public static IEnumerable <EVENT_TRACE_PROPERTIES> QueryAllTraces() { const int len = 64; var props = new List <SafeHGlobalHandle>(len); var loadProp = EVENT_TRACE_PROPERTIES.Create(); for (var i = 0; i < len; i++) { props.Add(SafeHGlobalHandle.CreateFromStructure(loadProp)); } try { var pprops = props.Select(p => (IntPtr)p).ToArray(); AdvApi32.QueryAllTraces(pprops, len, out var count).ThrowIfFailed(); for (var i = 0; i < count; i++) { yield return(props[i].ToStructure <EVENT_TRACE_PROPERTIES>()); } } finally { for (var i = 0; i < props.Count; i++) { props[i].Dispose(); } } }
public void QueryTraceTest() { var sess = EventTraceSession.ActiveSessions.First(); var prop = EVENT_TRACE_PROPERTIES.Create(); Assert.That(QueryTrace(sess.TraceSessionHandle, null, ref prop), ResultIs.Successful); prop.WriteValues(); }
public void EventAccessTest() { var etp = EVENT_TRACE_PROPERTIES.Create(Guid.NewGuid()); etp.LogFileMode = LogFileMode.EVENT_TRACE_FILE_MODE_SEQUENTIAL; etp.MaximumFileSize = 1; etp.LogFileName = logfilePath; etp.LoggerName = "MySession"; var sess = new EventTraceSession(etp); var sz = 1024U; using var sd = new SafePSECURITY_DESCRIPTOR((int)sz); Assert.That(EventAccessQuery(sess.ProviderGuid, sd, ref sz), ResultIs.Successful); Assert.That(EventAccessControl(sess.ProviderGuid, EVENTSECURITYOPERATION.EventSecurityAddDACL, SafePSID.Current, TRACELOG_RIGHTS.WMIGUID_QUERY, true), ResultIs.Successful); Assert.That(EventAccessRemove(sess.ProviderGuid), ResultIs.Successful); }