使用c#的ETW事件 [英] ETW Events with c#
问题描述
全部好,
我正在研究使用ETW收集网络和处理事件的C#应用程序。我只是想问一下ETW中是否有任何事件可以让我知道任何打开监听端口的新应用程序? 我想动态更新侦听端口
,无需额外的API调用。
谢谢,
Rajat
嗨Rjat Kinkhabwala,
< p style ="font-size:13.3333px">感谢您在此发帖。
针对您的问题,根据我的测试和我的研究当我们创建一个ETW事件提供程序时,这是一个非常重要的任务,它编写XML"架构清单"并使用专用工具(MC.exe)生成源代码以将
链接到您的应用程序中。在部署应用程序时,您还需要使用另一个模糊工具(WEVTUTIL)注册提供商。
> ;> 我只是想问一下ETW中是否有任何事件可以让我知道
任何打开监听端口的新应用程序?
这是否意味着您的ETW中的应用程序已被自动跟踪?
有关详细信息,请参阅以下链接。
https://blogs.msdn.microsoft.com/ vancem / 2012/07/09 /引入-教程测井ETW事件-在-C-系统诊断跟踪前夕ntsource /
https://www.codeproject.com/Articles/570690/Application-Analysis-with-Event-Tracing-for-Window
最好的问候,
Wendy
HI All,
I'm working on C# application that uses ETW to gather network and process events. I just wanted to ask Is there any event in ETW from which I can get to know any new application that opens listening port? I want to update listening port dynamically without extra API call.
Thanks,
Rajat
Hi Rjat Kinkhabwala,
Thank you for posting here.
For your question, based on my test and my research, when we create a ETW event provider has been a non-trivial task, which writing an XML 'Schema manifest' and using a specialized tool (MC.exe) to generate source code to link into your application. You also need to register the provider using another obscure tool (WEVTUTIL) when your application was deployed.
>> I just wanted to ask Is there any event in ETW from which I can get to know any new application that opens listening port?
Does this mean the application in your ETW is been tracked automatically?
For more details, you could refer to the link below.
https://www.codeproject.com/Articles/570690/Application-Analysis-with-Event-Tracing-for-Window
Best Regards,
Wendy
这篇关于使用c#的ETW事件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
