public static IEnumerable <EVENT_TRACE_PROPERTIES> QueryAllTraces()
{
const int len = 64;
var props = new List <SafeHGlobalHandle>(len);
var loadProp = EVENT_TRACE_PROPERTIES.Create();
for (var i = 0; i < len; i++)
{
props.Add(SafeHGlobalHandle.CreateFromStructure(loadProp));
}
try
{
var pprops = props.Select(p => (IntPtr)p).ToArray();
AdvApi32.QueryAllTraces(pprops, len, out var count).ThrowIfFailed();
for (var i = 0; i < count; i++)
{
yield return(props[i].ToStructure <EVENT_TRACE_PROPERTIES>());
}
}
finally
{
for (var i = 0; i < props.Count; i++)
{
props[i].Dispose();
}
}
}
public void QueryTraceTest()
{
var sess = EventTraceSession.ActiveSessions.First();
var prop = EVENT_TRACE_PROPERTIES.Create();
Assert.That(QueryTrace(sess.TraceSessionHandle, null, ref prop), ResultIs.Successful);
prop.WriteValues();
}
public void EventAccessTest()
{
var etp = EVENT_TRACE_PROPERTIES.Create(Guid.NewGuid());
etp.LogFileMode = LogFileMode.EVENT_TRACE_FILE_MODE_SEQUENTIAL;
etp.MaximumFileSize = 1;
etp.LogFileName = logfilePath;
etp.LoggerName = "MySession";
var sess = new EventTraceSession(etp);
var sz = 1024U;
using var sd = new SafePSECURITY_DESCRIPTOR((int)sz);
Assert.That(EventAccessQuery(sess.ProviderGuid, sd, ref sz), ResultIs.Successful);
Assert.That(EventAccessControl(sess.ProviderGuid, EVENTSECURITYOPERATION.EventSecurityAddDACL, SafePSID.Current, TRACELOG_RIGHTS.WMIGUID_QUERY, true), ResultIs.Successful);
Assert.That(EventAccessRemove(sess.ProviderGuid), ResultIs.Successful);
}
