static void TraceNewProcess(IEnumerable <string> procargs, bool spawnNewConsoleWindow, TraceOutputOptions options) { using (var process = new ProcessCreator(procargs) { SpawnNewConsoleWindow = spawnNewConsoleWindow }) { process.StartSuspended(); using (TraceCollector kernelTraceCollector = new KernelTraceCollector(process.ProcessId, Console.Out, options), userTraceCollector = new UserTraceCollector(process.ProcessId, Console.Out, options)) { SetConsoleCtrlCHook(kernelTraceCollector, userTraceCollector); ThreadPool.QueueUserWorkItem((o) => { kernelTraceCollector.Start(); }); ThreadPool.QueueUserWorkItem((o) => { userTraceCollector.Start(); }); ThreadPool.QueueUserWorkItem((o) => { process.Join(); kernelTraceCollector.Stop(); userTraceCollector.Stop(); stopEvent.Set(); }); Thread.Sleep(1000); // resume thread process.Resume(); stopEvent.WaitOne(); } } }
public void TraceNewProcess(IEnumerable <string> procargs, bool spawnNewConsoleWindow, bool traceChildProcesses, bool collectDriverStats) { using (var process = new ProcessCreator(procargs) { SpawnNewConsoleWindow = spawnNewConsoleWindow }) { process.StartSuspended(); using (TraceCollector kernelTraceCollector = new TraceCollector(KernelTraceEventParser.KernelSessionName), customTraceCollector = new TraceCollector(WinTraceUserTraceSessionName)) { InitializeSystemHandlers(kernelTraceCollector, collectDriverStats); InitializeProcessHandlers(kernelTraceCollector, customTraceCollector, process.ProcessId, traceChildProcesses); ThreadPool.QueueUserWorkItem((o) => { process.Join(); StopCollectors(kernelTraceCollector, customTraceCollector); stopEvent.Set(); }); stopTraceCollectors = () => { StopCollectors(kernelTraceCollector, customTraceCollector); }; ThreadPool.QueueUserWorkItem((o) => { kernelTraceCollector.Start(); }); ThreadPool.QueueUserWorkItem((o) => { customTraceCollector.Start(); }); Thread.Sleep(1000); // resume thread process.Resume(); stopEvent.WaitOne(); } } }