public static SynthRecord CreateRecord( string username, uint logonType) { using (var rb = new RecordBuilder(ProviderId, EventId, Version)) { rb.AddUnicodeString(TargetUserName, username); rb.AddValue(LogonType, logonType); return(rb.PackIncomplete()); } }
public static SynthRecord CreateRecord( string url, string verb, uint status) { using (var rb = new RecordBuilder(ProviderId, EventId, Version)) { rb.AddAnsiString(URL, url); rb.AddAnsiString(Verb, verb); rb.AddValue(Status, status); return(rb.PackIncomplete()); } }
public static SynthRecord CreateRecord( uint processId, string fileName) { using (var rb = new RecordBuilder(ProviderId, EventId, Version, OpCode)) { // NOTE: kernel events MUST have this flag set rb.Header.Flags = (ushort)EventHeaderFlags.TRACE_MESSAGE; rb.AddValue(ProcessId, processId); rb.AddUnicodeString(FileName, fileName); return(rb.PackIncomplete()); } }