Prev: Find the users-home-folders from within a driver
Next: Windows API for PowerPoint Presentation Mode?
From: R.Wieser on 12 May 2010 15:54 Hello All, I'm attempting to log, in XP, changes to the registry and I've got a few troubles : I declared an EVENT_TRACE_PROPERTIES structure, and loaded the LoggerFieldOffset field as per an example with the size of the structure. The value of the structure turned out to be 74 Hex bytes. Alas, StartTrace returned an error 57 Hex, invalid argument. After a lot of searching and in the end disassembling the StartTrace function itself it turns out that the offset should be *at least* at 78 Hex. First question : Why ? Did I miss a field after the LoggerFieldOffset ? Is it an alignment-issue (if so, why doesn't MS description of the command and structure not mention it) ? When I did set the offset to 78 Hex.the function returned error 0, OK. But than when I tried to use the ControlTrace command with the EVENT_TRACE_CONTROL_STOP argument I get an 03E6 Hex, illegal memory access. A subsequent CloseHandle command returns an error 6, Invalid Handle. By the way : the handle-value was 0000FFFF Hex (not quite expected, but not the described error-result of Zero) Question two : What makes the StartTrace return an OK, but still an incorrect handle ? Regards, Rudy Wieser |