public void TraceRunningProcess(int pid, TraceOptions traceOptions)
{
using (var hProcess = Kernel32.OpenProcess(Kernel32.ACCESS_MASK.StandardRight.SYNCHRONIZE, false, pid)) {
if (hProcess.IsInvalid)
{
Console.Error.WriteLine("ERROR: the process with a given PID was not found or you don't have access to it.");
return;
}
using (var kernelTraceCollector = new TraceCollector(KernelTraceEventParser.KernelSessionName))
using (var userTraceCollector = new TraceCollector(WinTraceUserTraceSessionName)) {
InitializeProcessHandlers(kernelTraceCollector, userTraceCollector,
pid, traceOptions);
ThreadPool.QueueUserWorkItem((o) => {
Kernel32.WaitForSingleObject(hProcess, Constants.INFINITE);
StopCollectors(kernelTraceCollector, userTraceCollector);
stopEvent.Set();
});
stopTraceCollectors = () => { StopCollectors(kernelTraceCollector, userTraceCollector); };
ThreadPool.QueueUserWorkItem((o) => { kernelTraceCollector.Start(); });
ThreadPool.QueueUserWorkItem((o) => { userTraceCollector.Start(); });
stopEvent.WaitOne();
}
}
}
public void TraceNewProcess(IEnumerable <string> procargs, bool spawnNewConsoleWindow, TraceOptions traceOptions)
{
using (var process = new ProcessCreator(procargs)
{
SpawnNewConsoleWindow = spawnNewConsoleWindow
}) {
process.StartSuspended();
using (var kernelTraceCollector = new TraceCollector(KernelTraceEventParser.KernelSessionName))
using (var customTraceCollector = new TraceCollector(WinTraceUserTraceSessionName)) {
InitializeProcessHandlers(kernelTraceCollector, customTraceCollector,
process.ProcessId, traceOptions);
ThreadPool.QueueUserWorkItem((o) => {
process.Join();
StopCollectors(kernelTraceCollector, customTraceCollector);
stopEvent.Set();
});
stopTraceCollectors = () => { StopCollectors(kernelTraceCollector, customTraceCollector); };
ThreadPool.QueueUserWorkItem((o) => { kernelTraceCollector.Start(); });
ThreadPool.QueueUserWorkItem((o) => { customTraceCollector.Start(); });
Thread.Sleep(1000);
// resume thread
process.Resume();
stopEvent.WaitOne();
}
}
}