static void Main(string[] args)
{
Guid triggerProvider;
uint triggerLevel = (uint)EventLevel.Error;
uint triggerKeyword = 0;
int res = 0;
try
{
triggerProvider = Guid.Parse(args[0]);
circularSessionName = args[1];
logFileName = args.Length > 2 ? args[2] : "Flush.etl";
}
catch (Exception exception)
{
Console.WriteLine(exception.Message);
Help();
return;
}
Console.WriteLine($"Start {triggerSessionName}");
Console.CancelKeyPress += (s, a) => StopTrace();
var triggerProperties = new EVENT_TRACE_PROPERTIES()
{
LogFileMode = LogFileMode.REAL_TIME_MODE | LogFileMode.USE_MS_FLUSH_TIMER,
FlushTimer = 1,
};
res = Native.StartTrace(out var triggerSessionHandle, triggerSessionName, triggerProperties);
if (res != 0)
{
throw new Win32Exception(res);
}
res = Native.EnableTrace(1, triggerKeyword, triggerLevel, triggerProvider, triggerSessionHandle);
Console.WriteLine($"Process {triggerSessionName}");
var triggerLog = new EVENT_TRACE_LOGFILEW
{
LoggerName = triggerSessionName,
ProcessTraceMode = ProcessTraceMode.REAL_TIME | ProcessTraceMode.EVENT_RECORD,
EventRecordCallback = EventRecordCallback,
};
var triggerLogHandle = Native.OpenTraceW(ref triggerLog);
res = Native.ProcessTrace(new[] { triggerLogHandle }, 1, 0, 0);
if (res != 0)
{
Console.WriteLine(new Win32Exception(res).Message);
}
Native.CloseTrace(triggerLogHandle);
StopTrace();
}
void Start()
{
infos.Clear();
infos.Add(new Info("LogFileName", LogFileName));
infos.Add(new Info("ViewLastBuffers", buffersViewMax));
events.Clear();
deserializer = new Deserializer <EtwWriter>(new EtwWriter(events));
var logfile = new EVENT_TRACE_LOGFILEW
{
LogFileName = LogFileName,
BufferCallback = BufferCallback,
LogFileMode = Native.PROCESS_TRACE_MODE_EVENT_RECORD,
};
unsafe { logfile.EventRecordCallback = Deserialize; }
var handle = Native.OpenTrace(ref logfile);
int error = Marshal.GetLastWin32Error();
if (error != 0)
{
infos.Add(new Info("Error", new Win32Exception(error).Message));
return;
}
int buffersInFile = (int)logfile.LogfileHeader.BuffersWritten;
bool liveTrace = !File.GetAttributes(LogFileName).HasFlag(FileAttributes.Archive);
if (liveTrace || ((LogFileMode)logfile.LogfileHeader.LogFileMode).HasFlag(LogFileMode.FILE_MODE_CIRCULAR))
{
buffersInFile = (int)((new FileInfo(LogFileName).Length) / logfile.LogfileHeader.BufferSize);
infos.Add(new Info("BuffersInFile", buffersInFile));
}
infos.Add(new Info("BootTime", DateTime.FromFileTime(logfile.LogfileHeader.BootTime)));
infos.Add(new Info("StartTime", DateTime.FromFileTime(logfile.LogfileHeader.StartTime)));
if (liveTrace)
{
infos.Add(new Info("Live Trace", true));
}
else
{
infos.Add(new Info("EndTime", DateTime.FromFileTime(logfile.LogfileHeader.EndTime)));
}
if (logfile.LogfileHeader.EventsLost != 0 || logfile.LogfileHeader.BuffersLost != 0)
{
infos.Add(new Info("EventsLost", logfile.LogfileHeader.EventsLost));
infos.Add(new Info("BuffersLost", logfile.LogfileHeader.BuffersLost));
}
infos.Add(new Info("BuffersWritten", logfile.LogfileHeader.BuffersWritten));
infos.Add(new Info("BufferSize", logfile.LogfileHeader.BufferSize));
infos.Add(new Info("LogFileMode", (LogFileMode)logfile.LogfileHeader.LogFileMode));
infos.Add(new Info("Clock", (Clock)logfile.LogfileHeader.ReservedFlags));
infos.Add(new Info("Version", logfile.LogfileHeader.Version & 0xff));
infos.Add(new Info("Build", logfile.LogfileHeader.ProviderVersion));
bufferRead = 0;
bufferViewStart = buffersInFile - buffersViewMax;
int res = Native.ProcessTrace(new[] { handle }, 1, IntPtr.Zero, IntPtr.Zero);
Native.CloseTrace(handle);
}
internal extern static UInt64 OpenTrace(
[In][Out] ref EVENT_TRACE_LOGFILEW logfile);
public static extern long OpenTraceW([In, Out] ref EVENT_TRACE_LOGFILEW Logfile);
