal/etw/provider.go
@@ -6,6 +6,7 @@ import (
 	"encoding/binary"
 	"strings"
 	"unicode/utf16"
+	"unsafe"
 
 	"golang.org/x/sys/windows"
 )
@@ -41,6 +42,15 @@ const (
 	ProviderStateCaptureState
 )
 
+type eventInfoClass uint32
+
+const (
+	eventInfoClassProviderBinaryTrackInfo eventInfoClass = iota
+	eventInfoClassProviderSetReserved1
+	eventInfoClassProviderSetTraits
+	eventInfoClassProviderUseDescriptorType
+)
+
 // EnableCallback is the form of the callback function that receives provider
 // enable/disable notifications from ETW.
 type EnableCallback func(*windows.GUID, ProviderState, Level, uint64, uint64, uintptr)
@@ -133,6 +143,15 @@ func NewProviderWithID(name string, id *windows.GUID, callback EnableCallback) (
 	binary.LittleEndian.PutUint16(metadata.Bytes(), uint16(metadata.Len())) // Update the size at the beginning of the buffer
 	provider.metadata = metadata.Bytes()
 
+	if err := eventSetInformation(
+		provider.handle,
+		eventInfoClassProviderSetTraits,
+		uintptr(unsafe.Pointer(&provider.metadata[0])),
+		uint32(len(provider.metadata))); err != nil {
+
+		return nil, err
+	}
+
 	return provider, nil
 }
 

diff --git a/internal/etw/zsyscall_windows.go b/internal/etw/zsyscall_windows.go