How to access member of a class during inside callback function ?

[Tanuj22]

The following program is crashing when I am trying to access invoke std::string t = config.Test("test"); in the callback cb. The reason looks to because config is not able to access the memory (?). Can some please explain why this is happening even though I have already passed this to the callback? And how can i fix this issue? TIA!

#include <iostream>
#include <krabs.hpp>

using namespace std;

const krabs::guid KernelProcessProviderId = krabs::guid(L"{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}");

class DependencyCheckerConfig {

private:
    // assignment and copy not needed
    DependencyCheckerConfig(const DependencyCheckerConfig&);
    DependencyCheckerConfig& operator=(const DependencyCheckerConfig&);

private:
    const std::string test = "test-string";

public:

	DependencyCheckerConfig() {}

	std::string Test(std::string t) const
        {
            std::cout << "Test :" << t <<std::endl;
            return test;
	}
};

class DepenedencyChecker {
public:
	DepenedencyChecker(const DependencyCheckerConfig& config) : config(config) {
            Init();
	}

	void Start() {
		m_trace->start();
	}

	void Stop() {
		m_trace->stop();
	}

private:

    std::unique_ptr<krabs::user_trace> m_trace;
    std::unique_ptr<krabs::provider<>> m_process_provider;
    std::unique_ptr<krabs::event_filter> m_processEventFilter;
    const DependencyCheckerConfig& config;

    void Init() {

        m_trace =  std::make_unique<krabs::user_trace>(L"Test-Trace-Kernel");
        EVENT_TRACE_PROPERTIES m_properties = { 0 };
        m_properties.LogFileMode = EVENT_TRACE_REAL_TIME_MODE | EVENT_TRACE_INDEPENDENT_SESSION_MODE;
        m_trace->set_trace_properties(&m_properties);
        m_process_provider = std::make_unique<krabs::provider<>>(KernelProcessProviderId);
        m_processEventFilter = std::make_unique<krabs::event_filter>(std::vector<unsigned short>{5});
        
        auto cb = [this](const EVENT_RECORD& record, const krabs::trace_context& trace_context)
        {
            krabs::schema schema(record, trace_context.schema_locator);
            krabs::parser parser(schema);
        
            cout << "im here" << endl;
            std::string t = config.Test("test");
            cout << t << endl;

            if (schema.event_id() == 5)
            {
               auto imageName = parser.parse<std::wstring>(L"ImageName");
               auto processID = parser.parse<uint32_t>(L"ProcessID");

                std::wcout << L"IMAGE LOAD Event " +
			    std::to_wstring(schema.event_id()) +
			    L" ProcessID " + std::to_wstring(processID) +
			    L" imageName " + imageName << std::endl;
            }
        };

	m_processEventFilter->add_on_event_callback(cb);
        m_process_provider->add_filter(*m_processEventFilter);
        m_trace->enable(*m_process_provider);   
    }
};

int main() {    
	DependencyCheckerConfig config;
	DepenedencyChecker checker(config);
	checker.Start();
        return 0;
}

[kylereedmsft]

The code looks fine. I'm able to run the example and it works.
Are you running the process as admin? What version of VS are you using?

IMAGE LOAD Event 5 ProcessID 24456 imageName \Device\HarddiskVolume3\Windows\System32\dsreg.dll
im here
Test :test
test-string
IMAGE LOAD Event 5 ProcessID 24456 imageName \Device\HarddiskVolume3\Windows\System32\crypt32.dll
im here
Test :test
test-string
IMAGE LOAD Event 5 ProcessID 24456 imageName \Device\HarddiskVolume3\Windows\System32\msasn1.dll
im here
Test :test
test-string
IMAGE LOAD Event 5 ProcessID 24456 imageName \Device\HarddiskVolume3\Windows\System32\msctf.dll
im here
Test :test
test-string
IMAGE LOAD Event 5 ProcessID 24456 imageName \Device\HarddiskVolume3\Windows\System32\powrprof...

[Tanuj22]

@kylereedmsft thanks for quick response. Can you please try to run the Release build? For some reason this works in Debug build but not on Release.

Running Visual Studio 2022 as admin.