Пример #1
        public static void ListenWintQueryOnEtwNativeEvent()
            Console.WriteLine("----- Listening with Tx-EtwObservable and Rx query -----");

            _raw = EtwObservable.FromSession(Baseline.SessionName);

            UInt32 pid   = 0;
            UInt32 size  = 0;
            UInt32 daddr = 0;

            var timeSource = new TimeSource <EtwNativeEvent>(_raw, e => e.TimeStamp);

            var toStackVars = timeSource.Do(e => // this copies the variables on the stack
                pid   = e.ReadUInt32();          // skip PID
                size  = e.ReadUInt32();
                daddr = e.ReadUInt32();

            var x = from window in toStackVars.Window(TimeSpan.FromSeconds(1))
                    from stats in
                    (from packet in window
                     group packet by daddr
                     into g
                     from total in g.Sum(p => size)
                     select new
                address = new IPAddress(g.Key).ToString(),
                received = total
                    select stats.OrderBy(s => s.address);

            _subscription = x.Subscribe(v =>
                Console.WriteLine("--- {0} ---", DateTime.Now);
                foreach (var s in v)
                    Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received);


            Console.WriteLine(pid); // prevent the compiler to optimize this away
Пример #2
Файл: RxRaw.cs Проект: 40a/Tx
        public static void ListenWintQueryOnEtwNativeEvent()
            Console.WriteLine("----- Listening with Tx-EtwObservable and Rx query -----");

            _raw = EtwObservable.FromSession(Baseline.SessionName);

            UInt32 pid = 0;
            UInt32 size = 0;
            UInt32 daddr = 0;

            var timeSource = new TimeSource<EtwNativeEvent>(_raw, e => e.TimeStamp);

            var toStackVars = timeSource.Do(e => // this copies the variables on the stack
                    pid = e.ReadUInt32(); // skip PID
                    size = e.ReadUInt32();
                    daddr = e.ReadUInt32();

            var x = from window in toStackVars.Window(TimeSpan.FromSeconds(1))
                    from stats in
                        (from packet in window
                         group packet by daddr
                         into g
                         from total in g.Sum(p => size)
                         select new
                                 address = new IPAddress(g.Key).ToString(),
                                 received = total
                    select stats.OrderBy(s => s.address);

            _subscription = x.Subscribe(v =>
                    Console.WriteLine("--- {0} ---", DateTime.Now);
                    foreach (var s in v)
                        Console.WriteLine("{0, -15} {1,-10:n0} ", s.address, s.received);


            Console.WriteLine(pid); // prevent the compiler to optimize this away