typedef struct _WMI_LOGGER_CONTEXT                         // 81 elements, 0x270 bytes (sizeof)
          {
/*0x000*/     union _LARGE_INTEGER StartTime;                        // 4 elements, 0x8 bytes (sizeof)
/*0x008*/     VOID*        LogFileHandle;
/*0x00C*/     struct _ETHREAD* LoggerThread;
/*0x010*/     LONG32       LoggerStatus;
/*0x014*/     ULONG32      LoggerId;
/*0x018*/     VOID*        NBQHead;
/*0x01C*/     VOID*        OverflowNBQHead;
/*0x020*/     union _SLIST_HEADER QueueBlockFreeList;                // 4 elements, 0x8 bytes (sizeof)
/*0x028*/     union _SLIST_HEADER GlobalList;                        // 4 elements, 0x8 bytes (sizeof)
/*0x030*/     struct _UNICODE_STRING LoggerName;                     // 3 elements, 0x8 bytes (sizeof)
/*0x038*/     struct _UNICODE_STRING LogFileName;                    // 3 elements, 0x8 bytes (sizeof)
/*0x040*/     struct _UNICODE_STRING LogFilePattern;                 // 3 elements, 0x8 bytes (sizeof)
/*0x048*/     struct _UNICODE_STRING NewLogFileName;                 // 3 elements, 0x8 bytes (sizeof)
/*0x050*/     ULONG32      ClockType;
/*0x054*/     LONG32       CollectionOn;
/*0x058*/     ULONG32      MaximumFileSize;
/*0x05C*/     ULONG32      LoggerMode;
/*0x060*/     ULONG32      LastFlushedBuffer;
/*0x064*/     ULONG32      FlushTimer;
/*0x068*/     union _LARGE_INTEGER ByteOffset;                       // 4 elements, 0x8 bytes (sizeof)
/*0x070*/     union _LARGE_INTEGER FlushTimeStamp;                   // 4 elements, 0x8 bytes (sizeof)
/*0x078*/     ULONG32      MinimumBuffers;
/*0x07C*/     LONG32       BuffersAvailable;
/*0x080*/     LONG32       NumberOfBuffers;
/*0x084*/     ULONG32      MaximumBuffers;
/*0x088*/     ULONG32      EventsLost;
/*0x08C*/     ULONG32      BuffersWritten;
/*0x090*/     ULONG32      LogBuffersLost;
/*0x094*/     ULONG32      RealTimeBuffersDelivered;
/*0x098*/     ULONG32      RealTimeBuffersLost;
/*0x09C*/     ULONG32      BufferSize;
/*0x0A0*/     ULONG32      MaximumEventSize;
/*0x0A4*/     LONG32*      SequencePtr;
/*0x0A8*/     ULONG32      LocalSequence;
/*0x0AC*/     struct _GUID InstanceGuid;                             // 4 elements, 0x10 bytes (sizeof)
/*0x0BC*/     PVOID GetCpuClock;
/*0x0C0*/     LONG32       FileCounter;
/*0x0C4*/     PVOID BufferCallback;
/*0x0C8*/     enum _POOL_TYPE PoolType;
/*0x0CC*/     UINT8        _PADDING0_[0x4];
/*0x0D0*/     struct _ETW_REF_CLOCK ReferenceTime;                   // 2 elements, 0x10 bytes (sizeof)
/*0x0E0*/     UINT8        RealtimeLoggerContextFreed;
/*0x0E1*/     UINT8        _PADDING1_[0x3];
/*0x0E4*/     struct _LIST_ENTRY Consumers;                          // 2 elements, 0x8 bytes (sizeof)
/*0x0EC*/     ULONG32      NumConsumers;
/*0x0F0*/     struct _LIST_ENTRY Connecting;                         // 2 elements, 0x8 bytes (sizeof)
/*0x0F8*/     UINT8        NewConsumer;
/*0x0F9*/     UINT8        _PADDING2_[0x3];
/*0x0FC*/     VOID*        RealtimeLogfileHandle;
/*0x100*/     struct _UNICODE_STRING RealtimeLogfileName;            // 3 elements, 0x8 bytes (sizeof)
/*0x108*/     union _LARGE_INTEGER RealtimeWriteOffset;              // 4 elements, 0x8 bytes (sizeof)
/*0x110*/     union _LARGE_INTEGER RealtimeReadOffset;               // 4 elements, 0x8 bytes (sizeof)
/*0x118*/     union _LARGE_INTEGER RealtimeLogfileSize;              // 4 elements, 0x8 bytes (sizeof)
/*0x120*/     UINT64       RealtimeLogfileUsage;
/*0x128*/     ULONG32      RealtimeBuffersSaved;
/*0x12C*/     UINT8        _PADDING3_[0x4];
/*0x130*/     struct _ETW_REF_CLOCK RealtimeReferenceTime;           // 2 elements, 0x10 bytes (sizeof)
/*0x140*/     ULONG32      RealtimeDisconnectProcessId;
/*0x144*/     ULONG32      RealtimeDisconnectConsumerId;
/*0x148*/     enum _ETW_RT_EVENT_LOSS NewRTEventsLost;
/*0x14C*/     struct _KEVENT LoggerEvent;                            // 1 elements, 0x10 bytes (sizeof)
/*0x15C*/     struct _KEVENT FlushEvent;                             // 1 elements, 0x10 bytes (sizeof)
/*0x16C*/     struct _KDPC FlushDpc;                                 // 9 elements, 0x20 bytes (sizeof)
/*0x18C*/     struct _KMUTANT LoggerMutex;                           // 5 elements, 0x20 bytes (sizeof)
/*0x1AC*/     struct _SECURITY_CLIENT_CONTEXT ClientSecurityContext; // 6 elements, 0x3C bytes (sizeof)
/*0x1E8*/     struct _EX_FAST_REF SecurityDescriptor;                // 3 elements, 0x4 bytes (sizeof)
/*0x1EC*/     UINT8        _PADDING4_[0x4];
/*0x1F0*/     struct _WMI_BUFFER_HEADER DummyBufferForMarker;        // 22 elements, 0x48 bytes (sizeof)
/*0x238*/     INT64        BufferSequenceNumber;
/*0x240*/     LONG32       AcceptNewEvents;
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x244*/         ULONG32      Flags;
                  struct                                             // 7 elements, 0x4 bytes (sizeof)
                  {
/*0x244*/             ULONG32      Persistent : 1;                   // 0 BitPosition
/*0x244*/             ULONG32      AutoLogger : 1;                   // 1 BitPosition
/*0x244*/             ULONG32      FsReady : 1;                      // 2 BitPosition
/*0x244*/             ULONG32      RealTime : 1;                     // 3 BitPosition
/*0x244*/             ULONG32      Wow : 1;                          // 4 BitPosition
/*0x244*/             ULONG32      KernelTrace : 1;                  // 5 BitPosition
/*0x244*/             ULONG32      NoMoreEnable : 1;                 // 6 BitPosition
                  };
              };
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x248*/         ULONG32      RequestFlag;
                  struct                                             // 5 elements, 0x4 bytes (sizeof)
                  {
/*0x248*/             ULONG32      RequestNewFie : 1;                // 0 BitPosition
/*0x248*/             ULONG32      RequestUpdateFile : 1;            // 1 BitPosition
/*0x248*/             ULONG32      RequestFlush : 1;                 // 2 BitPosition
/*0x248*/             ULONG32      RequestDisableRealtime : 1;       // 3 BitPosition
/*0x248*/             ULONG32      RequestDisconnectConsumer : 1;    // 4 BitPosition
                  };
              };
/*0x24C*/     UINT16       StackTraceFilterHookCount;
/*0x24E*/     UINT16       StackTraceFilter[16];
/*0x26E*/     UINT8        _PADDING5_[0x2];
          }WMI_LOGGER_CONTEXT, *PWMI_LOGGER_CONTEXT;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.