public void SubscribeToEvents(TraceEventParser parser) { var kernel = (KernelTraceEventParser)parser; kernel.ProcessStart += HandleProcessStart; kernel.ThreadStart += HandleThreadStart; }
public void SubscribeToEvents(TraceEventParser parser) { var kernel = (KernelTraceEventParser)parser; kernel.TcpIpAccept += HandleTcpIpConnect; kernel.TcpIpAcceptIPV6 += HandleTcpIpV6Connect; kernel.TcpIpARPCopy += HandleTcpIp; kernel.TcpIpConnect += HandleTcpIpConnect; kernel.TcpIpConnectIPV6 += HandleTcpIpV6Connect; kernel.TcpIpDisconnect += HandleTcpIp; kernel.TcpIpDisconnectIPV6 += HandleTcpIpV6; kernel.TcpIpDupACK += HandleTcpIp; kernel.TcpIpFail += HandleTcpIpFail; kernel.TcpIpFullACK += HandleTcpIp; kernel.TcpIpPartACK += HandleTcpIp; kernel.TcpIpReconnect += HandleTcpIp; kernel.TcpIpReconnectIPV6 += HandleTcpIpV6; kernel.TcpIpRecv += HandleTcpIpRev; kernel.TcpIpRecvIPV6 += HandleTcpIpV6Rev; kernel.TcpIpRetransmit += HandleTcpIp; kernel.TcpIpRetransmitIPV6 += HandleTcpIpV6; kernel.TcpIpSend += HandleTcpIpSend; kernel.TcpIpSendIPV6 += HandleTcpIpV6Send; kernel.TcpIpTCPCopy += HandleTcpIp; kernel.TcpIpTCPCopyIPV6 += HandleTcpIpV6; }
private void SetupProviderAndParser() { try { //enabling the providers if (SessionAttribute.IsKernelSession) { if (SessionAttribute is KernelTraceSessionAttribute) { traceEventSession.EnableKernelProvider(((KernelTraceSessionAttribute)SessionAttribute).KernelSessionKeywords); } else { traceEventSession.EnableKernelProvider(KernelTraceEventParser.Keywords.Default); } } else { traceEventSession.EnableProvider(SessionAttribute.providerName, SessionAttribute.providerLevel, options: SessionAttribute.TraceEventProviderOptions); } //creating the trace event parser traceEventParser = Activator.CreateInstance(SessionAttribute.eventParserType, traceEventSession.Source) as TraceEventParser; //set the trace event parser through session's properties traceEventParser.AddCallbackForProviderEvents(CallbackForProviderEvents, CallbackForEvents); } catch (Exception ex) { TraceSessionError(ex); } }
public void SubscribeToEvents(TraceEventParser parser) { var kernel = (KernelTraceEventParser)parser; kernel.SystemConfigCPU += Kernel_SystemConfigCPU; kernel.SystemConfigNIC += HandleConfigNIC; kernel.SystemConfigLogDisk += Kernel_SystemConfigLogDisk; }
public void SubscribeToEvents(TraceEventParser parser) { var rpcParser = (MicrosoftWindowsRPCTraceEventParser)parser; rpcParser.RpcClientCallStart += RpcClientCallStart; rpcParser.RpcClientCallStop += RpcClientCallStop; rpcParser.RpcServerCallStart += RpcServerCallStart; rpcParser.RpcServerCallStop += RpcServerCallStop; }
public void SubscribeToEvents(TraceEventParser parser) { var kernel = (KernelTraceEventParser)parser; kernel.ALPCReceiveMessage += HandleALPCReceiveMessage; kernel.ALPCSendMessage += HandleALPCSendMessage; //kernel.ALPCUnwait += HandleALPCUnwait; //kernel.ALPCWaitForNewMessage += HandleALPCWaitForNewMessage; kernel.ALPCWaitForReply += HandleALPCWaitForReply; }
public void SubscribeToEvents(TraceEventParser parser) { var kernel = (KernelTraceEventParser)parser; kernel.FileIOClose += HandleFileIoSimpleOp; kernel.FileIOFlush += HandleFileIoSimpleOp; kernel.FileIOCreate += HandleFileIoCreate; kernel.FileIODelete += HandleFileIoInfo; kernel.FileIORename += HandleFileIoInfo; kernel.FileIOFileCreate += HandleFileIoName; kernel.FileIOFileDelete += HandleFileIoName; kernel.FileIOFileRundown += HandleFileIoName; kernel.FileIOName += HandleFileIoName; kernel.FileIORead += HandleFileIoReadWrite; kernel.FileIOWrite += HandleFileIoReadWrite; kernel.FileIOMapFile += HandleFileIoMapFile; }
public static IObservable <TraceEvent> ObserveAll(this TraceEventParser parser) { return(parser.Observe((providerName, eventName) => { return EventFilterResponse.AcceptEvent; })); }