private void MergeTracesAndProcess() { int error; _handles = new ulong[_logFiles.Length]; IntPtr startTime = ConvertDateTime(_startTime); IntPtr endTime = ConvertDateTime(_endTime); for (int i = 0; i < _logFiles.Length; i++) { _handles[i] = EtwNativeMethods.OpenTrace(ref _logFiles[i]); if (_handles[i] == EtwNativeMethods.InvalidHandle) { error = Marshal.GetLastWin32Error(); if (error == EtwNativeMethods.ErrorNotFound) { _observer.OnError(new FileNotFoundException("Could not find file " + _logFiles[i].LogFileName)); return; } _observer.OnError(new Win32Exception(error)); return; } } try { error = EtwNativeMethods.ProcessTrace(_handles, (uint)_handles.Length, startTime, endTime); } catch (Exception ex) { _observer.OnError(ex); return; } finally { if (startTime != IntPtr.Zero) { Marshal.FreeHGlobal(startTime); startTime = IntPtr.Zero; } if (endTime != IntPtr.Zero) { Marshal.FreeHGlobal(endTime); endTime = IntPtr.Zero; } } if (error != 0) { _observer.OnError(new Win32Exception(error)); return; } _observer.OnCompleted(); }
public void Dispose() { if (!_disposed) { _disposed = true; for (int i = 0; i < _handles.Length; i++) { EtwNativeMethods.CloseTrace(_handles[i]); _logFileHandles[i].Free(); } } }
public void Dispose() { if (!_disposed) { _disposed = true; EtwNativeMethods.CloseTrace(_handle); // the above causes EtwNativeMethods.OpenTrace to return sucessfuly // and the thread which invokes the callbacks to finish _thread.Join(); } }
Dictionary <uint, string> ReadTdhMap(string mapName, ref EtwNativeEvent e) { IntPtr pMapName = Marshal.StringToBSTR(mapName); int bufferSize = 0; int status = EtwNativeMethods.TdhGetEventMapInformation( ref *e.record, pMapName, IntPtr.Zero, ref bufferSize); if (122 != status) // ERROR_INSUFFICIENT_BUFFER { throw new Exception("Unexpected TDH status " + status); } var mybuffer = Marshal.AllocHGlobal(bufferSize); status = EtwNativeMethods.TdhGetEventMapInformation( ref *e.record, pMapName, mybuffer, ref bufferSize); if (status != 0) { throw new Exception("TDH status " + status); } EVENT_MAP_INFO *mapInfo = (EVENT_MAP_INFO *)mybuffer; byte * startMap = (byte *)mapInfo; var name1 = CopyString(startMap, mapInfo->NameOffset); byte * endMap = startMap + sizeof(EVENT_MAP_INFO); var map = new Dictionary <uint, string>(); for (int i = 0; i < mapInfo->EntryCount; i++) { EVENT_MAP_ENTRY *mapEntry = (EVENT_MAP_ENTRY *)endMap + i; uint value = mapEntry->Value; string name = CopyString(startMap, mapEntry->OutputOffset); map.Add(value, name); } return(map); }
/// <summary> /// This function reads the event metadata from TDH into globally allocated buffer /// It is caller's responsibility to free the memory by calling Marshal.FreeHGlobal /// </summary> /// <param name="e">ETW native event interop wrapper structure</param> /// <returns>Pointer to newly allocated TRACE_EVENT_INFO structure</returns> IntPtr ReadTdhMetadata(ref EtwNativeEvent e) { int bufferSize = 0; int status = EtwNativeMethods.TdhGetEventInformation(ref *e.record, 0, IntPtr.Zero, IntPtr.Zero, ref bufferSize); if (122 != status) // ERROR_INSUFFICIENT_BUFFER { throw new Exception("Unexpected TDH status " + status); } var mybuffer = Marshal.AllocHGlobal(bufferSize); status = EtwNativeMethods.TdhGetEventInformation(ref *e.record, 0, IntPtr.Zero, mybuffer, ref bufferSize); if (status != 0) { throw new Exception("TDH status " + status); } return(mybuffer); }
private void ThreadProc() { int error; _handles = new ulong[_logFiles.Length]; for (int i = 0; i < _logFiles.Length; i++) { _handles[i] = EtwNativeMethods.OpenTrace(ref _logFiles[i]); if (_handles[i] == EtwNativeMethods.InvalidHandle) { error = Marshal.GetLastWin32Error(); if (error == EtwNativeMethods.ErrorNotFound) { _observer.OnError(new FileNotFoundException("Could not find file " + _logFiles[i].LogFileName)); return; } _observer.OnError(new Win32Exception(error)); return; } } try { error = EtwNativeMethods.ProcessTrace(_handles, (uint)_handles.Length, IntPtr.Zero, IntPtr.Zero); } catch (Exception ex) { _observer.OnError(ex); return; } if (error != 0) { _observer.OnError(new Win32Exception(error)); return; } _observer.OnCompleted(); }
private void ThreadProc() { int error; _handle = EtwNativeMethods.OpenTrace(ref _logFile); if (_handle == EtwNativeMethods.InvalidHandle) { error = Marshal.GetLastWin32Error(); if (error == EtwNativeMethods.ErrorNotFound) { _observer.OnError(new Exception("Could not find ETW real-time session " + _logFile.LoggerName)); return; } else { _observer.OnError(new Win32Exception(error)); return; } } try { error = EtwNativeMethods.ProcessTrace(new[] { _handle }, 1, IntPtr.Zero, IntPtr.Zero); } catch (Exception ex) { _observer.OnError(ex); return; } if (error != 0) { _observer.OnError(new Win32Exception(error)); return; } _observer.OnCompleted(); }