typedef struct _WMI_LOGGER_CONTEXT                         // 85 elements, 0x280 bytes (sizeof)
          {
/*0x000*/     union _LARGE_INTEGER StartTime;                        // 4 elements, 0x8 bytes (sizeof)
/*0x008*/     VOID*        LogFileHandle;
/*0x00C*/     struct _ETHREAD* LoggerThread;
/*0x010*/     LONG32       LoggerStatus;
/*0x014*/     ULONG32      LoggerId;
/*0x018*/     VOID*        NBQHead;
/*0x01C*/     VOID*        OverflowNBQHead;
/*0x020*/     union _SLIST_HEADER QueueBlockFreeList;                // 4 elements, 0x8 bytes (sizeof)
/*0x028*/     union _SLIST_HEADER GlobalList;                        // 4 elements, 0x8 bytes (sizeof)
/*0x030*/     struct _WMI_BUFFER_HEADER* BatchedBufferList;
/*0x034*/     struct _UNICODE_STRING LoggerName;                     // 3 elements, 0x8 bytes (sizeof)
/*0x03C*/     struct _UNICODE_STRING LogFileName;                    // 3 elements, 0x8 bytes (sizeof)
/*0x044*/     struct _UNICODE_STRING LogFilePattern;                 // 3 elements, 0x8 bytes (sizeof)
/*0x04C*/     struct _UNICODE_STRING NewLogFileName;                 // 3 elements, 0x8 bytes (sizeof)
/*0x054*/     ULONG32      ClockType;
/*0x058*/     LONG32       CollectionOn;
/*0x05C*/     ULONG32      MaximumFileSize;
/*0x060*/     ULONG32      LoggerMode;
/*0x064*/     ULONG32      LastFlushedBuffer;
/*0x068*/     ULONG32      FlushTimer;
/*0x06C*/     ULONG32      FlushThreshold;
/*0x070*/     union _LARGE_INTEGER ByteOffset;                       // 4 elements, 0x8 bytes (sizeof)
/*0x078*/     union _LARGE_INTEGER FlushTimeStamp;                   // 4 elements, 0x8 bytes (sizeof)
/*0x080*/     ULONG32      MinimumBuffers;
/*0x084*/     LONG32       BuffersAvailable;
/*0x088*/     LONG32       NumberOfBuffers;
/*0x08C*/     ULONG32      MaximumBuffers;
/*0x090*/     ULONG32      EventsLost;
/*0x094*/     ULONG32      BuffersWritten;
/*0x098*/     ULONG32      LogBuffersLost;
/*0x09C*/     ULONG32      RealTimeBuffersDelivered;
/*0x0A0*/     ULONG32      RealTimeBuffersLost;
/*0x0A4*/     ULONG32      BufferSize;
/*0x0A8*/     ULONG32      MaximumEventSize;
/*0x0AC*/     LONG32*      SequencePtr;
/*0x0B0*/     ULONG32      LocalSequence;
/*0x0B4*/     struct _GUID InstanceGuid;                             // 4 elements, 0x10 bytes (sizeof)
/*0x0C4*/     PVOID GetCpuClock;
/*0x0C8*/     LONG32       FileCounter;
/*0x0CC*/     PVOID BufferCallback;
/*0x0D0*/     enum _POOL_TYPE PoolType;
/*0x0D4*/     UINT8        _PADDING0_[0x4];
/*0x0D8*/     struct _ETW_REF_CLOCK ReferenceTime;                   // 2 elements, 0x10 bytes (sizeof)
/*0x0E8*/     UINT8        RealtimeLoggerContextFreed;
/*0x0E9*/     UINT8        _PADDING1_[0x3];
/*0x0EC*/     struct _LIST_ENTRY Consumers;                          // 2 elements, 0x8 bytes (sizeof)
/*0x0F4*/     ULONG32      NumConsumers;
/*0x0F8*/     struct _LIST_ENTRY Connecting;                         // 2 elements, 0x8 bytes (sizeof)
/*0x100*/     UINT8        NewConsumer;
/*0x101*/     UINT8        _PADDING2_[0x3];
/*0x104*/     VOID*        RealtimeLogfileHandle;
/*0x108*/     struct _UNICODE_STRING RealtimeLogfileName;            // 3 elements, 0x8 bytes (sizeof)
/*0x110*/     union _LARGE_INTEGER RealtimeWriteOffset;              // 4 elements, 0x8 bytes (sizeof)
/*0x118*/     union _LARGE_INTEGER RealtimeReadOffset;               // 4 elements, 0x8 bytes (sizeof)
/*0x120*/     union _LARGE_INTEGER RealtimeLogfileSize;              // 4 elements, 0x8 bytes (sizeof)
/*0x128*/     UINT64       RealtimeLogfileUsage;
/*0x130*/     UINT64       RealtimeMaximumFileSize;
/*0x138*/     ULONG32      RealtimeBuffersSaved;
/*0x13C*/     UINT8        _PADDING3_[0x4];
/*0x140*/     struct _ETW_REF_CLOCK RealtimeReferenceTime;           // 2 elements, 0x10 bytes (sizeof)
/*0x150*/     ULONG32      RealtimeDisconnectProcessId;
/*0x154*/     ULONG32      RealtimeDisconnectConsumerId;
/*0x158*/     enum _ETW_RT_EVENT_LOSS NewRTEventsLost;
/*0x15C*/     struct _KEVENT LoggerEvent;                            // 1 elements, 0x10 bytes (sizeof)
/*0x16C*/     struct _KEVENT FlushEvent;                             // 1 elements, 0x10 bytes (sizeof)
/*0x17C*/     struct _KDPC FlushDpc;                                 // 9 elements, 0x20 bytes (sizeof)
/*0x19C*/     struct _KMUTANT LoggerMutex;                           // 5 elements, 0x20 bytes (sizeof)
/*0x1BC*/     struct _EX_PUSH_LOCK LoggerLock;                       // 7 elements, 0x4 bytes (sizeof)
/*0x1C0*/     struct _SECURITY_CLIENT_CONTEXT ClientSecurityContext; // 6 elements, 0x3C bytes (sizeof)
/*0x1FC*/     struct _EX_FAST_REF SecurityDescriptor;                // 3 elements, 0x4 bytes (sizeof)
/*0x200*/     struct _WMI_BUFFER_HEADER DummyBufferForMarker;        // 24 elements, 0x48 bytes (sizeof)
/*0x248*/     INT64        BufferSequenceNumber;
/*0x250*/     LONG32       AcceptNewEvents;
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x254*/         ULONG32      Flags;
                  struct                                             // 7 elements, 0x4 bytes (sizeof)
                  {
/*0x254*/             ULONG32      Persistent : 1;                   // 0 BitPosition
/*0x254*/             ULONG32      AutoLogger : 1;                   // 1 BitPosition
/*0x254*/             ULONG32      FsReady : 1;                      // 2 BitPosition
/*0x254*/             ULONG32      RealTime : 1;                     // 3 BitPosition
/*0x254*/             ULONG32      Wow : 1;                          // 4 BitPosition
/*0x254*/             ULONG32      KernelTrace : 1;                  // 5 BitPosition
/*0x254*/             ULONG32      NoMoreEnable : 1;                 // 6 BitPosition
                  };
              };
              union                                                  // 2 elements, 0x4 bytes (sizeof)
              {
/*0x258*/         ULONG32      RequestFlag;
                  struct                                             // 5 elements, 0x4 bytes (sizeof)
                  {
/*0x258*/             ULONG32      RequestNewFie : 1;                // 0 BitPosition
/*0x258*/             ULONG32      RequestUpdateFile : 1;            // 1 BitPosition
/*0x258*/             ULONG32      RequestFlush : 1;                 // 2 BitPosition
/*0x258*/             ULONG32      RequestDisableRealtime : 1;       // 3 BitPosition
/*0x258*/             ULONG32      RequestDisconnectConsumer : 1;    // 4 BitPosition
                  };
              };
/*0x25C*/     UINT16       StackTraceFilterHookCount;
/*0x25E*/     UINT16       StackTraceFilter[16];
/*0x27E*/     UINT8        _PADDING4_[0x2];
          }WMI_LOGGER_CONTEXT, *PWMI_LOGGER_CONTEXT;
Return to structures/enums list.
Return to O.S. version list.

(c) MoonSols 2010.