Am Samstag, den 30.08.2008, 11:41 -0600 schrieb Vitaliy Margolen:
Almost no programs are calling the Nt* functions directly. But kernel32 functions. So the point about knowing the file handle in return from NtCreateFile is moot. And kernel32's CreateFile() already prints that information for you.
This is not true anymore for kernel level device drivers wine starts to support now. ntoskrnl.exe:NtCreateFile is directly forwarded into ntdll.
This is why you are getting so much resistance - you trying to add something redundant.
I think this is not a valid point.
First, most of the function entry traces also are "redundant", as a relay trace already prints the parameters. Relay tracing can be limited to certain dlls, for example ntdll. In that case, most of the traces in file.c are redundant.
Second, kernel32:CreateFile logs to file, whereas ntdll:NtCreateFile logs to ntdll. So to make sense of these details in the ntdll trace, you have to turn on file. As this is dealing with files, it is not too ugly, but keeping information needed to follow code flow in one channel is a definite pro.
Third, there is precedence in NtReadFile[Scatter] and NtWriteFile[Gather]. Would you suggenst to remove the result traces from there?
Regards, Michael Karcher