/// <summary>
/// Constructor
/// </summary>
/// <param name="observer">Observer to push events into</param>
/// <param name="sessionName">real-time session name</param>
public EtwListener(IObserver<EtwNativeEvent> observer, string sessionName)
{
if (sessionName == null)
throw new ArgumentNullException("sessionName");
_observer = observer;
_logFile = new EVENT_TRACE_LOGFILE
{
ProcessTraceMode = EtwNativeMethods.TraceModeRealTime | EtwNativeMethods.TraceModeEventRecord,
LoggerName = sessionName,
EventRecordCallback = EtwCallback
};
_thread = new Thread(ThreadProc);
_thread.Name = "EtwSession " + sessionName;
_thread.Start();
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="observer">Observer to push events into</param>
/// <param name="etlFiles">.etl (Event Trace Log) files to read. Up to 63 files are supported</param>
public EtwFileReader(IObserver<EtwNativeEvent> observer, params string[] etlFiles)
{
_observer = observer;
// pin the strings in memory, allowing pointers to be passed in the event callback
_logFiles = new EVENT_TRACE_LOGFILE[etlFiles.Length];
_logFileHandles = new GCHandle[etlFiles.Length];
for (int i = 0; i < _logFileHandles.Length; i++)
{
_logFiles[i] = new EVENT_TRACE_LOGFILE
{
ProcessTraceMode = EtwNativeMethods.TraceModeEventRecord,
LogFileName = etlFiles[i],
EventRecordCallback = EtwCallback
};
_logFileHandles[i] = GCHandle.Alloc(_logFiles[i]);
}
_thread = new Thread(ThreadProc);
_thread.Name = "EtwFileObservable";
_thread.Start();
}
public static extern UInt64 OpenTrace(ref EVENT_TRACE_LOGFILE logfile);
