public DnsInspectorEtw(Microsoft.O365.Security.ETW.IEventRecordDelegate OnDnsQueryEvent) { userTrace = new Microsoft.O365.Security.ETW.UserTrace("priv10_NameResLogger"); // Microsoft-Windows-Winsock-NameResolution dnsCaptureProvider = new Microsoft.O365.Security.ETW.Provider(Guid.Parse("{55404E71-4DB9-4DEB-A5F5-8F86E46DDE56}")); dnsCaptureProvider.Any = Microsoft.O365.Security.ETW.Provider.AllBitsSet; dnsCaptureProvider.OnEvent += OnDnsQueryEvent; userTrace.Enable(dnsCaptureProvider); userThread = new Thread(() => { userTrace.Start(); }); userThread.Start(); }
public EtwUserLogger(string name, Guid guid) { logName = name; userTrace = new Microsoft.O365.Security.ETW.UserTrace("etw_" + name); dnsCaptureProvider = new Microsoft.O365.Security.ETW.Provider(guid); dnsCaptureProvider.Any = Microsoft.O365.Security.ETW.Provider.AllBitsSet; dnsCaptureProvider.OnEvent += OnEtwEvent; userTrace.Enable(dnsCaptureProvider); workerThread = new Thread(() => { userTrace.Start(); }); workerThread.Start(); }