Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate and clean up all API logging #15737

Merged
merged 4 commits into from
Jul 21, 2023
Merged

Consolidate and clean up all API logging #15737

merged 4 commits into from
Jul 21, 2023

Commits on Jul 14, 2023

  1. Remove all API logging from tracing.cpp 

    `s_TraceApi` was a magic function in Tracing that logged a different
event based on what type it was called with. It was bad for two reasons:

1. I wanted to add a field to each trace indicating the originating
process and thread. This would have required adding a `CONSOLE_API_MSG`
parameter to _every instance_ of `s_TraceApi`, and even then it would
have not been particularly consistent.
2. The design of Tracing, where the TraceLogging macros are hidden
inside opaque functions, subverts the lightweight trace probe detection
present in `TraceLoggingWrite`. Every tracing probe turned into a call
to a cold function which, in 99% of cases, returned immediately.

To that end, I've introduced a new macro _only_ to ApiDispatchers that
emits a named probe with a set of preloaded information. It is a macro
to avoid any unnecessary branching or the emission of any explicit
tracing functions into the final binary.

I have also removed the generic handler for timing any/all API calls, as
we never used them and they were largely redundant with the information
we were capturing from API-specific reports.

I've also removed tracing from all APIs that do not mutate console
state. With the notable exception of ReadConsoleInput, we will see logs
only for things that change mutable console state.

All these things together allows us to construct a process+API-focused
timeline of console events, ala:

```
cmd.exe (20304)   CookedRead          pwsh                4                07/13/2023 22:02:53.751
cmd.exe (20304)   API_GetConsoleMode  True
cmd.exe (20304)   API_SetConsoleMode  False               0x00000003
cmd.exe (20304)   API_SetConsoleMode  True                0x000001F7
pwsh.exe (4032)   ConsoleAttachDetach 07/13/2023 22:03:17.393              True                True
pwsh.exe (4032)   API_GetConsoleMode  False
pwsh.exe (4032)   API_GetConsoleMode  False
pwsh.exe (4032)   API_SetConsoleMode  False                0x00000007
```
    @DHowett
    DHowett committed Jul 14, 2023
    Configuration menu
    Copy the full SHA
    a749b59 View commit details
    Browse the repository at this point in the history

  2. Switch ConsoleAttach and CookedRead to use PID and FILETIME 

    They were originally using uint32/64, which did not allow for tools like
WPA to infer their connection to processes and dates.

I cleared this with David Kaplan, as he is relying on those events.
    @DHowett
    DHowett committed Jul 14, 2023
    1 Configuration menu
    Copy the full SHA
    8a4ee04 View commit details
    Browse the repository at this point in the history

Commits on Jul 21, 2023

  1. Switch to TraceGet(Process|Thread)Id

    @DHowett
    DHowett committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    213c318 View commit details
    Browse the repository at this point in the history

  2. Reformat TraceConsoleAPICall/s, add TraceLoggingConsoleCoord

    @DHowett
    DHowett committed Jul 21, 2023
    Configuration menu
    Copy the full SHA
    9dac590 View commit details
    Browse the repository at this point in the history