locked
Extending Windows Assessment RRS feed

  • Question

  • Hi all, I'm not quite sure if I have chosen the right forum to post my question, in case I was wrong, please move in to the right one. 

    I'm exporirng the possibilities of extending the Windows Assessments, and using c# + AXE API. So far, I managed to write simple extention, creating .asmtx manually, the AssessmentResult file was also generated simply from the testing tool. Next, I managed to write a small app, using Windows.Assessments, and to create .asmtx with the Assessment() object. Now I'm rying to use          Support.StartTracing method in my testing tool, to generate ETW for each iteration. 

    The first question is: Do I really need to provide a path WPAProfile file, as it is written in documentation: 

    "Parameters
    profileFileName
    The name of the WPA file that contains the profile.
    profileName
    The name of the WPA profile to use for tracing.

    Remarks
    This method does not trace data to the AXE ETW logging session. Instead, it begins an advanced ETW tracing session using a profile from WPA."

    or I need to provide a path to a .wprp?!

    If I use a path to the WPAProfile file (well at first I took the ready FileOrg.WPAProfile from the FileHandling assessments), I get the exception:

    Unhandled Exception: System.ArgumentException: Value does not fall within the expected range.
       at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
       at Microsoft.Assessments.Runtime.Support.StartTracing(String profileFileName, String profileName)

    In this case, in AXE.log i see the following: 

    ‎22.‎03.‎2017 17:22:04 PID:000077D8 ERROR 0X80070057: ADKB738F1350000 (0) - The parameter is incorrect.
     The parameter is incorrect.  

    if I provide the StartTraceMethod with a path to .wprp file (FileHandling.wprp) and with the ProfileName = "FileHandling", I get the exception: 

    Unhandled Exception: System.Runtime.InteropServices.COMException: Exception from HRESULT: 0xC5580704
       at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)
       at Microsoft.Assessments.Runtime.Support.StartTracing(String profileFileName, String profileName)

    Again, in Axe.log i see the following: 

     

    ‎22.‎03.‎2017 17:32:03 PID:00006324 ERROR 0XC5580704: ADKB738F1350000 (0) - The <Profile> element could not be found in the profile file.
     An unexpected internal error occurred.

    Needless to say, that there are even several profiles with he name "FileHandling" in this wprp file, f.e.:

    <Profile Id="FileHandling.Verbose.File" Base="Minifilter.Verbose.File" LoggingMode="File" Name="FileHandling" DetailLevel="Verbose" Description="File Handling Assessment">
                <Collectors Operation="Add">
                    <EventCollectorId Value="EventCollector_WPREventCollectorInFile">
                        <EventProviders Operation="Add">
                            <EventProviderId Value="EventProvider_Microsoft-Windows-Shell-Core"/>
                            <EventProviderId Value="EventProvider_Microsoft-Windows-Shell-ZipFolder"/>
                            <EventProviderId Value="EventProvider_Eco-Asmts-HAS-FileOrg"/>
                            <EventProviderId Value="EventProvider_Microsoft-Windows-Win32k"/>
                        </EventProviders>
                    </EventCollectorId>
                </Collectors>
            </Profile>


    Probably i need to provide the ProfileID instead? 

    The documentation on this API is quite poor, and I haven't found any examples of using it. I will be extremely grateful for any help. 



    • Edited by Diana Lebedeva Thursday, March 23, 2017 5:35 AM
    • Moved by Just Karl Tuesday, April 18, 2017 3:15 PM Looking for the correct forum.
    Wednesday, March 22, 2017 3:05 PM

Answers

All replies