├── .gitattributes
├── .gitignore
├── CPL.TXT
├── FilterExample.jpeg
├── ProcMonShowingTracing.jpeg
├── ReadMe.md
└── Source
    ├── Include
        └── ProcMonDebugOutput.h
    ├── ManagedTest
        ├── App.config
        ├── ManagedTest.csproj
        ├── Program.cs
        ├── Properties
        │   └── AssemblyInfo.cs
        └── packages.config
    ├── NativeTest
        ├── NativeTest.cpp
        ├── NativeTest.vcxproj
        ├── NativeTest.vcxproj.filters
        ├── stdafx.cpp
        ├── stdafx.h
        └── targetver.h
    ├── ProcMonDebugOutput.sln
    ├── ProcMonDebugOutput
        ├── ProcMonDebugOutput.cpp
        ├── ProcMonDebugOutput.rc
        ├── ProcMonDebugOutput.vcxproj
        ├── ProcMonDebugOutput.vcxproj.filters
        ├── ProcMonDebugOutputWIN32.def
        ├── resource.h
        ├── stdafx.cpp
        ├── stdafx.h
        └── targetver.h
    ├── PythonExamples
        ├── HelloProcMon.ctypes.py
        ├── HelloProcMon.py
        ├── HelloProcMon27.ctypes.py
        ├── HelloProcMon27.py
        └── PythonExamples.pyproj
    ├── Sysinternals.Debug
        ├── AllCodeAnalysisRulesAsErrors.ruleset
        ├── CodeAnalysisDictionary.xml
        ├── GlobalSuppressions.cs
        ├── NativeMethods.cs
        ├── ProcessMonitorTraceListerner.cs
        ├── Properties
        │   └── AssemblyInfo.cs
        └── Sysinternals.Debug.csproj
    ├── Sysinternals.log4net
        ├── GlobalSuppressions.cs
        ├── ProcMonAppender.cs
        ├── Properties
        │   └── AssemblyInfo.cs
        ├── Sysinternals.log4net.csproj
        └── packages.config
    └── VBA
        └── ProcMon.bas


/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | *.sln    merge=union
 7 | *.csproj merge=union
 8 | *.vbproj merge=union
 9 | *.fsproj merge=union
10 | *.dbproj merge=union
11 | 
12 | # Standard to msysgit
13 | *.doc	 diff=astextplain
14 | *.DOC	 diff=astextplain
15 | *.docx diff=astextplain
16 | *.DOCX diff=astextplain
17 | *.dot  diff=astextplain
18 | *.DOT  diff=astextplain
19 | *.pdf  diff=astextplain
20 | *.PDF	 diff=astextplain
21 | *.rtf	 diff=astextplain
22 | *.RTF	 diff=astextplain
23 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
  1 | #################
  2 | ## Eclipse
  3 | #################
  4 | 
  5 | *.pydevproject
  6 | .project
  7 | .metadata
  8 | bin/
  9 | tmp/
 10 | *.tmp
 11 | *.bak
 12 | *.swp
 13 | *~.nib
 14 | local.properties
 15 | .classpath
 16 | .settings/
 17 | .loadpath
 18 | 
 19 | # External tool builders
 20 | .externalToolBuilders/
 21 | 
 22 | # Locally stored "Eclipse launch configurations"
 23 | *.launch
 24 | 
 25 | # CDT-specific
 26 | .cproject
 27 | 
 28 | # PDT-specific
 29 | .buildpath
 30 | 
 31 | 
 32 | #################
 33 | ## Visual Studio
 34 | #################
 35 | 
 36 | ## Ignore Visual Studio temporary files, build results, and
 37 | ## files generated by popular Visual Studio add-ons.
 38 | 
 39 | # User-specific files
 40 | *.suo
 41 | *.user
 42 | *.sln.docstates
 43 | 
 44 | # Build results
 45 | 
 46 | [Dd]ebug/
 47 | [Rr]elease/
 48 | x64/
 49 | build/
 50 | [Bb]in/
 51 | [Oo]bj/
 52 | DebugWin32/
 53 | Debugx64/
 54 | 
 55 | # MSTest test Results
 56 | [Tt]est[Rr]esult*/
 57 | [Bb]uild[Ll]og.*
 58 | 
 59 | *_i.c
 60 | *_p.c
 61 | *.ilk
 62 | *.meta
 63 | *.obj
 64 | *.pch
 65 | *.pdb
 66 | *.pgc
 67 | *.pgd
 68 | *.rsp
 69 | *.sbr
 70 | *.tlb
 71 | *.tli
 72 | *.tlh
 73 | *.tmp
 74 | *.tmp_proj
 75 | *.log
 76 | *.vspscc
 77 | *.vssscc
 78 | .builds
 79 | *.pidb
 80 | *.log
 81 | *.scc
 82 | 
 83 | # Visual C++ cache files
 84 | ipch/
 85 | *.aps
 86 | *.ncb
 87 | *.opensdf
 88 | *.sdf
 89 | *.cachefile
 90 | 
 91 | # Visual Studio profiler
 92 | *.psess
 93 | *.vsp
 94 | *.vspx
 95 | 
 96 | # Guidance Automation Toolkit
 97 | *.gpState
 98 | 
 99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | 
103 | # TeamCity is a build add-in
104 | _TeamCity*
105 | 
106 | # DotCover is a Code Coverage Tool
107 | *.dotCover
108 | 
109 | # NCrunch
110 | *.ncrunch*
111 | .*crunch*.local.xml
112 | 
113 | # Installshield output folder
114 | [Ee]xpress/
115 | 
116 | # DocProject is a documentation generator add-in
117 | DocProject/buildhelp/
118 | DocProject/Help/*.HxT
119 | DocProject/Help/*.HxC
120 | DocProject/Help/*.hhc
121 | DocProject/Help/*.hhk
122 | DocProject/Help/*.hhp
123 | DocProject/Help/Html2
124 | DocProject/Help/html
125 | 
126 | # Click-Once directory
127 | publish/
128 | 
129 | # Publish Web Output
130 | *.Publish.xml
131 | *.pubxml
132 | 
133 | # NuGet Packages Directory
134 | ## TODO: If you have NuGet Package Restore enabled, uncomment the next line
135 | packages/
136 | 
137 | # Windows Azure Build Output
138 | csx
139 | *.build.csdef
140 | 
141 | # Windows Store app package directory
142 | AppPackages/
143 | 
144 | # Others
145 | sql/
146 | *.Cache
147 | ClientBin/
148 | [Ss]tyle[Cc]op.*
149 | ~$*
150 | *~
151 | *.dbmdl
152 | *.[Pp]ublish.xml
153 | *.pfx
154 | *.publishsettings
155 | 
156 | # RIA/Silverlight projects
157 | Generated_Code/
158 | 
159 | # Backup & report files from converting an old project file to a newer
160 | # Visual Studio version. Backup files are not needed, because we have git ;-)
161 | _UpgradeReport_Files/
162 | Backup*/
163 | UpgradeLog*.XML
164 | UpgradeLog*.htm
165 | 
166 | # SQL Server files
167 | App_Data/*.mdf
168 | App_Data/*.ldf
169 | 
170 | #############
171 | ## Windows detritus
172 | #############
173 | 
174 | # Windows image file caches
175 | Thumbs.db
176 | ehthumbs.db
177 | 
178 | # Folder config file
179 | Desktop.ini
180 | 
181 | # Recycle Bin used on file shares
182 | $RECYCLE.BIN/
183 | 
184 | # Mac crap
185 | .DS_Store
186 | 
187 | 
188 | #############
189 | ## Python
190 | #############
191 | 
192 | *.py[co]
193 | 
194 | # Packages
195 | *.egg
196 | *.egg-info
197 | dist/
198 | build/
199 | eggs/
200 | parts/
201 | var/
202 | sdist/
203 | develop-eggs/
204 | .installed.cfg
205 | 
206 | # Installer logs
207 | pip-log.txt
208 | 
209 | # Unit test / coverage reports
210 | .coverage
211 | .tox
212 | 
213 | #Translations
214 | *.mo
215 | 
216 | #Mr Developer
217 | .mr.developer.cfg
218 | 


--------------------------------------------------------------------------------
/CPL.TXT:
--------------------------------------------------------------------------------
 1 | Common Public License Version 1.0
 2 | 
 3 | THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS COMMON PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT.
 4 | 
 5 | 
 6 | 1. DEFINITIONS 
 7 | 
 8 | "Contribution" means:
 9 | 
10 | a) in the case of the initial Contributor, the initial code and documentation distributed under this Agreement, and 
11 | 
12 | b) in the case of each subsequent Contributor:
13 | 
14 | i) changes to the Program, and
15 | 
16 | ii) additions to the Program;
17 | 
18 | where such changes and/or additions to the Program originate from and are distributed by that particular Contributor. A Contribution 'originates' from a Contributor if it was added to the Program by such Contributor itself or anyone acting on such Contributor's behalf. Contributions do not include additions to the Program which: (i) are separate modules of software distributed in conjunction with the Program under their own license agreement, and (ii) are not derivative works of the Program.
19 | 
20 | "Contributor" means any person or entity that distributes the Program. 
21 | 
22 | "Licensed Patents " mean patent claims licensable by a Contributor which are necessarily infringed by the use or sale of its Contribution alone or when combined with the Program.
23 | 
24 | "Program" means the Contributions distributed in accordance with this Agreement. 
25 | 
26 | "Recipient" means anyone who receives the Program under this Agreement, including all Contributors. 
27 | 
28 | 
29 | 2. GRANT OF RIGHTS
30 | 
31 | a) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, distribute and sublicense the Contribution of such Contributor, if any, and such derivative works, in source code and object code form.
32 | 
33 | b) Subject to the terms of this Agreement, each Contributor hereby grants Recipient a non-exclusive, worldwide, royalty-free patent license under Licensed Patents to make, use, sell, offer to sell, import and otherwise transfer the Contribution of such Contributor, if any, in source code and object code form. This patent license shall apply to the combination of the Contribution and the Program if, at the time the Contribution is added by the Contributor, such addition of the Contribution causes such combination to be covered by the Licensed Patents. The patent license shall not apply to any other combinations which include the Contribution. No hardware per se is licensed hereunder.
34 | 
35 | c) Recipient understands that although each Contributor grants the licenses to its Contributions set forth herein, no assurances are provided by any Contributor that the Program does not infringe the patent or other intellectual property rights of any other entity. Each Contributor disclaims any liability to Recipient for claims brought by any other entity based on infringement of intellectual property rights or otherwise. As a condition to exercising the rights and licenses granted hereunder, each Recipient hereby assumes sole responsibility to secure any other intellectual property rights needed, if any. For example, if a third party patent license is required to allow Recipient to distribute the Program, it is Recipient's responsibility to acquire that license before distributing the Program.
36 | 
37 | d) Each Contributor represents that to its knowledge it has sufficient copyright rights in its Contribution, if any, to grant the copyright license set forth in this Agreement.
38 | 
39 | 
40 | 3. REQUIREMENTS 
41 | 
42 | A Contributor may choose to distribute the Program in object code form under its own license agreement, provided that: 
43 | 
44 | a) it complies with the terms and conditions of this Agreement; and
45 | 
46 | b) its license agreement:
47 | 
48 | i) effectively disclaims on behalf of all Contributors all warranties and conditions, express and implied, including warranties or conditions of title and non-infringement, and implied warranties or conditions of merchantability and fitness for a particular purpose; 
49 | 
50 | ii) effectively excludes on behalf of all Contributors all liability for damages, including direct, indirect, special, incidental and consequential damages, such as lost profits; 
51 | 
52 | iii) states that any provisions which differ from this Agreement are offered by that Contributor alone and not by any other party; and 
53 | 
54 | iv) states that source code for the Program is available from such Contributor, and informs licensees how to obtain it in a reasonable manner on or through a medium customarily used for software exchange. 
55 | 
56 | When the Program is made available in source code form:
57 | 
58 | a) it must be made available under this Agreement; and
59 | 
60 | b) a copy of this Agreement must be included with each copy of the Program. 
61 | 
62 | Contributors may not remove or alter any copyright notices contained within the Program.
63 | 
64 | Each Contributor must identify itself as the originator of its Contribution, if any, in a manner that reasonably allows subsequent Recipients to identify the originator of the Contribution. 
65 | 
66 | 
67 | 4. COMMERCIAL DISTRIBUTION 
68 | 
69 | Commercial distributors of software may accept certain responsibilities with respect to end users, business partners and the like. While this license is intended to facilitate the commercial use of the Program, the Contributor who includes the Program in a commercial product offering should do so in a manner which does not create potential liability for other Contributors. Therefore, if a Contributor includes the Program in a commercial product offering, such Contributor ("Commercial Contributor") hereby agrees to defend and indemnify every other Contributor ("Indemnified Contributor") against any losses, damages and costs (collectively "Losses") arising from claims, lawsuits and other legal actions brought by a third party against the Indemnified Contributor to the extent caused by the acts or omissions of such Commercial Contributor in connection with its distribution of the Program in a commercial product offering. The obligations in this section do not apply to any claims or Losses relating to any actual or alleged intellectual property infringement. In order to qualify, an Indemnified Contributor must: a) promptly notify the Commercial Contributor in writing of such claim, and b) allow the Commercial Contributor to control, and cooperate with the Commercial Contributor in, the defense and any related settlement negotiations. The Indemnified Contributor may participate in any such claim at its own expense. 
70 | 
71 | For example, a Contributor might include the Program in a commercial product offering, Product X. That Contributor is then a Commercial Contributor. If that Commercial Contributor then makes performance claims, or offers warranties related to Product X, those performance claims and warranties are such Commercial Contributor's responsibility alone. Under this section, the Commercial Contributor would have to defend claims against the other Contributors related to those performance claims and warranties, and if a court requires any other Contributor to pay any damages as a result, the Commercial Contributor must pay those damages. 
72 | 
73 | 
74 | 5. NO WARRANTY
75 | 
76 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely responsible for determining the appropriateness of using and distributing the Program and assumes all risks associated with its exercise of rights under this Agreement, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and unavailability or interruption of operations. 
77 | 
78 | 
79 | 6. DISCLAIMER OF LIABILITY 
80 | 
81 | EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 
82 | 
83 | 
84 | 7. GENERAL
85 | 
86 | If any provision of this Agreement is invalid or unenforceable under applicable law, it shall not affect the validity or enforceability of the remainder of the terms of this Agreement, and without further action by the parties hereto, such provision shall be reformed to the minimum extent necessary to make such provision valid and enforceable. 
87 | 
88 | If Recipient institutes patent litigation against a Contributor with respect to a patent applicable to software (including a cross-claim or counterclaim in a lawsuit), then any patent licenses granted by that Contributor to such Recipient under this Agreement shall terminate as of the date such litigation is filed. In addition, if Recipient institutes patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Program itself (excluding combinations of the Program with other software or hardware) infringes such Recipient's patent(s), then such Recipient's rights granted under Section 2(b) shall terminate as of the date such litigation is filed.
89 | 
90 | All Recipient's rights under this Agreement shall terminate if it fails to comply with any of the material terms or conditions of this Agreement and does not cure such failure in a reasonable period of time after becoming aware of such noncompliance. If all Recipient's rights under this Agreement terminate, Recipient agrees to cease use and distribution of the Program as soon as reasonably practicable. However, Recipient's obligations under this Agreement and any licenses granted by Recipient relating to the Program shall continue and survive. 
91 | 
92 | Everyone is permitted to copy and distribute copies of this Agreement, but in order to avoid inconsistency the Agreement is copyrighted and may only be modified in the following manner. The Agreement Steward reserves the right to publish new versions (including revisions) of this Agreement from time to time. No one other than the Agreement Steward has the right to modify this Agreement. IBM is the initial Agreement Steward. IBM may assign the responsibility to serve as the Agreement Steward to a suitable separate entity. Each new version of the Agreement will be given a distinguishing version number. The Program (including Contributions) may always be distributed subject to the version of the Agreement under which it was received. In addition, after a new version of the Agreement is published, Contributor may elect to distribute the Program (including its Contributions) under the new version. Except as expressly stated in Sections 2(a) and 2(b) above, Recipient receives no rights or licenses to the intellectual property of any Contributor under this Agreement, whether expressly, by implication, estoppel or otherwise. All rights in the Program not expressly granted under this Agreement are reserved. 
93 | 
94 | This Agreement is governed by the laws of the State of New York and the intellectual property laws of the United States of America. No party to this Agreement will bring a legal action under this Agreement more than one year after the cause of action arose. Each party waives its rights to a jury trial in any resulting litigation.
95 | 


--------------------------------------------------------------------------------
/FilterExample.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wintellect/ProcMonDebugOutput/b9594c00122d3e78a588b77ec445f6261a5a916c/FilterExample.jpeg


--------------------------------------------------------------------------------
/ProcMonShowingTracing.jpeg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wintellect/ProcMonDebugOutput/b9594c00122d3e78a588b77ec445f6261a5a916c/ProcMonShowingTracing.jpeg


--------------------------------------------------------------------------------
/ReadMe.md:
--------------------------------------------------------------------------------
 1 | # See Your Trace Statements in Process Monitor! #
 2 | A few years ago I got together with Mark Russinovich and we implemented a technique to enable developers to push tracing statements to Process Monitor so you can more easily see where you are causing I/O operations. You can read about the initial release of the code [here](http://www.wintellect.com/blogs/jrobbins/see-the-i-o-you-caused-by-getting-your-diagnostic-tracing-into-process-monitor). I'm moving the code to GitHub as that's where all open source code should be. :)
 3 | 
 4 | The ProcMonDebugOutput library supports both native C++ and managed .NET languages as well as 32-bit and 64-bit. 
 5 | 
 6 | ## Building The Code ##
 7 | All the projects are in Visual Studio 2013 format. I'm not using any advanced Premium or Ultimate features so everything should compile even with Visual Studio Express, but I have not tried.
 8 | 
 9 | 1. Open up ProcMonDebugOutput.SLN
10 | 2. Select the Build, Batch Build menu
11 | 3. In the Batch Build dialog, click Select All button
12 | 4. Click the Build button
13 | 
14 | The 32-bit binaries build to .\Source\ReleaseWin32 and .\Source\DebugWin32.
15 | The 64-bit binaries build to .\Source\Releasex64 and .\Source\Debugx64.
16 | 
17 | ## Using with C++ Native Applications ##
18 | For native code, you’ll need to include the header file ProcMonDebugOutput.h and link against ProcMonDebugOutputx86.lib or ProcMonDebugOutputx64.lib as appropriate. The API you’ll call is, appropriately named, *ProcMonDebugOutput* which takes a single parameter of a UNICODE string. Obviously, you’ll need to add ProcMonDebugOutputx86.DLL or ProcMonDebugOutputx64.DLL as part of your distribution. See the .\Source\NativeTest application for an example.
19 | 
20 | ## Using with .NET Applications ##
21 | For managed code, the API is wrapped up into a That means you can add ProcessMonitorTraceListener through [configuration files](http://msdn.microsoft.com/en-us/library/sk36c28t.aspx) like any TraceListener you’ve ever used. With your application you’ll only need to include Sysinternals.Debug.DLL as that's a complete managed implementation of the native API.
22 | 
23 | If you are an aficionado of Log4Net, [Justin Dearing](https://github.com/zippy1981), did the Log4Net appender so you can include Sysinternals.log4net.dll and do all your usual log4net configuration to get it working.
24 | 
25 | See the .\Source\ManagedTest application for a complete example showing both the TraceListener and Log4Net implementations
26 | 
27 | ## Seeing Your Tracing in Process Monitor ##
28 | The tracing statements are reported as Profiling Events so to see them, add ensure the "Show Profiling Events" button is selected (the last one on the toolbar). These events are of Operation type "Debug Output Profiling".
29 | 
30 | The following screen shot shows the tracing of the two sample programs with the filter set to only show tracing events.
31 | ![](ProcMonShowingTracing.jpeg)
32 | 
33 | To filter and see only your tracing statements, set the Process Monitor filtering to "Operation = Debug Output Profiling". Here's an example.
34 | 
35 | ![](FilterExample.jpeg)  
36 | 
37 | ## But I Want to See All OutputDebug/Debug.WriteLine calls in Process Monitor ##
38 | That's not going to happen. When Mark and I discussed adding tracing to Process Monitor, we talked about combining both Process Monitor and Debug View. It was far easier to add the custom interface presented here that to do the major engineering effort to combine the tools. Remember, shipping is a feature!
39 | 
40 | 
41 | 
42 | 


--------------------------------------------------------------------------------
/Source/Include/ProcMonDebugOutput.h:
--------------------------------------------------------------------------------
 1 | /*//////////////////////////////////////////////////////////////////////////////
 2 | // Process Monitor Debug Output Header File
 3 | //
 4 | // History:
 5 | // - April 1, 2010 - Version 1.0 - John Robbins/Wintellect
 6 | //      - Initial release
 7 | // - March 1, 2014 - Version 1.1 - John Robbins/Wintellect
 8 | //      - Fixed an issue in DLL main where the handle could get close too
 9 | //        soon.
10 | //      - Moved the project to VS 2013.
11 | //
12 | //////////////////////////////////////////////////////////////////////////////*/
13 | 
14 | #pragma once
15 | 
16 | #ifdef __cplusplus
17 | extern "C" {
18 | #endif  
19 | 
20 |     /*//////////////////////////////////////////////////////////////////////////////
21 |     // The defines that set up how the functions or classes are exported or
22 |     // imported.
23 |     //////////////////////////////////////////////////////////////////////////////*/
24 | #ifndef PROCMONDEBUGOUTPUT_DLLINTERFACE
25 | #ifdef PROCMONDEBUGOUTPUT_EXPORTS
26 | #define PROCMONDEBUGOUTPUT_DLLINTERFACE __declspec ( dllexport )
27 | #else
28 | #define PROCMONDEBUGOUTPUT_DLLINTERFACE __declspec ( dllimport )
29 | #endif  
30 | #endif  
31 | 
32 | 
33 |     /*//////////////////////////////////////////////////////////////////////////////
34 |     // ProcMonDebugOutput
35 |     //  Sends a string to Process Monitor for display.
36 |     //
37 |     // Parameters:
38 |     //  pszOutputString
39 |     //      The null-terminated wide character string to be displayed.
40 |     //
41 |     // Return Values:
42 |     //  TRUE  - The string was sent to Process Monitor.
43 |     //  FALSE - There was a problem sending the string to Process Monitor. To get
44 |     //          extended error information, call GetLastError to determine the
45 |     //          exact failure.
46 |     //
47 |     // Last Error Codes:
48 |     //  ERROR_INVALID_PARAMETER - The pszOutputString parameter is NULL.
49 |     //  ERROR_WRITE_FAULT       - The Process Monitor driver is loaded but the
50 |     //                            Process Monitor user mode portion is not running.
51 |     //  ERROR_BAD_DRIVER        - The Process Monitor driver is not loaded.
52 |     //////////////////////////////////////////////////////////////////////////////*/
53 |     PROCMONDEBUGOUTPUT_DLLINTERFACE
54 |         _Success_(return == TRUE)
55 |         BOOL __stdcall ProcMonDebugOutput(_In_z_ LPCWSTR pszOutputString);
56 | 
57 | #ifdef __cplusplus
58 | }
59 | #endif  
60 | 


--------------------------------------------------------------------------------
/Source/ManagedTest/App.config:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <configuration>
 3 |   <configSections>
 4 |     <section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net"/>
 5 |   </configSections>
 6 |   <system.diagnostics>
 7 |     <trace autoflush="true" indentsize="0">
 8 |       <listeners>
 9 |         <add name="SysInternalsListener" type="Sysinternals.Debug.ProcessMonitorTraceListener, Sysinternals.Debug"/>
10 |       </listeners>
11 |     </trace>
12 |   </system.diagnostics>
13 |   <log4net>
14 |     <appender name="ProcMon" type="Sysinternals.log4net.ProcMonAppender, Sysinternals.log4net">
15 |       <layout type="log4net.Layout.PatternLayout">
16 |         <conversionPattern value="%-5level %message" />
17 |       </layout>
18 |     </appender>
19 | 
20 |     <root>
21 |       <level value="DEBUG" />
22 |       <appender-ref ref="ProcMon" />
23 |     </root>
24 |   </log4net>
25 | 
26 | </configuration>
27 | 


--------------------------------------------------------------------------------
/Source/ManagedTest/ManagedTest.csproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
  4 |   <PropertyGroup>
  5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
  6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
  7 |     <ProjectGuid>{8D834016-ED7D-416C-B894-259F5BDF6CC6}</ProjectGuid>
  8 |     <OutputType>Exe</OutputType>
  9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
 10 |     <RootNamespace>ManagedTest</RootNamespace>
 11 |     <AssemblyName>ManagedTest</AssemblyName>
 12 |     <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
 13 |     <FileAlignment>512</FileAlignment>
 14 |     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
 15 |     <TargetFrameworkProfile>
 16 |     </TargetFrameworkProfile>
 17 |   </PropertyGroup>
 18 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
 19 |     <PlatformTarget>AnyCPU</PlatformTarget>
 20 |     <DebugSymbols>true</DebugSymbols>
 21 |     <DebugType>full</DebugType>
 22 |     <Optimize>false</Optimize>
 23 |     <OutputPath>bin\Debug\</OutputPath>
 24 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 25 |     <ErrorReport>prompt</ErrorReport>
 26 |     <WarningLevel>4</WarningLevel>
 27 |     <UseVSHostingProcess>false</UseVSHostingProcess>
 28 |   </PropertyGroup>
 29 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
 30 |     <PlatformTarget>AnyCPU</PlatformTarget>
 31 |     <DebugType>pdbonly</DebugType>
 32 |     <Optimize>true</Optimize>
 33 |     <OutputPath>bin\Release\</OutputPath>
 34 |     <DefineConstants>TRACE</DefineConstants>
 35 |     <ErrorReport>prompt</ErrorReport>
 36 |     <WarningLevel>4</WarningLevel>
 37 |     <UseVSHostingProcess>false</UseVSHostingProcess>
 38 |   </PropertyGroup>
 39 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
 40 |     <DebugSymbols>true</DebugSymbols>
 41 |     <OutputPath>..\Debugx64\</OutputPath>
 42 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 43 |     <DebugType>full</DebugType>
 44 |     <PlatformTarget>x64</PlatformTarget>
 45 |     <ErrorReport>prompt</ErrorReport>
 46 |     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
 47 |     <Prefer32Bit>true</Prefer32Bit>
 48 |     <UseVSHostingProcess>false</UseVSHostingProcess>
 49 |   </PropertyGroup>
 50 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
 51 |     <OutputPath>..\Releasex64\</OutputPath>
 52 |     <DefineConstants>TRACE</DefineConstants>
 53 |     <Optimize>true</Optimize>
 54 |     <DebugType>pdbonly</DebugType>
 55 |     <PlatformTarget>x64</PlatformTarget>
 56 |     <ErrorReport>prompt</ErrorReport>
 57 |     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
 58 |     <Prefer32Bit>true</Prefer32Bit>
 59 |     <UseVSHostingProcess>false</UseVSHostingProcess>
 60 |   </PropertyGroup>
 61 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x86'">
 62 |     <DebugSymbols>true</DebugSymbols>
 63 |     <OutputPath>..\DebugWin32\</OutputPath>
 64 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
 65 |     <DebugType>full</DebugType>
 66 |     <PlatformTarget>x86</PlatformTarget>
 67 |     <ErrorReport>prompt</ErrorReport>
 68 |     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
 69 |     <Prefer32Bit>true</Prefer32Bit>
 70 |     <UseVSHostingProcess>false</UseVSHostingProcess>
 71 |   </PropertyGroup>
 72 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x86'">
 73 |     <OutputPath>..\ReleaseWin32\</OutputPath>
 74 |     <DefineConstants>TRACE</DefineConstants>
 75 |     <Optimize>true</Optimize>
 76 |     <DebugType>pdbonly</DebugType>
 77 |     <PlatformTarget>x86</PlatformTarget>
 78 |     <ErrorReport>prompt</ErrorReport>
 79 |     <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
 80 |     <Prefer32Bit>true</Prefer32Bit>
 81 |     <UseVSHostingProcess>false</UseVSHostingProcess>
 82 |   </PropertyGroup>
 83 |   <ItemGroup>
 84 |     <Reference Include="log4net, Version=1.2.13.0, Culture=neutral, PublicKeyToken=669e0ddf0bb1aa2a, processorArchitecture=MSIL">
 85 |       <SpecificVersion>False</SpecificVersion>
 86 |       <HintPath>..\packages\log4net.2.0.3\lib\net20-full\log4net.dll</HintPath>
 87 |     </Reference>
 88 |     <Reference Include="System" />
 89 |   </ItemGroup>
 90 |   <ItemGroup>
 91 |     <Compile Include="Program.cs" />
 92 |     <Compile Include="Properties\AssemblyInfo.cs" />
 93 |   </ItemGroup>
 94 |   <ItemGroup>
 95 |     <None Include="App.config" />
 96 |     <None Include="packages.config" />
 97 |   </ItemGroup>
 98 |   <ItemGroup>
 99 |     <ProjectReference Include="..\Sysinternals.log4net\Sysinternals.log4net.csproj">
100 |       <Project>{b276cb46-42a1-4cf8-a0bd-7de40230764e}</Project>
101 |       <Name>Sysinternals.log4net</Name>
102 |     </ProjectReference>
103 |   </ItemGroup>
104 |   <ItemGroup>
105 |     <ProjectReference Include="..\Sysinternals.Debug\Sysinternals.Debug.csproj">
106 |       <Project>{fb1d522e-1acb-49dd-93d4-123e6ea13aed}</Project>
107 |       <Name>Sysinternals.Debug</Name>
108 |     </ProjectReference>
109 |   </ItemGroup>
110 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
111 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
112 |        Other similar extension points exist, see Microsoft.Common.targets.
113 |   <Target Name="BeforeBuild">
114 |   </Target>
115 |   <Target Name="AfterBuild">
116 |   </Target>
117 |   -->
118 | </Project>


--------------------------------------------------------------------------------
/Source/ManagedTest/Program.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Collections.Generic;
 3 | using System.Reflection;
 4 | using System.Text;
 5 | using System.Diagnostics;
 6 | 
 7 | using log4net;
 8 | using log4net.Appender;
 9 | using log4net.Core;
10 | using log4net.Repository.Hierarchy;
11 | using Sysinternals.log4net;
12 | 
13 | namespace ManagedTest
14 | {
15 |     class Program
16 |     {
17 |         static void Main(string[] args)
18 |         {
19 |             /*
20 |             Hierarchy hierarchy = (Hierarchy)LogManager.GetRepository();
21 |             hierarchy.Root.AddAppender(new ColoredConsoleAppender());
22 |             hierarchy.Root.AddAppender(new ProcMonAppender());
23 |             hierarchy.Root.Level = Level.Debug;
24 |             hierarchy.Configured = true;
25 |             */
26 |             ILog _logger = LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
27 |             Debug.Listeners.Remove("Default");
28 | 
29 |             StringBuilder sb = new StringBuilder(100);
30 |             for (int i = 0; i < 20; i++)
31 |             {
32 |                 sb.Length = 0;
33 |                 sb.AppendFormat("ProcMon Debug Out Test # {0}", i);
34 |                 Trace.Write(sb.ToString());
35 | 
36 |                 if (i%2 == 0)
37 |                 {
38 |                     _logger.DebugFormat("ProcMon log4net Out Test # {0}", i);
39 |                 }
40 |                 else if (i%3 == 0)
41 |                 {
42 |                     _logger.InfoFormat("ProcMon log4net Out Test # {0}", i);
43 |                 }
44 |                 else if (i%5 == 0)
45 |                 {
46 |                     _logger.WarnFormat("ProcMon log4net Out Test # {0}", i);
47 |                 }
48 |                 else
49 |                 {
50 |                     _logger.ErrorFormat("ProcMon log4net Out Test # {0}", i);
51 |                 }
52 |             }
53 |         }
54 |     }
55 | }
56 | 


--------------------------------------------------------------------------------
/Source/ManagedTest/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System.Reflection;
 2 | using System.Runtime.CompilerServices;
 3 | using System.Runtime.InteropServices;
 4 | 
 5 | // General Information about an assembly is controlled through the following 
 6 | // set of attributes. Change these attribute values to modify the information
 7 | // associated with an assembly.
 8 | using log4net.Config;
 9 | 
10 | [assembly: AssemblyTitle("ManagedTest")]
11 | [assembly: AssemblyDescription("")]
12 | [assembly: AssemblyConfiguration("")]
13 | [assembly: AssemblyCompany("")]
14 | [assembly: AssemblyProduct("ManagedTest")]
15 | [assembly: AssemblyCopyright("Copyright ©  2014")]
16 | [assembly: AssemblyTrademark("")]
17 | [assembly: AssemblyCulture("")]
18 | 
19 | // Setting ComVisible to false makes the types in this assembly not visible 
20 | // to COM components.  If you need to access a type in this assembly from 
21 | // COM, set the ComVisible attribute to true on that type.
22 | [assembly: ComVisible(false)]
23 | 
24 | // The following GUID is for the ID of the typelib if this project is exposed to COM
25 | [assembly: Guid("e41f259c-3367-451c-a0cf-a92809991f37")]
26 | 
27 | // Version information for an assembly consists of the following four values:
28 | //
29 | //      Major Version
30 | //      Minor Version 
31 | //      Build Number
32 | //      Revision
33 | //
34 | // You can specify all the values or you can default the Build and Revision Numbers 
35 | // by using the '*' as shown below:
36 | // [assembly: AssemblyVersion("1.0.*")]
37 | [assembly: AssemblyVersion("1.0.0.0")]
38 | [assembly: AssemblyFileVersion("1.0.0.0")]
39 | 
40 | // Read the log4net config from the app.config
41 | [assembly:XmlConfigurator(Watch = false)]


--------------------------------------------------------------------------------
/Source/ManagedTest/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="log4net" version="2.0.3" targetFramework="net20" />
4 | </packages>


--------------------------------------------------------------------------------
/Source/NativeTest/NativeTest.cpp:
--------------------------------------------------------------------------------
 1 | // NativeTest.cpp : Defines the entry point for the console application.
 2 | //
 3 | 
 4 | #include "stdafx.h"
 5 | #include "ProcMonDebugOutput.h"
 6 | 
 7 | 
 8 | int _tmain(void)
 9 | {
10 |     WCHAR szText[100];
11 |     for (int i = 0; i < 20; i++)
12 |     {
13 |         _stprintf_s(szText,
14 |                     _countof(szText),
15 |                     L"ProcMon Debug Out Test # %d",
16 |                     i);
17 |         BOOL bRet = ProcMonDebugOutput(szText);
18 |         if (TRUE == bRet)
19 |         {
20 |             _tprintf(L"Wrote %d\n", i);
21 |         }
22 |         else
23 |         {
24 |             _tprintf(L"error 0x%x\n", GetLastError());
25 |         }
26 |         ::Sleep(500);
27 |     }
28 |     return (0);
29 | }
30 | 
31 | 


--------------------------------------------------------------------------------
/Source/NativeTest/NativeTest.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Debug|x64">
  9 |       <Configuration>Debug</Configuration>
 10 |       <Platform>x64</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Release|Win32">
 13 |       <Configuration>Release</Configuration>
 14 |       <Platform>Win32</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{C2944A24-633E-4006-8000-CA00A47737DE}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>NativeTest</RootNamespace>
 25 |   </PropertyGroup>
 26 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 27 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 28 |     <ConfigurationType>Application</ConfigurationType>
 29 |     <UseDebugLibraries>true</UseDebugLibraries>
 30 |     <PlatformToolset>v120</PlatformToolset>
 31 |     <CharacterSet>Unicode</CharacterSet>
 32 |   </PropertyGroup>
 33 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 34 |     <ConfigurationType>Application</ConfigurationType>
 35 |     <UseDebugLibraries>true</UseDebugLibraries>
 36 |     <PlatformToolset>v120</PlatformToolset>
 37 |     <CharacterSet>Unicode</CharacterSet>
 38 |   </PropertyGroup>
 39 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 40 |     <ConfigurationType>Application</ConfigurationType>
 41 |     <UseDebugLibraries>false</UseDebugLibraries>
 42 |     <PlatformToolset>v120</PlatformToolset>
 43 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 44 |     <CharacterSet>Unicode</CharacterSet>
 45 |   </PropertyGroup>
 46 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 47 |     <ConfigurationType>Application</ConfigurationType>
 48 |     <UseDebugLibraries>false</UseDebugLibraries>
 49 |     <PlatformToolset>v120</PlatformToolset>
 50 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 51 |     <CharacterSet>Unicode</CharacterSet>
 52 |   </PropertyGroup>
 53 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 54 |   <ImportGroup Label="ExtensionSettings">
 55 |   </ImportGroup>
 56 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 57 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 58 |   </ImportGroup>
 59 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
 60 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 63 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 64 |   </ImportGroup>
 65 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
 66 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 67 |   </ImportGroup>
 68 |   <PropertyGroup Label="UserMacros" />
 69 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 70 |     <LinkIncremental>true</LinkIncremental>
 71 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 72 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 73 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 74 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 75 |   </PropertyGroup>
 76 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 77 |     <LinkIncremental>true</LinkIncremental>
 78 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 79 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 80 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 81 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 82 |   </PropertyGroup>
 83 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 84 |     <LinkIncremental>false</LinkIncremental>
 85 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 86 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 87 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 88 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 89 |   </PropertyGroup>
 90 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 91 |     <LinkIncremental>false</LinkIncremental>
 92 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 93 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 94 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 95 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 96 |   </PropertyGroup>
 97 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 98 |     <ClCompile>
 99 |       <PrecompiledHeader>Use</PrecompiledHeader>
100 |       <WarningLevel>Level4</WarningLevel>
101 |       <Optimization>Disabled</Optimization>
102 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
103 |       <SDLCheck>true</SDLCheck>
104 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
105 |       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
106 |       <TreatWarningAsError>true</TreatWarningAsError>
107 |       <EnablePREfast>true</EnablePREfast>
108 |     </ClCompile>
109 |     <Link>
110 |       <SubSystem>Console</SubSystem>
111 |       <GenerateDebugInformation>true</GenerateDebugInformation>
112 |       <AdditionalLibraryDirectories>$(OutDir)</AdditionalLibraryDirectories>
113 |       <AdditionalDependencies>ProcMonDebugOutput$(Platform).lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
114 |     </Link>
115 |   </ItemDefinitionGroup>
116 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
117 |     <ClCompile>
118 |       <PrecompiledHeader>Use</PrecompiledHeader>
119 |       <WarningLevel>Level4</WarningLevel>
120 |       <Optimization>Disabled</Optimization>
121 |       <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
122 |       <SDLCheck>true</SDLCheck>
123 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
124 |       <TreatWarningAsError>true</TreatWarningAsError>
125 |       <EnablePREfast>true</EnablePREfast>
126 |     </ClCompile>
127 |     <Link>
128 |       <SubSystem>Console</SubSystem>
129 |       <GenerateDebugInformation>true</GenerateDebugInformation>
130 |       <AdditionalLibraryDirectories>$(OutDir)</AdditionalLibraryDirectories>
131 |       <AdditionalDependencies>ProcMonDebugOutput$(Platform).lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
132 |     </Link>
133 |   </ItemDefinitionGroup>
134 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
135 |     <ClCompile>
136 |       <WarningLevel>Level4</WarningLevel>
137 |       <PrecompiledHeader>Use</PrecompiledHeader>
138 |       <Optimization>MaxSpeed</Optimization>
139 |       <FunctionLevelLinking>true</FunctionLevelLinking>
140 |       <IntrinsicFunctions>true</IntrinsicFunctions>
141 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
142 |       <SDLCheck>true</SDLCheck>
143 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
144 |       <TreatWarningAsError>true</TreatWarningAsError>
145 |       <EnablePREfast>true</EnablePREfast>
146 |     </ClCompile>
147 |     <Link>
148 |       <SubSystem>Console</SubSystem>
149 |       <GenerateDebugInformation>true</GenerateDebugInformation>
150 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
151 |       <OptimizeReferences>true</OptimizeReferences>
152 |       <AdditionalLibraryDirectories>$(OutDir)</AdditionalLibraryDirectories>
153 |       <AdditionalDependencies>ProcMonDebugOutput$(Platform).lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
154 |     </Link>
155 |   </ItemDefinitionGroup>
156 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
157 |     <ClCompile>
158 |       <WarningLevel>Level4</WarningLevel>
159 |       <PrecompiledHeader>Use</PrecompiledHeader>
160 |       <Optimization>MaxSpeed</Optimization>
161 |       <FunctionLevelLinking>true</FunctionLevelLinking>
162 |       <IntrinsicFunctions>true</IntrinsicFunctions>
163 |       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
164 |       <SDLCheck>true</SDLCheck>
165 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
166 |       <TreatWarningAsError>true</TreatWarningAsError>
167 |       <EnablePREfast>true</EnablePREfast>
168 |     </ClCompile>
169 |     <Link>
170 |       <SubSystem>Console</SubSystem>
171 |       <GenerateDebugInformation>true</GenerateDebugInformation>
172 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
173 |       <OptimizeReferences>true</OptimizeReferences>
174 |       <AdditionalLibraryDirectories>$(OutDir)</AdditionalLibraryDirectories>
175 |       <AdditionalDependencies>ProcMonDebugOutput$(Platform).lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
176 |     </Link>
177 |   </ItemDefinitionGroup>
178 |   <ItemGroup>
179 |     <Text Include="ReadMe.txt" />
180 |   </ItemGroup>
181 |   <ItemGroup>
182 |     <ClInclude Include="stdafx.h" />
183 |     <ClInclude Include="targetver.h" />
184 |   </ItemGroup>
185 |   <ItemGroup>
186 |     <ClCompile Include="NativeTest.cpp" />
187 |     <ClCompile Include="stdafx.cpp">
188 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
189 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
190 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
191 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
192 |     </ClCompile>
193 |   </ItemGroup>
194 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
195 |   <ImportGroup Label="ExtensionTargets">
196 |   </ImportGroup>
197 | </Project>


--------------------------------------------------------------------------------
/Source/NativeTest/NativeTest.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <Text Include="ReadMe.txt" />
19 |   </ItemGroup>
20 |   <ItemGroup>
21 |     <ClInclude Include="stdafx.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="targetver.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |   </ItemGroup>
28 |   <ItemGroup>
29 |     <ClCompile Include="stdafx.cpp">
30 |       <Filter>Source Files</Filter>
31 |     </ClCompile>
32 |     <ClCompile Include="NativeTest.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |   </ItemGroup>
36 | </Project>


--------------------------------------------------------------------------------
/Source/NativeTest/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // NativeTest.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/Source/NativeTest/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #include <stdio.h>
11 | #include <tchar.h>
12 | #include <windows.h>
13 | 
14 | 
15 | 
16 | // TODO: reference additional headers your program requires here
17 | 


--------------------------------------------------------------------------------
/Source/NativeTest/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput.sln:
--------------------------------------------------------------------------------
  1 | 
  2 | Microsoft Visual Studio Solution File, Format Version 12.00
  3 | # Visual Studio 2013
  4 | VisualStudioVersion = 12.0.30110.0
  5 | MinimumVisualStudioVersion = 10.0.40219.1
  6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ProcMonDebugOutput", "ProcMonDebugOutput\ProcMonDebugOutput.vcxproj", "{67431913-19A9-4C9E-8DE4-C56939F8324B}"
  7 | EndProject
  8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "NativeTest", "NativeTest\NativeTest.vcxproj", "{C2944A24-633E-4006-8000-CA00A47737DE}"
  9 | 	ProjectSection(ProjectDependencies) = postProject
 10 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B} = {67431913-19A9-4C9E-8DE4-C56939F8324B}
 11 | 	EndProjectSection
 12 | EndProject
 13 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sysinternals.Debug", "Sysinternals.Debug\Sysinternals.Debug.csproj", "{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}"
 14 | EndProject
 15 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ManagedTest", "ManagedTest\ManagedTest.csproj", "{8D834016-ED7D-416C-B894-259F5BDF6CC6}"
 16 | EndProject
 17 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Sysinternals.log4net", "Sysinternals.log4net\Sysinternals.log4net.csproj", "{B276CB46-42A1-4CF8-A0BD-7DE40230764E}"
 18 | EndProject
 19 | Global
 20 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 21 | 		Debug|Any CPU = Debug|Any CPU
 22 | 		Debug|Mixed Platforms = Debug|Mixed Platforms
 23 | 		Debug|Win32 = Debug|Win32
 24 | 		Debug|x64 = Debug|x64
 25 | 		Debug|x86 = Debug|x86
 26 | 		Release|Any CPU = Release|Any CPU
 27 | 		Release|Mixed Platforms = Release|Mixed Platforms
 28 | 		Release|Win32 = Release|Win32
 29 | 		Release|x64 = Release|x64
 30 | 		Release|x86 = Release|x86
 31 | 	EndGlobalSection
 32 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 33 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|Any CPU.ActiveCfg = Debug|Win32
 34 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
 35 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|Mixed Platforms.Build.0 = Debug|Win32
 36 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|Win32.ActiveCfg = Debug|Win32
 37 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|Win32.Build.0 = Debug|Win32
 38 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|x64.ActiveCfg = Debug|x64
 39 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|x64.Build.0 = Debug|x64
 40 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|x86.ActiveCfg = Debug|Win32
 41 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Debug|x86.Build.0 = Debug|Win32
 42 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|Any CPU.ActiveCfg = Release|Win32
 43 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|Mixed Platforms.ActiveCfg = Release|Win32
 44 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|Mixed Platforms.Build.0 = Release|Win32
 45 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|Win32.ActiveCfg = Release|Win32
 46 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|Win32.Build.0 = Release|Win32
 47 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|x64.ActiveCfg = Release|x64
 48 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|x64.Build.0 = Release|x64
 49 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|x86.ActiveCfg = Release|Win32
 50 | 		{67431913-19A9-4C9E-8DE4-C56939F8324B}.Release|x86.Build.0 = Release|Win32
 51 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|Any CPU.ActiveCfg = Debug|Win32
 52 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32
 53 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|Mixed Platforms.Build.0 = Debug|Win32
 54 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|Win32.ActiveCfg = Debug|Win32
 55 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|Win32.Build.0 = Debug|Win32
 56 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|x64.ActiveCfg = Debug|x64
 57 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|x64.Build.0 = Debug|x64
 58 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|x86.ActiveCfg = Debug|Win32
 59 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Debug|x86.Build.0 = Debug|Win32
 60 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|Any CPU.ActiveCfg = Release|Win32
 61 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|Mixed Platforms.ActiveCfg = Release|Win32
 62 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|Mixed Platforms.Build.0 = Release|Win32
 63 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|Win32.ActiveCfg = Release|Win32
 64 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|Win32.Build.0 = Release|Win32
 65 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|x64.ActiveCfg = Release|x64
 66 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|x64.Build.0 = Release|x64
 67 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|x86.ActiveCfg = Release|Win32
 68 | 		{C2944A24-633E-4006-8000-CA00A47737DE}.Release|x86.Build.0 = Release|Win32
 69 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 70 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|Any CPU.Build.0 = Debug|Any CPU
 71 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
 72 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
 73 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|Win32.ActiveCfg = Debug|Any CPU
 74 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|Win32.Build.0 = Debug|Any CPU
 75 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|x64.ActiveCfg = Debug|Any CPU
 76 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|x64.Build.0 = Debug|Any CPU
 77 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Debug|x86.ActiveCfg = Debug|Any CPU
 78 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|Any CPU.ActiveCfg = Release|Any CPU
 79 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|Any CPU.Build.0 = Release|Any CPU
 80 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
 81 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|Mixed Platforms.Build.0 = Release|Any CPU
 82 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|Win32.ActiveCfg = Release|Any CPU
 83 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|Win32.Build.0 = Release|Any CPU
 84 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|x64.ActiveCfg = Release|Any CPU
 85 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|x64.Build.0 = Release|Any CPU
 86 | 		{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}.Release|x86.ActiveCfg = Release|Any CPU
 87 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 88 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|Any CPU.Build.0 = Debug|Any CPU
 89 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|Mixed Platforms.ActiveCfg = Debug|x86
 90 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|Mixed Platforms.Build.0 = Debug|x86
 91 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|Win32.ActiveCfg = Debug|x86
 92 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|Win32.Build.0 = Debug|x86
 93 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|x64.ActiveCfg = Debug|x64
 94 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|x64.Build.0 = Debug|x64
 95 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|x86.ActiveCfg = Debug|x86
 96 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Debug|x86.Build.0 = Debug|x86
 97 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|Any CPU.ActiveCfg = Release|Any CPU
 98 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|Any CPU.Build.0 = Release|Any CPU
 99 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|Mixed Platforms.ActiveCfg = Release|x86
100 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|Mixed Platforms.Build.0 = Release|x86
101 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|Win32.ActiveCfg = Release|x86
102 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|Win32.Build.0 = Release|x86
103 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|x64.ActiveCfg = Release|x64
104 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|x64.Build.0 = Release|x64
105 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|x86.ActiveCfg = Release|x86
106 | 		{8D834016-ED7D-416C-B894-259F5BDF6CC6}.Release|x86.Build.0 = Release|x86
107 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
108 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|Any CPU.Build.0 = Debug|Any CPU
109 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|Mixed Platforms.ActiveCfg = Debug|Any CPU
110 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|Mixed Platforms.Build.0 = Debug|Any CPU
111 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|Win32.ActiveCfg = Debug|Any CPU
112 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|x64.ActiveCfg = Debug|Any CPU
113 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Debug|x86.ActiveCfg = Debug|Any CPU
114 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|Any CPU.ActiveCfg = Release|Any CPU
115 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|Any CPU.Build.0 = Release|Any CPU
116 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|Mixed Platforms.ActiveCfg = Release|Any CPU
117 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|Mixed Platforms.Build.0 = Release|Any CPU
118 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|Win32.ActiveCfg = Release|Any CPU
119 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|x64.ActiveCfg = Release|Any CPU
120 | 		{B276CB46-42A1-4CF8-A0BD-7DE40230764E}.Release|x86.ActiveCfg = Release|Any CPU
121 | 	EndGlobalSection
122 | 	GlobalSection(SolutionProperties) = preSolution
123 | 		HideSolutionNode = FALSE
124 | 	EndGlobalSection
125 | EndGlobal
126 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/ProcMonDebugOutput.cpp:
--------------------------------------------------------------------------------
  1 | 
  2 | #include "stdafx.h"
  3 | #include "ProcMonDebugOutput.h"
  4 | 
  5 | #define FILE_DEVICE_PROCMON_LOG     0x00009535
  6 | #define IOCTL_EXTERNAL_LOG_DEBUGOUT	(ULONG) CTL_CODE(FILE_DEVICE_PROCMON_LOG ,\
  7 |                                                      0x81                    ,\
  8 |                                                      METHOD_BUFFERED         ,\
  9 |                                                      FILE_WRITE_ACCESS        )
 10 | 
 11 | // The global file handle to the Process Monitor device.
 12 | static HANDLE g_hDevice = INVALID_HANDLE_VALUE;
 13 | 
 14 | // Anonymous namespace for private helpers
 15 | namespace {
 16 | 
 17 |     HANDLE OpenProcessMonitorLogger()
 18 |     {
 19 |         if (INVALID_HANDLE_VALUE == g_hDevice)
 20 |         {
 21 |             // I'm attempting the open every time because the user could start 
 22 |             // Process Monitor after their process.
 23 |             g_hDevice = ::CreateFile(L"\\\\.\\Global\\ProcmonDebugLogger",
 24 |                                      GENERIC_WRITE,
 25 |                                      FILE_SHARE_WRITE,
 26 |                                      nullptr,
 27 |                                      OPEN_EXISTING,
 28 |                                      FILE_ATTRIBUTE_NORMAL,
 29 |                                      nullptr);
 30 |         }
 31 |         return g_hDevice;
 32 |     }
 33 | 
 34 |     void CloseProcessMonitorLogger()
 35 |     {
 36 |         if (INVALID_HANDLE_VALUE != g_hDevice)
 37 |         {
 38 |             ::CloseHandle(g_hDevice);
 39 |             g_hDevice = INVALID_HANDLE_VALUE;
 40 |         }
 41 |     }
 42 | 
 43 |     // Used to pass strings to legacy C APIs expecting a raw void* pointer.
 44 |     inline void* StringToPVoid(PCWSTR psz)
 45 |     {
 46 |         return reinterpret_cast<void *>(const_cast<wchar_t*>(psz));
 47 |     }
 48 | 
 49 | } // anonymous namespace
 50 | 
 51 | 
 52 | PROCMONDEBUGOUTPUT_DLLINTERFACE _Success_(return == TRUE)
 53 | BOOL __stdcall ProcMonDebugOutput(_In_z_ LPCWSTR pszOutputString)
 54 | {
 55 |     BOOL bRet = FALSE;
 56 | 
 57 |     if (nullptr == pszOutputString)
 58 |     {
 59 |         ::SetLastError(ERROR_INVALID_PARAMETER);
 60 |         bRet = FALSE;
 61 |     }
 62 |     else
 63 |     {
 64 |         HANDLE hProcMon = OpenProcessMonitorLogger();
 65 |         if (INVALID_HANDLE_VALUE != hProcMon)
 66 |         {
 67 |             DWORD iLen = static_cast<DWORD>(wcslen(pszOutputString) * sizeof (WCHAR));
 68 |             DWORD iOutLen = 0;
 69 |             bRet = ::DeviceIoControl(hProcMon,
 70 |                                      IOCTL_EXTERNAL_LOG_DEBUGOUT,
 71 |                                      StringToPVoid(pszOutputString),
 72 |                                      iLen,
 73 |                                      nullptr,
 74 |                                      0,
 75 |                                      &iOutLen,
 76 |                                      nullptr);
 77 |             if (FALSE == bRet)
 78 |             {
 79 |                 DWORD dwLastError = ::GetLastError();
 80 |                 if (ERROR_INVALID_PARAMETER == dwLastError)
 81 |                 {
 82 |                     // The driver is loaded but the user mode Process Monitor
 83 |                     // program is not running so turn the last error into a 
 84 |                     // write failure.
 85 |                     ::SetLastError(ERROR_WRITE_FAULT);
 86 |                 }
 87 |             }
 88 |         }
 89 |         else
 90 |         {
 91 |             // Process Monitor isn't loaded.
 92 |             ::SetLastError(ERROR_BAD_DRIVER);
 93 |             bRet = FALSE;
 94 |         }
 95 |     }
 96 |     return bRet;
 97 | }
 98 | 
 99 | BOOL APIENTRY DllMain(HMODULE /*hModule*/,
100 |                       DWORD   ul_reason_for_call,
101 |                       LPVOID  /*lpReserved*/)
102 | {
103 |     switch (ul_reason_for_call)
104 |     {
105 |     case DLL_PROCESS_ATTACH:
106 |     case DLL_THREAD_ATTACH:
107 |     case DLL_THREAD_DETACH:
108 |         break;
109 |     case DLL_PROCESS_DETACH:
110 |         // Close the handle to the driver.
111 |         CloseProcessMonitorLogger();
112 |         break;
113 |     }
114 |     return TRUE;
115 | }
116 | 
117 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/ProcMonDebugOutput.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wintellect/ProcMonDebugOutput/b9594c00122d3e78a588b77ec445f6261a5a916c/Source/ProcMonDebugOutput/ProcMonDebugOutput.rc


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/ProcMonDebugOutput.vcxproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <Project DefaultTargets="Build" ToolsVersion="12.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  3 |   <ItemGroup Label="ProjectConfigurations">
  4 |     <ProjectConfiguration Include="Debug|Win32">
  5 |       <Configuration>Debug</Configuration>
  6 |       <Platform>Win32</Platform>
  7 |     </ProjectConfiguration>
  8 |     <ProjectConfiguration Include="Debug|x64">
  9 |       <Configuration>Debug</Configuration>
 10 |       <Platform>x64</Platform>
 11 |     </ProjectConfiguration>
 12 |     <ProjectConfiguration Include="Release|Win32">
 13 |       <Configuration>Release</Configuration>
 14 |       <Platform>Win32</Platform>
 15 |     </ProjectConfiguration>
 16 |     <ProjectConfiguration Include="Release|x64">
 17 |       <Configuration>Release</Configuration>
 18 |       <Platform>x64</Platform>
 19 |     </ProjectConfiguration>
 20 |   </ItemGroup>
 21 |   <PropertyGroup Label="Globals">
 22 |     <ProjectGuid>{67431913-19A9-4C9E-8DE4-C56939F8324B}</ProjectGuid>
 23 |     <Keyword>Win32Proj</Keyword>
 24 |     <RootNamespace>ProcMonDebugOutput</RootNamespace>
 25 |   </PropertyGroup>
 26 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
 27 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
 28 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 29 |     <UseDebugLibraries>true</UseDebugLibraries>
 30 |     <PlatformToolset>v120</PlatformToolset>
 31 |     <CharacterSet>Unicode</CharacterSet>
 32 |   </PropertyGroup>
 33 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
 34 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 35 |     <UseDebugLibraries>true</UseDebugLibraries>
 36 |     <PlatformToolset>v120</PlatformToolset>
 37 |     <CharacterSet>Unicode</CharacterSet>
 38 |   </PropertyGroup>
 39 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
 40 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 41 |     <UseDebugLibraries>false</UseDebugLibraries>
 42 |     <PlatformToolset>v120</PlatformToolset>
 43 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 44 |     <CharacterSet>Unicode</CharacterSet>
 45 |   </PropertyGroup>
 46 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
 47 |     <ConfigurationType>DynamicLibrary</ConfigurationType>
 48 |     <UseDebugLibraries>false</UseDebugLibraries>
 49 |     <PlatformToolset>v120</PlatformToolset>
 50 |     <WholeProgramOptimization>true</WholeProgramOptimization>
 51 |     <CharacterSet>Unicode</CharacterSet>
 52 |   </PropertyGroup>
 53 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
 54 |   <ImportGroup Label="ExtensionSettings">
 55 |   </ImportGroup>
 56 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 57 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 58 |   </ImportGroup>
 59 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
 60 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 61 |   </ImportGroup>
 62 |   <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 63 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 64 |   </ImportGroup>
 65 |   <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
 66 |     <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
 67 |   </ImportGroup>
 68 |   <PropertyGroup Label="UserMacros" />
 69 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
 70 |     <LinkIncremental>true</LinkIncremental>
 71 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 72 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 73 |     <TargetName>$(ProjectName)$(Platform)</TargetName>
 74 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 75 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 76 |   </PropertyGroup>
 77 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
 78 |     <LinkIncremental>true</LinkIncremental>
 79 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 80 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 81 |     <TargetName>$(ProjectName)$(Platform)</TargetName>
 82 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 83 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 84 |   </PropertyGroup>
 85 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
 86 |     <LinkIncremental>false</LinkIncremental>
 87 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 88 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 89 |     <TargetName>$(ProjectName)$(Platform)</TargetName>
 90 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 91 |     <RunCodeAnalysis>true</RunCodeAnalysis>
 92 |   </PropertyGroup>
 93 |   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
 94 |     <LinkIncremental>false</LinkIncremental>
 95 |     <OutDir>..\$(Configuration)$(Platform)\</OutDir>
 96 |     <IntDir>$(Configuration)$(Platform)\</IntDir>
 97 |     <TargetName>$(ProjectName)$(Platform)</TargetName>
 98 |     <CodeAnalysisRuleSet>AllRules.ruleset</CodeAnalysisRuleSet>
 99 |     <RunCodeAnalysis>true</RunCodeAnalysis>
100 |   </PropertyGroup>
101 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
102 |     <ClCompile>
103 |       <PrecompiledHeader>Use</PrecompiledHeader>
104 |       <WarningLevel>Level4</WarningLevel>
105 |       <Optimization>Disabled</Optimization>
106 |       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;PROCMONDEBUGOUTPUT_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
107 |       <SDLCheck>true</SDLCheck>
108 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
109 |       <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
110 |       <TreatWarningAsError>true</TreatWarningAsError>
111 |       <EnablePREfast>true</EnablePREfast>
112 |     </ClCompile>
113 |     <Link>
114 |       <SubSystem>Windows</SubSystem>
115 |       <GenerateDebugInformation>true</GenerateDebugInformation>
116 |       <ModuleDefinitionFile>ProcMonDebugOutputWIN32.def</ModuleDefinitionFile>
117 |     </Link>
118 |   </ItemDefinitionGroup>
119 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
120 |     <ClCompile>
121 |       <PrecompiledHeader>Use</PrecompiledHeader>
122 |       <WarningLevel>Level4</WarningLevel>
123 |       <Optimization>Disabled</Optimization>
124 |       <PreprocessorDefinitions>WIN32;_DEBUG;_WINDOWS;_USRDLL;PROCMONDEBUGOUTPUT_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
125 |       <SDLCheck>true</SDLCheck>
126 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
127 |       <TreatWarningAsError>true</TreatWarningAsError>
128 |       <EnablePREfast>true</EnablePREfast>
129 |     </ClCompile>
130 |     <Link>
131 |       <SubSystem>Windows</SubSystem>
132 |       <GenerateDebugInformation>true</GenerateDebugInformation>
133 |       <ModuleDefinitionFile>
134 |       </ModuleDefinitionFile>
135 |     </Link>
136 |   </ItemDefinitionGroup>
137 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
138 |     <ClCompile>
139 |       <WarningLevel>Level4</WarningLevel>
140 |       <PrecompiledHeader>Use</PrecompiledHeader>
141 |       <Optimization>MaxSpeed</Optimization>
142 |       <FunctionLevelLinking>true</FunctionLevelLinking>
143 |       <IntrinsicFunctions>true</IntrinsicFunctions>
144 |       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;PROCMONDEBUGOUTPUT_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
145 |       <SDLCheck>true</SDLCheck>
146 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
147 |       <TreatWarningAsError>true</TreatWarningAsError>
148 |       <EnablePREfast>true</EnablePREfast>
149 |     </ClCompile>
150 |     <Link>
151 |       <SubSystem>Windows</SubSystem>
152 |       <GenerateDebugInformation>true</GenerateDebugInformation>
153 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
154 |       <OptimizeReferences>true</OptimizeReferences>
155 |       <ModuleDefinitionFile>ProcMonDebugOutputWIN32.def</ModuleDefinitionFile>
156 |     </Link>
157 |   </ItemDefinitionGroup>
158 |   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
159 |     <ClCompile>
160 |       <WarningLevel>Level4</WarningLevel>
161 |       <PrecompiledHeader>Use</PrecompiledHeader>
162 |       <Optimization>MaxSpeed</Optimization>
163 |       <FunctionLevelLinking>true</FunctionLevelLinking>
164 |       <IntrinsicFunctions>true</IntrinsicFunctions>
165 |       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;PROCMONDEBUGOUTPUT_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
166 |       <SDLCheck>true</SDLCheck>
167 |       <AdditionalIncludeDirectories>..\Include</AdditionalIncludeDirectories>
168 |       <TreatWarningAsError>true</TreatWarningAsError>
169 |       <EnablePREfast>true</EnablePREfast>
170 |     </ClCompile>
171 |     <Link>
172 |       <SubSystem>Windows</SubSystem>
173 |       <GenerateDebugInformation>true</GenerateDebugInformation>
174 |       <EnableCOMDATFolding>true</EnableCOMDATFolding>
175 |       <OptimizeReferences>true</OptimizeReferences>
176 |       <ModuleDefinitionFile>
177 |       </ModuleDefinitionFile>
178 |     </Link>
179 |   </ItemDefinitionGroup>
180 |   <ItemGroup>
181 |     <ClInclude Include="..\Include\ProcMonDebugOutput.h" />
182 |     <ClInclude Include="resource.h" />
183 |     <ClInclude Include="stdafx.h" />
184 |     <ClInclude Include="targetver.h" />
185 |   </ItemGroup>
186 |   <ItemGroup>
187 |     <ClCompile Include="ProcMonDebugOutput.cpp" />
188 |     <ClCompile Include="stdafx.cpp">
189 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">Create</PrecompiledHeader>
190 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">Create</PrecompiledHeader>
191 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">Create</PrecompiledHeader>
192 |       <PrecompiledHeader Condition="'$(Configuration)|$(Platform)'=='Release|x64'">Create</PrecompiledHeader>
193 |     </ClCompile>
194 |   </ItemGroup>
195 |   <ItemGroup>
196 |     <ResourceCompile Include="ProcMonDebugOutput.rc" />
197 |   </ItemGroup>
198 |   <ItemGroup>
199 |     <None Include="ProcMonDebugOutputWIN32.def" />
200 |   </ItemGroup>
201 |   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
202 |   <ImportGroup Label="ExtensionTargets">
203 |   </ImportGroup>
204 | </Project>


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/ProcMonDebugOutput.vcxproj.filters:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <ItemGroup>
 4 |     <Filter Include="Source Files">
 5 |       <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
 6 |       <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
 7 |     </Filter>
 8 |     <Filter Include="Header Files">
 9 |       <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
10 |       <Extensions>h;hh;hpp;hxx;hm;inl;inc;xsd</Extensions>
11 |     </Filter>
12 |     <Filter Include="Resource Files">
13 |       <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
14 |       <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
15 |     </Filter>
16 |   </ItemGroup>
17 |   <ItemGroup>
18 |     <ClInclude Include="stdafx.h">
19 |       <Filter>Header Files</Filter>
20 |     </ClInclude>
21 |     <ClInclude Include="targetver.h">
22 |       <Filter>Header Files</Filter>
23 |     </ClInclude>
24 |     <ClInclude Include="..\Include\ProcMonDebugOutput.h">
25 |       <Filter>Header Files</Filter>
26 |     </ClInclude>
27 |     <ClInclude Include="resource.h">
28 |       <Filter>Header Files</Filter>
29 |     </ClInclude>
30 |   </ItemGroup>
31 |   <ItemGroup>
32 |     <ClCompile Include="stdafx.cpp">
33 |       <Filter>Source Files</Filter>
34 |     </ClCompile>
35 |     <ClCompile Include="ProcMonDebugOutput.cpp">
36 |       <Filter>Source Files</Filter>
37 |     </ClCompile>
38 |   </ItemGroup>
39 |   <ItemGroup>
40 |     <ResourceCompile Include="ProcMonDebugOutput.rc">
41 |       <Filter>Resource Files</Filter>
42 |     </ResourceCompile>
43 |   </ItemGroup>
44 |   <ItemGroup>
45 |     <None Include="ProcMonDebugOutputWIN32.def">
46 |       <Filter>Source Files</Filter>
47 |     </None>
48 |   </ItemGroup>
49 | </Project>


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/ProcMonDebugOutputWIN32.def:
--------------------------------------------------------------------------------
1 | LIBRARY	"ProcMonDebugOutputWin32"
2 | 
3 | EXPORTS
4 | 
5 |     ProcMonDebugOutput
6 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by ProcMonDebugOutput.rc
 4 | 
 5 | // Next default values for new objects
 6 | // 
 7 | #ifdef APSTUDIO_INVOKED
 8 | #ifndef APSTUDIO_READONLY_SYMBOLS
 9 | #define _APS_NEXT_RESOURCE_VALUE        101
10 | #define _APS_NEXT_COMMAND_VALUE         40001
11 | #define _APS_NEXT_CONTROL_VALUE         1001
12 | #define _APS_NEXT_SYMED_VALUE           101
13 | #endif
14 | #endif
15 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // ProcMonDebugOutput.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | #include "targetver.h"
 9 | 
10 | #define WIN32_LEAN_AND_MEAN             // Exclude rarely-used stuff from Windows headers
11 | // Windows Header Files:
12 | #include <windows.h>
13 | #include <winioctl.h>
14 | 
15 | 
16 | 
17 | // TODO: reference additional headers your program requires here
18 | 


--------------------------------------------------------------------------------
/Source/ProcMonDebugOutput/targetver.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | // Including SDKDDKVer.h defines the highest available Windows platform.
4 | 
5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and
6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h.
7 | 
8 | #include <SDKDDKVer.h>
9 | 


--------------------------------------------------------------------------------
/Source/PythonExamples/HelloProcMon.ctypes.py:
--------------------------------------------------------------------------------
 1 | __author__ = 'Justin Dearing <zippy1981@gmail.com>'
 2 | __copyright__ = "Copyright 2014, Justin Dearing"
 3 | __credits__ = ["Justin Dearing", "John Robbins", "Mark Russinovich"]
 4 | __version__ = "1.0.0"
 5 | __status__ = "Prototype"
 6 | 
 7 | import ctypes
 8 | from ctypes import windll, c_void_p
 9 | from ctypes import c_uint32
10 | from ctypes import c_wchar_p
11 | from ctypes import byref
12 | 
13 | 
14 | GENERIC_WRITE = 0x40000000
15 | OPEN_EXISTING = 3
16 | FILE_WRITE_ACCESS = 0x0002
17 | FILE_SHARE_WRITE = 0x00000002
18 | FILE_ATTRIBUTE_NORMAL = 0x00000080
19 | METHOD_BUFFERED = 0
20 | FILE_DEVICE_PROCMON_LOG = 0x00009535
21 | PROCMON_DEBUGGER_HANDLER = c_wchar_p(r"\\.\Global\ProcmonDebugLogger")
22 | DW_IO_CONTROL_CODE = 2503311876
23 | 
24 | k32 = windll.kernel32
25 | 
26 | msg = bytes("Hello ProcMon from python with ctypes!", 'UTF-16')
27 | 
28 | handle = k32.CreateFileW(
29 |     PROCMON_DEBUGGER_HANDLER,
30 |     GENERIC_WRITE,
31 |     FILE_SHARE_WRITE,
32 |     0,
33 |     OPEN_EXISTING,
34 |     FILE_ATTRIBUTE_NORMAL,
35 |     0
36 | )
37 | if handle == -1: raise RuntimeWarning("ProcMon doesn't appear to be running")
38 | 
39 | print ("Handle: %d" % handle)
40 | 
41 | k32.DeviceIoControl(
42 |     handle,
43 |     DW_IO_CONTROL_CODE,
44 |     msg,
45 |     len(msg) * 2,
46 |     0,
47 |     0,
48 |     byref(c_void_p()), # So quoth the MSDN: If lpOverlapped is NULL, lpBytesReturned cannot be NULL.  http://msdn.microsoft.com/en-us/library/windows/desktop/aa363216.aspx
49 |     None
50 | )


--------------------------------------------------------------------------------
/Source/PythonExamples/HelloProcMon.py:
--------------------------------------------------------------------------------
 1 | __author__ = 'Justin Dearing <zippy1981@gmail.com>'
 2 | __copyright__ = "Copyright 2014, Justin Dearing"
 3 | __credits__ = ["Justin Dearing", "John Robbins", "Mark Russinovich"]
 4 | __version__ = "1.0.0"
 5 | __status__ = "Prototype"
 6 | 
 7 | # Tested on Python 3.4
 8 | 
 9 | import win32file
10 | import pywintypes
11 | 
12 | GENERIC_WRITE = 0x40000000
13 | OPEN_EXISTING = 3
14 | FILE_WRITE_ACCESS = 0x0002
15 | FILE_SHARE_WRITE = 0x00000002
16 | FILE_ATTRIBUTE_NORMAL = 0x00000080
17 | METHOD_BUFFERED = 0
18 | FILE_DEVICE_PROCMON_LOG = 0x00009535
19 | PROCMON_DEBUGGER_HANDLER = r"\\.\Global\ProcmonDebugLogger"
20 | IOCTL_EXTERNAL_LOG_DEBUGOUT = 2503311876 # Why: https://github.com/zippy1981/ProcMon.LINQpad/blob/master/ProcMonDebugOutput.linq
21 | 
22 | msg = bytes("Hello ProcMon from python with pywin32!", 'UTF-16')
23 | msgLen = len(msg)
24 | handle = win32file.CreateFile(PROCMON_DEBUGGER_HANDLER, GENERIC_WRITE, FILE_SHARE_WRITE, None, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,0)
25 | if handle == -1: raise RuntimeWarning("ProcMon doesn't appear to be running")
26 | else:
27 |     try:
28 |         win32file.DeviceIoControl(handle, IOCTL_EXTERNAL_LOG_DEBUGOUT, msg, None)
29 |     except pywintypes.error as e:
30 |         if (e.winerror != 87): raise # Error 87 means ProcMon simply isn't running
31 | 
32 |     win32file.CloseHandle(handle)
33 | 


--------------------------------------------------------------------------------
/Source/PythonExamples/HelloProcMon27.ctypes.py:
--------------------------------------------------------------------------------
 1 | __author__ = 'Justin Dearing <zippy1981@gmail.com>'
 2 | __copyright__ = "Copyright 2014, Justin Dearing"
 3 | __credits__ = ["Justin Dearing", "John Robbins", "Mark Russinovich"]
 4 | __version__ = "1.0.0"
 5 | __status__ = "Prototype"
 6 | 
 7 | import ctypes
 8 | from ctypes import windll, c_void_p
 9 | from ctypes import c_uint32
10 | from ctypes import c_wchar_p
11 | from ctypes import byref
12 | 
13 | 
14 | GENERIC_WRITE = 0x40000000
15 | OPEN_EXISTING = 3
16 | FILE_WRITE_ACCESS = 0x0002
17 | FILE_SHARE_WRITE = 0x00000002
18 | FILE_ATTRIBUTE_NORMAL = 0x00000080
19 | METHOD_BUFFERED = 0
20 | FILE_DEVICE_PROCMON_LOG = 0x00009535
21 | PROCMON_DEBUGGER_HANDLER = c_wchar_p(r"\\.\Global\ProcmonDebugLogger")
22 | DW_IO_CONTROL_CODE = 2503311876
23 | 
24 | k32 = windll.kernel32
25 | 
26 | msg = "Hello ProcMon from python 2.7 with ctypes!".encode('UTF-16')
27 | 
28 | handle = k32.CreateFileW(
29 |     PROCMON_DEBUGGER_HANDLER,
30 |     GENERIC_WRITE,
31 |     FILE_SHARE_WRITE,
32 |     0,
33 |     OPEN_EXISTING,
34 |     FILE_ATTRIBUTE_NORMAL,
35 |     0
36 | )
37 | if handle == -1: raise RuntimeWarning("ProcMon doesn't appear to be running")
38 | 
39 | print ("Handle: %d" % handle)
40 | 
41 | k32.DeviceIoControl(
42 |     handle,
43 |     DW_IO_CONTROL_CODE,
44 |     msg,
45 |     len(msg) * 2,
46 |     0,
47 |     0,
48 |     byref(c_void_p()), # So quoth the MSDN: If lpOverlapped is NULL, lpBytesReturned cannot be NULL.  http://msdn.microsoft.com/en-us/library/windows/desktop/aa363216.aspx
49 |     None
50 | )


--------------------------------------------------------------------------------
/Source/PythonExamples/HelloProcMon27.py:
--------------------------------------------------------------------------------
 1 | __author__ = 'Justin Dearing <zippy1981@gmail.com>'
 2 | __copyright__ = "Copyright 2014, Justin Dearing"
 3 | __credits__ = ["Justin Dearing", "John Robbins", "Mark Russinovich"]
 4 | __version__ = "1.0.0"
 5 | __status__ = "Prototype"
 6 | # Tested on Python 3.4
 7 | 
 8 | import win32file
 9 | import pywintypes
10 | 
11 | GENERIC_WRITE = 0x40000000
12 | OPEN_EXISTING = 3
13 | FILE_WRITE_ACCESS = 0x0002
14 | FILE_SHARE_WRITE = 0x00000002
15 | FILE_ATTRIBUTE_NORMAL = 0x00000080
16 | METHOD_BUFFERED = 0
17 | FILE_DEVICE_PROCMON_LOG = 0x00009535
18 | PROCMON_DEBUGGER_HANDLER = r"\\.\Global\ProcmonDebugLogger"
19 | IOCTL_EXTERNAL_LOG_DEBUGOUT = 2503311876 # Why: https://github.com/zippy1981/ProcMon.LINQpad/blob/master/ProcMonDebugOutput.linq
20 | 
21 | msg = "Hello ProcMon from python 2.7 with pywin32!".encode('UTF-16')
22 | msgLen = len(msg)
23 | handle = win32file.CreateFile(PROCMON_DEBUGGER_HANDLER, GENERIC_WRITE, FILE_SHARE_WRITE, None, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,0)
24 | if handle == -1: raise RuntimeWarning("ProcMon doesn't appear to be running")
25 | else:
26 |     try:
27 |         win32file.DeviceIoControl(handle, IOCTL_EXTERNAL_LOG_DEBUGOUT, msg, None)
28 |     except pywintypes.error as e:
29 |         if (e.winerror != 87): raise # Error 87 means ProcMon simply isn't running
30 | 
31 |     win32file.CloseHandle(handle)
32 | 


--------------------------------------------------------------------------------
/Source/PythonExamples/PythonExamples.pyproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" ToolsVersion="4.0">
 3 |   <PropertyGroup>
 4 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 5 |     <SchemaVersion>2.0</SchemaVersion>
 6 |     <ProjectGuid>23ac83c8-22b4-4184-ad60-bf09a435c3e6</ProjectGuid>
 7 |     <ProjectHome>.</ProjectHome>
 8 |     <StartupFile>HelloProcMon27.ctypes.py</StartupFile>
 9 |     <SearchPath>
10 |     </SearchPath>
11 |     <WorkingDirectory>.</WorkingDirectory>
12 |     <OutputPath>.</OutputPath>
13 |     <Name>PythonExamples</Name>
14 |     <RootNamespace>PythonExamples</RootNamespace>
15 |     <InterpreterId>{2af0f10d-7135-4994-9156-5d01c9c11b7e}</InterpreterId>
16 |     <InterpreterVersion>2.7</InterpreterVersion>
17 |   </PropertyGroup>
18 |   <PropertyGroup Condition=" '$(Configuration)' == 'Debug' ">
19 |     <DebugSymbols>true</DebugSymbols>
20 |     <EnableUnmanagedDebugging>false</EnableUnmanagedDebugging>
21 |   </PropertyGroup>
22 |   <PropertyGroup Condition=" '$(Configuration)' == 'Release' ">
23 |     <DebugSymbols>true</DebugSymbols>
24 |     <EnableUnmanagedDebugging>false</EnableUnmanagedDebugging>
25 |   </PropertyGroup>
26 |   <ItemGroup>
27 |     <Compile Include="HelloProcMon.ctypes.py" />
28 |     <Compile Include="HelloProcMon.py" />
29 |     <Compile Include="HelloProcMon27.ctypes.py" />
30 |     <Compile Include="HelloProcMon27.py" />
31 |   </ItemGroup>
32 |   <ItemGroup>
33 |     <InterpreterReference Include="{2af0f10d-7135-4994-9156-5d01c9c11b7e}\2.7" />
34 |     <InterpreterReference Include="{9a7a9026-48c1-4688-9d5d-e5699d47d074}\3.4" />
35 |   </ItemGroup>
36 |   <PropertyGroup>
37 |     <VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
38 |     <PtvsTargetsFile>$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)\Python Tools\Microsoft.PythonTools.targets</PtvsTargetsFile>
39 |   </PropertyGroup>
40 |   <Import Condition="Exists($(PtvsTargetsFile))" Project="$(PtvsTargetsFile)" />
41 |   <Import Condition="!Exists($(PtvsTargetsFile))" Project="$(MSBuildToolsPath)\Microsoft.Common.targets" />
42 |   <!-- Uncomment the CoreCompile target to enable the Build command in
43 |        Visual Studio and specify your pre- and post-build commands in
44 |        the BeforeBuild and AfterBuild targets below. -->
45 |   <!--<Target Name="CoreCompile" />-->
46 |   <Target Name="BeforeBuild">
47 |   </Target>
48 |   <Target Name="AfterBuild">
49 |   </Target>
50 | </Project>


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/AllCodeAnalysisRulesAsErrors.ruleset:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="utf-8"?>
  2 | <RuleSet Name="All Rules Set to Errors" Description="All managed and native code in this project must compile with all Code Analysis rules enabled." ToolsVersion="12.0">
  3 |   <IncludeAll Action="Warning" />
  4 |   <Rules AnalyzerId="Microsoft.Analyzers.ManagedCodeAnalysis" RuleNamespace="Microsoft.Rules.Managed">
  5 |     <Rule Id="CA1000" Action="Error" />
  6 |     <Rule Id="CA1001" Action="Error" />
  7 |     <Rule Id="CA1002" Action="Error" />
  8 |     <Rule Id="CA1003" Action="Error" />
  9 |     <Rule Id="CA1004" Action="Error" />
 10 |     <Rule Id="CA1005" Action="Error" />
 11 |     <Rule Id="CA1006" Action="Error" />
 12 |     <Rule Id="CA1007" Action="Error" />
 13 |     <Rule Id="CA1008" Action="Error" />
 14 |     <Rule Id="CA1009" Action="Error" />
 15 |     <Rule Id="CA1010" Action="Error" />
 16 |     <Rule Id="CA1011" Action="Error" />
 17 |     <Rule Id="CA1012" Action="Error" />
 18 |     <Rule Id="CA1013" Action="Error" />
 19 |     <Rule Id="CA1014" Action="Error" />
 20 |     <Rule Id="CA1016" Action="Error" />
 21 |     <Rule Id="CA1017" Action="Error" />
 22 |     <Rule Id="CA1018" Action="Error" />
 23 |     <Rule Id="CA1019" Action="Error" />
 24 |     <Rule Id="CA1020" Action="Error" />
 25 |     <Rule Id="CA1021" Action="Error" />
 26 |     <Rule Id="CA1023" Action="Error" />
 27 |     <Rule Id="CA1024" Action="Error" />
 28 |     <Rule Id="CA1025" Action="Error" />
 29 |     <Rule Id="CA1026" Action="Error" />
 30 |     <Rule Id="CA1027" Action="Error" />
 31 |     <Rule Id="CA1028" Action="Error" />
 32 |     <Rule Id="CA1030" Action="Error" />
 33 |     <Rule Id="CA1031" Action="Error" />
 34 |     <Rule Id="CA1032" Action="Error" />
 35 |     <Rule Id="CA1033" Action="Error" />
 36 |     <Rule Id="CA1034" Action="Error" />
 37 |     <Rule Id="CA1035" Action="Error" />
 38 |     <Rule Id="CA1036" Action="Error" />
 39 |     <Rule Id="CA1038" Action="Error" />
 40 |     <Rule Id="CA1039" Action="Error" />
 41 |     <Rule Id="CA1040" Action="Error" />
 42 |     <Rule Id="CA1041" Action="Error" />
 43 |     <Rule Id="CA1043" Action="Error" />
 44 |     <Rule Id="CA1044" Action="Error" />
 45 |     <Rule Id="CA1045" Action="Error" />
 46 |     <Rule Id="CA1046" Action="Error" />
 47 |     <Rule Id="CA1047" Action="Error" />
 48 |     <Rule Id="CA1048" Action="Error" />
 49 |     <Rule Id="CA1049" Action="Error" />
 50 |     <Rule Id="CA1050" Action="Error" />
 51 |     <Rule Id="CA1051" Action="Error" />
 52 |     <Rule Id="CA1052" Action="Error" />
 53 |     <Rule Id="CA1053" Action="Error" />
 54 |     <Rule Id="CA1054" Action="Error" />
 55 |     <Rule Id="CA1055" Action="Error" />
 56 |     <Rule Id="CA1056" Action="Error" />
 57 |     <Rule Id="CA1057" Action="Error" />
 58 |     <Rule Id="CA1058" Action="Error" />
 59 |     <Rule Id="CA1059" Action="Error" />
 60 |     <Rule Id="CA1060" Action="Error" />
 61 |     <Rule Id="CA1061" Action="Error" />
 62 |     <Rule Id="CA1062" Action="Error" />
 63 |     <Rule Id="CA1063" Action="Error" />
 64 |     <Rule Id="CA1064" Action="Error" />
 65 |     <Rule Id="CA1065" Action="Error" />
 66 |     <Rule Id="CA1300" Action="Error" />
 67 |     <Rule Id="CA1301" Action="Error" />
 68 |     <Rule Id="CA1302" Action="Error" />
 69 |     <Rule Id="CA1303" Action="Error" />
 70 |     <Rule Id="CA1304" Action="Error" />
 71 |     <Rule Id="CA1305" Action="Error" />
 72 |     <Rule Id="CA1306" Action="Error" />
 73 |     <Rule Id="CA1307" Action="Error" />
 74 |     <Rule Id="CA1308" Action="Error" />
 75 |     <Rule Id="CA1309" Action="Error" />
 76 |     <Rule Id="CA1400" Action="Error" />
 77 |     <Rule Id="CA1401" Action="Error" />
 78 |     <Rule Id="CA1402" Action="Error" />
 79 |     <Rule Id="CA1403" Action="Error" />
 80 |     <Rule Id="CA1404" Action="Error" />
 81 |     <Rule Id="CA1405" Action="Error" />
 82 |     <Rule Id="CA1406" Action="Error" />
 83 |     <Rule Id="CA1407" Action="Error" />
 84 |     <Rule Id="CA1408" Action="Error" />
 85 |     <Rule Id="CA1409" Action="Error" />
 86 |     <Rule Id="CA1410" Action="Error" />
 87 |     <Rule Id="CA1411" Action="Error" />
 88 |     <Rule Id="CA1412" Action="Error" />
 89 |     <Rule Id="CA1413" Action="Error" />
 90 |     <Rule Id="CA1414" Action="Error" />
 91 |     <Rule Id="CA1415" Action="Error" />
 92 |     <Rule Id="CA1500" Action="Error" />
 93 |     <Rule Id="CA1501" Action="Error" />
 94 |     <Rule Id="CA1502" Action="Error" />
 95 |     <Rule Id="CA1504" Action="Error" />
 96 |     <Rule Id="CA1505" Action="Error" />
 97 |     <Rule Id="CA1506" Action="Error" />
 98 |     <Rule Id="CA1600" Action="Error" />
 99 |     <Rule Id="CA1601" Action="Error" />
100 |     <Rule Id="CA1700" Action="Error" />
101 |     <Rule Id="CA1701" Action="Error" />
102 |     <Rule Id="CA1702" Action="Error" />
103 |     <Rule Id="CA1703" Action="Error" />
104 |     <Rule Id="CA1704" Action="Error" />
105 |     <Rule Id="CA1707" Action="Error" />
106 |     <Rule Id="CA1708" Action="Error" />
107 |     <Rule Id="CA1709" Action="Error" />
108 |     <Rule Id="CA1710" Action="Error" />
109 |     <Rule Id="CA1711" Action="Error" />
110 |     <Rule Id="CA1712" Action="Error" />
111 |     <Rule Id="CA1713" Action="Error" />
112 |     <Rule Id="CA1714" Action="Error" />
113 |     <Rule Id="CA1715" Action="Error" />
114 |     <Rule Id="CA1716" Action="Error" />
115 |     <Rule Id="CA1717" Action="Error" />
116 |     <Rule Id="CA1719" Action="Error" />
117 |     <Rule Id="CA1720" Action="Error" />
118 |     <Rule Id="CA1721" Action="Error" />
119 |     <Rule Id="CA1722" Action="Error" />
120 |     <Rule Id="CA1724" Action="Error" />
121 |     <Rule Id="CA1725" Action="Error" />
122 |     <Rule Id="CA1726" Action="Error" />
123 |     <Rule Id="CA1800" Action="Error" />
124 |     <Rule Id="CA1801" Action="Error" />
125 |     <Rule Id="CA1802" Action="Error" />
126 |     <Rule Id="CA1804" Action="Error" />
127 |     <Rule Id="CA1806" Action="Error" />
128 |     <Rule Id="CA1809" Action="Error" />
129 |     <Rule Id="CA1810" Action="Error" />
130 |     <Rule Id="CA1811" Action="Error" />
131 |     <Rule Id="CA1812" Action="Error" />
132 |     <Rule Id="CA1813" Action="Error" />
133 |     <Rule Id="CA1814" Action="Error" />
134 |     <Rule Id="CA1815" Action="Error" />
135 |     <Rule Id="CA1816" Action="Error" />
136 |     <Rule Id="CA1819" Action="Error" />
137 |     <Rule Id="CA1820" Action="Error" />
138 |     <Rule Id="CA1821" Action="Error" />
139 |     <Rule Id="CA1822" Action="Error" />
140 |     <Rule Id="CA1823" Action="Error" />
141 |     <Rule Id="CA1824" Action="Error" />
142 |     <Rule Id="CA1900" Action="Error" />
143 |     <Rule Id="CA1901" Action="Error" />
144 |     <Rule Id="CA1903" Action="Error" />
145 |     <Rule Id="CA2000" Action="Error" />
146 |     <Rule Id="CA2001" Action="Error" />
147 |     <Rule Id="CA2002" Action="Error" />
148 |     <Rule Id="CA2003" Action="Error" />
149 |     <Rule Id="CA2004" Action="Error" />
150 |     <Rule Id="CA2006" Action="Error" />
151 |     <Rule Id="CA2100" Action="Error" />
152 |     <Rule Id="CA2101" Action="Error" />
153 |     <Rule Id="CA2102" Action="Error" />
154 |     <Rule Id="CA2103" Action="Error" />
155 |     <Rule Id="CA2104" Action="Error" />
156 |     <Rule Id="CA2105" Action="Error" />
157 |     <Rule Id="CA2106" Action="Error" />
158 |     <Rule Id="CA2107" Action="Error" />
159 |     <Rule Id="CA2108" Action="Error" />
160 |     <Rule Id="CA2109" Action="Error" />
161 |     <Rule Id="CA2111" Action="Error" />
162 |     <Rule Id="CA2112" Action="Error" />
163 |     <Rule Id="CA2114" Action="Error" />
164 |     <Rule Id="CA2115" Action="Error" />
165 |     <Rule Id="CA2116" Action="Error" />
166 |     <Rule Id="CA2117" Action="Error" />
167 |     <Rule Id="CA2118" Action="Error" />
168 |     <Rule Id="CA2119" Action="Error" />
169 |     <Rule Id="CA2120" Action="Error" />
170 |     <Rule Id="CA2121" Action="Error" />
171 |     <Rule Id="CA2122" Action="Error" />
172 |     <Rule Id="CA2123" Action="Error" />
173 |     <Rule Id="CA2124" Action="Error" />
174 |     <Rule Id="CA2126" Action="Error" />
175 |     <Rule Id="CA2130" Action="Error" />
176 |     <Rule Id="CA2131" Action="Error" />
177 |     <Rule Id="CA2132" Action="Error" />
178 |     <Rule Id="CA2133" Action="Error" />
179 |     <Rule Id="CA2134" Action="Error" />
180 |     <Rule Id="CA2135" Action="Error" />
181 |     <Rule Id="CA2136" Action="Error" />
182 |     <Rule Id="CA2137" Action="Error" />
183 |     <Rule Id="CA2138" Action="Error" />
184 |     <Rule Id="CA2139" Action="Error" />
185 |     <Rule Id="CA2140" Action="Error" />
186 |     <Rule Id="CA2141" Action="Error" />
187 |     <Rule Id="CA2142" Action="Error" />
188 |     <Rule Id="CA2143" Action="Error" />
189 |     <Rule Id="CA2144" Action="Error" />
190 |     <Rule Id="CA2145" Action="Error" />
191 |     <Rule Id="CA2146" Action="Error" />
192 |     <Rule Id="CA2147" Action="Error" />
193 |     <Rule Id="CA2149" Action="Error" />
194 |     <Rule Id="CA2151" Action="Error" />
195 |     <Rule Id="CA2200" Action="Error" />
196 |     <Rule Id="CA2201" Action="Error" />
197 |     <Rule Id="CA2202" Action="Error" />
198 |     <Rule Id="CA2204" Action="Error" />
199 |     <Rule Id="CA2205" Action="Error" />
200 |     <Rule Id="CA2207" Action="Error" />
201 |     <Rule Id="CA2208" Action="Error" />
202 |     <Rule Id="CA2210" Action="Error" />
203 |     <Rule Id="CA2211" Action="Error" />
204 |     <Rule Id="CA2212" Action="Error" />
205 |     <Rule Id="CA2213" Action="Error" />
206 |     <Rule Id="CA2214" Action="Error" />
207 |     <Rule Id="CA2215" Action="Error" />
208 |     <Rule Id="CA2216" Action="Error" />
209 |     <Rule Id="CA2217" Action="Error" />
210 |     <Rule Id="CA2218" Action="Error" />
211 |     <Rule Id="CA2219" Action="Error" />
212 |     <Rule Id="CA2220" Action="Error" />
213 |     <Rule Id="CA2221" Action="Error" />
214 |     <Rule Id="CA2222" Action="Error" />
215 |     <Rule Id="CA2223" Action="Error" />
216 |     <Rule Id="CA2224" Action="Error" />
217 |     <Rule Id="CA2225" Action="Error" />
218 |     <Rule Id="CA2226" Action="Error" />
219 |     <Rule Id="CA2227" Action="Error" />
220 |     <Rule Id="CA2228" Action="Error" />
221 |     <Rule Id="CA2229" Action="Error" />
222 |     <Rule Id="CA2230" Action="Error" />
223 |     <Rule Id="CA2231" Action="Error" />
224 |     <Rule Id="CA2232" Action="Error" />
225 |     <Rule Id="CA2233" Action="Error" />
226 |     <Rule Id="CA2234" Action="Error" />
227 |     <Rule Id="CA2235" Action="Error" />
228 |     <Rule Id="CA2236" Action="Error" />
229 |     <Rule Id="CA2237" Action="Error" />
230 |     <Rule Id="CA2238" Action="Error" />
231 |     <Rule Id="CA2239" Action="Error" />
232 |     <Rule Id="CA2240" Action="Error" />
233 |     <Rule Id="CA2241" Action="Error" />
234 |     <Rule Id="CA2242" Action="Error" />
235 |     <Rule Id="CA2243" Action="Error" />
236 |     <Rule Id="CA5122" Action="Error" />
237 |   </Rules>
238 |   <Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
239 |     <Rule Id="C26100" Action="Error" />
240 |     <Rule Id="C26101" Action="Error" />
241 |     <Rule Id="C26105" Action="Error" />
242 |     <Rule Id="C26110" Action="Error" />
243 |     <Rule Id="C26111" Action="Error" />
244 |     <Rule Id="C26112" Action="Error" />
245 |     <Rule Id="C26115" Action="Error" />
246 |     <Rule Id="C26116" Action="Error" />
247 |     <Rule Id="C26117" Action="Error" />
248 |     <Rule Id="C26130" Action="Error" />
249 |     <Rule Id="C26135" Action="Error" />
250 |     <Rule Id="C26140" Action="Error" />
251 |     <Rule Id="C26160" Action="Error" />
252 |     <Rule Id="C26165" Action="Error" />
253 |     <Rule Id="C26166" Action="Error" />
254 |     <Rule Id="C26167" Action="Error" />
255 |     <Rule Id="C28020" Action="Error" />
256 |     <Rule Id="C28021" Action="Error" />
257 |     <Rule Id="C28022" Action="Error" />
258 |     <Rule Id="C28023" Action="Error" />
259 |     <Rule Id="C28024" Action="Error" />
260 |     <Rule Id="C28039" Action="Error" />
261 |     <Rule Id="C28101" Action="Error" />
262 |     <Rule Id="C28103" Action="Error" />
263 |     <Rule Id="C28104" Action="Error" />
264 |     <Rule Id="C28105" Action="Error" />
265 |     <Rule Id="C28106" Action="Error" />
266 |     <Rule Id="C28107" Action="Error" />
267 |     <Rule Id="C28108" Action="Error" />
268 |     <Rule Id="C28109" Action="Error" />
269 |     <Rule Id="C28110" Action="Error" />
270 |     <Rule Id="C28111" Action="Error" />
271 |     <Rule Id="C28112" Action="Error" />
272 |     <Rule Id="C28113" Action="Error" />
273 |     <Rule Id="C28114" Action="Error" />
274 |     <Rule Id="C28120" Action="Error" />
275 |     <Rule Id="C28121" Action="Error" />
276 |     <Rule Id="C28122" Action="Error" />
277 |     <Rule Id="C28123" Action="Error" />
278 |     <Rule Id="C28124" Action="Error" />
279 |     <Rule Id="C28125" Action="Error" />
280 |     <Rule Id="C28126" Action="Error" />
281 |     <Rule Id="C28127" Action="Error" />
282 |     <Rule Id="C28128" Action="Error" />
283 |     <Rule Id="C28129" Action="Error" />
284 |     <Rule Id="C28131" Action="Error" />
285 |     <Rule Id="C28132" Action="Error" />
286 |     <Rule Id="C28133" Action="Error" />
287 |     <Rule Id="C28134" Action="Error" />
288 |     <Rule Id="C28135" Action="Error" />
289 |     <Rule Id="C28137" Action="Error" />
290 |     <Rule Id="C28138" Action="Error" />
291 |     <Rule Id="C28141" Action="Error" />
292 |     <Rule Id="C28143" Action="Error" />
293 |     <Rule Id="C28144" Action="Error" />
294 |     <Rule Id="C28145" Action="Error" />
295 |     <Rule Id="C28146" Action="Error" />
296 |     <Rule Id="C28147" Action="Error" />
297 |     <Rule Id="C28150" Action="Error" />
298 |     <Rule Id="C28151" Action="Error" />
299 |     <Rule Id="C28152" Action="Error" />
300 |     <Rule Id="C28153" Action="Error" />
301 |     <Rule Id="C28156" Action="Error" />
302 |     <Rule Id="C28157" Action="Error" />
303 |     <Rule Id="C28158" Action="Error" />
304 |     <Rule Id="C28159" Action="Error" />
305 |     <Rule Id="C28160" Action="Error" />
306 |     <Rule Id="C28161" Action="Error" />
307 |     <Rule Id="C28162" Action="Error" />
308 |     <Rule Id="C28163" Action="Error" />
309 |     <Rule Id="C28164" Action="Error" />
310 |     <Rule Id="C28165" Action="Error" />
311 |     <Rule Id="C28166" Action="Error" />
312 |     <Rule Id="C28167" Action="Error" />
313 |     <Rule Id="C28168" Action="Error" />
314 |     <Rule Id="C28169" Action="Error" />
315 |     <Rule Id="C28170" Action="Error" />
316 |     <Rule Id="C28171" Action="Error" />
317 |     <Rule Id="C28172" Action="Error" />
318 |     <Rule Id="C28173" Action="Error" />
319 |     <Rule Id="C28175" Action="Error" />
320 |     <Rule Id="C28176" Action="Error" />
321 |     <Rule Id="C28182" Action="Error" />
322 |     <Rule Id="C28183" Action="Error" />
323 |     <Rule Id="C28193" Action="Error" />
324 |     <Rule Id="C28194" Action="Error" />
325 |     <Rule Id="C28195" Action="Error" />
326 |     <Rule Id="C28196" Action="Error" />
327 |     <Rule Id="C28197" Action="Error" />
328 |     <Rule Id="C28198" Action="Error" />
329 |     <Rule Id="C28199" Action="Error" />
330 |     <Rule Id="C28202" Action="Error" />
331 |     <Rule Id="C28203" Action="Error" />
332 |     <Rule Id="C28204" Action="Error" />
333 |     <Rule Id="C28205" Action="Error" />
334 |     <Rule Id="C28206" Action="Error" />
335 |     <Rule Id="C28207" Action="Error" />
336 |     <Rule Id="C28208" Action="Error" />
337 |     <Rule Id="C28209" Action="Error" />
338 |     <Rule Id="C28210" Action="Error" />
339 |     <Rule Id="C28211" Action="Error" />
340 |     <Rule Id="C28212" Action="Error" />
341 |     <Rule Id="C28213" Action="Error" />
342 |     <Rule Id="C28214" Action="Error" />
343 |     <Rule Id="C28215" Action="Error" />
344 |     <Rule Id="C28216" Action="Error" />
345 |     <Rule Id="C28217" Action="Error" />
346 |     <Rule Id="C28218" Action="Error" />
347 |     <Rule Id="C28219" Action="Error" />
348 |     <Rule Id="C28220" Action="Error" />
349 |     <Rule Id="C28221" Action="Error" />
350 |     <Rule Id="C28222" Action="Error" />
351 |     <Rule Id="C28223" Action="Error" />
352 |     <Rule Id="C28224" Action="Error" />
353 |     <Rule Id="C28225" Action="Error" />
354 |     <Rule Id="C28226" Action="Error" />
355 |     <Rule Id="C28227" Action="Error" />
356 |     <Rule Id="C28228" Action="Error" />
357 |     <Rule Id="C28229" Action="Error" />
358 |     <Rule Id="C28230" Action="Error" />
359 |     <Rule Id="C28231" Action="Error" />
360 |     <Rule Id="C28232" Action="Error" />
361 |     <Rule Id="C28233" Action="Error" />
362 |     <Rule Id="C28234" Action="Error" />
363 |     <Rule Id="C28235" Action="Error" />
364 |     <Rule Id="C28236" Action="Error" />
365 |     <Rule Id="C28237" Action="Error" />
366 |     <Rule Id="C28238" Action="Error" />
367 |     <Rule Id="C28239" Action="Error" />
368 |     <Rule Id="C28240" Action="Error" />
369 |     <Rule Id="C28241" Action="Error" />
370 |     <Rule Id="C28243" Action="Error" />
371 |     <Rule Id="C28244" Action="Error" />
372 |     <Rule Id="C28245" Action="Error" />
373 |     <Rule Id="C28246" Action="Error" />
374 |     <Rule Id="C28250" Action="Error" />
375 |     <Rule Id="C28251" Action="Error" />
376 |     <Rule Id="C28252" Action="Error" />
377 |     <Rule Id="C28253" Action="Error" />
378 |     <Rule Id="C28254" Action="Error" />
379 |     <Rule Id="C28260" Action="Error" />
380 |     <Rule Id="C28262" Action="Error" />
381 |     <Rule Id="C28263" Action="Error" />
382 |     <Rule Id="C28266" Action="Error" />
383 |     <Rule Id="C28267" Action="Error" />
384 |     <Rule Id="C28272" Action="Error" />
385 |     <Rule Id="C28273" Action="Error" />
386 |     <Rule Id="C28275" Action="Error" />
387 |     <Rule Id="C28278" Action="Error" />
388 |     <Rule Id="C28279" Action="Error" />
389 |     <Rule Id="C28280" Action="Error" />
390 |     <Rule Id="C28282" Action="Error" />
391 |     <Rule Id="C28283" Action="Error" />
392 |     <Rule Id="C28284" Action="Error" />
393 |     <Rule Id="C28285" Action="Error" />
394 |     <Rule Id="C28286" Action="Error" />
395 |     <Rule Id="C28287" Action="Error" />
396 |     <Rule Id="C28288" Action="Error" />
397 |     <Rule Id="C28289" Action="Error" />
398 |     <Rule Id="C28290" Action="Error" />
399 |     <Rule Id="C28291" Action="Error" />
400 |     <Rule Id="C28300" Action="Error" />
401 |     <Rule Id="C28301" Action="Error" />
402 |     <Rule Id="C28302" Action="Error" />
403 |     <Rule Id="C28303" Action="Error" />
404 |     <Rule Id="C28304" Action="Error" />
405 |     <Rule Id="C28305" Action="Error" />
406 |     <Rule Id="C28306" Action="Error" />
407 |     <Rule Id="C28307" Action="Error" />
408 |     <Rule Id="C28308" Action="Error" />
409 |     <Rule Id="C28309" Action="Error" />
410 |     <Rule Id="C28350" Action="Error" />
411 |     <Rule Id="C28351" Action="Error" />
412 |     <Rule Id="C28601" Action="Error" />
413 |     <Rule Id="C28602" Action="Error" />
414 |     <Rule Id="C28604" Action="Error" />
415 |     <Rule Id="C28615" Action="Error" />
416 |     <Rule Id="C28616" Action="Error" />
417 |     <Rule Id="C28617" Action="Error" />
418 |     <Rule Id="C28623" Action="Error" />
419 |     <Rule Id="C28624" Action="Error" />
420 |     <Rule Id="C28625" Action="Error" />
421 |     <Rule Id="C28636" Action="Error" />
422 |     <Rule Id="C28637" Action="Error" />
423 |     <Rule Id="C28638" Action="Error" />
424 |     <Rule Id="C28639" Action="Error" />
425 |     <Rule Id="C28640" Action="Error" />
426 |     <Rule Id="C28645" Action="Error" />
427 |     <Rule Id="C28648" Action="Error" />
428 |     <Rule Id="C28649" Action="Error" />
429 |     <Rule Id="C28650" Action="Error" />
430 |     <Rule Id="C28714" Action="Error" />
431 |     <Rule Id="C28715" Action="Error" />
432 |     <Rule Id="C28716" Action="Error" />
433 |     <Rule Id="C28717" Action="Error" />
434 |     <Rule Id="C28719" Action="Error" />
435 |     <Rule Id="C28720" Action="Error" />
436 |     <Rule Id="C28721" Action="Error" />
437 |     <Rule Id="C28726" Action="Error" />
438 |     <Rule Id="C28727" Action="Error" />
439 |     <Rule Id="C28730" Action="Error" />
440 |     <Rule Id="C28735" Action="Error" />
441 |     <Rule Id="C28736" Action="Error" />
442 |     <Rule Id="C28750" Action="Error" />
443 |     <Rule Id="C28751" Action="Error" />
444 |     <Rule Id="C6001" Action="Error" />
445 |     <Rule Id="C6011" Action="Error" />
446 |     <Rule Id="C6014" Action="Error" />
447 |     <Rule Id="C6029" Action="Error" />
448 |     <Rule Id="C6031" Action="Error" />
449 |     <Rule Id="C6053" Action="Error" />
450 |     <Rule Id="C6054" Action="Error" />
451 |     <Rule Id="C6059" Action="Error" />
452 |     <Rule Id="C6063" Action="Error" />
453 |     <Rule Id="C6064" Action="Error" />
454 |     <Rule Id="C6066" Action="Error" />
455 |     <Rule Id="C6067" Action="Error" />
456 |     <Rule Id="C6101" Action="Error" />
457 |     <Rule Id="C6200" Action="Error" />
458 |     <Rule Id="C6201" Action="Error" />
459 |     <Rule Id="C6211" Action="Error" />
460 |     <Rule Id="C6214" Action="Error" />
461 |     <Rule Id="C6215" Action="Error" />
462 |     <Rule Id="C6216" Action="Error" />
463 |     <Rule Id="C6217" Action="Error" />
464 |     <Rule Id="C6219" Action="Error" />
465 |     <Rule Id="C6220" Action="Error" />
466 |     <Rule Id="C6221" Action="Error" />
467 |     <Rule Id="C6225" Action="Error" />
468 |     <Rule Id="C6226" Action="Error" />
469 |     <Rule Id="C6230" Action="Error" />
470 |     <Rule Id="C6235" Action="Error" />
471 |     <Rule Id="C6236" Action="Error" />
472 |     <Rule Id="C6237" Action="Error" />
473 |     <Rule Id="C6239" Action="Error" />
474 |     <Rule Id="C6240" Action="Error" />
475 |     <Rule Id="C6242" Action="Error" />
476 |     <Rule Id="C6244" Action="Error" />
477 |     <Rule Id="C6246" Action="Error" />
478 |     <Rule Id="C6248" Action="Error" />
479 |     <Rule Id="C6250" Action="Error" />
480 |     <Rule Id="C6255" Action="Error" />
481 |     <Rule Id="C6258" Action="Error" />
482 |     <Rule Id="C6259" Action="Error" />
483 |     <Rule Id="C6260" Action="Error" />
484 |     <Rule Id="C6262" Action="Error" />
485 |     <Rule Id="C6263" Action="Error" />
486 |     <Rule Id="C6268" Action="Error" />
487 |     <Rule Id="C6269" Action="Error" />
488 |     <Rule Id="C6270" Action="Error" />
489 |     <Rule Id="C6271" Action="Error" />
490 |     <Rule Id="C6272" Action="Error" />
491 |     <Rule Id="C6273" Action="Error" />
492 |     <Rule Id="C6274" Action="Error" />
493 |     <Rule Id="C6276" Action="Error" />
494 |     <Rule Id="C6277" Action="Error" />
495 |     <Rule Id="C6278" Action="Error" />
496 |     <Rule Id="C6279" Action="Error" />
497 |     <Rule Id="C6280" Action="Error" />
498 |     <Rule Id="C6281" Action="Error" />
499 |     <Rule Id="C6282" Action="Error" />
500 |     <Rule Id="C6283" Action="Error" />
501 |     <Rule Id="C6284" Action="Error" />
502 |     <Rule Id="C6285" Action="Error" />
503 |     <Rule Id="C6286" Action="Error" />
504 |     <Rule Id="C6287" Action="Error" />
505 |     <Rule Id="C6288" Action="Error" />
506 |     <Rule Id="C6289" Action="Error" />
507 |     <Rule Id="C6290" Action="Error" />
508 |     <Rule Id="C6291" Action="Error" />
509 |     <Rule Id="C6292" Action="Error" />
510 |     <Rule Id="C6293" Action="Error" />
511 |     <Rule Id="C6294" Action="Error" />
512 |     <Rule Id="C6295" Action="Error" />
513 |     <Rule Id="C6296" Action="Error" />
514 |     <Rule Id="C6297" Action="Error" />
515 |     <Rule Id="C6298" Action="Error" />
516 |     <Rule Id="C6299" Action="Error" />
517 |     <Rule Id="C6302" Action="Error" />
518 |     <Rule Id="C6303" Action="Error" />
519 |     <Rule Id="C6305" Action="Error" />
520 |     <Rule Id="C6306" Action="Error" />
521 |     <Rule Id="C6308" Action="Error" />
522 |     <Rule Id="C6310" Action="Error" />
523 |     <Rule Id="C6312" Action="Error" />
524 |     <Rule Id="C6313" Action="Error" />
525 |     <Rule Id="C6314" Action="Error" />
526 |     <Rule Id="C6315" Action="Error" />
527 |     <Rule Id="C6316" Action="Error" />
528 |     <Rule Id="C6317" Action="Error" />
529 |     <Rule Id="C6318" Action="Error" />
530 |     <Rule Id="C6319" Action="Error" />
531 |     <Rule Id="C6320" Action="Error" />
532 |     <Rule Id="C6322" Action="Error" />
533 |     <Rule Id="C6323" Action="Error" />
534 |     <Rule Id="C6324" Action="Error" />
535 |     <Rule Id="C6326" Action="Error" />
536 |     <Rule Id="C6328" Action="Error" />
537 |     <Rule Id="C6329" Action="Error" />
538 |     <Rule Id="C6330" Action="Error" />
539 |     <Rule Id="C6331" Action="Error" />
540 |     <Rule Id="C6332" Action="Error" />
541 |     <Rule Id="C6333" Action="Error" />
542 |     <Rule Id="C6334" Action="Error" />
543 |     <Rule Id="C6335" Action="Error" />
544 |     <Rule Id="C6336" Action="Error" />
545 |     <Rule Id="C6340" Action="Error" />
546 |     <Rule Id="C6381" Action="Error" />
547 |     <Rule Id="C6383" Action="Error" />
548 |     <Rule Id="C6384" Action="Error" />
549 |     <Rule Id="C6385" Action="Error" />
550 |     <Rule Id="C6386" Action="Error" />
551 |     <Rule Id="C6387" Action="Error" />
552 |     <Rule Id="C6388" Action="Error" />
553 |     <Rule Id="C6400" Action="Error" />
554 |     <Rule Id="C6401" Action="Error" />
555 |     <Rule Id="C6411" Action="Error" />
556 |     <Rule Id="C6412" Action="Error" />
557 |     <Rule Id="C6500" Action="Error" />
558 |     <Rule Id="C6501" Action="Error" />
559 |     <Rule Id="C6503" Action="Error" />
560 |     <Rule Id="C6504" Action="Error" />
561 |     <Rule Id="C6505" Action="Error" />
562 |     <Rule Id="C6506" Action="Error" />
563 |     <Rule Id="C6508" Action="Error" />
564 |     <Rule Id="C6509" Action="Error" />
565 |     <Rule Id="C6510" Action="Error" />
566 |     <Rule Id="C6511" Action="Error" />
567 |     <Rule Id="C6513" Action="Error" />
568 |     <Rule Id="C6514" Action="Error" />
569 |     <Rule Id="C6515" Action="Error" />
570 |     <Rule Id="C6516" Action="Error" />
571 |     <Rule Id="C6517" Action="Error" />
572 |     <Rule Id="C6518" Action="Error" />
573 |     <Rule Id="C6522" Action="Error" />
574 |     <Rule Id="C6525" Action="Error" />
575 |     <Rule Id="C6527" Action="Error" />
576 |     <Rule Id="C6530" Action="Error" />
577 |     <Rule Id="C6540" Action="Error" />
578 |     <Rule Id="C6551" Action="Error" />
579 |     <Rule Id="C6552" Action="Error" />
580 |     <Rule Id="C6701" Action="Error" />
581 |     <Rule Id="C6702" Action="Error" />
582 |     <Rule Id="C6703" Action="Error" />
583 |     <Rule Id="C6704" Action="Error" />
584 |     <Rule Id="C6705" Action="Error" />
585 |     <Rule Id="C6706" Action="Error" />
586 |     <Rule Id="C6707" Action="Error" />
587 |     <Rule Id="C6993" Action="Error" />
588 |     <Rule Id="C6995" Action="Error" />
589 |     <Rule Id="C6997" Action="Error" />
590 |   </Rules>
591 | </RuleSet>


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/CodeAnalysisDictionary.xml:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8" ?>
 2 | <Dictionary>
 3 |   <Words>
 4 |     <Unrecognized>
 5 |     </Unrecognized>
 6 |     <Recognized>
 7 |       <Word>Wintellect</Word>
 8 |       <Word>Sysinternals</Word>
 9 |     </Recognized>
10 |     <Deprecated>
11 |     </Deprecated>
12 |     <Compound>
13 |     </Compound>
14 |     <DiscreteExceptions>
15 |       <Term>ListView</Term>
16 |       <Term>RegEx</Term>
17 |     </DiscreteExceptions>
18 |   </Words>
19 |   <Acronyms>
20 |     <CasingExceptions>
21 |       <Word>WiX</Word>
22 |       <Word>log</Word>
23 |       <Word>net</Word>
24 |     </CasingExceptions>
25 |   </Acronyms>
26 | </Dictionary>
27 | 


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/GlobalSuppressions.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wintellect/ProcMonDebugOutput/b9594c00122d3e78a588b77ec445f6261a5a916c/Source/Sysinternals.Debug/GlobalSuppressions.cs


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/NativeMethods.cs:
--------------------------------------------------------------------------------
  1 | /*//////////////////////////////////////////////////////////////////////////////
  2 | // ProcessMonitorTraceListener
  3 | // 
  4 | // History:
  5 | // - April 1, 2010 - Version 1.0 - John Robbins/Wintellect
  6 | //      - Initial release.
  7 | // - March 1, 2014 - Version 1.1 - John Robbins/Wintellect
  8 | //      - Moved to VS 2013 and .NET 4.5.1
  9 | //////////////////////////////////////////////////////////////////////////////*/
 10 | 
 11 | namespace Sysinternals.Debug
 12 | {
 13 |     using Microsoft.Win32.SafeHandles;
 14 |     using System;
 15 |     using System.Diagnostics;
 16 |     using System.Diagnostics.CodeAnalysis;
 17 |     using System.Globalization;
 18 |     using System.Runtime.InteropServices;
 19 |     using System.Security;
 20 |     using System.Text;
 21 | 
 22 |     /// <summary>
 23 |     /// A class to wrap all the native code needed by this assembly.
 24 |     /// </summary>
 25 |     [SuppressMessage("Microsoft.Portability",
 26 |                      "CA1903:UseOnlyApiFromTargetedFramework",
 27 |                      MessageId = "System.Security.SecuritySafeCriticalAttribute",
 28 |                      Justification = "Everyone is running .NET 2.0 SP2 so they have SecuritySafeCritical")]
 29 |     [SecuritySafeCritical]
 30 |     internal static class NativeMethods
 31 |     {
 32 |         // Constants to represent C preprocessor macros for PInvokes
 33 |         private const uint GENERIC_WRITE = 0x40000000;
 34 |         private const uint OPEN_EXISTING = 3;
 35 |         private const uint FILE_WRITE_ACCESS = 0x0002;
 36 |         private const uint FILE_SHARE_WRITE = 0x00000002;
 37 |         private const uint FILE_ATTRIBUTE_NORMAL = 0x00000080;
 38 |         private const uint METHOD_BUFFERED = 0;
 39 | 
 40 |         // Process Monitor Constants 
 41 |         private const uint FILE_DEVICE_PROCMON_LOG = 0x00009535;
 42 |         private const string PROCMON_DEBUGGER_HANDLER = "\\\\.\\Global\\ProcmonDebugLogger";
 43 | 
 44 |         /// <summary>
 45 |         /// The handle to the Process Monitor log device.
 46 |         /// </summary>
 47 |         private static SafeFileHandle hProcMon;
 48 | 
 49 |         /// <summary>
 50 |         /// Gets the IO Control code for the ProcMon log.
 51 |         /// </summary>
 52 |         private static uint IOCTL_EXTERNAL_LOG_DEBUGOUT { get { return CTL_CODE(); } }
 53 | 
 54 |         /// <summary>
 55 |         /// Builds the control code for the Process Monitor driver access.
 56 |         /// </summary>
 57 |         /// <seealso href="http://msdn.microsoft.com/en-us/library/windows/hardware/ff543023(v=vs.85).aspx"/>
 58 |         private static uint CTL_CODE(uint DeviceType = FILE_DEVICE_PROCMON_LOG,
 59 |                                       uint Function = 0x81,
 60 |                                       uint Method = METHOD_BUFFERED,
 61 |                                       uint Access = FILE_WRITE_ACCESS)
 62 |         {
 63 |             return ((DeviceType << 16) | (Access << 14) | (Function << 2) | Method);
 64 |         }
 65 | 
 66 |         /// <summary>
 67 |         /// Handles calling CreateFile.
 68 |         /// </summary>
 69 |         /// <remarks>
 70 |         /// This is only used for opening the Process Monitor log handle, hence the default parameters.
 71 |         /// </remarks>
 72 |         /// <seealso href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx"/>
 73 |         [SuppressMessage("Microsoft.Security",
 74 |                          "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule",
 75 |                          Justification = "This is a bug in Code Analysis on pre-4.0 assemblies: http://connect.microsoft.com/VisualStudio/feedback/details/729254/bogus-ca5122-warning-about-p-invoke-declarations-should-not-be-safe-critical")]
 76 |         [DllImport("kernel32.dll",
 77 |                    SetLastError = true,
 78 |                    CharSet = CharSet.Unicode)]
 79 |         private static extern SafeFileHandle CreateFile(string lpFileName = PROCMON_DEBUGGER_HANDLER,
 80 |                                                         uint dwDesiredAccess = GENERIC_WRITE,
 81 |                                                         uint dwShareMode = FILE_SHARE_WRITE,
 82 |                                                         IntPtr lpSecurityAttributes = default(IntPtr),
 83 |                                                         uint dwCreationDisposition = OPEN_EXISTING,
 84 |                                                         uint dwFlagsAndAttributes = FILE_ATTRIBUTE_NORMAL,
 85 |                                                         IntPtr hTemplateFile = default(IntPtr));
 86 | 
 87 |         [SuppressMessage("Microsoft.Security",
 88 |                          "CA5122:PInvokesShouldNotBeSafeCriticalFxCopRule",
 89 |                          Justification = "This is a bug in Code Analysis on pre-4.0 assemblies: http://connect.microsoft.com/VisualStudio/feedback/details/729254/bogus-ca5122-warning-about-p-invoke-declarations-should-not-be-safe-critical")]
 90 |         [DllImport("kernel32.dll",
 91 |                     ExactSpelling = true,
 92 |                     SetLastError = true,
 93 |                     CharSet = CharSet.Unicode)]
 94 |         [return: MarshalAs(UnmanagedType.Bool)]
 95 |         private static extern bool DeviceIoControl(SafeFileHandle hDevice,
 96 |                                                    uint dwIoControlCode,
 97 |                                                    StringBuilder lpInBuffer,
 98 |                                                    uint nInBufferSize,
 99 |                                                    IntPtr lpOutBuffer,
100 |                                                    uint nOutBufferSize,
101 |                                                    out uint lpBytesReturned,
102 |                                                    IntPtr lpOverlapped);
103 | 
104 |         [SuppressMessage("Microsoft.Performance",
105 |                          "CA1810:InitializeReferenceTypeStaticFieldsInline",
106 |                          Justification = "How else are you going to set up a static event? (http://social.msdn.microsoft.com/Forums/en-US/d11fe313-278c-4cae-bfcc-b119204866c7/ca1810-incorrect?forum=vstscode)")]
107 |         static NativeMethods()
108 |         {
109 |             AppDomain.CurrentDomain.ProcessExit += (sender, args) =>
110 |             {
111 |                 if (!hProcMon.IsInvalid)
112 |                 {
113 |                     hProcMon.Close();
114 |                 }
115 |             };
116 |         }
117 | 
118 |         /// <summary>
119 |         /// Does the actual tracing to Process Monitor.
120 |         /// </summary>
121 |         /// <param name="message">
122 |         /// The message to display.
123 |         /// </param>
124 |         /// <param name="args">
125 |         /// The formatting arguments for the message
126 |         /// </param>
127 |         /// <returns>
128 |         /// True if the trace succeeded, false otherwise.
129 |         /// </returns>
130 |         public static bool ProcMonDebugOutput(string message, params object[] args)
131 |         {
132 |             bool returnValue = false;
133 |             StringBuilder renderedMessage = new StringBuilder();
134 |             renderedMessage.AppendFormat(CultureInfo.CurrentCulture, message, args);
135 |             uint outLen;
136 | 
137 |             if (hProcMon == null || hProcMon.IsInvalid)
138 |             {
139 |                 hProcMon = CreateFile();
140 |             }
141 | 
142 |             returnValue = DeviceIoControl(hProcMon, 
143 |                                           IOCTL_EXTERNAL_LOG_DEBUGOUT,
144 |                                           renderedMessage, 
145 |                                           (uint)(renderedMessage.Length * sizeof(System.Char)),
146 |                                           IntPtr.Zero, 
147 |                                           0, 
148 |                                           out outLen, 
149 |                                           IntPtr.Zero);
150 |             return returnValue;
151 |         }
152 |     }
153 | }
154 | 


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/ProcessMonitorTraceListerner.cs:
--------------------------------------------------------------------------------
 1 | /*//////////////////////////////////////////////////////////////////////////////
 2 | // ProcessMonitorTraceListener
 3 | // 
 4 | // History:
 5 | // - April 1, 2010 - Version 1.0 - John Robbins/Wintellect
 6 | //      - Initial release.
 7 | // - March 1, 2014 - Version 1.1 - John Robbins/Wintellect
 8 | //      - Moved to VS 2013 and .NET 4.5.1
 9 | //////////////////////////////////////////////////////////////////////////////*/
10 | 
11 | namespace Sysinternals.Debug
12 | {
13 |     using System;
14 |     using System.Diagnostics;
15 | 
16 |     /// <summary>
17 |     /// Implements a <see cref="TraceListener"/> that redirects output to 
18 |     /// Sysinternal's Process Monitor program.
19 |     /// </summary>
20 |     public class ProcessMonitorTraceListener : TraceListener
21 |     {
22 |         /// <summary>
23 |         /// Writes a trace message to Process Monitor.
24 |         /// </summary>
25 |         /// <param name="message">
26 |         /// A message to write.
27 |         /// </param>
28 |         public override void Write(string message)
29 |         {
30 |             NativeMethods.ProcMonDebugOutput(message);
31 |         }
32 | 
33 |         /// <summary>
34 |         /// Writes a trace message to Process Monitor.
35 |         /// </summary>
36 |         /// <param name="message">
37 |         /// A message to write.
38 |         /// </param>
39 |         public override void WriteLine(string message)
40 |         {
41 |             NativeMethods.ProcMonDebugOutput(message);
42 |         }
43 |     }
44 | }
45 | 


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Reflection;
 3 | using System.Runtime.CompilerServices;
 4 | using System.Runtime.InteropServices;
 5 | using System.Security;
 6 | 
 7 | [assembly: CLSCompliant(true)]
 8 | // General Information about an assembly is controlled through the following 
 9 | // set of attributes. Change these attribute values to modify the information
10 | // associated with an assembly.
11 | [assembly: AssemblyTitle("Sysinternals.Debug")]
12 | [assembly: AssemblyDescription("Send Trace output to Process Monitor")]
13 | [assembly: AssemblyConfiguration("")]
14 | [assembly: AssemblyCompany("Wintellect")]
15 | [assembly: AssemblyProduct("Sysinternals.Debug")]
16 | [assembly: AssemblyCopyright("Copyright 2014 John Robbins/Wintellect")]
17 | [assembly: AssemblyTrademark("")]
18 | [assembly: AssemblyCulture("")]
19 | 
20 | [assembly: SecurityCritical]
21 | 
22 | 
23 | 
24 | // Setting ComVisible to false makes the types in this assembly not visible 
25 | // to COM components.  If you need to access a type in this assembly from 
26 | // COM, set the ComVisible attribute to true on that type.
27 | [assembly: ComVisible(false)]
28 | 
29 | // The following GUID is for the ID of the typelib if this project is exposed to COM
30 | [assembly: Guid("c8467a9a-9e22-41cf-aaf1-114c9ee949b6")]
31 | 
32 | // Version information for an assembly consists of the following four values:
33 | //
34 | //      Major Version
35 | //      Minor Version 
36 | //      Build Number
37 | //      Revision
38 | //
39 | // You can specify all the values or you can default the Build and Revision Numbers 
40 | // by using the '*' as shown below:
41 | // [assembly: AssemblyVersion("1.0.*")]
42 | [assembly: AssemblyVersion("1.1.0.0")]
43 | [assembly: AssemblyFileVersion("1.1.0.0")]
44 | 


--------------------------------------------------------------------------------
/Source/Sysinternals.Debug/Sysinternals.Debug.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{FB1D522E-1ACB-49DD-93D4-123E6EA13AED}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>Sysinternals.Debug</RootNamespace>
11 |     <AssemblyName>Sysinternals.Debug</AssemblyName>
12 |     <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |     <TargetFrameworkProfile>
15 |     </TargetFrameworkProfile>
16 |   </PropertyGroup>
17 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
18 |     <DebugSymbols>true</DebugSymbols>
19 |     <DebugType>full</DebugType>
20 |     <Optimize>false</Optimize>
21 |     <OutputPath>..\Debugx64\</OutputPath>
22 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
23 |     <ErrorReport>prompt</ErrorReport>
24 |     <WarningLevel>4</WarningLevel>
25 |     <RunCodeAnalysis>true</RunCodeAnalysis>
26 |     <CodeAnalysisRuleSet>AllCodeAnalysisRulesAsErrors.ruleset</CodeAnalysisRuleSet>
27 |     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
28 |     <DocumentationFile>..\Debugx64\Sysinternals.Debug.XML</DocumentationFile>
29 |     <CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
30 |   </PropertyGroup>
31 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
32 |     <DebugType>pdbonly</DebugType>
33 |     <Optimize>true</Optimize>
34 |     <OutputPath>..\Releasex64\</OutputPath>
35 |     <DefineConstants>TRACE</DefineConstants>
36 |     <ErrorReport>prompt</ErrorReport>
37 |     <WarningLevel>4</WarningLevel>
38 |     <RunCodeAnalysis>true</RunCodeAnalysis>
39 |     <CodeAnalysisRuleSet>AllCodeAnalysisRulesAsErrors.ruleset</CodeAnalysisRuleSet>
40 |     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
41 |     <DocumentationFile>..\Releasex64\Sysinternals.Debug.XML</DocumentationFile>
42 |     <CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
43 |   </PropertyGroup>
44 |   <ItemGroup>
45 |     <Reference Include="System" />
46 |   </ItemGroup>
47 |   <ItemGroup>
48 |     <Compile Include="GlobalSuppressions.cs" />
49 |     <Compile Include="NativeMethods.cs" />
50 |     <Compile Include="Properties\AssemblyInfo.cs" />
51 |   </ItemGroup>
52 |   <ItemGroup>
53 |     <Compile Include="ProcessMonitorTraceListerner.cs" />
54 |   </ItemGroup>
55 |   <ItemGroup>
56 |     <CodeAnalysisDictionary Include="CodeAnalysisDictionary.xml" />
57 |   </ItemGroup>
58 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
59 |   <PropertyGroup>
60 |     <PostBuildEvent>copy $(OutDir)\$(TargetFileName) ..\$(ConfigurationName)Win32\
61 | copy $(OutDir)\$(ProjectName).xml ..\$(ConfigurationName)Win32\</PostBuildEvent>
62 |   </PropertyGroup>
63 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
64 |        Other similar extension points exist, see Microsoft.Common.targets.
65 |   <Target Name="BeforeBuild">
66 |   </Target>
67 |   <Target Name="AfterBuild">
68 |   </Target>
69 |   -->
70 | </Project>


--------------------------------------------------------------------------------
/Source/Sysinternals.log4net/GlobalSuppressions.cs:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Wintellect/ProcMonDebugOutput/b9594c00122d3e78a588b77ec445f6261a5a916c/Source/Sysinternals.log4net/GlobalSuppressions.cs


--------------------------------------------------------------------------------
/Source/Sysinternals.log4net/ProcMonAppender.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using log4net.Appender;
 3 | using log4net.Core;
 4 | using log4net.Layout;
 5 | using Sysinternals.Debug;
 6 | using System.Diagnostics.CodeAnalysis;
 7 | 
 8 | namespace Sysinternals.log4net
 9 | {
10 |     /// <summary>
11 |     /// A <c>log4net</c> appender for ProcMonDebugOutput.
12 |     /// </summary>
13 |     [SuppressMessage("Microsoft.Naming", 
14 |                      "CA1704:IdentifiersShouldBeSpelledCorrectly", 
15 |                      MessageId = "Proc",
16 |                      Justification="Naming conforms to the rest of the project")]
17 |     [SuppressMessage("Microsoft.Naming",
18 |                      "CA1704:IdentifiersShouldBeSpelledCorrectly",
19 |                      MessageId = "Appender",
20 |                      Justification = "Naming conforms the log4net project")]
21 |     public class ProcMonAppender : AppenderSkeleton
22 |     {
23 |         /// <summary>
24 |         ///  Default constructor.
25 |         /// </summary>
26 |         /// <remarks>
27 |         /// Sets the default layout.
28 |         /// </remarks>
29 |         [SuppressMessage("Microsoft.Usage", 
30 |                          "CA2214:DoNotCallOverridableMethodsInConstructors",
31 |                          Justification="Justin put this in and as I don't use log4net, I'm afraid to touch it.")]
32 |         public ProcMonAppender()
33 |         {
34 |             // Although it breaks convention set by the built-in appenders, this is more forgiving.
35 |             Layout = new PatternLayout("%-5p %m");
36 |         }
37 |         /// <summary>
38 |         /// This appender requires a <see cref="AppenderSkeleton.Layout"/> to be set.
39 |         /// </summary>
40 |         /// <value><c>true</c></value>
41 |         override protected bool RequiresLayout
42 |         {
43 |             get { return true; }
44 |         }
45 | 
46 |         /// <summary>
47 |         /// 
48 |         /// </summary>
49 |         /// <param name="loggingEvent"></param>
50 |         protected override void Append(LoggingEvent loggingEvent)
51 |         {
52 |             NativeMethods.ProcMonDebugOutput(RenderLoggingEvent(loggingEvent));
53 |         }
54 |     }
55 | }
56 | 


--------------------------------------------------------------------------------
/Source/Sysinternals.log4net/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
 1 | using System;
 2 | using System.Reflection;
 3 | using System.Runtime.CompilerServices;
 4 | using System.Runtime.InteropServices;
 5 | using System.Security;
 6 | 
 7 | [assembly:CLSCompliant(true)]
 8 | // General Information about an assembly is controlled through the following 
 9 | // set of attributes. Change these attribute values to modify the information
10 | // associated with an assembly.
11 | [assembly: AssemblyTitle("Sysinternals.log4net")]
12 | [assembly: AssemblyDescription("The log4net version of the Process Monitor tracing tool")]
13 | [assembly: AssemblyConfiguration("")]
14 | [assembly: AssemblyCompany("Wintellect")]
15 | [assembly: AssemblyProduct("Sysinternals.log4net")]
16 | [assembly: AssemblyCopyright("Copyright ©  Wintellect 2014")]
17 | [assembly: AssemblyTrademark("")]
18 | [assembly: AssemblyCulture("")]
19 | 
20 | // Setting ComVisible to false makes the types in this assembly not visible 
21 | // to COM components.  If you need to access a type in this assembly from 
22 | // COM, set the ComVisible attribute to true on that type.
23 | [assembly: ComVisible(false)]
24 | 
25 | [assembly: SecurityCritical]
26 | 
27 | // The following GUID is for the ID of the typelib if this project is exposed to COM
28 | [assembly: Guid("d8560003-f6b2-40b4-989f-ff24d28a8eb4")]
29 | 
30 | // Version information for an assembly consists of the following four values:
31 | //
32 | //      Major Version
33 | //      Minor Version 
34 | //      Build Number
35 | //      Revision
36 | //
37 | // You can specify all the values or you can default the Build and Revision Numbers 
38 | // by using the '*' as shown below:
39 | // [assembly: AssemblyVersion("1.0.*")]
40 | [assembly: AssemblyVersion("1.0.0.0")]
41 | [assembly: AssemblyFileVersion("1.0.0.0")]
42 | 


--------------------------------------------------------------------------------
/Source/Sysinternals.log4net/Sysinternals.log4net.csproj:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="utf-8"?>
 2 | <Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
 3 |   <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
 4 |   <PropertyGroup>
 5 |     <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
 6 |     <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
 7 |     <ProjectGuid>{B276CB46-42A1-4CF8-A0BD-7DE40230764E}</ProjectGuid>
 8 |     <OutputType>Library</OutputType>
 9 |     <AppDesignerFolder>Properties</AppDesignerFolder>
10 |     <RootNamespace>Sysinternals.log4net</RootNamespace>
11 |     <AssemblyName>Sysinternals.log4net</AssemblyName>
12 |     <TargetFrameworkVersion>v2.0</TargetFrameworkVersion>
13 |     <FileAlignment>512</FileAlignment>
14 |     <TargetFrameworkProfile />
15 |   </PropertyGroup>
16 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17 |     <DebugSymbols>true</DebugSymbols>
18 |     <DebugType>full</DebugType>
19 |     <Optimize>false</Optimize>
20 |     <OutputPath>..\Debugx64\</OutputPath>
21 |     <DefineConstants>DEBUG;TRACE</DefineConstants>
22 |     <ErrorReport>prompt</ErrorReport>
23 |     <WarningLevel>4</WarningLevel>
24 |     <RunCodeAnalysis>true</RunCodeAnalysis>
25 |     <CodeAnalysisRuleSet>..\Sysinternals.Debug\AllCodeAnalysisRulesAsErrors.ruleset</CodeAnalysisRuleSet>
26 |     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
27 |     <DocumentationFile>..\Debugx64\Sysinternals.log4net.XML</DocumentationFile>
28 |     <CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
29 |   </PropertyGroup>
30 |   <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
31 |     <DebugType>pdbonly</DebugType>
32 |     <Optimize>true</Optimize>
33 |     <OutputPath>..\Releasex64\</OutputPath>
34 |     <DefineConstants>TRACE</DefineConstants>
35 |     <ErrorReport>prompt</ErrorReport>
36 |     <WarningLevel>4</WarningLevel>
37 |     <RunCodeAnalysis>true</RunCodeAnalysis>
38 |     <CodeAnalysisRuleSet>..\Sysinternals.Debug\AllCodeAnalysisRulesAsErrors.ruleset</CodeAnalysisRuleSet>
39 |     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
40 |     <DocumentationFile>..\Releasex64\Sysinternals.log4net.XML</DocumentationFile>
41 |     <CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
42 |   </PropertyGroup>
43 |   <ItemGroup>
44 |     <Reference Include="log4net, Version=1.2.13.0, Culture=neutral, PublicKeyToken=669e0ddf0bb1aa2a, processorArchitecture=MSIL">
45 |       <SpecificVersion>False</SpecificVersion>
46 |       <HintPath>..\packages\log4net.2.0.3\lib\net20-full\log4net.dll</HintPath>
47 |     </Reference>
48 |     <Reference Include="System" />
49 |   </ItemGroup>
50 |   <ItemGroup>
51 |     <Compile Include="..\Sysinternals.Debug\NativeMethods.cs">
52 |       <Link>NativeMethods.cs</Link>
53 |     </Compile>
54 |     <Compile Include="GlobalSuppressions.cs" />
55 |     <Compile Include="ProcMonAppender.cs" />
56 |     <Compile Include="Properties\AssemblyInfo.cs" />
57 |   </ItemGroup>
58 |   <ItemGroup>
59 |     <None Include="packages.config" />
60 |   </ItemGroup>
61 |   <ItemGroup>
62 |     <CodeAnalysisDictionary Include="..\Sysinternals.Debug\CodeAnalysisDictionary.xml">
63 |       <Link>CodeAnalysisDictionary.xml</Link>
64 |     </CodeAnalysisDictionary>
65 |   </ItemGroup>
66 |   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
67 |   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
68 |        Other similar extension points exist, see Microsoft.Common.targets.
69 |   <Target Name="BeforeBuild">
70 |   </Target>
71 |   <Target Name="AfterBuild">
72 |   </Target>
73 |   -->
74 | </Project>


--------------------------------------------------------------------------------
/Source/Sysinternals.log4net/packages.config:
--------------------------------------------------------------------------------
1 | <?xml version="1.0" encoding="utf-8"?>
2 | <packages>
3 |   <package id="log4net" version="2.0.3" targetFramework="net20" />
4 | </packages>


--------------------------------------------------------------------------------
/Source/VBA/ProcMon.bas:
--------------------------------------------------------------------------------
 1 | Option Explicit
 2 | 
 3 | ' Win32 API Constants
 4 | Private Const GENERIC_WRITE As Long = &H40000000
 5 | Private Const OPEN_EXISTING As Long = 3
 6 | Private Const FILE_WRITE_ACCESS As Long = &H2
 7 | Private Const FILE_SHARE_WRITE As Long = &H2
 8 | Private Const FILE_ATTRIBUTE_NORMAL As Long = &H80
 9 | Private Const METHOD_BUFFERED As Long = 0
10 | Private Const FORMAT_MESSAGE_FROM_SYSTEM = &H1000
11 | Private Const LANG_NEUTRAL = &H0
12 | 
13 | 
14 | ' Process Monitor Constants
15 | Private Const FILE_DEVICE_PROCMON_LOG As Long = &H9535
16 | Private Const PROCMON_DEBUGGER_HANDLER As String = "\\.\Global\ProcmonDebugLogger"
17 | Private Const IOCTL_EXTERNAL_LOG_DEBUGOUT As Long = -1791655420
18 | 
19 | Dim hProcMon As LongPtr
20 | 
21 | Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileW" _
22 |     (ByVal lpFileName As LongPtr, _
23 |      Optional ByVal dwDesiredAccess As Long = GENERIC_WRITE, _
24 |      Optional ByVal dwShareMode As Long = FILE_SHARE_WRITE, _
25 |      Optional lpSecurityAttributes As LongPtr = 0, _
26 |      Optional ByVal dwCreationDisposition As Long = OPEN_EXISTING, _
27 |      Optional ByVal dwFlagsAndAttributes As Long = FILE_ATTRIBUTE_NORMAL, _
28 |      Optional ByVal hTemplateFile As LongPtr = 0) As LongPtr
29 |      
30 | Private Declare Function DeviceIoControl Lib "kernel32" _
31 |     (ByVal hDevice As LongPtr, _
32 |      ByVal dwIoControlCode As Long, _
33 |      ByVal lpInBuffer As LongPtr, _
34 |      ByVal nInBufferSize As Long, _
35 |      Optional lpOutBuffer As LongPtr, _
36 |      Optional ByVal nOutBufferSize As Long, _
37 |      Optional lpBytesReturned As Long, _
38 |      Optional ByVal lpOverlapped As LongPtr) As Boolean
39 | 
40 | Private Declare Function GetLastError Lib "kernel32" () As LongPtr
41 | Private Declare Sub SetLastError Lib "kernel32" (ByVal dwErrCode As LongPtr)
42 | Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" _
43 |     (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, _
44 |      ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, _
45 |      Arguments As Long) As Long
46 | 
47 | 
48 | Public Function ProcMonDebugOutput(message As String) As Boolean
49 |     If hProcMon = 0 Or hProcMon = 0 Then
50 |         hProcMon = CreateFile(StrPtr(PROCMON_DEBUGGER_HANDLER))
51 |     End If
52 |     If hProcMon = -1 Then
53 |         Err.Raise Err.LastDllError
54 |     End If
55 | 
56 |     ProcMonDebugOutput = DeviceIoControl _
57 |         (hProcMon, IOCTL_EXTERNAL_LOG_DEBUGOUT, _
58 |         StrPtr(message), Len(message) * 2)
59 | End Function
60 | 
61 | 


--------------------------------------------------------------------------------