public void ProcessTraces()
{
if (!_traceOn)
{
bool admin;
#if TRACESPY_SERVICE
admin = Program.IsAdministrator();
#else
admin = UacUtilities.IsAdministrator();
#endif
if (!admin)
{
OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces will not be displayed. TraceSpy must be run as administrator to display these traces.", EtwTraceLevel.Fatal);
}
else
{
OnRealtimeEvent(Process.GetCurrentProcess().Id, GetCurrentThreadId(), "ETW Traces are not started. An error occured during initialization.", EtwTraceLevel.Fatal);
}
return;
}
long oh;
if (Environment.OSVersion.Version.Major >= 6)
{
var etl = new EVENT_TRACE_LOGFILE_VISTA();
etl.EventCallback = _rcb;
etl.LoggerName = SessionName;
etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME | PROCESS_TRACE_MODE_EVENT_RECORD;
oh = OpenTrace(ref etl);
}
else
{
var etl = new EVENT_TRACE_LOGFILE();
etl.EventCallback = _cb;
etl.LoggerName = SessionName;
etl.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME;
oh = OpenTrace(ref etl);
}
if (oh == INVALID_PROCESSTRACE_HANDLE)
{
throw new Win32Exception(Marshal.GetLastWin32Error());
}
try
{
int status = ProcessTrace(ref oh, 1, IntPtr.Zero, IntPtr.Zero);
if (status != 0)
{
throw new Win32Exception(status);
}
}
finally
{
CloseTrace(oh);
}
}
private static extern long OpenTrace(ref EVENT_TRACE_LOGFILE_VISTA logFile);
