Print whenever heap tracing flags change

Previously UIforETW would print a message whenever heap tracing was enabled for a particular process name. That made me feel a bit tense since it was not obvious if/when the heap tracing registry keys were being cleared. This change adds a function to read the registry key so that changes can be detected.
google · Oct 5, 2018 · 5db4c58 · 5db4c58
1 parent b5687f9
commit 5db4c58
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/UIforETW/UIforETWDlg.cpp b/UIforETW/UIforETWDlg.cpp
@@ -1902,8 +1902,11 @@ void CUIforETWDlg::SetHeapTracing(bool forceOff)
 		std::wstring targetKey = L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options";
 		CreateRegistryKey(HKEY_LOCAL_MACHINE, targetKey, tracingName);
 		targetKey += L"\\" + tracingName;
+		DWORD oldValue = 0;
+		bool oldValueValid = GetRegistryDWORD(HKEY_LOCAL_MACHINE, targetKey, L"TracingFlags", &oldValue);
 		SetRegistryDWORD(HKEY_LOCAL_MACHINE, targetKey, L"TracingFlags", tracingFlags);
-		if (tracingFlags)
+		// Print a message when setting the flag or when clearing it if it was previously set.
+		if (tracingFlags || (oldValueValid && tracingFlags != oldValue))
 			outputPrintf(L"\"TracingFlags\" in \"HKEY_LOCAL_MACHINE\\%s\" set to %lu.\n", targetKey.c_str(), tracingFlags);
 	}
 }

diff --git a/UIforETW/Utility.cpp b/UIforETW/Utility.cpp
@@ -338,6 +338,13 @@ std::wstring ReadRegistryString(HKEY root, const std::wstring& subkey, const std
 	return value;
 }
 
+bool GetRegistryDWORD(const HKEY root, const std::wstring& subkey, const std::wstring& valueName, DWORD* pValue) noexcept
+{
+	DWORD type = 0;
+	DWORD byteCount = sizeof(*pValue);
+	auto result = ::RegGetValueW(root, subkey.c_str(), valueName.c_str(), RRF_RT_REG_DWORD | RRF_ZEROONFAILURE, &type, pValue, &byteCount);
+	return result == ERROR_SUCCESS;
+}
 
 void SetRegistryDWORD(const HKEY root, const std::wstring& subkey, const std::wstring& valueName, const DWORD value) noexcept
 {

diff --git a/UIforETW/Utility.h b/UIforETW/Utility.h
@@ -33,6 +33,8 @@ void WriteTextAsFile(const std::wstring& fileName, const std::wstring& text);
 // Convert a string that may have '\n' line endings to '\r\n' line endings.
 std::wstring ConvertToCRLF(const std::wstring& input);
 
+// Returns true if something is read.
+bool GetRegistryDWORD(const HKEY root, const std::wstring& subkey, const std::wstring& valueName, DWORD* pValue) noexcept;
 void SetRegistryDWORD(HKEY root, const std::wstring& subkey, const std::wstring& valueName, DWORD value) noexcept;
 void CreateRegistryKey(HKEY root, const std::wstring& subkey, const std::wstring& newKey) noexcept;
 std::wstring ReadRegistryString(HKEY root, const std::wstring& subkey, const std::wstring& valueName, bool force32Bit);