public static SynthRecord CreateRecord(
string username,
uint logonType)
{
using (var rb = new RecordBuilder(ProviderId, EventId, Version))
{
rb.AddUnicodeString(TargetUserName, username);
rb.AddValue(LogonType, logonType);
return(rb.PackIncomplete());
}
}
public static SynthRecord CreateRecord(
string url,
string verb,
uint status)
{
using (var rb = new RecordBuilder(ProviderId, EventId, Version))
{
rb.AddAnsiString(URL, url);
rb.AddAnsiString(Verb, verb);
rb.AddValue(Status, status);
return(rb.PackIncomplete());
}
}
public static SynthRecord CreateRecord(
uint processId,
string fileName)
{
using (var rb = new RecordBuilder(ProviderId, EventId, Version, OpCode))
{
// NOTE: kernel events MUST have this flag set
rb.Header.Flags = (ushort)EventHeaderFlags.TRACE_MESSAGE;
rb.AddValue(ProcessId, processId);
rb.AddUnicodeString(FileName, fileName);
return(rb.PackIncomplete());
}
}
