aetos382/#1 Consumer1.cpp

## #1 Consumer1.cpp
int _tmain(int argc, _TCHAR* argv[])
{
	EVENT_TRACE_LOGFILE logFile = {};
	logFile.LogFileName = L"Controller1.etl";
	logFile.LoggerName = L"EtwSamples.Controller1";
	logFile.ProcessTraceMode =
		PROCESS_TRACE_MODE_EVENT_RECORD;
	logFile.EventRecordCallback = &EventRecordCallback;
	logFile.Context = &logFile;

	TRACEHANDLE hTrace = OpenTrace(&logFile);
	if (hTrace == INVALID_PROCESSTRACE_HANDLE)
	{
		return 1;
	}

	ULONG result = ProcessTrace(&hTrace, 1, NULL, NULL);

	CloseTrace(hTrace);

	return 0;
}

## #2 Consumer1.cpp
VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD eventRecord)
{
	EVENT_HEADER & header = eventRecord->EventHeader;

	if (!IsEqualGUID(header.ProviderId, PROVIDERID_SampleProvider0))
	{
		return;
	}

	WCHAR providerId[80] = {};
	StringFromGUID2(header.ProviderId, providerId, _countof(providerId));

	wprintf_s(L"Provider : %s\n", providerId);
	wprintf_s(L"Channel  : %u\n", header.EventDescriptor.Channel);
	wprintf_s(L"Event    : %u (Version: %u)\n", header.EventDescriptor.Id, header.EventDescriptor.Version);
	wprintf_s(L"Level    : %u\n", header.EventDescriptor.Level);
	wprintf_s(L"Task     : %u\n", header.EventDescriptor.Task);
	wprintf_s(L"Opcode   : %u\n", header.EventDescriptor.Opcode);
	wprintf_s(L"Keywords : %#0I64x\n", header.EventDescriptor.Keyword);

	FILETIME time = { header.TimeStamp.LowPart, header.TimeStamp.HighPart };
	FILETIME localTime = {};
	SYSTEMTIME st = {};

	FileTimeToLocalFileTime(&time, &localTime);
	FileTimeToSystemTime(&localTime, &st);

	wprintf_s(L"Time     : %04u-%02u-%02u %02u:%02u:%02u.%07u\n",
		st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,
		header.TimeStamp.QuadPart % 10000000);

	wprintf_s(L"Process  : %u\n", header.ProcessId);
	wprintf_s(L"Thread   : %u\n", header.ThreadId);
	wprintf_s(L"Flags    : %#0hx\n", header.Flags);
	// ...
	wprintf_s(L"Property : %#0hx\n", header.EventProperty);
	// ...

	_putws(L"");
}
	int _tmain(int argc, _TCHAR* argv[])
	{
	EVENT_TRACE_LOGFILE logFile = {};
	logFile.LogFileName = L"Controller1.etl";
	logFile.LoggerName = L"EtwSamples.Controller1";
	logFile.ProcessTraceMode =
	PROCESS_TRACE_MODE_EVENT_RECORD;
	logFile.EventRecordCallback = &EventRecordCallback;
	logFile.Context = &logFile;

	TRACEHANDLE hTrace = OpenTrace(&logFile);
	if (hTrace == INVALID_PROCESSTRACE_HANDLE)
	{
	return 1;
	}

	ULONG result = ProcessTrace(&hTrace, 1, NULL, NULL);

	CloseTrace(hTrace);

	return 0;
	}
	VOID WINAPI EventRecordCallback(_In_ PEVENT_RECORD eventRecord)
	{
	EVENT_HEADER & header = eventRecord->EventHeader;

	if (!IsEqualGUID(header.ProviderId, PROVIDERID_SampleProvider0))
	{
	return;
	}

	WCHAR providerId[80] = {};
	StringFromGUID2(header.ProviderId, providerId, _countof(providerId));

	wprintf_s(L"Provider : %s\n", providerId);
	wprintf_s(L"Channel : %u\n", header.EventDescriptor.Channel);
	wprintf_s(L"Event : %u (Version: %u)\n", header.EventDescriptor.Id, header.EventDescriptor.Version);
	wprintf_s(L"Level : %u\n", header.EventDescriptor.Level);
	wprintf_s(L"Task : %u\n", header.EventDescriptor.Task);
	wprintf_s(L"Opcode : %u\n", header.EventDescriptor.Opcode);
	wprintf_s(L"Keywords : %#0I64x\n", header.EventDescriptor.Keyword);

	FILETIME time = { header.TimeStamp.LowPart, header.TimeStamp.HighPart };
	FILETIME localTime = {};
	SYSTEMTIME st = {};

	FileTimeToLocalFileTime(&time, &localTime);
	FileTimeToSystemTime(&localTime, &st);

	wprintf_s(L"Time : %04u-%02u-%02u %02u:%02u:%02u.%07u\n",
	st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond,
	header.TimeStamp.QuadPart % 10000000);

	wprintf_s(L"Process : %u\n", header.ProcessId);
	wprintf_s(L"Thread : %u\n", header.ThreadId);
	wprintf_s(L"Flags : %#0hx\n", header.Flags);
	// ...
	wprintf_s(L"Property : %#0hx\n", header.EventProperty);
	// ...

	_putws(L"");
	}