diff options
Diffstat (limited to 'extcap/etwdump.c')
| -rw-r--r-- | extcap/etwdump.c | 95 |
1 files changed, 70 insertions, 25 deletions
diff --git a/extcap/etwdump.c b/extcap/etwdump.c index dcc0e293cf..82a0d3a64b 100644 --- a/extcap/etwdump.c +++ b/extcap/etwdump.c @@ -23,6 +23,8 @@ #include <ui/cmdarg_err.h> #include "etl.h" +#include <signal.h> + /* extcap-interface has to be unique, or it may use wrong option output by a different extcapbin */ #define ETW_EXTCAP_INTERFACE "etwdump" #define ETWDUMP_VERSION_MAJOR "1" @@ -34,7 +36,8 @@ enum { OPT_HELP, OPT_VERSION, OPT_INCLUDE_UNDECIDABLE_EVENT, - OPT_ETLFILE + OPT_ETLFILE, + OPT_PARAMS }; static struct option longopts[] = { @@ -43,11 +46,24 @@ static struct option longopts[] = { { "version", no_argument, NULL, OPT_VERSION}, { "iue", optional_argument, NULL, OPT_INCLUDE_UNDECIDABLE_EVENT}, { "etlfile", required_argument, NULL, OPT_ETLFILE}, + { "params", required_argument, NULL, OPT_PARAMS}, { 0, 0, 0, 0 } }; int g_include_undecidable_event = FALSE; +void SignalHandler(_U_ int signal) +{ + SUPER_EVENT_TRACE_PROPERTIES super_trace_properties = { 0 }; + super_trace_properties.prop.Wnode.BufferSize = sizeof(SUPER_EVENT_TRACE_PROPERTIES); + super_trace_properties.prop.Wnode.ClientContext = 2; + super_trace_properties.prop.Wnode.Flags = WNODE_FLAG_TRACED_GUID; + super_trace_properties.prop.LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES); + super_trace_properties.prop.LogFileMode = EVENT_TRACE_REAL_TIME_MODE; + /* Close trace when press CONTROL+C when running this console alone */ + ControlTrace((TRACEHANDLE)NULL, LOGGER_NAME, &super_trace_properties.prop, EVENT_TRACE_CONTROL_STOP); +} + static void help(extcap_parameters* extcap_conf) { extcap_help_print(extcap_conf); @@ -66,30 +82,26 @@ static int list_config(char* interface) g_warning("Interface must be %s", ETW_EXTCAP_INTERFACE); return EXIT_FAILURE; } - /* Saved for later live capture support */ -#if 0 - printf("arg {number=%u}{call=--type}{display=Capture type}" - "{type=selector}{tooltip=Choose the type of capture}{group=Capture}\n", - inc); - printf("value {arg=%u}{value=etl}{display=From a etl file}\n", inc); - printf("value {arg=%u}{value=live}{display=From a live session}\n", inc); - inc++; -#endif + /* + * required=true agu will be displayed before required=false on UI + * + * Empty etlfile and unempty params, read etw events from a live session with the params as the filter + * Unempty etlfile and empty params, read etw events from the etl file without filter + * Unempty etlfile and unemtpy params, read etw events from the etl file with the params as the filter + * Empty eltfile and empty params, invalid + */ + printf("arg {number=%u}{call=--etlfile}{display=etl file}" + "{type=fileselect}{tooltip=Select etl file to display in Wireshark}{required=false}{group=Capture}\n", + inc++); + printf("arg {number=%u}{call=--params}{display=filter parmeters}" + "{type=string}{tooltip=Input providers, keyword and level filters for the etl file and live session}{group=Capture}\n", + inc++); /* * The undecidable events are those that either don't have sub-dissector or don't have anthing meaningful to display except for the EVENT_HEADER. */ printf("arg {number=%u}{call=--iue}{display=Should undecidable events be included}" "{type=boolflag}{default=false}{tooltip=Choose if the undecidable event is included}{group=Capture}\n", inc++); - printf("arg {number=%u}{call=--etlfile}{display=etl file}" - "{type=fileselect}{tooltip=Select etl file to display in Wireshark}{required=true}{group=Capture}\n", - inc++); - /* Saved for later live capture support */ -#if 0 - printf("arg {number=%u}{call=--session-params}{display=Live session parameters}" - "{type=string}{tooltip=providers, keyword and level}{group=Capture}\n", - inc++); -#endif extcap_config_debug(&inc); return EXIT_SUCCESS; @@ -103,6 +115,7 @@ int main(int argc, char* argv[]) int ret = EXIT_FAILURE; char* etlfile = NULL; + char* params = NULL; extcap_parameters* extcap_conf = g_new0(extcap_parameters, 1); char* help_url; @@ -166,6 +179,11 @@ int main(int argc, char* argv[]) etlfile = g_strdup(optarg); break; + case OPT_PARAMS: + /* Add params as the prefix since getopt_long will ignore the first argument always */ + params = g_strdup_printf("params %s", optarg); + break; + case OPT_INCLUDE_UNDECIDABLE_EVENT: g_include_undecidable_event = TRUE; break; @@ -204,9 +222,17 @@ int main(int argc, char* argv[]) goto end; } + if (etlfile == NULL && params == NULL) + { + g_warning("ERROR: Both --etlfile and --params arguments are empty"); + goto end; + } + wtap_init(FALSE); - switch(etw_dump(etlfile, extcap_conf->fifo, &ret, &err_msg)) + signal(SIGINT, SignalHandler); + + switch(etw_dump(etlfile, extcap_conf->fifo, params, &ret, &err_msg)) { case WTAP_OPEN_ERROR: if (err_msg != NULL) { @@ -220,14 +246,29 @@ int main(int argc, char* argv[]) } break; case WTAP_OPEN_NOT_MINE: - if (err_msg != NULL) { - g_warning("The file %s is not etl format. Error message: %s.", - etlfile, err_msg); - g_free(err_msg); + if (etlfile == NULL) + { + if (err_msg != NULL) { + g_warning("The live session didn't caputre any event. Error message: %s.", + err_msg); + g_free(err_msg); + } + else + { + g_warning("The live session didn't caputre any event"); + } } else { - g_warning("The file %s is not etl format"); + if (err_msg != NULL) { + g_warning("The file %s is not etl format. Error message: %s.", + etlfile, err_msg); + g_free(err_msg); + } + else + { + g_warning("The file %s is not etl format", etlfile); + } } break; case WTAP_OPEN_MINE: @@ -244,6 +285,10 @@ end: { g_free(etlfile); } + if (params != NULL) + { + g_free(params); + } return ret; } |