private void MergeTracesAndProcess()
{
int error;
_handles = new ulong[_logFiles.Length];
IntPtr startTime = ConvertDateTime(_startTime);
IntPtr endTime = ConvertDateTime(_endTime);
for (int i = 0; i < _logFiles.Length; i++)
{
_handles[i] = EtwNativeMethods.OpenTrace(ref _logFiles[i]);
if (_handles[i] == EtwNativeMethods.InvalidHandle)
{
error = Marshal.GetLastWin32Error();
if (error == EtwNativeMethods.ErrorNotFound)
{
_observer.OnError(new FileNotFoundException("Could not find file " + _logFiles[i].LogFileName));
return;
}
_observer.OnError(new Win32Exception(error));
return;
}
}
try
{
error = EtwNativeMethods.ProcessTrace(_handles, (uint)_handles.Length, startTime, endTime);
}
catch (Exception ex)
{
_observer.OnError(ex);
return;
}
finally
{
if (startTime != IntPtr.Zero)
{
Marshal.FreeHGlobal(startTime);
startTime = IntPtr.Zero;
}
if (endTime != IntPtr.Zero)
{
Marshal.FreeHGlobal(endTime);
endTime = IntPtr.Zero;
}
}
if (error != 0)
{
_observer.OnError(new Win32Exception(error));
return;
}
_observer.OnCompleted();
}
public void Dispose()
{
if (!_disposed)
{
_disposed = true;
for (int i = 0; i < _handles.Length; i++)
{
EtwNativeMethods.CloseTrace(_handles[i]);
_logFileHandles[i].Free();
}
}
}
public void Dispose()
{
if (!_disposed)
{
_disposed = true;
EtwNativeMethods.CloseTrace(_handle);
// the above causes EtwNativeMethods.OpenTrace to return sucessfuly
// and the thread which invokes the callbacks to finish
_thread.Join();
}
}
Dictionary <uint, string> ReadTdhMap(string mapName, ref EtwNativeEvent e)
{
IntPtr pMapName = Marshal.StringToBSTR(mapName);
int bufferSize = 0;
int status = EtwNativeMethods.TdhGetEventMapInformation(
ref *e.record,
pMapName,
IntPtr.Zero, ref bufferSize);
if (122 != status) // ERROR_INSUFFICIENT_BUFFER
{
throw new Exception("Unexpected TDH status " + status);
}
var mybuffer = Marshal.AllocHGlobal(bufferSize);
status = EtwNativeMethods.TdhGetEventMapInformation(
ref *e.record,
pMapName,
mybuffer, ref bufferSize);
if (status != 0)
{
throw new Exception("TDH status " + status);
}
EVENT_MAP_INFO *mapInfo = (EVENT_MAP_INFO *)mybuffer;
byte * startMap = (byte *)mapInfo;
var name1 = CopyString(startMap, mapInfo->NameOffset);
byte * endMap = startMap + sizeof(EVENT_MAP_INFO);
var map = new Dictionary <uint, string>();
for (int i = 0; i < mapInfo->EntryCount; i++)
{
EVENT_MAP_ENTRY *mapEntry = (EVENT_MAP_ENTRY *)endMap + i;
uint value = mapEntry->Value;
string name = CopyString(startMap, mapEntry->OutputOffset);
map.Add(value, name);
}
return(map);
}
/// <summary>
/// This function reads the event metadata from TDH into globally allocated buffer
/// It is caller's responsibility to free the memory by calling Marshal.FreeHGlobal
/// </summary>
/// <param name="e">ETW native event interop wrapper structure</param>
/// <returns>Pointer to newly allocated TRACE_EVENT_INFO structure</returns>
IntPtr ReadTdhMetadata(ref EtwNativeEvent e)
{
int bufferSize = 0;
int status = EtwNativeMethods.TdhGetEventInformation(ref *e.record, 0, IntPtr.Zero, IntPtr.Zero, ref bufferSize);
if (122 != status) // ERROR_INSUFFICIENT_BUFFER
{
throw new Exception("Unexpected TDH status " + status);
}
var mybuffer = Marshal.AllocHGlobal(bufferSize);
status = EtwNativeMethods.TdhGetEventInformation(ref *e.record, 0, IntPtr.Zero, mybuffer, ref bufferSize);
if (status != 0)
{
throw new Exception("TDH status " + status);
}
return(mybuffer);
}
private void ThreadProc()
{
int error;
_handles = new ulong[_logFiles.Length];
for (int i = 0; i < _logFiles.Length; i++)
{
_handles[i] = EtwNativeMethods.OpenTrace(ref _logFiles[i]);
if (_handles[i] == EtwNativeMethods.InvalidHandle)
{
error = Marshal.GetLastWin32Error();
if (error == EtwNativeMethods.ErrorNotFound)
{
_observer.OnError(new FileNotFoundException("Could not find file " + _logFiles[i].LogFileName));
return;
}
_observer.OnError(new Win32Exception(error));
return;
}
}
try
{
error = EtwNativeMethods.ProcessTrace(_handles, (uint)_handles.Length, IntPtr.Zero, IntPtr.Zero);
}
catch (Exception ex)
{
_observer.OnError(ex);
return;
}
if (error != 0)
{
_observer.OnError(new Win32Exception(error));
return;
}
_observer.OnCompleted();
}
private void ThreadProc()
{
int error;
_handle = EtwNativeMethods.OpenTrace(ref _logFile);
if (_handle == EtwNativeMethods.InvalidHandle)
{
error = Marshal.GetLastWin32Error();
if (error == EtwNativeMethods.ErrorNotFound)
{
_observer.OnError(new Exception("Could not find ETW real-time session " + _logFile.LoggerName));
return;
}
else
{
_observer.OnError(new Win32Exception(error));
return;
}
}
try
{
error = EtwNativeMethods.ProcessTrace(new[] { _handle }, 1, IntPtr.Zero, IntPtr.Zero);
}
catch (Exception ex)
{
_observer.OnError(ex);
return;
}
if (error != 0)
{
_observer.OnError(new Win32Exception(error));
return;
}
_observer.OnCompleted();
}