public void SubscribeToEvents(TraceEventParser parser)
{
var kernel = (KernelTraceEventParser)parser;
kernel.ProcessStart += HandleProcessStart;
kernel.ThreadStart += HandleThreadStart;
}
public void SubscribeToEvents(TraceEventParser parser)
{
var kernel = (KernelTraceEventParser)parser;
kernel.TcpIpAccept += HandleTcpIpConnect;
kernel.TcpIpAcceptIPV6 += HandleTcpIpV6Connect;
kernel.TcpIpARPCopy += HandleTcpIp;
kernel.TcpIpConnect += HandleTcpIpConnect;
kernel.TcpIpConnectIPV6 += HandleTcpIpV6Connect;
kernel.TcpIpDisconnect += HandleTcpIp;
kernel.TcpIpDisconnectIPV6 += HandleTcpIpV6;
kernel.TcpIpDupACK += HandleTcpIp;
kernel.TcpIpFail += HandleTcpIpFail;
kernel.TcpIpFullACK += HandleTcpIp;
kernel.TcpIpPartACK += HandleTcpIp;
kernel.TcpIpReconnect += HandleTcpIp;
kernel.TcpIpReconnectIPV6 += HandleTcpIpV6;
kernel.TcpIpRecv += HandleTcpIpRev;
kernel.TcpIpRecvIPV6 += HandleTcpIpV6Rev;
kernel.TcpIpRetransmit += HandleTcpIp;
kernel.TcpIpRetransmitIPV6 += HandleTcpIpV6;
kernel.TcpIpSend += HandleTcpIpSend;
kernel.TcpIpSendIPV6 += HandleTcpIpV6Send;
kernel.TcpIpTCPCopy += HandleTcpIp;
kernel.TcpIpTCPCopyIPV6 += HandleTcpIpV6;
}
private void SetupProviderAndParser()
{
try
{
//enabling the providers
if (SessionAttribute.IsKernelSession)
{
if (SessionAttribute is KernelTraceSessionAttribute)
{
traceEventSession.EnableKernelProvider(((KernelTraceSessionAttribute)SessionAttribute).KernelSessionKeywords);
}
else
{
traceEventSession.EnableKernelProvider(KernelTraceEventParser.Keywords.Default);
}
}
else
{
traceEventSession.EnableProvider(SessionAttribute.providerName, SessionAttribute.providerLevel, options: SessionAttribute.TraceEventProviderOptions);
}
//creating the trace event parser
traceEventParser = Activator.CreateInstance(SessionAttribute.eventParserType, traceEventSession.Source) as TraceEventParser;
//set the trace event parser through session's properties
traceEventParser.AddCallbackForProviderEvents(CallbackForProviderEvents, CallbackForEvents);
}
catch (Exception ex)
{
TraceSessionError(ex);
}
}
public void SubscribeToEvents(TraceEventParser parser)
{
var kernel = (KernelTraceEventParser)parser;
kernel.SystemConfigCPU += Kernel_SystemConfigCPU;
kernel.SystemConfigNIC += HandleConfigNIC;
kernel.SystemConfigLogDisk += Kernel_SystemConfigLogDisk;
}
public void SubscribeToEvents(TraceEventParser parser)
{
var rpcParser = (MicrosoftWindowsRPCTraceEventParser)parser;
rpcParser.RpcClientCallStart += RpcClientCallStart;
rpcParser.RpcClientCallStop += RpcClientCallStop;
rpcParser.RpcServerCallStart += RpcServerCallStart;
rpcParser.RpcServerCallStop += RpcServerCallStop;
}
public void SubscribeToEvents(TraceEventParser parser)
{
var kernel = (KernelTraceEventParser)parser;
kernel.ALPCReceiveMessage += HandleALPCReceiveMessage;
kernel.ALPCSendMessage += HandleALPCSendMessage;
//kernel.ALPCUnwait += HandleALPCUnwait;
//kernel.ALPCWaitForNewMessage += HandleALPCWaitForNewMessage;
kernel.ALPCWaitForReply += HandleALPCWaitForReply;
}
public void SubscribeToEvents(TraceEventParser parser)
{
var kernel = (KernelTraceEventParser)parser;
kernel.FileIOClose += HandleFileIoSimpleOp;
kernel.FileIOFlush += HandleFileIoSimpleOp;
kernel.FileIOCreate += HandleFileIoCreate;
kernel.FileIODelete += HandleFileIoInfo;
kernel.FileIORename += HandleFileIoInfo;
kernel.FileIOFileCreate += HandleFileIoName;
kernel.FileIOFileDelete += HandleFileIoName;
kernel.FileIOFileRundown += HandleFileIoName;
kernel.FileIOName += HandleFileIoName;
kernel.FileIORead += HandleFileIoReadWrite;
kernel.FileIOWrite += HandleFileIoReadWrite;
kernel.FileIOMapFile += HandleFileIoMapFile;
}
public static IObservable <TraceEvent> ObserveAll(this TraceEventParser parser)
{
return(parser.Observe((providerName, eventName) => {
return EventFilterResponse.AcceptEvent;
}));
}
