What utility enables/manages the disk logging feature? Is there still such a
feature?
I saw the disk logging structures in wintioctl.h but I don’t know how to
enable/disable/dump the logs from the user interface…
typedef struct _DISK_RECORD {
LARGE_INTEGER ByteOffset;
LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime;
PVOID VirtualAddress;
DWORD NumberOfBytes;
BYTE DeviceNumber;
BOOLEAN ReadRequest;
} DISK_RECORD, *PDISK_RECORD;
//
// The following structure is exchanged on an IOCTL_DISK_LOG request.
// Not all fields are valid with each function type.
//
typedef struct _DISK_LOGGING {
BYTE Function;
PVOID BufferAddress;
DWORD BufferSize;
} DISK_LOGGING, *PDISK_LOGGING;
//
// Disk logging functions
//
// Start disk logging. Only the Function and BufferSize fields are valid.
//
#define DISK_LOGGING_START 0
//
// Stop disk logging. Only the Function field is valid.
//
#define DISK_LOGGING_STOP 1
//
// Return disk log. All fields are valid. Data will be copied from internal
// buffer to buffer specified for the number of bytes requested.
//
#define DISK_LOGGING_DUMP 2