Esempio n. 1
0
        private void fileToolStripMenuItem_DropDownOpening(object sender, EventArgs e)
        {
            restartAsAdministratorToolStripMenuItem.Image = ShieldImage;
            bool admin = UacUtilities.IsAdministrator();

            restartAsAdministratorToolStripMenuItem.Enabled = !admin;
        }
Esempio n. 2
0
        public void ProcessTraces()
        {
            if (!_traceOn)
            {
                bool admin;
#if TRACESPY_SERVICE
                admin = Program.IsAdministrator();
#else
                admin = UacUtilities.IsAdministrator();
#endif

                if (!admin)
                {
                    OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces will not be displayed. TraceSpy must be run as administrator to display these traces.", EtwTraceLevel.Fatal);
                }
                else
                {
                    OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces are not started. An error occured during initialization.", EtwTraceLevel.Fatal);
                }
                return;
            }

            long oh;
            if (Environment.OSVersion.Version.Major >= 6)
            {
                var etl = new EVENT_TRACE_LOGFILE_VISTA();
                etl.EventCallback    = _rcb;
                etl.LoggerName       = SessionName;
                etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
                oh = OpenTrace(ref etl);
            }
            else
            {
                var etl = new EVENT_TRACE_LOGFILE();
                etl.EventCallback    = _cb;
                etl.LoggerName       = SessionName;
                etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME;
                oh = OpenTrace(ref etl);
            }

            if (oh == INVALID_PROCESSTRACE_HANDLE)
            {
                throw new Win32Exception(Marshal.GetLastWin32Error());
            }

            try
            {
                int status = ProcessTrace(ref oh, 1, IntPtr.Zero, IntPtr.Zero);
                if (status != 0)
                {
                    throw new Win32Exception(status);
                }
            }
            finally
            {
                CloseTrace(oh);
            }
        }
Esempio n. 3
0
        public Main()
        {
            columnHeaderIndex       = new ColumnHeader();
            columnHeaderIndex.Text  = "#";
            columnHeaderIndex.Width = 75;

            columnHeaderTime       = new ColumnHeader();
            columnHeaderTime.Text  = "Ticks";
            columnHeaderTime.Width = 96;

            columnHeaderPid       = new ColumnHeader();
            columnHeaderPid.Text  = "Process";
            columnHeaderPid.Width = 100;

            columnHeaderText       = new ColumnHeader();
            columnHeaderText.Text  = "Text";
            columnHeaderText.Width = 680;

            listView = new ListViewEx();
            listView.Columns.AddRange(new [] { columnHeaderIndex, columnHeaderTime, columnHeaderPid, columnHeaderText });
            listView.DoubleClick += listView_DoubleClick;
            Controls.Add(this.listView);
            listView.AutoArrange   = false;
            listView.Dock          = DockStyle.Fill;
            listView.FullRowSelect = true;
            listView.HeaderStyle   = ColumnHeaderStyle.Nonclickable;
            listView.HideSelection = false;
            listView.Location      = new Point(0, 24);
            listView.Name          = "listView";
            listView.OwnerDraw     = true;
            listView.Size          = new Size(1084, 650);
            listView.TabIndex      = 1;
            listView.UseCompatibleStateImageBehavior = false;
            listView.View = View.Details;

            InitializeComponent();

            _instance    = this;
            _processId   = Process.GetCurrentProcess().Id;
            _animatedGif = captureOnToolStripMenuItem.Image;
            _resources   = new ComponentResourceManager(typeof(Main));
            LoadSettings();
            UpdateControls();
            listView.DrawColumnHeader += OnListViewDrawColumnHeader;
            listView.DrawSubItem      += OnListViewDrawSubItem;
            dontAnimateCaptureMenuItemToolStripMenuItem.Checked = _settings.DontAnimateCaptureMenuItem;
            captureOnToolStripMenuItem.Image    = _settings.DontAnimateCaptureMenuItem ? null : _animatedGif;
            ETWCaptureOnToolStripMenuItem.Image = _settings.DontAnimateCaptureMenuItem ? null : _animatedGif;

#if DEBUG
            AllocConsole();
            Console.WriteLine("Note: this console is shown in DEBUG mode only.");
            //openConfigFileToolStripMenuItem.Visible = true;
            //openConfigDirectoryToolStripMenuItem.Visible = true;
            debugToolStripMenuItem.Visible = true;
            debugToolStripMenuItem.Click  += (sender, e) => SendTestTraces();
#endif

            _bufferReadyEvent = CreateEvent(IntPtr.Zero, false, false, "DBWIN_BUFFER_READY");
            if (_bufferReadyEvent == IntPtr.Zero)
            {
                Marshal.ThrowExceptionForHR(Marshal.GetLastWin32Error());
            }

            _dataReadyEvent = CreateEvent(IntPtr.Zero, false, false, "DBWIN_DATA_READY");
            if (_dataReadyEvent == IntPtr.Zero)
            {
                Marshal.ThrowExceptionForHR(Marshal.GetLastWin32Error());
            }

            _mapping = CreateFileMapping(new IntPtr(-1), IntPtr.Zero, FileMapProtection.PageReadWrite, 0, 4096, "DBWIN_BUFFER");
            if (_mapping == IntPtr.Zero)
            {
                Marshal.ThrowExceptionForHR(Marshal.GetLastWin32Error());
            }

            _file = MapViewOfFile(_mapping, FileMapAccess.FileMapRead, 0, 0, 1024);
            if (_file == IntPtr.Zero)
            {
                Marshal.ThrowExceptionForHR(Marshal.GetLastWin32Error());
            }

            removeEmptyLinesToolStripMenuItem.Checked   = _settings.RemoveEmptyLines;
            autoScrollToolStripMenuItem.Checked         = _settings.AutoScroll;
            showProcessNameToolStripMenuItem.Checked    = _settings.ShowProcessName;
            showProcessIdToolStripMenuItem.Enabled      = showProcessNameToolStripMenuItem.Checked;
            showProcessIdToolStripMenuItem.Checked      = _settings.ShowProcessId;
            showETWDescriptionToolStripMenuItem.Checked = _settings.ShowEtwDescription;
            showTooltipsToolStripMenuItem.Checked       = _settings.ShowTooltips;

            captureETWProvidersTracesToolStripMenuItem.Checked = _settings.CaptureEtwTraces;
            captureToolStripMenuItem.Checked = _settings.CaptureOutputDebugString;

            if (_settings.Font != null)
            {
                listView.Font = _settings.Font;
            }

            SetStyle(ControlStyles.AllPaintingInWmPaint | ControlStyles.UserPaint | ControlStyles.DoubleBuffer, true);

            _lock = new ReaderWriterLockSlim(LockRecursionPolicy.NoRecursion);

            _timer          = new System.Windows.Forms.Timer();
            _timer.Interval = 100;
            _timer.Tick    += OnTimerTick;
            _timer.Start();

            _watch  = new Stopwatch();
            _reader = new Thread(Read);
            _reader.Start();

            if (_settings.CaptureEtwTraces)
            {
                UpdateEtwEvents();
            }

            if (UacUtilities.IsAdministrator())
            {
                Text += " - Administrator";
            }

            UpdateControls();
        }