private PSEtwUserProvider CreateWmiActivityProvider() { const int WMIEventId = 11; const string providerName = "Microsoft-Windows-WMI-Activity"; var wmiProvider = new Provider(providerName); IEventRecordDelegate callback = (IEventRecord r) => { try { var clientPid = r.GetInt32("ClientProcessId"); if (clientPid == _processId) { var obj = _propertyExtractor.Extract(r); lock (_lock) { _records.Add(obj.ToPSObject()); } } } catch { // TODO: log bad record parse } }; var filter = new EventFilter(Filter.EventIdIs(WMIEventId)); filter.OnEvent += callback; wmiProvider.AddFilter(filter); return(new PSEtwUserProvider(wmiProvider, providerName)); }
internal void EnsureDefaultHandlerSetup(IEventRecordDelegate handler) { if (_filters.Any()) { foreach (var filter in _filters) { if (filter.OnEventHandlers.Any()) { continue; } filter.AddOnEventHandler(handler); } } else { if (!_onEventHandlers.Any()) { AddOnEventHandler(handler); } } }
internal void AddOnEventHandler(IEventRecordDelegate handler) { _onEventHandlers.Add(handler); _provider.OnEvent += handler; }