public void ProcessTraces() { if (!_traceOn) { bool admin; #if TRACESPY_SERVICE admin = Program.IsAdministrator(); #else admin = UacUtilities.IsAdministrator(); #endif if (!admin) { OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces will not be displayed. TraceSpy must be run as administrator to display these traces.", EtwTraceLevel.Fatal); } else { OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces are not started. An error occured during initialization.", EtwTraceLevel.Fatal); } return; } long oh; if (Environment.OSVersion.Version.Major >= 6) { var etl = new EVENT_TRACE_LOGFILE_VISTA(); etl.EventCallback = _rcb; etl.LoggerName = SessionName; etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD; oh = OpenTrace(ref etl); } else { var etl = new EVENT_TRACE_LOGFILE(); etl.EventCallback = _cb; etl.LoggerName = SessionName; etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME; oh = OpenTrace(ref etl); } if (oh == INVALID_PROCESSTRACE_HANDLE) { throw new Win32Exception(Marshal.GetLastWin32Error()); } try { int status = ProcessTrace(ref oh, 1, IntPtr.Zero, IntPtr.Zero); if (status != 0) { throw new Win32Exception(status); } } finally { CloseTrace(oh); } }
private static extern long OpenTrace(ref EVENT_TRACE_LOGFILE_VISTA logFile);