/// <summary> /// Constructor /// </summary> /// <param name="observer">Observer to push events into</param> /// <param name="sessionName">real-time session name</param> public EtwListener(IObserver<EtwNativeEvent> observer, string sessionName) { if (sessionName == null) throw new ArgumentNullException("sessionName"); _observer = observer; _logFile = new EVENT_TRACE_LOGFILE { ProcessTraceMode = EtwNativeMethods.TraceModeRealTime | EtwNativeMethods.TraceModeEventRecord, LoggerName = sessionName, EventRecordCallback = EtwCallback }; _thread = new Thread(ThreadProc); _thread.Name = "EtwSession " + sessionName; _thread.Start(); }
/// <summary> /// Constructor /// </summary> /// <param name="observer">Observer to push events into</param> /// <param name="etlFiles">.etl (Event Trace Log) files to read. Up to 63 files are supported</param> public EtwFileReader(IObserver<EtwNativeEvent> observer, params string[] etlFiles) { _observer = observer; // pin the strings in memory, allowing pointers to be passed in the event callback _logFiles = new EVENT_TRACE_LOGFILE[etlFiles.Length]; _logFileHandles = new GCHandle[etlFiles.Length]; for (int i = 0; i < _logFileHandles.Length; i++) { _logFiles[i] = new EVENT_TRACE_LOGFILE { ProcessTraceMode = EtwNativeMethods.TraceModeEventRecord, LogFileName = etlFiles[i], EventRecordCallback = EtwCallback }; _logFileHandles[i] = GCHandle.Alloc(_logFiles[i]); } _thread = new Thread(ThreadProc); _thread.Name = "EtwFileObservable"; _thread.Start(); }
public static extern UInt64 OpenTrace(ref EVENT_TRACE_LOGFILE logfile);