O
OfekShilon
Guest
I'm running the sample code at Retrieving Event Data Using MOF veratim, except changing the LOGFILE_PATH macro to a valid etl file.
The documentation for EVENT_TRACE_LOGFILE.BufferCallback says that "Returning FALSE will terminate the ProcessTrace function." The sample's ProcessBuffer does return false, and yet ProcessTrace does not terminate, and crashes at various places afterwards.
For a ~53M etl file, around 10 events are processed prior to the crash - so it's safe to say this is not some bad cleanup and the actual event processing isn't done.
Is it possible that processing of an etl file is separated to several buffers? Is there something more that needs to be done at BufferCalback? Is the sample code indeed broken?
Can anyone shed some light on this?
Thanks.
Continue reading...
The documentation for EVENT_TRACE_LOGFILE.BufferCallback says that "Returning FALSE will terminate the ProcessTrace function." The sample's ProcessBuffer does return false, and yet ProcessTrace does not terminate, and crashes at various places afterwards.
For a ~53M etl file, around 10 events are processed prior to the crash - so it's safe to say this is not some bad cleanup and the actual event processing isn't done.
Is it possible that processing of an etl file is separated to several buffers? Is there something more that needs to be done at BufferCalback? Is the sample code indeed broken?
Can anyone shed some light on this?
Thanks.
Continue reading...