public void Start()
{
if (this.session != null)
{
throw new InvalidOperationException("The session is already started.");
}
RealTimeTraceCollectorInfo info = new RealTimeTraceCollectorInfo(this.name);
info.Providers.Add(new ProviderInfo(KernelProcessProviderId) { KeywordsAll = 0x10, Level = 4 });
this.session = info.Create();
this.session.Start();
IObservable<EtwNativeEvent> stream = EtwObservable.FromSession(this.name);
this.subscription = stream.Subscribe(e => this.OnNext(e));
}
private static void CreateRealTimeTraceCollector()
{
RealTimeTraceCollectorInfo info = new RealTimeTraceCollectorInfo("MyRealTimeCollector");
// Microsoft-Windows-Kernel-Process
Guid providerId = new Guid("{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}");
info.Providers.Add(new ProviderInfo(providerId) { Level = 5 });
ISessionController controller = info.Create();
controller.Start();
Thread.Sleep(5000);
controller.Stop();
}
private static void CreateRealTimeTraceCollector()
{
RealTimeTraceCollectorInfo info = new RealTimeTraceCollectorInfo("MyRealTimeCollector");
// Microsoft-Windows-Kernel-Process
Guid providerId = new Guid("{EDD08927-9CC4-4E65-B970-C2560FB5C289}");
info.Providers.Add(new ProviderInfo(providerId) { Level = 5 });
ISessionController controller = info.Create();
controller.Start();
Thread.Sleep(5000);
controller.Stop();
}
