typedef struct _WMI_LOGGER_CONTEXT                         // 86 elements, 0x238 bytes (sizeof)
          {
/*0x000*/     ULONG32      LoggerId;
/*0x004*/     ULONG32      BufferSize;
/*0x008*/     ULONG32      MaximumEventSize;
/*0x00C*/     LONG32       CollectionOn;
/*0x010*/     ULONG32      LoggerMode;
/*0x014*/     LONG32       AcceptNewEvents;
/*0x018*/     PVOID GetCpuClock;
/*0x01C*/     UINT8        _PADDING0_[0x4];
/*0x020*/     union _LARGE_INTEGER StartTime;                        // 4 elements, 0x8 bytes (sizeof)
/*0x028*/     VOID*        LogFileHandle;
/*0x02C*/     struct _ETHREAD* LoggerThread;
/*0x030*/     LONG32       LoggerStatus;
/*0x034*/     VOID*        NBQHead;
/*0x038*/     VOID*        OverflowNBQHead;
/*0x03C*/     UINT8        _PADDING1_[0x4];
/*0x040*/     union _SLIST_HEADER QueueBlockFreeList;                // 4 elements, 0x8 bytes (sizeof)
/*0x048*/     struct _LIST_ENTRY GlobalList;                         // 2 elements, 0x8 bytes (sizeof)
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x050*/         struct _WMI_BUFFER_HEADER* BatchedBufferList;
/*0x050*/         struct _EX_FAST_REF CurrentBuffer;                 // 3 elements, 0x4 bytes (sizeof)
              };
/*0x054*/     struct _UNICODE_STRING LoggerName;                     // 3 elements, 0x8 bytes (sizeof)
/*0x05C*/     struct _UNICODE_STRING LogFileName;                    // 3 elements, 0x8 bytes (sizeof)
/*0x064*/     struct _UNICODE_STRING LogFilePattern;                 // 3 elements, 0x8 bytes (sizeof)
/*0x06C*/     struct _UNICODE_STRING NewLogFileName;                 // 3 elements, 0x8 bytes (sizeof)
/*0x074*/     ULONG32      ClockType;
/*0x078*/     ULONG32      MaximumFileSize;
/*0x07C*/     ULONG32      LastFlushedBuffer;
/*0x080*/     ULONG32      FlushTimer;
/*0x084*/     ULONG32      FlushThreshold;
/*0x088*/     union _LARGE_INTEGER ByteOffset;                       // 4 elements, 0x8 bytes (sizeof)
/*0x090*/     ULONG32      MinimumBuffers;
/*0x094*/     LONG32       BuffersAvailable;
/*0x098*/     LONG32       NumberOfBuffers;
/*0x09C*/     ULONG32      MaximumBuffers;
/*0x0A0*/     ULONG32      EventsLost;
/*0x0A4*/     ULONG32      BuffersWritten;
/*0x0A8*/     ULONG32      LogBuffersLost;
/*0x0AC*/     ULONG32      RealTimeBuffersDelivered;
/*0x0B0*/     ULONG32      RealTimeBuffersLost;
/*0x0B4*/     LONG32*      SequencePtr;
/*0x0B8*/     ULONG32      LocalSequence;
/*0x0BC*/     struct _GUID InstanceGuid;                             // 4 elements, 0x10 bytes (sizeof)
/*0x0CC*/     LONG32       FileCounter;
/*0x0D0*/     PVOID BufferCallback;
/*0x0D4*/     enum _POOL_TYPE PoolType;
/*0x0D8*/     struct _ETW_REF_CLOCK ReferenceTime;                   // 2 elements, 0x10 bytes (sizeof)
/*0x0E8*/     struct _LIST_ENTRY Consumers;                          // 2 elements, 0x8 bytes (sizeof)
/*0x0F0*/     ULONG32      NumConsumers;
/*0x0F4*/     struct _ETW_REALTIME_CONSUMER* TransitionConsumer;
/*0x0F8*/     VOID*        RealtimeLogfileHandle;
/*0x0FC*/     struct _UNICODE_STRING RealtimeLogfileName;            // 3 elements, 0x8 bytes (sizeof)
/*0x104*/     UINT8        _PADDING2_[0x4];
/*0x108*/     union _LARGE_INTEGER RealtimeWriteOffset;              // 4 elements, 0x8 bytes (sizeof)
/*0x110*/     union _LARGE_INTEGER RealtimeReadOffset;               // 4 elements, 0x8 bytes (sizeof)
/*0x118*/     union _LARGE_INTEGER RealtimeLogfileSize;              // 4 elements, 0x8 bytes (sizeof)
/*0x120*/     UINT64       RealtimeLogfileUsage;
/*0x128*/     UINT64       RealtimeMaximumFileSize;
/*0x130*/     ULONG32      RealtimeBuffersSaved;
/*0x134*/     UINT8        _PADDING3_[0x4];
/*0x138*/     struct _ETW_REF_CLOCK RealtimeReferenceTime;           // 2 elements, 0x10 bytes (sizeof)
/*0x148*/     enum _ETW_RT_EVENT_LOSS NewRTEventsLost;
/*0x14C*/     struct _KEVENT LoggerEvent;                            // 1 elements, 0x10 bytes (sizeof)
/*0x15C*/     struct _KEVENT FlushEvent;                             // 1 elements, 0x10 bytes (sizeof)
/*0x16C*/     UINT8        _PADDING4_[0x4];
/*0x170*/     struct _KTIMER FlushTimeOutTimer;                      // 5 elements, 0x28 bytes (sizeof)
/*0x198*/     struct _KDPC FlushDpc;                                 // 9 elements, 0x20 bytes (sizeof)
/*0x1B8*/     struct _KMUTANT LoggerMutex;                           // 5 elements, 0x20 bytes (sizeof)
/*0x1D8*/     struct _EX_PUSH_LOCK LoggerLock;                       // 7 elements, 0x4 bytes (sizeof)
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x1DC*/         ULONG32      BufferListSpinLock;
/*0x1DC*/         struct _EX_PUSH_LOCK BufferListPushLock;           // 7 elements, 0x4 bytes (sizeof)
              };
/*0x1E0*/     struct _SECURITY_CLIENT_CONTEXT ClientSecurityContext; // 6 elements, 0x3C bytes (sizeof)
/*0x21C*/     struct _EX_FAST_REF SecurityDescriptor;                // 3 elements, 0x4 bytes (sizeof)
/*0x220*/     INT64        BufferSequenceNumber;
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x228*/         ULONG32      Flags;
                  struct                                             // 10 elements, 0x4 bytes (sizeof)
                  {
/*0x228*/             ULONG32      Persistent : 1;                   // 0 BitPosition
/*0x228*/             ULONG32      AutoLogger : 1;                   // 1 BitPosition
/*0x228*/             ULONG32      FsReady : 1;                      // 2 BitPosition
/*0x228*/             ULONG32      RealTime : 1;                     // 3 BitPosition
/*0x228*/             ULONG32      Wow : 1;                          // 4 BitPosition
/*0x228*/             ULONG32      KernelTrace : 1;                  // 5 BitPosition
/*0x228*/             ULONG32      NoMoreEnable : 1;                 // 6 BitPosition
/*0x228*/             ULONG32      StackTracing : 1;                 // 7 BitPosition
/*0x228*/             ULONG32      ErrorLogged : 1;                  // 8 BitPosition
/*0x228*/             ULONG32      RealtimeLoggerContextFreed : 1;   // 9 BitPosition
                  };
              };
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x22C*/         ULONG32      RequestFlag;
                  struct                                             // 6 elements, 0x4 bytes (sizeof)
                  {
/*0x22C*/             ULONG32      RequestNewFie : 1;                // 0 BitPosition
/*0x22C*/             ULONG32      RequestUpdateFile : 1;            // 1 BitPosition
/*0x22C*/             ULONG32      RequestFlush : 1;                 // 2 BitPosition
/*0x22C*/             ULONG32      RequestDisableRealtime : 1;       // 3 BitPosition
/*0x22C*/             ULONG32      RequestDisconnectConsumer : 1;    // 4 BitPosition
/*0x22C*/             ULONG32      RequestConnectConsumer : 1;       // 5 BitPosition
                  };
              };
/*0x230*/     struct _RTL_BITMAP HookIdMap;                          // 2 elements, 0x8 bytes (sizeof)
          }WMI_LOGGER_CONTEXT, *PWMI_LOGGER_CONTEXT;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.