typedef struct _WMI_LOGGER_CONTEXT                         // 85 elements, 0x370 bytes (sizeof)
          {
/*0x000*/     union _LARGE_INTEGER StartTime;                        // 4 elements, 0x8 bytes (sizeof)
/*0x008*/     VOID*        LogFileHandle;
/*0x010*/     struct _ETHREAD* LoggerThread;
/*0x018*/     LONG32       LoggerStatus;
/*0x01C*/     ULONG32      LoggerId;
/*0x020*/     VOID*        NBQHead;
/*0x028*/     VOID*        OverflowNBQHead;
/*0x030*/     union _SLIST_HEADER QueueBlockFreeList;                // 4 elements, 0x10 bytes (sizeof)
/*0x040*/     union _SLIST_HEADER GlobalList;                        // 4 elements, 0x10 bytes (sizeof)
/*0x050*/     struct _WMI_BUFFER_HEADER* BatchedBufferList;
/*0x058*/     struct _UNICODE_STRING LoggerName;                     // 3 elements, 0x10 bytes (sizeof)
/*0x068*/     struct _UNICODE_STRING LogFileName;                    // 3 elements, 0x10 bytes (sizeof)
/*0x078*/     struct _UNICODE_STRING LogFilePattern;                 // 3 elements, 0x10 bytes (sizeof)
/*0x088*/     struct _UNICODE_STRING NewLogFileName;                 // 3 elements, 0x10 bytes (sizeof)
/*0x098*/     ULONG32      ClockType;
/*0x09C*/     LONG32       CollectionOn;
/*0x0A0*/     ULONG32      MaximumFileSize;
/*0x0A4*/     ULONG32      LoggerMode;
/*0x0A8*/     ULONG32      LastFlushedBuffer;
/*0x0AC*/     ULONG32      FlushTimer;
/*0x0B0*/     ULONG32      FlushThreshold;
/*0x0B4*/     UINT8        _PADDING0_[0x4];
/*0x0B8*/     union _LARGE_INTEGER ByteOffset;                       // 4 elements, 0x8 bytes (sizeof)
/*0x0C0*/     union _LARGE_INTEGER FlushTimeStamp;                   // 4 elements, 0x8 bytes (sizeof)
/*0x0C8*/     ULONG32      MinimumBuffers;
/*0x0CC*/     LONG32       BuffersAvailable;
/*0x0D0*/     LONG32       NumberOfBuffers;
/*0x0D4*/     ULONG32      MaximumBuffers;
/*0x0D8*/     ULONG32      EventsLost;
/*0x0DC*/     ULONG32      BuffersWritten;
/*0x0E0*/     ULONG32      LogBuffersLost;
/*0x0E4*/     ULONG32      RealTimeBuffersDelivered;
/*0x0E8*/     ULONG32      RealTimeBuffersLost;
/*0x0EC*/     ULONG32      BufferSize;
/*0x0F0*/     ULONG32      MaximumEventSize;
/*0x0F4*/     UINT8        _PADDING1_[0x4];
/*0x0F8*/     LONG32*      SequencePtr;
/*0x100*/     ULONG32      LocalSequence;
/*0x104*/     struct _GUID InstanceGuid;                             // 4 elements, 0x10 bytes (sizeof)
/*0x114*/     UINT8        _PADDING2_[0x4];
/*0x118*/     PVOID GetCpuClock;
/*0x120*/     LONG32       FileCounter;
/*0x124*/     UINT8        _PADDING3_[0x4];
/*0x128*/     PVOID BufferCallback;
/*0x130*/     enum _POOL_TYPE PoolType;
/*0x134*/     UINT8        _PADDING4_[0x4];
/*0x138*/     struct _ETW_REF_CLOCK ReferenceTime;                   // 2 elements, 0x10 bytes (sizeof)
/*0x148*/     UINT8        RealtimeLoggerContextFreed;
/*0x149*/     UINT8        _PADDING5_[0x7];
/*0x150*/     struct _LIST_ENTRY Consumers;                          // 2 elements, 0x10 bytes (sizeof)
/*0x160*/     ULONG32      NumConsumers;
/*0x164*/     UINT8        _PADDING6_[0x4];
/*0x168*/     struct _LIST_ENTRY Connecting;                         // 2 elements, 0x10 bytes (sizeof)
/*0x178*/     UINT8        NewConsumer;
/*0x179*/     UINT8        _PADDING7_[0x7];
/*0x180*/     VOID*        RealtimeLogfileHandle;
/*0x188*/     struct _UNICODE_STRING RealtimeLogfileName;            // 3 elements, 0x10 bytes (sizeof)
/*0x198*/     union _LARGE_INTEGER RealtimeWriteOffset;              // 4 elements, 0x8 bytes (sizeof)
/*0x1A0*/     union _LARGE_INTEGER RealtimeReadOffset;               // 4 elements, 0x8 bytes (sizeof)
/*0x1A8*/     union _LARGE_INTEGER RealtimeLogfileSize;              // 4 elements, 0x8 bytes (sizeof)
/*0x1B0*/     UINT64       RealtimeLogfileUsage;
/*0x1B8*/     UINT64       RealtimeMaximumFileSize;
/*0x1C0*/     ULONG32      RealtimeBuffersSaved;
/*0x1C4*/     UINT8        _PADDING8_[0x4];
/*0x1C8*/     struct _ETW_REF_CLOCK RealtimeReferenceTime;           // 2 elements, 0x10 bytes (sizeof)
/*0x1D8*/     ULONG32      RealtimeDisconnectProcessId;
/*0x1DC*/     ULONG32      RealtimeDisconnectConsumerId;
/*0x1E0*/     enum _ETW_RT_EVENT_LOSS NewRTEventsLost;
/*0x1E4*/     UINT8        _PADDING9_[0x4];
/*0x1E8*/     struct _KEVENT LoggerEvent;                            // 1 elements, 0x18 bytes (sizeof)
/*0x200*/     struct _KEVENT FlushEvent;                             // 1 elements, 0x18 bytes (sizeof)
/*0x218*/     struct _KDPC FlushDpc;                                 // 9 elements, 0x40 bytes (sizeof)
/*0x258*/     struct _KMUTANT LoggerMutex;                           // 5 elements, 0x38 bytes (sizeof)
/*0x290*/     struct _EX_PUSH_LOCK LoggerLock;                       // 7 elements, 0x8 bytes (sizeof)
/*0x298*/     struct _SECURITY_CLIENT_CONTEXT ClientSecurityContext; // 6 elements, 0x48 bytes (sizeof)
/*0x2E0*/     struct _EX_FAST_REF SecurityDescriptor;                // 3 elements, 0x8 bytes (sizeof)
/*0x2E8*/     struct _WMI_BUFFER_HEADER DummyBufferForMarker;        // 24 elements, 0x48 bytes (sizeof)
/*0x330*/     INT64        BufferSequenceNumber;
/*0x338*/     LONG32       AcceptNewEvents;
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x33C*/         ULONG32      Flags;
                  struct                                             // 7 elements, 0x4 bytes (sizeof)
                  {
/*0x33C*/             ULONG32      Persistent : 1;                   // 0 BitPosition
/*0x33C*/             ULONG32      AutoLogger : 1;                   // 1 BitPosition
/*0x33C*/             ULONG32      FsReady : 1;                      // 2 BitPosition
/*0x33C*/             ULONG32      RealTime : 1;                     // 3 BitPosition
/*0x33C*/             ULONG32      Wow : 1;                          // 4 BitPosition
/*0x33C*/             ULONG32      KernelTrace : 1;                  // 5 BitPosition
/*0x33C*/             ULONG32      NoMoreEnable : 1;                 // 6 BitPosition
                  };
              };
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x340*/         ULONG32      RequestFlag;
                  struct                                             // 5 elements, 0x4 bytes (sizeof)
                  {
/*0x340*/             ULONG32      RequestNewFie : 1;                // 0 BitPosition
/*0x340*/             ULONG32      RequestUpdateFile : 1;            // 1 BitPosition
/*0x340*/             ULONG32      RequestFlush : 1;                 // 2 BitPosition
/*0x340*/             ULONG32      RequestDisableRealtime : 1;       // 3 BitPosition
/*0x340*/             ULONG32      RequestDisconnectConsumer : 1;    // 4 BitPosition
                  };
              };
/*0x344*/     UINT16       StackTraceFilterHookCount;
/*0x346*/     UINT16       StackTraceFilter[16];
/*0x366*/     UINT8        _PADDING10_[0xA];
          }WMI_LOGGER_CONTEXT, *PWMI_LOGGER_CONTEXT;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.