/// <summary>
/// Method to read ETW event as per the metadata stored in this class
/// </summary>
/// <param name="e">The ETW native event helper class for one-time read</param>
/// <returns></returns>
public IDictionary <string, object> Deserialize(ref EtwNativeEvent e)
{
Dictionary <string, object> instance = new Dictionary <string, object>(_template);
instance.Add("EventId", e.Id);
instance.Add("Version", e.Version);
instance.Add("TimeCreated", e.TimeStamp.DateTime);
instance.Add("ProcessId", e.ProcessId);
instance.Add("ThreadId", e.ThreadId);
instance.Add("ActivityId", e.ActivityId);
Dictionary <string, object> eventData = new Dictionary <string, object>();
List <object> values = new List <object>();
foreach (var p in _properties)
{
uint len = p.Length;
if (p.LengthPropertyName != null)
{
len = (uint)eventData[p.LengthPropertyName];
}
object value = GetValue(p.Type, len, ref e);
value = FormatValue(p, value);
value = EtwTdhPostFormat.ApplyFormatting(e.ProviderId, e.Id, p.Name, value);
eventData.Add(p.Name, value);
values.Add(value);
}
instance.Add("EventData", eventData);
if (_formatString == null)
{
instance.Add("Message", null);
}
else
{
string message = String.Format(_formatString, values.ToArray());
instance.Add("Message", message);
}
return(instance);
}
/// <summary>
/// Method to read ETW event as per the metadata stored in this class
/// </summary>
/// <param name="e">The ETW native event helper class for one-time read</param>
/// <returns></returns>
public IDictionary <string, object> Deserialize(ref EtwNativeEvent e)
{
Dictionary <string, object> instance = new Dictionary <string, object>(_template)
{
{ "EventId", e.Id },
{ "Version", e.Version },
{ "TimeCreated", e.TimeStamp.UtcDateTime },
{ "ProcessId", e.ProcessId },
{ "ThreadId", e.ThreadId },
{ "ActivityId", e.ActivityId }
};
Dictionary <string, object> eventData = new Dictionary <string, object>();
List <object> values = new List <object>();
foreach (var p in _properties)
{
uint len = p.Length;
if (p.LengthPropertyName != null)
{
try
{
string num = Convert.ToString(eventData[p.LengthPropertyName]);
if (num.StartsWith("0x", StringComparison.CurrentCultureIgnoreCase))
{
num = num.Substring(2);
len = uint.Parse(num, System.Globalization.NumberStyles.HexNumber);
}
else
{
len = Convert.ToUInt32(num);
}
}
catch (Exception ex)
{
ex.Data["ProviderGuid"] = e.ProviderId;
throw;
}
}
try
{
object value = GetValue(p.Type, len, ref e);
value = FormatValue(p, value);
value = EtwTdhPostFormat.ApplyFormatting(e.ProviderId, e.Id, p.Name, value);
eventData.Add(p.Name, value);
values.Add(value);
}
catch (Exception)
{
eventData.Add(p.Name, "Exception on retrieving value");
}
}
instance.Add("EventData", eventData);
if (_formatString == null)
{
instance.Add("Message", null);
}
else
{
string message = string.Format(_formatString, values.ToArray());
instance.Add("Message", message);
}
return(instance);
}
