public void Start(TraceElements elements, bool includeInit)
{
_includeInit = includeInit;
_session = new TraceEventSession(KernelTraceEventParser.KernelSessionName)
{
BufferSizeMB = 128,
CpuSampleIntervalMSec = 10
};
_session.EnableKernelProvider((KernelTraceEventParser.Keywords)elements);
_processingThread = new Thread(() => {
_parser = new KernelTraceEventParser(_session.Source);
SetupCallbacks(elements);
_session.Source.Process();
});
_processingThread.Priority = ThreadPriority.Lowest;
_processingThread.IsBackground = true;
_processingThread.Start();
}
private void SetupCallbacks(TraceElements elements)
{
if (elements.HasFlag(TraceElements.Process))
{
_parser.ProcessStart += OnProcessStart;
if (_includeInit)
{
_parser.ProcessDCStart += OnProcessDCStart;
_parser.ProcessDCStop += obj => ProcessTrace?.Invoke((ProcessTraceData)obj.Clone(), EventType.ProcessExited);
}
_parser.ProcessStop += OnProcessStop;
}
if (elements.HasFlag(TraceElements.Thread))
{
_parser.ThreadStart += OnThreadStart;
_parser.ThreadStop += OnThreadStop;
}
if (elements.HasFlag(TraceElements.Registry))
{
_parser.RegistryCreate += OnRegistryCreate;
_parser.RegistryOpen += obj => RegistryTrace?.Invoke((RegistryTraceData)obj.Clone(), EventType.RegistryOpenKey);
}
}
