From 4c72048b5c311a321123e04846639552bc7c5a6a Mon Sep 17 00:00:00 2001 From: Kyle Wojtaszek Date: Mon, 16 Aug 2021 14:03:06 -0700 Subject: [PATCH] FIxing corruption in callbacks Signed-off-by: Kyle Wojtaszek --- pkg/etw/sample/sample.go | 3 +++ pkg/etw/wrapper_32.go | 8 ++++---- pkg/etw/wrapper_64.go | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/etw/sample/sample.go b/pkg/etw/sample/sample.go index 0424fb86..fd315965 100644 --- a/pkg/etw/sample/sample.go +++ b/pkg/etw/sample/sample.go @@ -7,6 +7,7 @@ import ( "bufio" "fmt" "os" + "runtime" "github.com/Microsoft/go-winio/pkg/etw" "github.com/Microsoft/go-winio/pkg/guid" @@ -18,6 +19,8 @@ func callback(sourceID guid.GUID, state etw.ProviderState, level etw.Level, matc } func main() { + fmt.Printf("Running on %s/%s\n", runtime.GOOS, runtime.GOARCH) + group, err := guid.FromString("12341234-abcd-abcd-abcd-123412341234") if err != nil { logrus.Error(err) diff --git a/pkg/etw/wrapper_32.go b/pkg/etw/wrapper_32.go index 9b66cee6..6867a1f8 100644 --- a/pkg/etw/wrapper_32.go +++ b/pkg/etw/wrapper_32.go @@ -59,9 +59,9 @@ func eventSetInformation( // For x86, the matchAny and matchAll keywords need to be assembled from two // 32-bit integers, because the max size of an argument is uintptr, but those // two arguments are actually 64-bit integers. -func providerCallbackAdapter(sourceID *guid.GUID, state uint32, level uint8, matchAnyKeyword_low uint32, matchAnyKeyword_high uint32, matchAllKeyword_low uint32, matchAllKeyword_high uint32, filterData uintptr, i uintptr) uintptr { - matchAnyKeyword := uint64(matchAnyKeyword_high) << 32 | uint64(matchAnyKeyword_low) - matchAllKeyword := uint64(matchAllKeyword_high) << 32 | uint64(matchAllKeyword_low) +func providerCallbackAdapter(sourceID *guid.GUID, state uint32, level uint32, matchAnyKeyword_low uint32, matchAnyKeyword_high uint32, matchAllKeyword_low uint32, matchAllKeyword_high uint32, filterData uintptr, i uintptr) uintptr { + matchAnyKeyword := uint64(matchAnyKeyword_high)<<32 | uint64(matchAnyKeyword_low) + matchAllKeyword := uint64(matchAllKeyword_high)<<32 | uint64(matchAllKeyword_low) providerCallback(*sourceID, ProviderState(state), Level(level), uint64(matchAnyKeyword), uint64(matchAllKeyword), filterData, i) return 0 -} \ No newline at end of file +} diff --git a/pkg/etw/wrapper_64.go b/pkg/etw/wrapper_64.go index 1969ade0..fe83df2b 100644 --- a/pkg/etw/wrapper_64.go +++ b/pkg/etw/wrapper_64.go @@ -46,7 +46,7 @@ func eventSetInformation( // for provider notifications. Because Go has trouble with callback arguments of // different size, it has only pointer-sized arguments, which are then cast to // the appropriate types when calling providerCallback. -func providerCallbackAdapter(sourceID *guid.GUID, state uint32, level uint8, matchAnyKeyword uintptr, matchAllKeyword uintptr, filterData uintptr, i uintptr) uintptr { +func providerCallbackAdapter(sourceID *guid.GUID, state uintptr, level uintptr, matchAnyKeyword uintptr, matchAllKeyword uintptr, filterData uintptr, i uintptr) uintptr { providerCallback(*sourceID, ProviderState(state), Level(level), uint64(matchAnyKeyword), uint64(matchAllKeyword), filterData, i) return 0 -} \ No newline at end of file +}