Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing .NET EventSource #211

Open
bobsira opened this issue May 3, 2023 · 1 comment
Open

Parsing .NET EventSource #211

bobsira opened this issue May 3, 2023 · 1 comment

Comments

@bobsira
Copy link

bobsira commented May 3, 2023

Can I use this library to parse ETW events generated by with .NET System.Diagnostics.Tracing.EventSource class?

I'm currently having a blocker on how to pass ETW EventSource in our logging tool which is written in C++.
@swannman
Copy link
Member

swannman commented May 3, 2023

Hi @bobsira, krabsetw should be able to subscribe to EventSource providers from both C# and C++:

  • First, translate your EventSource provider name to an ETW provider ID: here's an example.
  • Next, use RawProvider (in C#) or krabs::provider<> (in C++) to subscribe to the ETW provider ID
  • When you receive an event callback:
    • In C#, convert the contents of the event to a ReadOnlySpan and parse it accordingly: new ReadOnlySpan<byte>(record.UserData.ToPointer(), record.UserDataLength);
    • In C++, use the UserData and UserDataLength properties of EVENT_RECORD to access the contents of the event

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@swannman @bobsira