forked from bi-zone/etw
-
Notifications
You must be signed in to change notification settings - Fork 2
/
file.go
42 lines (36 loc) · 929 Bytes
/
file.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package etw
import (
"fmt"
"golang.org/x/sys/windows"
)
func ReadEtlFile(path string, callback EventCallback, options ...SessionOption) error {
utf16Path, err := windows.UTF16PtrFromString(path)
if err != nil {
return err
}
var config SessionOptions
for _, opt := range options {
opt(&config)
}
var session = &Session{
callback: callback,
config: config,
}
callbackKey := newCallbackKey(session)
defer freeCallbackKey(callbackKey)
var logFile eventTraceLogfile
logFile.LogFileName = utf16Path
logFile.ProcessTraceMode = processTraceModeEventRecord
logFile.EventCallback = handleEventStdcall
logFile.Context = callbackKey
traceHandle, err := openTrace(&logFile)
if err != nil {
return fmt.Errorf("OpenTraceW failed; %w", err)
}
defer closeTrace(traceHandle)
err = processTrace(&traceHandle, 1, nil, nil)
if err != nil {
return fmt.Errorf("ProcessTrace failed; %w", err)
}
return nil
}