Skip to content

Commit 65e6a80

Browse files
daxian-dbwdaxian-dbw
authored
Update PowerShell telemetry to respect the diagnostics and feedback setting on Windows (#27328)
1 parent 0458f16 commit 65e6a80

6 files changed

Lines changed: 427 additions & 33 deletions

File tree

src/PowerShell.Core.Instrumentation/PowerShell.Core.Instrumentation.man

Lines changed: 173 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -121,6 +121,18 @@
121121
value="0x3002"
122122
version="1"
123123
/>
124+
<!--Telemetry events-->
125+
<event
126+
channel="C_OPERATIONAL"
127+
level="win:Error"
128+
message="$(string.PS_PROVIDER.event.E_O_TelemetrySettingError.message)"
129+
opcode="Exception"
130+
symbol="TelemetrySettingError"
131+
task="Telemetry"
132+
template="T_TelemetrySettingError"
133+
value="0x3011"
134+
version="1"
135+
/>
124136
<!--M3P events-->
125137
<event
126138
channel="C_ANALYTIC"
@@ -2208,17 +2220,41 @@
22082220
value="0x6017"
22092221
version="1"
22102222
/>
2211-
<event
2212-
channel="C_ANALYTIC"
2213-
keywords="AmsiState"
2214-
level="win:Verbose"
2215-
message="$(string.PS_PROVIDER.event.E_A_AmsiState.message)"
2216-
opcode="Method"
2217-
symbol="AmsiState"
2218-
task="Amsi"
2219-
template="T_AmsiState"
2220-
value="0x4001"
2221-
version="1"
2223+
<event
2224+
channel="C_ANALYTIC"
2225+
keywords="AmsiState"
2226+
level="win:Verbose"
2227+
message="$(string.PS_PROVIDER.event.E_A_AmsiState.message)"
2228+
opcode="Method"
2229+
symbol="AmsiState"
2230+
task="Amsi"
2231+
template="T_AmsiState"
2232+
value="0x4001"
2233+
version="1"
2234+
/>
2235+
<event
2236+
channel="C_ANALYTIC"
2237+
keywords="WDACQuery"
2238+
level="win:Verbose"
2239+
message="$(string.PS_PROVIDER.event.E_A_WDACQuery.message)"
2240+
opcode="Method"
2241+
symbol="WDACQuery"
2242+
task="WDAC"
2243+
template="T_WDACQuery"
2244+
value="0x4002"
2245+
version="1"
2246+
/>
2247+
<event
2248+
channel="C_ANALYTIC"
2249+
keywords="WDACAudit"
2250+
level="win:Verbose"
2251+
message = "$(string.PS_PROVIDER.event.E_A_WDACAudit.message)"
2252+
opcode="Method"
2253+
symbol="WDACAudit"
2254+
task="WDACAudit"
2255+
template="T_WDACAudit"
2256+
value="0x4003"
2257+
version="1"
22222258
/>
22232259
</events>
22242260
<channels>
@@ -2409,6 +2445,12 @@
24092445
symbol="T_EXPERIMENTALFEATURE"
24102446
value="107"
24112447
/>
2448+
<task
2449+
message="$(string.PS_PROVIDER.task.T_Telemetry.message)"
2450+
name="Telemetry"
2451+
symbol="T_TELEMETRY"
2452+
value="108"
2453+
/>
24122454
<task
24132455
message="$(string.PS_PROVIDER.task.T_ScheduledJob.message)"
24142456
name="ScheduledJob"
@@ -2427,11 +2469,23 @@
24272469
symbol="T_ISEOperation"
24282470
value="120"
24292471
/>
2430-
<task
2431-
message="$(string.PS_PROVIDER.task.T_AmsiState.message)"
2432-
name="Amsi"
2433-
symbol="T_Amsi"
2434-
value="130"
2472+
<task
2473+
message="$(string.PS_PROVIDER.task.T_AmsiState.message)"
2474+
name="Amsi"
2475+
symbol="T_Amsi"
2476+
value="130"
2477+
/>
2478+
<task
2479+
message="$(string.PS_PROVIDER.task.T_WDACQuery.message)"
2480+
name="WDAC"
2481+
symbol="T_WDAC"
2482+
value="131"
2483+
/>
2484+
<task
2485+
message="$(string.PS_PROVIDER.task.T_WDACAudit.message)"
2486+
name="WDACAudit"
2487+
symbol="T_WDACAudit"
2488+
value="132"
24352489
/>
24362490
</tasks>
24372491
<opcodes>
@@ -2593,11 +2647,23 @@
25932647
name="PSWorkflow"
25942648
symbol="K_PSWORKFLOW"
25952649
/>
2596-
<keyword
2597-
mask="0x400"
2598-
message="$(string.PS_PROVIDER.keyword.K_AmsiState.message)"
2599-
name="AmsiState"
2600-
symbol="K_AmsiState"
2650+
<keyword
2651+
mask="0x400"
2652+
message="$(string.PS_PROVIDER.keyword.K_AmsiState.message)"
2653+
name="AmsiState"
2654+
symbol="K_AmsiState"
2655+
/>
2656+
<keyword
2657+
mask="0x800"
2658+
message="$(string.PS_PROVIDER.keyword.K_WDACQuery.message)"
2659+
name="WDACQuery"
2660+
symbol="K_WDACQuery"
2661+
/>
2662+
<keyword
2663+
mask="0x1000"
2664+
message="$(string.PS_PROVIDER.keyword.K_WDACAudit.message)"
2665+
name="WDACAudit"
2666+
symbol="K_WDACAudit"
26012667
/>
26022668
</keywords>
26032669
<maps>
@@ -4004,6 +4070,20 @@
40044070
name="StackTrace"
40054071
/>
40064072
</template>
4073+
<template tid="T_TelemetrySettingError">
4074+
<data
4075+
inType="win:UnicodeString"
4076+
name="Name"
4077+
/>
4078+
<data
4079+
inType="win:UnicodeString"
4080+
name="Message"
4081+
/>
4082+
<data
4083+
inType="win:UnicodeString"
4084+
name="StackTrace"
4085+
/>
4086+
</template>
40074087
<template tid="T_TrackingGuid">
40084088
<data
40094089
inType="win:GUID"
@@ -4080,16 +4160,48 @@
40804160
name="FileName"
40814161
/>
40824162
</template>
4083-
<template tid="T_AmsiState">
4084-
<data
4085-
inType="win:UnicodeString"
4086-
name="Action"
4163+
<template tid="T_AmsiState">
4164+
<data
4165+
inType="win:UnicodeString"
4166+
name="Action"
40874167
/>
4088-
<data
4089-
inType="win:UnicodeString"
4090-
name="AmsiContext"
4168+
<data
4169+
inType="win:UnicodeString"
4170+
name="AmsiContext"
40914171
/>
4092-
</template>
4172+
</template>
4173+
<template tid="T_WDACQuery">
4174+
<data
4175+
inType="win:UnicodeString"
4176+
name="QueryName"
4177+
/>
4178+
<data
4179+
inType="win:UnicodeString"
4180+
name="FileName"
4181+
/>
4182+
<data
4183+
inType="win:Int32"
4184+
name="QuerySuccess"
4185+
/>
4186+
<data
4187+
inType="win:Int32"
4188+
name="QuerySResult"
4189+
/>
4190+
</template>
4191+
<template tid="T_WDACAudit">
4192+
<data
4193+
inType="win:UnicodeString"
4194+
name="Title"
4195+
/>
4196+
<data
4197+
inType="win:UnicodeString"
4198+
name="Message"
4199+
/>
4200+
<data
4201+
inType="win:UnicodeString"
4202+
name="FullyQualifiedId"
4203+
/>
4204+
</template>
40934205
</templates>
40944206
</provider>
40954207
</events>
@@ -5535,6 +5647,14 @@
55355647
id="PS_PROVIDER.task.T_ExperimentalFeature.message"
55365648
value="PowerShell Experimental Features"
55375649
/>
5650+
<string
5651+
id="PS_PROVIDER.event.E_O_TelemetrySettingError.message"
5652+
value="Failed to retrieve diagnostics and feedback setting from Windows.%n Exception: %1 %n Message: %2 %n StackTrace: %3 %n"
5653+
/>
5654+
<string
5655+
id="PS_PROVIDER.task.T_Telemetry.message"
5656+
value="PowerShell Telemetry"
5657+
/>
55385658
<string
55395659
id="PS_PROVIDER.task.T_NamedPipe.message"
55405660
value="PowerShell Named Pipe IPC"
@@ -5719,6 +5839,30 @@
57195839
id="PS_PROVIDER.event.E_O_REMOTE_NAMEDPIPE_DISCONNECT.message"
57205840
value="PowerShell IPC disconnect on process: %1 in AppDomain: %2 for User: %3."
57215841
/>
5842+
<string
5843+
id="PS_PROVIDER.event.E_A_WDACQuery.message"
5844+
value="WDAC Query. %n %t Query: %1 %n %t File: %2 %n %t SuccessCode: %3 %n %t ResultCode: %4"
5845+
/>
5846+
<string
5847+
id="PS_PROVIDER.keyword.K_WDACQuery.message"
5848+
value="WDAC Query"
5849+
/>
5850+
<string
5851+
id="PS_PROVIDER.task.T_WDACQuery.message"
5852+
value="WDAC Query"
5853+
/>
5854+
<string
5855+
id="PS_PROVIDER.event.E_A_WDACAudit.message"
5856+
value="WDAC Audit. %n %t Title: %1 %n %t Message: %2 %n %t FullyQualifiedId: %3"
5857+
/>
5858+
<string
5859+
id="PS_PROVIDER.keyword.K_WDACAudit.message"
5860+
value="WDAC Audit"
5861+
/>
5862+
<string
5863+
id="PS_PROVIDER.task.T_WDACAudit.message"
5864+
value="WDAC Audit"
5865+
/>
57225866
</stringTable>
57235867
</resources>
57245868
</localization>

src/System.Management.Automation/CoreCLR/CorePsPlatform.cs

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -179,9 +179,12 @@ public static bool IsStaSupported
179179
{
180180
int result = Interop.Windows.CoInitializeEx(IntPtr.Zero, Interop.Windows.COINIT_APARTMENTTHREADED);
181181

182-
// If 0 is returned the thread has been initialized for the first time
183-
// as an STA and thus supported and needs to be uninitialized.
184-
if (result > 0)
182+
// Per COM documentation: Each successful call to CoInitializeEx (including S_FALSE)
183+
// must be balanced by a corresponding call to CoUninitialize.
184+
// - S_OK (0) means we initialized for the first time.
185+
// - S_FALSE (1) means already initialized, but still increments the reference count.
186+
// Both require CoUninitialize to decrement the reference count.
187+
if (result >= 0)
185188
{
186189
Interop.Windows.CoUninitialize();
187190
}

src/System.Management.Automation/engine/remoting/common/PSETWTracer.cs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -166,6 +166,9 @@ internal enum PSEventId : int
166166
ExperimentalFeature_InvalidName = 0x3001,
167167
ExperimentalFeature_ReadConfig_Error = 0x3002,
168168

169+
// Windows Diagnostics And Usage Data Settings
170+
Telemetry_Setting_Error = 0x3011,
171+
169172
// Scheduled Jobs
170173
ScheduledJob_Start = 0xD001,
171174
ScheduledJob_Complete = 0xD002,
@@ -240,6 +243,7 @@ internal enum PSTask : int
240243
ProviderStop = 0x69,
241244
ExecutePipeline = 0x6A,
242245
ExperimentalFeature = 0x6B,
246+
Telemetry = 0x6C,
243247
ScheduledJob = 0x6E,
244248
NamedPipe = 0x6F,
245249
ISEOperation = 0x78,

src/System.Management.Automation/utils/Telemetry.cs

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,12 +177,20 @@ public static class ApplicationInsightsTelemetry
177177
/// </summary>
178178
static ApplicationInsightsTelemetry()
179179
{
180-
// If we can't send telemetry, there's no reason to do any of this
181180
CanSendTelemetry = !Utils.GetEnvironmentVariableAsBool(name: _telemetryOptoutEnvVar, defaultValue: false)
182181
&& Platform.TryDeriveFromCache("telemetry.uuid", out s_uuidPath);
183182

183+
#if !UNIX
184+
if (CanSendTelemetry)
185+
{
186+
// Respect the diagnostics and feedback setting in Windows.
187+
CanSendTelemetry = WindowsDataCollectionSetting.CanCollectDiagnostics(PlatformDataCollectionLevel.Enhanced);
188+
}
189+
#endif
190+
184191
if (!CanSendTelemetry)
185192
{
193+
// Avoid the initialization work if we can't send telemetry.
186194
return;
187195
}
188196

0 commit comments

Comments
 (0)