1// +build windows 2 3package etw 4 5import ( 6 "bytes" 7 "encoding/binary" 8 "syscall" 9) 10 11// eventData maintains a buffer which builds up the data for an ETW event. It 12// needs to be paired with EventMetadata which describes the event. 13type eventData struct { 14 buffer bytes.Buffer 15} 16 17// bytes returns the raw binary data containing the event data. The returned 18// value is not copied from the internal buffer, so it can be mutated by the 19// eventData object after it is returned. 20func (ed *eventData) bytes() []byte { 21 return ed.buffer.Bytes() 22} 23 24// writeString appends a string, including the null terminator, to the buffer. 25func (ed *eventData) writeString(data string) { 26 ed.buffer.WriteString(data) 27 ed.buffer.WriteByte(0) 28} 29 30// writeInt8 appends a int8 to the buffer. 31func (ed *eventData) writeInt8(value int8) { 32 ed.buffer.WriteByte(uint8(value)) 33} 34 35// writeInt16 appends a int16 to the buffer. 36func (ed *eventData) writeInt16(value int16) { 37 binary.Write(&ed.buffer, binary.LittleEndian, value) 38} 39 40// writeInt32 appends a int32 to the buffer. 41func (ed *eventData) writeInt32(value int32) { 42 binary.Write(&ed.buffer, binary.LittleEndian, value) 43} 44 45// writeInt64 appends a int64 to the buffer. 46func (ed *eventData) writeInt64(value int64) { 47 binary.Write(&ed.buffer, binary.LittleEndian, value) 48} 49 50// writeUint8 appends a uint8 to the buffer. 51func (ed *eventData) writeUint8(value uint8) { 52 ed.buffer.WriteByte(value) 53} 54 55// writeUint16 appends a uint16 to the buffer. 56func (ed *eventData) writeUint16(value uint16) { 57 binary.Write(&ed.buffer, binary.LittleEndian, value) 58} 59 60// writeUint32 appends a uint32 to the buffer. 61func (ed *eventData) writeUint32(value uint32) { 62 binary.Write(&ed.buffer, binary.LittleEndian, value) 63} 64 65// writeUint64 appends a uint64 to the buffer. 66func (ed *eventData) writeUint64(value uint64) { 67 binary.Write(&ed.buffer, binary.LittleEndian, value) 68} 69 70// writeFiletime appends a FILETIME to the buffer. 71func (ed *eventData) writeFiletime(value syscall.Filetime) { 72 binary.Write(&ed.buffer, binary.LittleEndian, value) 73} 74