private void StartTrace() { _aggregator = new ProcessAggregator(ProcessEvent); _provider = new EtwEventProvider("404MonitorProcessLookups", "Microsoft-Windows-Kernel-Process", 0x10, _aggregator); ThreadPool.QueueUserWorkItem(StartProvider); }
public FileMonitor(Action <MissingFile> displayFile, Action <MissingFile> removeFile, Action <MissingFile, SearchEvent> addEvent) { _displayFile = displayFile; _removeFile = removeFile; _addEvent = addEvent; var fileEventAggregator = new FileIoAggregator(FileEventAvailable); _provider = new EtwEventProvider("File404Monitor", "Microsoft-Windows-Kernel-File", 0x10c0, fileEventAggregator); _nameStore = new ProcessNameStore(); }
public void Provides_Events() { // I don't normally liked times tests but am struggling a little as the etw stuff hangs on the calling thread and sends events on a seperate thread var done = false; var aggregator = new Mock <EventAggregator>(); aggregator.Setup(p => p.TraceEventAvailable(It.IsAny <TraceEvent>())).Callback((TraceEvent te) => { done = true; }); const string sessionName = "FileMon404Tests"; var provider = new EtwEventProvider(sessionName, "Microsoft-Windows-Kernel-File", 0x10c0, aggregator.Object); var task = new Task(() => { Assert.True(provider.Start()); }); task.Start(); var start = DateTime.Now; while (!done && start > DateTime.Now.Subtract(Seconds(10))) { Thread.Sleep(Seconds(1)); } provider.Stop(); Assert.False(task.IsFaulted); Assert.True(done, "Did not receive an event before the timeout"); }