diff --git a/UIforETW/UIforETWDlg.cpp b/UIforETW/UIforETWDlg.cpp index 74d9b381..d2ac1820 100644 --- a/UIforETW/UIforETWDlg.cpp +++ b/UIforETW/UIforETWDlg.cpp @@ -1902,8 +1902,11 @@ void CUIforETWDlg::SetHeapTracing(bool forceOff) std::wstring targetKey = L"Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options"; CreateRegistryKey(HKEY_LOCAL_MACHINE, targetKey, tracingName); targetKey += L"\\" + tracingName; + DWORD oldValue = 0; + bool oldValueValid = GetRegistryDWORD(HKEY_LOCAL_MACHINE, targetKey, L"TracingFlags", &oldValue); SetRegistryDWORD(HKEY_LOCAL_MACHINE, targetKey, L"TracingFlags", tracingFlags); - if (tracingFlags) + // Print a message when setting the flag or when clearing it if it was previously set. + if (tracingFlags || (oldValueValid && tracingFlags != oldValue)) outputPrintf(L"\"TracingFlags\" in \"HKEY_LOCAL_MACHINE\\%s\" set to %lu.\n", targetKey.c_str(), tracingFlags); } } diff --git a/UIforETW/Utility.cpp b/UIforETW/Utility.cpp index e6dc54b8..b96c38be 100644 --- a/UIforETW/Utility.cpp +++ b/UIforETW/Utility.cpp @@ -338,6 +338,13 @@ std::wstring ReadRegistryString(HKEY root, const std::wstring& subkey, const std return value; } +bool GetRegistryDWORD(const HKEY root, const std::wstring& subkey, const std::wstring& valueName, DWORD* pValue) noexcept +{ + DWORD type = 0; + DWORD byteCount = sizeof(*pValue); + auto result = ::RegGetValueW(root, subkey.c_str(), valueName.c_str(), RRF_RT_REG_DWORD | RRF_ZEROONFAILURE, &type, pValue, &byteCount); + return result == ERROR_SUCCESS; +} void SetRegistryDWORD(const HKEY root, const std::wstring& subkey, const std::wstring& valueName, const DWORD value) noexcept { diff --git a/UIforETW/Utility.h b/UIforETW/Utility.h index 1ecad726..c10250ae 100644 --- a/UIforETW/Utility.h +++ b/UIforETW/Utility.h @@ -33,6 +33,8 @@ void WriteTextAsFile(const std::wstring& fileName, const std::wstring& text); // Convert a string that may have '\n' line endings to '\r\n' line endings. std::wstring ConvertToCRLF(const std::wstring& input); +// Returns true if something is read. +bool GetRegistryDWORD(const HKEY root, const std::wstring& subkey, const std::wstring& valueName, DWORD* pValue) noexcept; void SetRegistryDWORD(HKEY root, const std::wstring& subkey, const std::wstring& valueName, DWORD value) noexcept; void CreateRegistryKey(HKEY root, const std::wstring& subkey, const std::wstring& newKey) noexcept; std::wstring ReadRegistryString(HKEY root, const std::wstring& subkey, const std::wstring& valueName, bool force32Bit);