public ProcessMonitorEtw(Microsoft.O365.Security.ETW.IEventRecordDelegate OnProcessEvent) { kernelTrace = new Microsoft.O365.Security.ETW.KernelTrace("priv10_ProcLogger"); processProvider = new Microsoft.O365.Security.ETW.Kernel.ProcessProvider(); processProvider.OnEvent += OnProcessEvent; kernelTrace.Enable(processProvider); kernelThread = new Thread(() => { kernelTrace.Start(); }); kernelThread.Start(); }
public NetworkMonitorEtw(Microsoft.O365.Security.ETW.IEventRecordDelegate OnNetworkEvent) { kernelTrace = new Microsoft.O365.Security.ETW.KernelTrace("priv10_KernelLogger"); networkProvider = new Microsoft.O365.Security.ETW.Kernel.NetworkTcpipProvider(); networkProvider.OnEvent += OnNetworkEvent; kernelTrace.Enable(networkProvider); kernelThread = new Thread(() => { kernelTrace.Start(); }); kernelThread.Start(); }
public EtwKernelLogger(string name, Microsoft.O365.Security.ETW.Kernel.NetworkTcpipProvider provider) { logName = name; kernelTrace = new Microsoft.O365.Security.ETW.KernelTrace("etw_" + name); networkProvider = provider; networkProvider.OnEvent += OnEtwEvent; kernelTrace.Enable(networkProvider); workerThread = new Thread(() => { kernelTrace.Start(); }); workerThread.Start(); }