private PSEtwUserProvider CreateWmiActivityProvider()
{
const int WMIEventId = 11;
const string providerName = "Microsoft-Windows-WMI-Activity";
var wmiProvider = new Provider(providerName);
IEventRecordDelegate callback = (IEventRecord r) =>
{
try
{
var clientPid = r.GetInt32("ClientProcessId");
if (clientPid == _processId)
{
var obj = _propertyExtractor.Extract(r);
lock (_lock) { _records.Add(obj.ToPSObject()); }
}
}
catch
{
// TODO: log bad record parse
}
};
var filter = new EventFilter(Filter.EventIdIs(WMIEventId));
filter.OnEvent += callback;
wmiProvider.AddFilter(filter);
return(new PSEtwUserProvider(wmiProvider, providerName));
}
internal void EnsureDefaultHandlerSetup(IEventRecordDelegate handler)
{
if (_filters.Any())
{
foreach (var filter in _filters)
{
if (filter.OnEventHandlers.Any())
{
continue;
}
filter.AddOnEventHandler(handler);
}
}
else
{
if (!_onEventHandlers.Any())
{
AddOnEventHandler(handler);
}
}
}
internal void AddOnEventHandler(IEventRecordDelegate handler)
{
_onEventHandlers.Add(handler);
_provider.OnEvent += handler;
}
