public static SynthRecord CreateRecord( string userData, string contextInfo, string payload) { using (var rb = new RecordBuilder(ProviderId, EventId, Version)) { rb.AddUnicodeString(UserData, userData); rb.AddUnicodeString(ContextInfo, contextInfo); rb.AddUnicodeString(Payload, payload); return(rb.Pack()); } }
public static SynthRecord CreateRecord( string username, uint logonType) { using (var rb = new RecordBuilder(ProviderId, EventId, Version)) { rb.AddUnicodeString(TargetUserName, username); rb.AddValue(LogonType, logonType); return(rb.PackIncomplete()); } }
public static SynthRecord CreateRecord( uint processId, string fileName) { using (var rb = new RecordBuilder(ProviderId, EventId, Version, OpCode)) { // NOTE: kernel events MUST have this flag set rb.Header.Flags = (ushort)EventHeaderFlags.TRACE_MESSAGE; rb.AddValue(ProcessId, processId); rb.AddUnicodeString(FileName, fileName); return(rb.PackIncomplete()); } }