Replacing the Default Celog.dll
CeLogDLLEntry refers to the function name of your DLL entry. When CeLogDLLEntry is called, the Reserved parameter is a pointer to the KernelLibIoControl function. The following code example shows how to replace the provided Celog.dll.
return MyInitLibrary((FARPROC)Reserved);
BOOL static MyInitLibrary(FARPROC pfnKernelLibIoControl)
{
CeLogExportTable exports;
//
// KernelLibIoControl provides the back doors we need to obtain kernel
// function pointers and register logging functions.
//
// Now initialize logging
if (!CeLogInit()) {
return FALSE;
}
//
// Check preset zones in the desktop computer's registry
//
pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_GETDESKTOPZONE,
TEXT("CeLogZoneUser"), 13*sizeof(WCHAR),
&(pCelBuf->dwMaskUser), sizeof(DWORD), NULL);
pCelBuf->dwMaskUser |= CELZONE_ALWAYSON;
pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_GETDESKTOPZONE,
TEXT("CeLogZoneCE"), 11*sizeof(WCHAR),
&(pCelBuf->dwMaskCE), sizeof(DWORD), NULL);
pCelBuf->dwMaskCE |= CELZONE_ALWAYSON;
pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_GETDESKTOPZONE,
TEXT("CeLogZoneProcess"), 16*sizeof(WCHAR),
&(pCelBuf->dwMaskProcess), sizeof(DWORD), NULL);
// Register logging functions with the kernel
exports.dwVersion = CELOG_EXPORT_VERSION;
exports.pfnCeLogData = CeLogData;
exports.pfnCeLogInterrupt = CeLogInterrupt;
exports.pfnCeLogSetZones = CeLogSetZones;
exports.pfnCeLogQueryZones = CeLogQueryZones;
if (!pfnKernelLibIoControl((HANDLE)KMOD_CELOG, IOCTL_CELOG_REGISTER,
&exports, sizeof(CeLogExportTable), NULL, 0, NULL)) {
DEBUGMSG(1, (TEXT("CeLog: Unable to register logging functions with kernel\r\n")));
WIN32CALL(SetLastError, (ERROR_ALREADY_EXISTS));
return FALSE;
}
See Also
IOCTL_CELOG_GETDESKTOPZONE | IOCTL_CELOG_REGISTER | Event Tracking Implementation
Last updated on Wednesday, April 13, 2005
© 2005 Microsoft Corporation. All rights reserved.