如何在.NET中使用ETW [英] HowTo Consume ETW in .NET

问题描述

我正在尝试实现ETapi32.dll中的ETW-StartTrace，OpenTrace，ProcessTrace API，以便跟踪特定进程的网络活动(以及磁盘活动)，就像TCPview或Process Explorer那样监视磁盘和网络流量

有没有人有使用p/invoke或本机.NET代码执行此操作的示例?到目前为止，我发现的所有代码都是C ++，这超出了我的理解，我需要C#或Vb.net

任何资源都将是一个很好的起点.

I''m trying to implement the ETW - StartTrace, OpenTrace, ProcessTrace APIs from Advapi32.dll in order to trace network activity (and also disk activity) for a specific process, pretty much like TCPview does or Process Explorer does to monitor disk and network traffic

Does anyone has an example on how to do this using p/invoke or native .NET code? all the code i had found so far is in C++ which is beyond my knowledge, i need something in C# or Vb.net

Any resources would be great as a starting point.

推荐答案

我在Microsoft网站看看是否有帮助.

这篇关于如何在.NET中使用ETW的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！