Beispiel #1
0
        static void TraceNewProcess(IEnumerable <string> procargs, bool spawnNewConsoleWindow, TraceOutputOptions options)
        {
            using (var process = new ProcessCreator(procargs)
            {
                SpawnNewConsoleWindow = spawnNewConsoleWindow
            }) {
                process.StartSuspended();

                using (TraceCollector kernelTraceCollector = new KernelTraceCollector(process.ProcessId, Console.Out, options),
                       userTraceCollector = new UserTraceCollector(process.ProcessId, Console.Out, options)) {
                    SetConsoleCtrlCHook(kernelTraceCollector, userTraceCollector);

                    ThreadPool.QueueUserWorkItem((o) => {
                        kernelTraceCollector.Start();
                    });
                    ThreadPool.QueueUserWorkItem((o) => {
                        userTraceCollector.Start();
                    });
                    ThreadPool.QueueUserWorkItem((o) => {
                        process.Join();
                        kernelTraceCollector.Stop();
                        userTraceCollector.Stop();

                        stopEvent.Set();
                    });

                    Thread.Sleep(1000);

                    // resume thread
                    process.Resume();

                    stopEvent.WaitOne();
                }
            }
        }
Beispiel #2
0
        public void TraceNewProcess(IEnumerable <string> procargs, bool spawnNewConsoleWindow,
                                    bool traceChildProcesses, bool collectDriverStats)
        {
            using (var process = new ProcessCreator(procargs)
            {
                SpawnNewConsoleWindow = spawnNewConsoleWindow
            }) {
                process.StartSuspended();

                using (TraceCollector kernelTraceCollector = new TraceCollector(KernelTraceEventParser.KernelSessionName),
                       customTraceCollector = new TraceCollector(WinTraceUserTraceSessionName)) {
                    InitializeSystemHandlers(kernelTraceCollector, collectDriverStats);
                    InitializeProcessHandlers(kernelTraceCollector, customTraceCollector,
                                              process.ProcessId, traceChildProcesses);

                    ThreadPool.QueueUserWorkItem((o) => {
                        process.Join();
                        StopCollectors(kernelTraceCollector, customTraceCollector);
                        stopEvent.Set();
                    });

                    stopTraceCollectors = () => {
                        StopCollectors(kernelTraceCollector, customTraceCollector);
                    };

                    ThreadPool.QueueUserWorkItem((o) => {
                        kernelTraceCollector.Start();
                    });
                    ThreadPool.QueueUserWorkItem((o) => {
                        customTraceCollector.Start();
                    });

                    Thread.Sleep(1000);

                    // resume thread
                    process.Resume();

                    stopEvent.WaitOne();
                }
            }
        }