tdh

package

v1.10.0 Latest Latest Go to latest Published: Mar 31, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/rabbitstack/fibratus

Links

Open Source Insights

Documentation ¶

Rendered for windows/amd64

Index ¶

Constants
func GetEventInformation(evt *etw.EventRecord, buffer []byte, size uint32) error
func GetProperty(evt *etw.EventRecord, descriptor *PropertyDataDescriptor, size uint32, ...) error
func GetPropertySize(evt *etw.EventRecord, descriptor *PropertyDataDescriptor) (uint32, error)
type EventPropertyInfo
type NonStructType
type PropertyDataDescriptor
type TraceEventInfo

Constants ¶

View Source

const (
	// IntypeNull represents the null property type
	IntypeNull = iota
	// IntypeUnicodeString represents a string of 16-bit characters. By default, assumed to have been encoded using UTF-16LE
	IntypeUnicodeString
	// IntypeAnsiString represents a string of 8-bit characters
	IntypeAnsiString
	// IntypeInt8 represents a signed 8-bit integer
	IntypeInt8
	// IntypeUint8 represents an unsigned 8-bit integer
	IntypeUint8
	// IntypeInt16 represents a signed 16-bit integer
	IntypeInt16
	// IntypeUint16 represents an unsigned 18-bit integer
	IntypeUint16
	// IntypeInt32 represents a signed 32-bit integer
	IntypeInt32
	// IntypeUint32 represents an unsigned 8-bit integer
	IntypeUint32
	// IntypeInt64 represents a signed 64-bit integer
	IntypeInt64
	// IntypeUint64 represents an unsigned 64-bit integer
	IntypeUint64
	// IntypeFloat represents an IEEE 4-byte floating-point number
	IntypeFloat
	// IntypeDouble represents an IEEE 8-byte floating-point number
	IntypeDouble
	// IntypeBoolean a 32-bit value where 0 is false and 1 is true
	IntypeBoolean
	// IntypeBinary represents a binary data of variable size
	IntypeBinary
	// IntypeGUID is a GUID structure. On output, the GUID is rendered in the registry string form, {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
	IntypeGUID
	// IntypePointer represents an unsigned 32-bit or 64-bit pointer value. The size depends on the architecture of the computer logging the event
	IntypePointer
	// IntypeFiletime represents the file timestamp
	IntypeFiletime
	// IntypeSystime represents the system timestamp
	IntypeSystime
	// IntypeSID represents a security identifier (SID) structure that uniquely identifies a user or group
	IntypeSID
	// IntypeHexInt32 represents the hexadecimal representation of 32-bit integer
	IntypeHexInt32
	// IntypeHexInt64 represents the hexadecimal representation of 64-bit integer
	IntypeHexInt64
	// IntypeUnicodeChar represents the Unicode codepoint
	IntypeUnicodeChar = 306
	// IntypeAnsiChar represents the ASCII character
	IntypeAnsiChar = 307
	// IntypeSizet represents the architecture-variable size
	IntypeSizet = 308
	// IntypeHexdump represents the hexadecimal dump
	IntypeHexdump = 309
	// IntypeWbemSID represents the Web-Based Enterprise Management security identifier
	IntypeWbemSID = 310
)

View Source

const (
	// OutypeNull represents the null property type
	OutypeNull = iota
	// OutypeString represents a string value
	OutypeString
	// OutypeDatetime represents the timestamp value
	OutypeDatetime
	// OutypeByte represents a signed 8-bit value
	OutypeByte
	// OutypeUnsignedByte represents an unsigned 8-bit value
	OutypeUnsignedByte
	// OutypeShort represents a signed 16-bit value
	OutypeShort
	// OutypeUnsignedShort represents an unsigned 16-bit value
	OutypeUnsignedShort
	// OutypeInt represents a signed 32-bit value
	OutypeInt
	// OutypeUnsignedInt represents an unsigned 32-bit value
	OutypeUnsignedInt
	// OutypeLong represents a signed 64-bit value
	OutypeLong
	// OutypeUnsignedLong represents an unsigned 64-bit value
	OutypeUnsignedLong
	// OutypeFloat represents an IEEE 4-byte floating-point number
	OutypeFloat
	// OutypeDouble represents an IEEE 8-byte floating-point number
	OutypeDouble
	// OutypeBoolean a 32-bit value where 0 is false and 1 is true
	OutypeBoolean
	// OutypeGUID represents an unsigned 32-bit or 64-bit pointer value. The size depends on the architecture of the computer logging the event
	OutypeGUID
	// OutypeHexBinary represents a binary data of variable size in hexadecimal format
	OutypeHexBinary
	// OutypeHexInt8 represents the hexadecimal representation of 8-bit integer
	OutypeHexInt8
	// OutypeHexInt16 represents the hexadecimal representation of 16-bit integer
	OutypeHexInt16
	// OutypeHexInt32 represents the hexadecimal representation of 32-bit integer
	OutypeHexInt32
	// OutypeHexInt64 represents the hexadecimal representation of 64-bit integer
	OutypeHexInt64
	// OutypePID represents the process identifier
	OutypePID
	// OutypeTID represents the thread identifier
	OutypeTID
	// OutypePort represents the port
	OutypePort
	// OutypeIPv4 represents the IPv4 address
	OutypeIPv4
	// OutypeIPv6 represents the IPv6 address
	OutypeIPv6
)

Variables ¶

This section is empty.

Functions ¶

func GetEventInformation ¶

func GetEventInformation(evt *etw.EventRecord, buffer []byte, size uint32) error

GetEventInformation retrieves metadata about an event. It receives a buffer that to allocate `TraceEventInfo` structure.

func GetProperty ¶

func GetProperty(evt *etw.EventRecord, descriptor *PropertyDataDescriptor, size uint32, buffer []byte) error

GetProperty retrieves a property value from the event data.

func GetPropertySize ¶

func GetPropertySize(evt *etw.EventRecord, descriptor *PropertyDataDescriptor) (uint32, error)

GetPropertySize retrieves the size of one or more property values in the event data.

Types ¶

type EventPropertyInfo ¶

type EventPropertyInfo struct {
	Flags      int32
	NameOffset uint32
	Types      [8]byte
	Count      [2]byte
	Length     [2]byte
	Reserved   [4]byte
}

EventPropertyInfo provides information about a single property of the event or filter.

type NonStructType ¶

type NonStructType struct {
	InType        uint16
	OutType       uint16
	MapNameOffset uint32
}

NonStructType defines if the property is contained in a structure or array.

type PropertyDataDescriptor ¶

type PropertyDataDescriptor struct {
	PropertyName unsafe.Pointer
	ArrayIndex   uint32
	Reserved     uint32
}

PropertyDataDescriptor defines the property to retrieve.

type TraceEventInfo ¶

type TraceEventInfo struct {
	ProviderGUID           sc.GUID
	EventGUID              sc.GUID
	EventDescriptor        etw.EventDescriptor
	DecodingSource         int32
	ProviderNameOffset     uint32
	LevelNameOffset        uint32
	ChannelNameOffset      uint32
	KeywordsNameOffset     uint32
	TaskNameOffset         uint32
	OpcodeNameOffset       uint32
	EventMessageOffset     uint32
	ProviderMessageOffset  uint32
	BinaryXMLOffset        uint32
	BinaryXMLSize          uint32
	EventNameOffset        [4]byte
	EventAttributeOffset   [4]byte
	PropertyCount          uint32
	TopLevelPropertyCount  uint32
	Flags                  [4]byte
	EventPropertyInfoArray [1]EventPropertyInfo
}

TraceEventInfo defines the information about the event.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL