public static SynthRecord CreateRecord(
string userData,
string contextInfo,
string payload)
{
using (var rb = new RecordBuilder(ProviderId, EventId, Version))
{
rb.AddUnicodeString(UserData, userData);
rb.AddUnicodeString(ContextInfo, contextInfo);
rb.AddUnicodeString(Payload, payload);
return(rb.Pack());
}
}
public static SynthRecord CreateRecord(
string username,
uint logonType)
{
using (var rb = new RecordBuilder(ProviderId, EventId, Version))
{
rb.AddUnicodeString(TargetUserName, username);
rb.AddValue(LogonType, logonType);
return(rb.PackIncomplete());
}
}
public static SynthRecord CreateRecord(
uint processId,
string fileName)
{
using (var rb = new RecordBuilder(ProviderId, EventId, Version, OpCode))
{
// NOTE: kernel events MUST have this flag set
rb.Header.Flags = (ushort)EventHeaderFlags.TRACE_MESSAGE;
rb.AddValue(ProcessId, processId);
rb.AddUnicodeString(FileName, fileName);
return(rb.PackIncomplete());
}
}
