private void StartTrace()
{
_aggregator = new ProcessAggregator(ProcessEvent);
_provider = new EtwEventProvider("404MonitorProcessLookups", "Microsoft-Windows-Kernel-Process", 0x10,
_aggregator);
ThreadPool.QueueUserWorkItem(StartProvider);
}
public FileMonitor(Action <MissingFile> displayFile, Action <MissingFile> removeFile,
Action <MissingFile, SearchEvent> addEvent)
{
_displayFile = displayFile;
_removeFile = removeFile;
_addEvent = addEvent;
var fileEventAggregator = new FileIoAggregator(FileEventAvailable);
_provider = new EtwEventProvider("File404Monitor", "Microsoft-Windows-Kernel-File", 0x10c0,
fileEventAggregator);
_nameStore = new ProcessNameStore();
}
public void Provides_Events()
{
// I don't normally liked times tests but am struggling a little as the etw stuff hangs on the calling thread and sends events on a seperate thread
var done = false;
var aggregator = new Mock <EventAggregator>();
aggregator.Setup(p => p.TraceEventAvailable(It.IsAny <TraceEvent>())).Callback((TraceEvent te) =>
{
done = true;
});
const string sessionName = "FileMon404Tests";
var provider = new EtwEventProvider(sessionName, "Microsoft-Windows-Kernel-File", 0x10c0, aggregator.Object);
var task = new Task(() => {
Assert.True(provider.Start());
});
task.Start();
var start = DateTime.Now;
while (!done && start > DateTime.Now.Subtract(Seconds(10)))
{
Thread.Sleep(Seconds(1));
}
provider.Stop();
Assert.False(task.IsFaulted);
Assert.True(done, "Did not receive an event before the timeout");
}
