예제 #1
0
        private static void etwWatcher_EventArrived(object sender, EventArrivedEventArgs e)
        {
            string eventName = (String.IsNullOrEmpty(e.EventName)) ? "" : e.EventName.Trim();
            string eventTask = (String.IsNullOrEmpty(e.Task)) ? "" : e.Task.Trim();

            if ((processId == 0 || processId == e.ProcessId) &&
                eventName.Equals("info", StringComparison.InvariantCultureIgnoreCase))
            {
                //Debug.WriteLine("Task: " + e.Task + " Delta: " + (DateTime.Now - e.LogDateTime).TotalMilliseconds);
                if (OnEtwEventCounter != null)
                {
                    etwTotalEventCounter++;
                    OnEtwEventCounter.Invoke(null, new EtwEventCounterArgs(etwTotalEventCounter, etwFilteredEventCounter, e.LogDateTime));
                }

                foreach (EtwEventInfo etw in settings.EtwEvents)
                {
                    if (eventTask.Equals(etw.Task, StringComparison.InvariantCultureIgnoreCase))
                    {
                        etwFilteredEventCounter++;
                        if (OnEtwEvent != null)
                        {
                            EtwEvent etwEvent = etw.GetEtwEvent(e.ProcessId, etw.Task, (List <PropertyItem>)e.Properties, e.LogDateTime);
                            OnEtwEvent.Invoke(null, new EtwEventArgs(etwEvent));
                            continue;
                        }
                    }
                }
            }
        }
예제 #2
0
        public EtwEvent GetEtwEvent(uint PID, string Name, List <PropertyItem> Properties, DateTime Timestamp)
        {
            string etwProperty = DescriptionFormat;

            foreach (PropertyItem prop in Properties)
            {
                string propToken = "{" + prop.Key + "}";
                if (etwProperty.Contains(propToken, StringComparison.InvariantCultureIgnoreCase))
                {
                    etwProperty = etwProperty.Replace(propToken, (string)prop.Value);
                }
            }
            EtwEvent etw = new EtwEvent(PID, Name, etwProperty, Timestamp);

            return(etw);
        }
예제 #3
0
 public EtwEventArgs(EtwEvent EtwEvent)
 {
     this.EtwEvent = EtwEvent;
 }