private void OpenEtlFile()
{
// Retained the delegate objects to avoid GC.
EventRecordCallbackRetainer = new EventRecordCallback(EventRecordCallback);
BufferCallbackRetainer = new BufferCallback(BufferCallback);
// Open the ETL log file.
EVENT_TRACE_LOGFILE traceLogFile = new EVENT_TRACE_LOGFILE
{
LogFileName = EtlFilePath,
ProcessTraceMode = EventTracingApi.PROCESS_TRACE_MODE_EVENT_RECORD,
BufferCallback = BufferCallbackRetainer,
EventCallback = EventRecordCallbackRetainer,
};
TraceHandle = EventTracingApi.OpenTrace(ref traceLogFile);
if (EventTracingApi.IsInvalidProcessTraceHandle(TraceHandle))
{
var win32ErrorCode = Marshal.GetLastWin32Error();
string exceptionMessage;
if (win32ErrorCode == Win32ErrorCode.ERROR_FILE_CORRUPT)
{
exceptionMessage = string.Format("OpenTrace function failed. The file '{0}' is corrupted.", EtlFilePath);
}
else
{
exceptionMessage = string.Format("OpenTrace function failed. The file tried to open was '{0}'.", EtlFilePath);
}
throw new Win32Exception(win32ErrorCode, exceptionMessage);
}
}
internal uint BufferCallback(ref EVENT_TRACE_LOGFILE buffer)
{
Debug.Write(nameof(BufferCallback));
Debug.WriteLine("");
CallCountOfBufferCallback++;
return(1);
}
public void ProcessTraces()
{
if (!_traceOn)
{
bool admin;
#if TRACESPY_SERVICE
admin = Program.IsAdministrator();
#else
admin = UacUtilities.IsAdministrator();
#endif
if (!admin)
{
OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces will not be displayed. TraceSpy must be run as administrator to display these traces.", EtwTraceLevel.Fatal);
}
else
{
OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces are not started. An error occured during initialization.", EtwTraceLevel.Fatal);
}
return;
}
long oh;
if (Environment.OSVersion.Version.Major >= 6)
{
var etl = new EVENT_TRACE_LOGFILE_VISTA();
etl.EventCallback = _rcb;
etl.LoggerName = SessionName;
etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
oh = OpenTrace(ref etl);
}
else
{
var etl = new EVENT_TRACE_LOGFILE();
etl.EventCallback = _cb;
etl.LoggerName = SessionName;
etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME;
oh = OpenTrace(ref etl);
}
if (oh == INVALID_PROCESSTRACE_HANDLE)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
try
{
int status = ProcessTrace(ref oh, 1, IntPtr.Zero, IntPtr.Zero);
if (status != 0)
{
throw new Win32Exception(status);
}
}
finally
{
CloseTrace(oh);
}
}
static void ListenDirect()
{
_timer = new Timer(OnTimer, null, 1000, 1000);
#if ETW_NATIVE_METHODS_ENABLED
EVENT_TRACE_LOGFILE logFile = new EVENT_TRACE_LOGFILE();
logFile.ProcessTraceMode = TraceModeEventRecord | TraceModeRealTime;
logFile.LoggerName = "TxRealTime";
logFile.EventRecordCallback = EventRecordCallback;
ulong traceHandle = EtwNativeMethods.OpenTrace(ref logFile);
if (traceHandle == InvalidHandle)
{
Console.WriteLine("Error in OpenTrace {0}", Marshal.GetLastWin32Error());
}
ulong[] array = { traceHandle };
int error = EtwNativeMethods.ProcessTrace(array, 1, IntPtr.Zero, IntPtr.Zero);
if (error != 0)
{
Console.WriteLine("Error in PropcessTrace {0}", error);
}
#endif
}
private static extern long OpenTrace(ref EVENT_TRACE_LOGFILE logFile);
public void ProcessTraces()
{
if (!_traceOn)
{
bool admin;
#if TRACESPY_SERVICE
admin = Program.IsAdministrator();
#else
admin = UacUtilities.IsAdministrator();
#endif
if (!admin)
{
OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces will not be displayed. TraceSpy must be run as administrator to display these traces.");
}
else
{
OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces are not started. An error occured during initialization.");
}
return;
}
EVENT_TRACE_LOGFILE etl = new EVENT_TRACE_LOGFILE();
etl.EventCallback = _cb;
etl.LoggerName = SessionName;
etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME;
long oh = OpenTrace(ref etl);
if (oh == INVALID_PROCESSTRACE_HANDLE)
throw new Win32Exception(Marshal.GetLastWin32Error());
try
{
int status = ProcessTrace(ref oh, 1, IntPtr.Zero, IntPtr.Zero);
if (status != 0)
throw new Win32Exception(status);
}
finally
{
CloseTrace(oh);
}
}
private static extern long OpenTrace(ref EVENT_TRACE_LOGFILE logFile);