-
Notifications
You must be signed in to change notification settings - Fork 146
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Better exception for when no ETW trace sessions remaining (#24)
* Ensure that comparers.hpp is compiled as unmanaged code when /clr is set. This is necessary to ensure that when boost::* makes use of the std::locale lock, we only take the lock on the native side. If the std::locale lock is taken on the managed side, we introduce a loader lock. Signed-off-by: Zac Brown (ODSP SECURITY) <zbrown@microsoft.com> * Fix bug in krabs::schema_key. Kernel traces differentiate events on opcode, user traces use unique event ids. This change adds opcode to the schema_key object used in the schema cache, allowing us to properly cache for kernel traces. Signed-off-by: Zac Brown (ODSP SECURITY) <zbrown@microsoft.com> * Add EventHeader.EventDescriptor.Level as well for schema_key fields. Signed-off-by: Zac Brown (ODSP SECURITY) <zbrown@microsoft.com> * Remove forced unmanaged code compilation in comparers.hpp when working with C++/CLI. There is a potential for perf impact that needs to be further evaluated. Signed-off-by: Zac Brown (ODSP SECURITY) <zbrown@microsoft.com> * Better error reporting for when system is out of ETW trace sessions for registering. Signed-off-by: Zac Brown (ODSP SECURITY) <zbrown@microsoft.com>
- Loading branch information
Showing
4 changed files
with
32 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters