├── .gitattributes
├── .github
└── FUNDING.yml
├── .gitignore
├── LICENSE
├── ProcMonX.sln
├── ProcMonX
├── App.config
├── App.xaml
├── App.xaml.cs
├── Controls
│ ├── MultiStyleTextBlock.xaml
│ ├── MultiStyleTextBlock.xaml.cs
│ ├── OKCancel.xaml
│ └── OKCancel.xaml.cs
├── Converters
│ ├── BooleanToImageConverter.cs
│ ├── EventTypeToIconConverter.cs
│ └── ToolbarIconConverter.cs
├── Extensions
│ └── IconProperties.cs
├── Icons
│ ├── Category
│ │ ├── Alpc.ico
│ │ ├── Driver.ico
│ │ ├── FileMapping.ico
│ │ ├── Files.ico
│ │ ├── Modules.ico
│ │ ├── Network.ico
│ │ ├── disk.ico
│ │ ├── memory.ico
│ │ ├── processes.ico
│ │ ├── registry.ico
│ │ └── threads.ico
│ ├── Disabled
│ │ ├── Copy.ico
│ │ ├── Pause.ico
│ │ ├── Play.ico
│ │ └── Stop.ico
│ ├── Events
│ │ ├── AlpcReceiveMessage.ico
│ │ ├── AlpcSendMessage.ico
│ │ ├── AlpcWaitForNewMessage.ico
│ │ ├── AlpcWaitForReply.ico
│ │ ├── DiskRead.ico
│ │ ├── DiskWrite.ico
│ │ ├── DriverMajorFunctionCall.ico
│ │ ├── FileClose.ico
│ │ ├── FileCreate.ico
│ │ ├── FileDelete.ico
│ │ ├── FileFlush.ico
│ │ ├── FileMap.ico
│ │ ├── FileMapDCStart.ico
│ │ ├── FileMapDCStop.ico
│ │ ├── FileRead.ico
│ │ ├── FileRename.ico
│ │ ├── FileUnmap.ico
│ │ ├── FileWrite.ico
│ │ ├── ImageLoad.ico
│ │ ├── ImageUnload.ico
│ │ ├── MemoryAlloc.ico
│ │ ├── MemoryFree.ico
│ │ ├── ModuleDCLoad.ico
│ │ ├── ModuleDCUnload.ico
│ │ ├── ModuleLoad.ico
│ │ ├── ModuleUnload.ico
│ │ ├── ProcessDCStart.ico
│ │ ├── ProcessStart.ico
│ │ ├── ProcessStop.ico
│ │ ├── RegistryCreateKey.ico
│ │ ├── RegistryDeleteKey.ico
│ │ ├── RegistryDeleteValue.ico
│ │ ├── RegistryEnumerateKey.ico
│ │ ├── RegistryEnumerateValues.ico
│ │ ├── RegistryFlush.ico
│ │ ├── RegistryOpenKey.ico
│ │ ├── RegistryQueryMultipleValues.ico
│ │ ├── RegistryQueryValue.ico
│ │ ├── RegistrySetValue.ico
│ │ ├── TcpIpAccept.ico
│ │ ├── TcpIpConnect.ico
│ │ ├── TcpIpDisconnect.ico
│ │ ├── TcpIpReceive.ico
│ │ ├── TcpIpReceiveIPv6.ico
│ │ ├── TcpIpSend.ico
│ │ ├── TcpIpSendIPv6.ico
│ │ ├── ThreadDCStart.ico
│ │ ├── ThreadExists.ico
│ │ ├── ThreadStart.ico
│ │ ├── ThreadStop.ico
│ │ ├── VirtualAllocDCStart.ico
│ │ ├── VirtualAllocDCStop.ico
│ │ ├── computer_network-link.ico
│ │ ├── hardware-ok.ico
│ │ ├── link_network.ico
│ │ ├── link_network_green_green.ico
│ │ └── source_code-info.ico
│ ├── Hot
│ │ ├── Alpc.ico
│ │ ├── Copy.ico
│ │ ├── Files.ico
│ │ ├── Module.ico
│ │ ├── Network.ico
│ │ ├── Pause.ico
│ │ ├── Play.ico
│ │ ├── Stop.ico
│ │ ├── event.ico
│ │ ├── memory.ico
│ │ ├── processes.ico
│ │ ├── registry.ico
│ │ └── threads.ico
│ ├── Normal
│ │ ├── Alpc.ico
│ │ ├── Copy.ico
│ │ ├── Event.ico
│ │ ├── Files.ico
│ │ ├── Module.ico
│ │ ├── Network.ico
│ │ ├── Pause.ico
│ │ ├── Play.ico
│ │ ├── Stop.ico
│ │ ├── autoscroll.ico
│ │ ├── clear.ico
│ │ ├── delete.ico
│ │ ├── filter-add.ico
│ │ ├── filter-delete.ico
│ │ ├── filter-info.ico
│ │ ├── find.ico
│ │ ├── memory.ico
│ │ ├── ok.ico
│ │ ├── open.ico
│ │ ├── processes.ico
│ │ ├── registry.ico
│ │ ├── save.ico
│ │ ├── select_all.ico
│ │ ├── select_none.ico
│ │ └── threads.ico
│ ├── Tabs
│ │ ├── Alpc.ico
│ │ ├── Files.ico
│ │ ├── Image.ico
│ │ ├── Network.ico
│ │ ├── camera.ico
│ │ ├── close.ico
│ │ ├── event.ico
│ │ ├── filter.ico
│ │ ├── memory.ico
│ │ ├── processes.ico
│ │ ├── registry.ico
│ │ └── threads.ico
│ ├── app.ico
│ ├── cancel.ico
│ └── ok.ico
├── MainWindow.xaml
├── MainWindow.xaml.cs
├── Models
│ ├── AppOptions.cs
│ ├── CaptureSettings.cs
│ ├── EventData.cs
│ ├── EventInfo.cs
│ ├── Events.cs
│ ├── Options.cs
│ └── VirtualAllocFlags.cs
├── ProcMonX.csproj
├── Properties
│ ├── AssemblyInfo.cs
│ ├── Resources.Designer.cs
│ ├── Resources.resx
│ ├── Settings.Designer.cs
│ └── Settings.settings
├── Resources
│ ├── Styles.xaml
│ └── Templates.xaml
├── TraceEvent.ReadMe.txt
├── TraceEvent.ReleaseNotes.txt
├── Tracing
│ ├── FilterFactory.cs
│ ├── Filters
│ │ ├── ProcessIdFilter.cs
│ │ └── ProcessNameFilter.cs
│ ├── IFilterRule.cs
│ ├── TraceEventFilter.cs
│ ├── TraceFilter.cs
│ └── TraceManager.cs
├── ViewModels
│ ├── CaptureViewModel.cs
│ ├── CapturesViewModel.cs
│ ├── CategoryViewModel.cs
│ ├── EventCategories
│ │ └── ProcessTraceEventViewModel.cs
│ ├── EventTypeViewModel.cs
│ ├── EventViewModel.cs
│ ├── EventsTabViewModel.cs
│ ├── FilterDialogViewModelBase.cs
│ ├── FilterRuleViewModel.cs
│ ├── FilterTypeViewModel.cs
│ ├── Filters
│ │ ├── ProcessIdsFilterViewModel.cs
│ │ └── ProcessNamesFilterViewModel.cs
│ ├── MainViewModel.cs
│ ├── TabItemViewModelBase.cs
│ ├── TabViewModelBase.cs
│ ├── Tabs
│ │ ├── CaptureFilterViewModel.cs
│ │ ├── CaptureViewModel.cs
│ │ ├── EventsViewModel.cs
│ │ └── ProcessesViewModel.cs
│ └── TraceEventDataViewModel.cs
├── Views
│ ├── CaptureView.xaml
│ ├── CaptureView.xaml.cs
│ ├── CapturesView.xaml
│ ├── CapturesView.xaml.cs
│ ├── EventsTabView.xaml
│ ├── EventsTabView.xaml.cs
│ ├── FilterDialogWindow.xaml
│ ├── FilterDialogWindow.xaml.cs
│ ├── Filters
│ │ ├── ProcessNamesFilterView.xaml
│ │ └── ProcessNamesFilterView.xaml.cs
│ ├── MainView.xaml
│ ├── MainView.xaml.cs
│ └── Tabs
│ │ ├── CaptureFilterView.xaml
│ │ ├── CaptureFilterView.xaml.cs
│ │ ├── CaptureView.xaml
│ │ ├── CaptureView.xaml.cs
│ │ ├── EventsView.xaml
│ │ ├── EventsView.xaml.cs
│ │ ├── ProcessesView.xaml
│ │ └── ProcessesView.xaml.cs
├── _TraceEventProgrammersGuide.docx
├── app.manifest
└── packages.config
├── README.md
└── procmonx1.PNG
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.github/FUNDING.yml:
--------------------------------------------------------------------------------
1 | # These are supported funding model platforms
2 |
3 | github: zodiacon
4 | patreon: zodiacon
5 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | x64/
19 | x86/
20 | bld/
21 | [Bb]in/
22 | [Oo]bj/
23 | [Ll]og/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | project.fragment.lock.json
46 | artifacts/
47 |
48 | *_i.c
49 | *_p.c
50 | *_i.h
51 | *.ilk
52 | *.meta
53 | *.obj
54 | *.pch
55 | *.pdb
56 | *.pgc
57 | *.pgd
58 | *.rsp
59 | *.sbr
60 | *.tlb
61 | *.tli
62 | *.tlh
63 | *.tmp
64 | *.tmp_proj
65 | *.log
66 | *.vspscc
67 | *.vssscc
68 | .builds
69 | *.pidb
70 | *.svclog
71 | *.scc
72 |
73 | # Chutzpah Test files
74 | _Chutzpah*
75 |
76 | # Visual C++ cache files
77 | ipch/
78 | *.aps
79 | *.ncb
80 | *.opendb
81 | *.opensdf
82 | *.sdf
83 | *.cachefile
84 | *.VC.db
85 | *.VC.VC.opendb
86 |
87 | # Visual Studio profiler
88 | *.psess
89 | *.vsp
90 | *.vspx
91 | *.sap
92 |
93 | # TFS 2012 Local Workspace
94 | $tf/
95 |
96 | # Guidance Automation Toolkit
97 | *.gpState
98 |
99 | # ReSharper is a .NET coding add-in
100 | _ReSharper*/
101 | *.[Rr]e[Ss]harper
102 | *.DotSettings.user
103 |
104 | # JustCode is a .NET coding add-in
105 | .JustCode
106 |
107 | # TeamCity is a build add-in
108 | _TeamCity*
109 |
110 | # DotCover is a Code Coverage Tool
111 | *.dotCover
112 |
113 | # NCrunch
114 | _NCrunch_*
115 | .*crunch*.local.xml
116 | nCrunchTemp_*
117 |
118 | # MightyMoose
119 | *.mm.*
120 | AutoTest.Net/
121 |
122 | # Web workbench (sass)
123 | .sass-cache/
124 |
125 | # Installshield output folder
126 | [Ee]xpress/
127 |
128 | # DocProject is a documentation generator add-in
129 | DocProject/buildhelp/
130 | DocProject/Help/*.HxT
131 | DocProject/Help/*.HxC
132 | DocProject/Help/*.hhc
133 | DocProject/Help/*.hhk
134 | DocProject/Help/*.hhp
135 | DocProject/Help/Html2
136 | DocProject/Help/html
137 |
138 | # Click-Once directory
139 | publish/
140 |
141 | # Publish Web Output
142 | *.[Pp]ublish.xml
143 | *.azurePubxml
144 | # TODO: Comment the next line if you want to checkin your web deploy settings
145 | # but database connection strings (with potential passwords) will be unencrypted
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
150 | # checkin your Azure Web App publish settings, but sensitive information contained
151 | # in these scripts will be unencrypted
152 | PublishScripts/
153 |
154 | # NuGet Packages
155 | *.nupkg
156 | # The packages folder can be ignored because of Package Restore
157 | **/packages/*
158 | # except build/, which is used as an MSBuild target.
159 | !**/packages/build/
160 | # Uncomment if necessary however generally it will be regenerated when needed
161 | #!**/packages/repositories.config
162 | # NuGet v3's project.json files produces more ignoreable files
163 | *.nuget.props
164 | *.nuget.targets
165 |
166 | # Microsoft Azure Build Output
167 | csx/
168 | *.build.csdef
169 |
170 | # Microsoft Azure Emulator
171 | ecf/
172 | rcf/
173 |
174 | # Windows Store app package directories and files
175 | AppPackages/
176 | BundleArtifacts/
177 | Package.StoreAssociation.xml
178 | _pkginfo.txt
179 |
180 | # Visual Studio cache files
181 | # files ending in .cache can be ignored
182 | *.[Cc]ache
183 | # but keep track of directories ending in .cache
184 | !*.[Cc]ache/
185 |
186 | # Others
187 | ClientBin/
188 | ~$*
189 | *~
190 | *.dbmdl
191 | *.dbproj.schemaview
192 | *.jfm
193 | *.pfx
194 | *.publishsettings
195 | node_modules/
196 | orleans.codegen.cs
197 |
198 | # Since there are multiple workflows, uncomment next line to ignore bower_components
199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
200 | #bower_components/
201 |
202 | # RIA/Silverlight projects
203 | Generated_Code/
204 |
205 | # Backup & report files from converting an old project file
206 | # to a newer Visual Studio version. Backup files are not needed,
207 | # because we have git ;-)
208 | _UpgradeReport_Files/
209 | Backup*/
210 | UpgradeLog*.XML
211 | UpgradeLog*.htm
212 |
213 | # SQL Server files
214 | *.mdf
215 | *.ldf
216 |
217 | # Business Intelligence projects
218 | *.rdl.data
219 | *.bim.layout
220 | *.bim_*.settings
221 |
222 | # Microsoft Fakes
223 | FakesAssemblies/
224 |
225 | # GhostDoc plugin setting file
226 | *.GhostDoc.xml
227 |
228 | # Node.js Tools for Visual Studio
229 | .ntvs_analysis.dat
230 |
231 | # Visual Studio 6 build log
232 | *.plg
233 |
234 | # Visual Studio 6 workspace options file
235 | *.opt
236 |
237 | # Visual Studio LightSwitch build output
238 | **/*.HTMLClient/GeneratedArtifacts
239 | **/*.DesktopClient/GeneratedArtifacts
240 | **/*.DesktopClient/ModelManifest.xml
241 | **/*.Server/GeneratedArtifacts
242 | **/*.Server/ModelManifest.xml
243 | _Pvt_Extensions
244 |
245 | # Paket dependency manager
246 | .paket/paket.exe
247 | paket-files/
248 |
249 | # FAKE - F# Make
250 | .fake/
251 |
252 | # JetBrains Rider
253 | .idea/
254 | *.sln.iml
255 |
256 | # CodeRush
257 | .cr/
258 |
259 | # Python Tools for Visual Studio (PTVS)
260 | __pycache__/
261 | *.pyc
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | MIT License
2 |
3 | Copyright (c) 2019 Pavel Yosifovich
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/ProcMonX.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.27130.2020
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProcMonX", "ProcMonX\ProcMonX.csproj", "{650EAFAA-C6D7-4CD4-A715-6963F07FBE5A}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {650EAFAA-C6D7-4CD4-A715-6963F07FBE5A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {650EAFAA-C6D7-4CD4-A715-6963F07FBE5A}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {650EAFAA-C6D7-4CD4-A715-6963F07FBE5A}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {650EAFAA-C6D7-4CD4-A715-6963F07FBE5A}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {6A59F7C2-80BA-4F12-B5D6-68F3638FE6A3}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/ProcMonX/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
--------------------------------------------------------------------------------
/ProcMonX/App.xaml:
--------------------------------------------------------------------------------
1 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/ProcMonX/App.xaml.cs:
--------------------------------------------------------------------------------
1 | using ProcMonX.ViewModels;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Configuration;
5 | using System.Data;
6 | using System.Linq;
7 | using System.Threading.Tasks;
8 | using System.Windows;
9 | using Zodiacon.WPF;
10 |
11 | namespace ProcMonX {
12 | ///
13 | /// Interaction logic for App.xaml
14 | ///
15 | public partial class App : Application {
16 | public const string Title = "Process Monitor X";
17 |
18 | public App() {
19 | DispatcherUnhandledException += App_DispatcherUnhandledException;
20 | AppDomain.CurrentDomain.UnhandledException += CurrentDomain_UnhandledException;
21 | }
22 |
23 | private void CurrentDomain_UnhandledException(object sender, UnhandledExceptionEventArgs e) {
24 | ShowFatalError((Exception)e.ExceptionObject);
25 | Shutdown(1);
26 | }
27 |
28 | private void ShowFatalError(Exception ex) {
29 | MessageBox.Show($"Fatal error: {ex.Message}.\n{ex.StackTrace}", Title);
30 | }
31 |
32 | private void App_DispatcherUnhandledException(object sender, System.Windows.Threading.DispatcherUnhandledExceptionEventArgs e) {
33 | ShowFatalError(e.Exception);
34 | }
35 |
36 | protected override void OnStartup(StartupEventArgs e) {
37 | base.OnStartup(e);
38 |
39 | var ui = new UIServicesDefaults();
40 | var vm = new MainViewModel(ui);
41 | var win = new MainWindow();
42 | ui.MessageBoxService.SetOwner(win);
43 | win.DataContext = vm;
44 | win.Show();
45 | }
46 |
47 | }
48 | }
49 |
--------------------------------------------------------------------------------
/ProcMonX/Controls/MultiStyleTextBlock.xaml:
--------------------------------------------------------------------------------
1 |
8 |
9 |
10 |
11 |
12 |
--------------------------------------------------------------------------------
/ProcMonX/Controls/MultiStyleTextBlock.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Navigation;
14 | using System.Windows.Shapes;
15 |
16 | namespace ProcMonX.Controls {
17 | ///
18 | /// Interaction logic for MultiStyleTextBlock.xaml
19 | ///
20 | public partial class MultiStyleTextBlock {
21 | public MultiStyleTextBlock() {
22 | InitializeComponent();
23 | }
24 |
25 | public string Separator {
26 | get { return (string)GetValue(SeparatorProperty); }
27 | set { SetValue(SeparatorProperty, value); }
28 | }
29 |
30 | public static readonly DependencyProperty SeparatorProperty =
31 | DependencyProperty.Register(nameof(Separator), typeof(string), typeof(MultiStyleTextBlock), new PropertyMetadata(";;"));
32 |
33 |
34 | public string Text {
35 | get { return (string)GetValue(TextProperty); }
36 | set { SetValue(TextProperty, value); }
37 | }
38 |
39 | public static readonly DependencyProperty TextProperty =
40 | DependencyProperty.Register(nameof(Text), typeof(string), typeof(MultiStyleTextBlock), new PropertyMetadata(null, (s, e) => ((MultiStyleTextBlock)s).OnTextChanged(e)));
41 |
42 | private void OnTextChanged(DependencyPropertyChangedEventArgs e) {
43 | _textBlock.Inlines.Clear();
44 | if (e.NewValue == null)
45 | return;
46 |
47 | var substrings = ((string)e.NewValue).Split(new string[] { Separator }, StringSplitOptions.RemoveEmptyEntries);
48 | bool normal = true;
49 | foreach (var str in substrings) {
50 | var run = new Run(str) { FontWeight = normal ? FontWeights.Normal : FontWeights.Bold };
51 | if (!string.IsNullOrWhiteSpace(str))
52 | normal = !normal;
53 | _textBlock.Inlines.Add(run);
54 | }
55 | }
56 | }
57 | }
58 |
--------------------------------------------------------------------------------
/ProcMonX/Controls/OKCancel.xaml:
--------------------------------------------------------------------------------
1 |
8 |
14 |
15 |
21 |
22 |
--------------------------------------------------------------------------------
/ProcMonX/Controls/OKCancel.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Navigation;
14 | using System.Windows.Shapes;
15 |
16 | namespace ProcMonX.Controls {
17 | ///
18 | /// Interaction logic for OKCancel.xaml
19 | ///
20 | public partial class OKCancel {
21 | public OKCancel() {
22 | InitializeComponent();
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/ProcMonX/Converters/BooleanToImageConverter.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Globalization;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using System.Windows.Data;
8 |
9 | namespace ProcMonX.Converters {
10 | class BooleanToImageConverter : IValueConverter {
11 | public string TrueImage { get; set; }
12 | public string FalseImage { get; set; }
13 |
14 | public object Convert(object value, Type targetType, object parameter, CultureInfo culture) {
15 | return (bool)value ? TrueImage : FalseImage;
16 | }
17 |
18 | public object ConvertBack(object value, Type targetType, object parameter, CultureInfo culture) {
19 | throw new NotImplementedException();
20 | }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/ProcMonX/Converters/EventTypeToIconConverter.cs:
--------------------------------------------------------------------------------
1 | using ProcMonX.ViewModels;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Globalization;
5 | using System.Linq;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 | using System.Windows.Data;
9 |
10 | namespace ProcMonX.Converters {
11 | sealed class EventTypeToIconConverter : IValueConverter {
12 | public object Convert(object value, Type targetType, object parameter, CultureInfo culture) {
13 | if (value == null)
14 | return Binding.DoNothing;
15 |
16 | return string.Intern($"/icons/events/{((TraceEventDataViewModel)value).Type.ToString()}.ico");
17 | }
18 |
19 | public object ConvertBack(object value, Type targetType, object parameter, CultureInfo culture) {
20 | throw new NotImplementedException();
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/ProcMonX/Converters/ToolbarIconConverter.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Globalization;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using System.Windows.Data;
8 |
9 | namespace ProcMonX.Converters {
10 | class ToolbarIconConverter : IValueConverter {
11 | public object Convert(object value, Type targetType, object parameter, CultureInfo culture) {
12 | var icon = (string)value;
13 | switch (parameter.ToString()) {
14 | case "normal": return $"/icons/normal/{icon}.ico";
15 | case "hot": return $"/icons/hot/{icon}.ico";
16 | case "disabled": return $"/icons/disabled/{icon}.ico";
17 | }
18 |
19 | return Binding.DoNothing;
20 | }
21 |
22 | public object ConvertBack(object value, Type targetType, object parameter, CultureInfo culture) {
23 | throw new NotImplementedException();
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/ProcMonX/Extensions/IconProperties.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 |
8 | namespace ProcMonX.Extensions {
9 | static class IconProperties {
10 | public static string GetIcon(DependencyObject obj) {
11 | return (string)obj.GetValue(IconProperty);
12 | }
13 |
14 | public static void SetIcon(DependencyObject obj, string value) {
15 | obj.SetValue(IconProperty, value);
16 | }
17 |
18 | public static readonly DependencyProperty IconProperty =
19 | DependencyProperty.RegisterAttached("Icon", typeof(string), typeof(IconProperties), new PropertyMetadata(null));
20 |
21 |
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/Alpc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/Alpc.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/Driver.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/Driver.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/FileMapping.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/FileMapping.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/Files.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/Files.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/Modules.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/Modules.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/Network.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/Network.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/disk.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/disk.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/memory.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/memory.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/processes.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/processes.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/registry.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/registry.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Category/threads.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Category/threads.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Disabled/Copy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Disabled/Copy.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Disabled/Pause.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Disabled/Pause.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Disabled/Play.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Disabled/Play.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Disabled/Stop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Disabled/Stop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/AlpcReceiveMessage.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/AlpcReceiveMessage.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/AlpcSendMessage.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/AlpcSendMessage.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/AlpcWaitForNewMessage.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/AlpcWaitForNewMessage.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/AlpcWaitForReply.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/AlpcWaitForReply.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/DiskRead.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/DiskRead.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/DiskWrite.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/DiskWrite.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/DriverMajorFunctionCall.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/DriverMajorFunctionCall.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileClose.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileClose.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileCreate.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileCreate.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileDelete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileDelete.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileFlush.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileFlush.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileMap.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileMap.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileMapDCStart.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileMapDCStart.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileMapDCStop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileMapDCStop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileRead.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileRead.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileRename.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileRename.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileUnmap.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileUnmap.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/FileWrite.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/FileWrite.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ImageLoad.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ImageLoad.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ImageUnload.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ImageUnload.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/MemoryAlloc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/MemoryAlloc.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/MemoryFree.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/MemoryFree.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ModuleDCLoad.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ModuleDCLoad.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ModuleDCUnload.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ModuleDCUnload.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ModuleLoad.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ModuleLoad.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ModuleUnload.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ModuleUnload.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ProcessDCStart.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ProcessDCStart.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ProcessStart.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ProcessStart.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ProcessStop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ProcessStop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryCreateKey.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryCreateKey.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryDeleteKey.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryDeleteKey.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryDeleteValue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryDeleteValue.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryEnumerateKey.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryEnumerateKey.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryEnumerateValues.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryEnumerateValues.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryFlush.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryFlush.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryOpenKey.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryOpenKey.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryQueryMultipleValues.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryQueryMultipleValues.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistryQueryValue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistryQueryValue.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/RegistrySetValue.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/RegistrySetValue.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpAccept.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpAccept.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpConnect.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpConnect.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpDisconnect.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpDisconnect.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpReceive.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpReceive.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpReceiveIPv6.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpReceiveIPv6.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpSend.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpSend.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/TcpIpSendIPv6.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/TcpIpSendIPv6.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ThreadDCStart.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ThreadDCStart.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ThreadExists.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ThreadExists.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ThreadStart.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ThreadStart.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/ThreadStop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/ThreadStop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/VirtualAllocDCStart.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/VirtualAllocDCStart.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/VirtualAllocDCStop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/VirtualAllocDCStop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/computer_network-link.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/computer_network-link.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/hardware-ok.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/hardware-ok.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/link_network.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/link_network.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/link_network_green_green.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/link_network_green_green.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Events/source_code-info.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Events/source_code-info.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Alpc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Alpc.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Copy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Copy.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Files.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Files.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Module.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Module.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Network.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Network.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Pause.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Pause.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Play.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Play.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/Stop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/Stop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/event.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/event.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/memory.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/memory.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/processes.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/processes.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/registry.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/registry.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Hot/threads.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Hot/threads.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Alpc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Alpc.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Copy.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Copy.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Event.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Event.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Files.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Files.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Module.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Module.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Network.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Network.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Pause.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Pause.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Play.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Play.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/Stop.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/Stop.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/autoscroll.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/autoscroll.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/clear.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/clear.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/delete.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/filter-add.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/filter-add.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/filter-delete.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/filter-delete.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/filter-info.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/filter-info.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/find.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/find.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/memory.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/memory.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/ok.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/ok.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/open.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/open.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/processes.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/processes.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/registry.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/registry.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/save.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/save.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/select_all.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/select_all.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/select_none.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/select_none.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Normal/threads.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Normal/threads.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/Alpc.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/Alpc.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/Files.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/Files.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/Image.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/Image.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/Network.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/Network.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/camera.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/camera.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/close.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/close.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/event.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/event.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/filter.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/filter.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/memory.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/memory.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/processes.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/processes.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/registry.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/registry.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/Tabs/threads.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/Tabs/threads.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/app.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/app.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/cancel.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/cancel.ico
--------------------------------------------------------------------------------
/ProcMonX/Icons/ok.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/zodiacon/ProcMonX/928fbc57bde33f6ffc35d05f65df26876a0b3439/ProcMonX/Icons/ok.ico
--------------------------------------------------------------------------------
/ProcMonX/MainWindow.xaml:
--------------------------------------------------------------------------------
1 |
12 |
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/ProcMonX/MainWindow.xaml.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using System.Windows;
7 | using System.Windows.Controls;
8 | using System.Windows.Data;
9 | using System.Windows.Documents;
10 | using System.Windows.Input;
11 | using System.Windows.Media;
12 | using System.Windows.Media.Imaging;
13 | using System.Windows.Navigation;
14 | using System.Windows.Shapes;
15 |
16 | namespace ProcMonX {
17 | ///
18 | /// Interaction logic for MainWindow.xaml
19 | ///
20 | public partial class MainWindow {
21 | public MainWindow() {
22 | InitializeComponent();
23 | }
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/ProcMonX/Models/AppOptions.cs:
--------------------------------------------------------------------------------
1 | using Prism.Mvvm;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using System.Windows;
8 |
9 | namespace ProcMonX.Models {
10 | public class AppOptions : BindableBase {
11 | private bool _alwaysOnTop;
12 |
13 | public bool AlwaysOnTop {
14 | get { return _alwaysOnTop; }
15 | set { SetProperty(ref _alwaysOnTop, value); }
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/ProcMonX/Models/CaptureSettings.cs:
--------------------------------------------------------------------------------
1 | using ProcMonX.Tracing;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Collections.ObjectModel;
5 | using System.Linq;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 |
9 | namespace ProcMonX.Models {
10 | class CaptureSettings {
11 | ObservableCollection _eventTypes = new ObservableCollection {
12 | EventType.ProcessStart, EventType.ProcessStop, EventType.ModuleLoad, EventType.ModuleUnload
13 | };
14 |
15 | public IList EventTypes => _eventTypes;
16 |
17 | public TraceFilter Filter { get; set; }
18 |
19 | public string Name { get; set; } = "Capture1";
20 | public string FileName { get; set; }
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/ProcMonX/Models/EventData.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 |
7 | namespace ProcMonX.Models {
8 | public sealed class EventData {
9 | public int Index { get; set; }
10 | public DateTime Time { get; set; }
11 | public string EventType { get; set; }
12 | public string Category { get; set; }
13 | public int ProcessId { get; set; }
14 | public string ProcessName { get; set; }
15 | public int? ThreadId { get; set; }
16 | public int CPU { get; set; }
17 | public string Opcode { get; set; }
18 | public string Details { get; set; }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/ProcMonX/Models/EventInfo.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 | using Microsoft.Diagnostics.Tracing.Parsers;
7 |
8 | namespace ProcMonX.Models {
9 |
10 | enum EventType {
11 | None,
12 | ProcessStart = 100, ProcessStop, ProcessDCStart, ProcessDCStop,
13 | ThreadStart = 200, ThreadStop, ThreadDCStart, ThreadDCStop,
14 | MemoryAlloc = 300, MemoryFree,
15 | RegistryOpenKey = 400, RegistryQueryValue, RegistrySetValue, RegistryCreateKey,
16 | RegistryCloseKey, RegistryEnumerateKey, RegistryEnumerateValues, RegistryFlush,
17 | RegistryDeleteKey, RegistryDeleteValue,
18 | AlpcSendMessage = 500, AlpcReceiveMessage,
19 | ModuleLoad = 600, ModuleUnload,
20 | FileRead = 700, FileWrite, FileCreate, FileRename, FileDelete, FileQueryInfo,
21 | DiskRead = 800, DiskWrite,
22 | }
23 |
24 | enum EventCategory {
25 | None,
26 | Processes,
27 | Threads,
28 | Registry,
29 | Files,
30 | Modules,
31 | ALPC,
32 | Network,
33 | Driver,
34 | Memory,
35 | }
36 |
37 | class EventInfo {
38 | public EventType EventType { get; private set; }
39 | public string AsString { get; private set; }
40 | public KernelTraceEventParser.Keywords Keyword { get; private set; }
41 |
42 | public EventCategory Category { get; private set; }
43 |
44 | public static readonly IReadOnlyList AllEvents =
45 | new List {
46 | new EventInfo {
47 | EventType = EventType.ProcessStart,
48 | AsString = "Process Start",
49 | Keyword = KernelTraceEventParser.Keywords.Process,
50 | Category = EventCategory.Processes
51 | },
52 | new EventInfo {
53 | EventType = EventType.ProcessDCStart,
54 | AsString = "Process DC Start",
55 | Keyword = KernelTraceEventParser.Keywords.Process,
56 | Category = EventCategory.Processes
57 | },
58 | new EventInfo {
59 | EventType = EventType.ProcessStop,
60 | AsString = "Process Stop",
61 | Keyword = KernelTraceEventParser.Keywords.Process,
62 | Category = EventCategory.Processes
63 | },
64 | new EventInfo {
65 | EventType = EventType.ThreadStart,
66 | AsString = "Thread Start",
67 | Keyword = KernelTraceEventParser.Keywords.Thread,
68 | Category = EventCategory.Threads
69 | },
70 | new EventInfo {
71 | EventType = EventType.ThreadDCStart,
72 | AsString = "Thread DC Start",
73 | Keyword = KernelTraceEventParser.Keywords.Thread,
74 | Category = EventCategory.Threads
75 | },
76 | new EventInfo {
77 | EventType = EventType.ThreadStop,
78 | AsString = "Thread Stop",
79 | Keyword = KernelTraceEventParser.Keywords.Thread,
80 | Category = EventCategory.Threads
81 | },
82 | new EventInfo {
83 | EventType = EventType.RegistryOpenKey,
84 | AsString = "Registry Open",
85 | Keyword = KernelTraceEventParser.Keywords.Registry,
86 | Category = EventCategory.Registry
87 | },
88 | new EventInfo {
89 | EventType = EventType.RegistryCreateKey,
90 | AsString = "Registry Create Key",
91 | Keyword = KernelTraceEventParser.Keywords.Registry,
92 | Category = EventCategory.Registry
93 | },
94 | new EventInfo {
95 | EventType = EventType.RegistryQueryValue,
96 | AsString = "Registry Query Value",
97 | Keyword = KernelTraceEventParser.Keywords.Registry,
98 | Category = EventCategory.Registry
99 | },
100 | new EventInfo {
101 | EventType = EventType.RegistryEnumerateKey,
102 | AsString = "Registry Enumerate Keys",
103 | Keyword = KernelTraceEventParser.Keywords.Registry,
104 | Category = EventCategory.Registry
105 | },
106 | new EventInfo {
107 | EventType = EventType.RegistryEnumerateValues,
108 | AsString = "Registry Enumerate Values",
109 | Keyword = KernelTraceEventParser.Keywords.Registry,
110 | Category = EventCategory.Registry
111 | },
112 | new EventInfo {
113 | EventType = EventType.RegistrySetValue,
114 | AsString = "Registry Set Value",
115 | Keyword = KernelTraceEventParser.Keywords.Registry,
116 | Category = EventCategory.Registry
117 | },
118 | new EventInfo {
119 | EventType = EventType.RegistryFlush,
120 | AsString = "Registry Flush",
121 | Keyword = KernelTraceEventParser.Keywords.Registry,
122 | Category = EventCategory.Registry
123 | },
124 | new EventInfo {
125 | EventType = EventType.RegistryDeleteKey,
126 | AsString = "Registry Delete Key",
127 | Keyword = KernelTraceEventParser.Keywords.Registry,
128 | Category = EventCategory.Registry
129 | },
130 | new EventInfo {
131 | EventType = EventType.RegistryDeleteValue,
132 | AsString = "Registry Delete Value",
133 | Keyword = KernelTraceEventParser.Keywords.Registry,
134 | Category = EventCategory.Registry
135 | },
136 | new EventInfo {
137 | EventType = EventType.ModuleLoad,
138 | AsString = "Module Load",
139 | Keyword = KernelTraceEventParser.Keywords.ImageLoad,
140 | Category = EventCategory.Modules
141 | },
142 | new EventInfo {
143 | EventType = EventType.ModuleUnload,
144 | AsString = "Module Unload",
145 | Keyword = KernelTraceEventParser.Keywords.ImageLoad,
146 | Category = EventCategory.Modules
147 | },
148 | new EventInfo {
149 | EventType = EventType.AlpcSendMessage,
150 | AsString = "ALPC Send Message",
151 | Keyword = KernelTraceEventParser.Keywords.AdvancedLocalProcedureCalls,
152 | Category = EventCategory.ALPC
153 | },
154 | new EventInfo {
155 | EventType = EventType.AlpcReceiveMessage,
156 | AsString = "ALPC Receive Message",
157 | Keyword = KernelTraceEventParser.Keywords.AdvancedLocalProcedureCalls,
158 | Category = EventCategory.ALPC
159 | },
160 | new EventInfo {
161 | EventType = EventType.FileRead,
162 | AsString = "File Read",
163 | Keyword = KernelTraceEventParser.Keywords.FileIO | KernelTraceEventParser.Keywords.FileIOInit,
164 | Category = EventCategory.Files
165 | },
166 | new EventInfo {
167 | EventType = EventType.FileWrite,
168 | AsString = "File Write",
169 | Keyword = KernelTraceEventParser.Keywords.FileIO | KernelTraceEventParser.Keywords.FileIOInit,
170 | Category = EventCategory.Files
171 | },
172 | new EventInfo {
173 | EventType = EventType.FileCreate,
174 | AsString = "File Create",
175 | Keyword = KernelTraceEventParser.Keywords.FileIO | KernelTraceEventParser.Keywords.FileIOInit,
176 | Category = EventCategory.Files
177 | },
178 | new EventInfo {
179 | EventType = EventType.FileDelete,
180 | AsString = "File Delete",
181 | Keyword = KernelTraceEventParser.Keywords.FileIO | KernelTraceEventParser.Keywords.FileIOInit,
182 | Category = EventCategory.Files
183 | },
184 | new EventInfo {
185 | EventType = EventType.FileRename,
186 | AsString = "File Rename",
187 | Keyword = KernelTraceEventParser.Keywords.FileIO | KernelTraceEventParser.Keywords.FileIOInit,
188 | Category = EventCategory.Files
189 | },
190 | new EventInfo {
191 | EventType = EventType.MemoryAlloc,
192 | AsString = "Memory Allocate",
193 | Keyword = KernelTraceEventParser.Keywords.VirtualAlloc,
194 | Category = EventCategory.Memory
195 | },
196 | new EventInfo {
197 | EventType = EventType.MemoryFree,
198 | AsString = "Memory Free",
199 | Keyword = KernelTraceEventParser.Keywords.VirtualAlloc,
200 | Category = EventCategory.Memory
201 | },
202 | };
203 |
204 | public static readonly IDictionary AllEventsByType = AllEvents.ToDictionary(evt => evt.EventType);
205 | public static readonly IEnumerable> AllEventsByCategory = AllEvents.GroupBy(evt => evt.Category).OrderBy(g => g.Key.ToString()).ToList();
206 | }
207 | }
208 |
--------------------------------------------------------------------------------
/ProcMonX/Models/Options.cs:
--------------------------------------------------------------------------------
1 | using Prism.Mvvm;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace ProcMonX.Models {
9 | class Options : BindableBase {
10 | bool _alwaysOnTop;
11 |
12 | public bool AlwaysOnTop { get => _alwaysOnTop; set => SetProperty(ref _alwaysOnTop, value); }
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/ProcMonX/Models/VirtualAllocFlags.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 |
7 | namespace ProcMonX.Models {
8 | [Flags]
9 | enum VirtualAllocFlags : uint {
10 | Commit = 0x1000,
11 | Reserve = 0x2000,
12 | Reset = 0x80000,
13 | ResetUndo = 0x1000000,
14 | LargePages = 0x20000000,
15 | Physical = 0x400000,
16 | TopDown = 0x100000,
17 | WriteWatch = 0x200000,
18 | Release = 0x8000,
19 | Decommit = 0x4000
20 | }
21 | }
22 |
--------------------------------------------------------------------------------
/ProcMonX/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Resources;
3 | using System.Runtime.CompilerServices;
4 | using System.Runtime.InteropServices;
5 | using System.Windows;
6 |
7 | // General Information about an assembly is controlled through the following
8 | // set of attributes. Change these attribute values to modify the information
9 | // associated with an assembly.
10 | [assembly: AssemblyTitle("ProcMonX")]
11 | [assembly: AssemblyDescription("Process Monitor X")]
12 | [assembly: AssemblyConfiguration("")]
13 | [assembly: AssemblyCompany("Pavel Yosifovich")]
14 | [assembly: AssemblyProduct("ProcMonX")]
15 | [assembly: AssemblyCopyright("Copyright © 2018 by Pavel Yosifovich")]
16 | [assembly: AssemblyTrademark("")]
17 | [assembly: AssemblyCulture("")]
18 |
19 | // Setting ComVisible to false makes the types in this assembly not visible
20 | // to COM components. If you need to access a type in this assembly from
21 | // COM, set the ComVisible attribute to true on that type.
22 | [assembly: ComVisible(false)]
23 |
24 | //In order to begin building localizable applications, set
25 | //CultureYouAreCodingWith in your .csproj file
26 | //inside a . For example, if you are using US english
27 | //in your source files, set the to en-US. Then uncomment
28 | //the NeutralResourceLanguage attribute below. Update the "en-US" in
29 | //the line below to match the UICulture setting in the project file.
30 |
31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)]
32 |
33 |
34 | [assembly: ThemeInfo(
35 | ResourceDictionaryLocation.None, //where theme specific resource dictionaries are located
36 | //(used if a resource is not found in the page,
37 | // or application resource dictionaries)
38 | ResourceDictionaryLocation.SourceAssembly //where the generic resource dictionary is located
39 | //(used if a resource is not found in the page,
40 | // app, or any theme specific resource dictionaries)
41 | )]
42 |
43 |
44 | // Version information for an assembly consists of the following four values:
45 | //
46 | // Major Version
47 | // Minor Version
48 | // Build Number
49 | // Revision
50 | //
51 | // You can specify all the values or you can default the Build and Revision Numbers
52 | // by using the '*' as shown below:
53 | // [assembly: AssemblyVersion("1.0.*")]
54 | [assembly: AssemblyVersion("1.0.*")]
55 | [assembly: AssemblyFileVersion("1.0.0.0")]
56 |
--------------------------------------------------------------------------------
/ProcMonX/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace ProcMonX.Properties {
12 | using System;
13 |
14 |
15 | ///
16 | /// A strongly-typed resource class, for looking up localized strings, etc.
17 | ///
18 | // This class was auto-generated by the StronglyTypedResourceBuilder
19 | // class via a tool like ResGen or Visual Studio.
20 | // To add or remove a member, edit your .ResX file then rerun ResGen
21 | // with the /str option, or rebuild your VS project.
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "16.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | internal class Resources {
26 |
27 | private static global::System.Resources.ResourceManager resourceMan;
28 |
29 | private static global::System.Globalization.CultureInfo resourceCulture;
30 |
31 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
32 | internal Resources() {
33 | }
34 |
35 | ///
36 | /// Returns the cached ResourceManager instance used by this class.
37 | ///
38 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
39 | internal static global::System.Resources.ResourceManager ResourceManager {
40 | get {
41 | if (object.ReferenceEquals(resourceMan, null)) {
42 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("ProcMonX.Properties.Resources", typeof(Resources).Assembly);
43 | resourceMan = temp;
44 | }
45 | return resourceMan;
46 | }
47 | }
48 |
49 | ///
50 | /// Overrides the current thread's CurrentUICulture property for all
51 | /// resource lookups using this strongly typed resource class.
52 | ///
53 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
54 | internal static global::System.Globalization.CultureInfo Culture {
55 | get {
56 | return resourceCulture;
57 | }
58 | set {
59 | resourceCulture = value;
60 | }
61 | }
62 | }
63 | }
64 |
--------------------------------------------------------------------------------
/ProcMonX/Properties/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/ProcMonX/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace ProcMonX.Properties {
12 |
13 |
14 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
15 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "16.4.0.0")]
16 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
17 |
18 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
19 |
20 | public static Settings Default {
21 | get {
22 | return defaultInstance;
23 | }
24 | }
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/ProcMonX/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/ProcMonX/Resources/Styles.xaml:
--------------------------------------------------------------------------------
1 |
4 |
17 |
18 |
--------------------------------------------------------------------------------
/ProcMonX/Resources/Templates.xaml:
--------------------------------------------------------------------------------
1 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
--------------------------------------------------------------------------------
/ProcMonX/TraceEvent.ReadMe.txt:
--------------------------------------------------------------------------------
1 |
2 | ************* Welcome to the Microsoft.Diagnostics.Tracing.TraceEvent library! ***************
3 |
4 | This library is designed to make controlling and parsing Event Tracing for Windows (ETW) events easy.
5 | In particular if you are generating events with System.Diagnostics.Tracing.EventSource, this library
6 | makes it easy to process that data.
7 |
8 | ******** PROGRAMMERS GUIDE ********
9 |
10 | If you are new to TraceEvent, see the _TraceEventProgammersGuide.docx that was installed as part of
11 | your solution when this NuGet package was installed.
12 |
13 | ************ FEEDBACK *************
14 |
15 | If you have problems, wish to report a bug, or have a suggestion please log your comments on the
16 | .NET Runtime Framework Blog http://blogs.msdn.com/b/dotnet/ under the TraceEvent announcement.
17 |
18 | ********** RELEASE NOTES ***********
19 |
20 | If you are interested what particular features/bug fixes are in this particular version please
21 | see the TraceEvent.RelaseNotes.txt file that is part of this package. It also contains
22 | information about breaking changes (If you use the bcl.codeplex version in the past).
23 |
24 | ************* SAMPLES *************
25 |
26 | There is a companion NUGET package called Microsoft.Diagnostics.Tracing.TraceEvent.Samples. These
27 | are simple but well commented examples of how to use this library. To get the samples, it is best
28 | to simply create a new Console application, and then reference the Samples package from that App.
29 | The package's README.TXT file tell you how to run the samples.
30 |
31 | ************** BLOGS **************
32 |
33 | See http://blogs.msdn.com/b/vancem/archive/tags/traceevent/ for useful blog entries on using this
34 | package.
35 |
36 | *********** QUICK STARTS ***********
37 |
38 | The quick-starts below will get you going in a minimum of typing, but please see the WELL COMMENTED
39 | samples in the Samples NUGET package that describe important background and other common scenarios.
40 |
41 | **************************************************************************************************
42 | ******* Quick Start: Turning on the 'MyEventSource' EventSource and log to MyEventsFile.etl:
43 |
44 | using (var session = new TraceEventSession("SimpleMontitorSession", "MyEventsFile.etl")) // Sessions collect and control event providers. Here we send data to a file
45 | {
46 | var eventSourceGuid = TraceEventProviders.GetEventSourceGuidFromName("MyEventSource"); // Get the unique ID for the eventSouce.
47 | session.EnableProvider(eventSourceGuid); // Turn it on.
48 | Thread.Sleep(10000); // Collect for 10 seconds then stop.
49 | }
50 |
51 | **************************************************************************************************
52 | ******** Quick Start: Reading MyEventsFile.etl file and printing the events.
53 |
54 | using (var source = new ETWTraceEventSource("MyEtlFile.etl")) // Open the file
55 | {
56 | var parser = new DynamicTraceEventParser(source); // DynamicTraceEventParser knows about EventSourceEvents
57 | parser.All += delegate(TraceEvent data) // Set up a callback for every event that prints the event
58 | {
59 | Console.WriteLine("GOT EVENT: " + data.ToString()); // Print the event.
60 | };
61 | source.Process(); // Read the file, processing the callbacks.
62 | } // Close the file.
63 |
64 |
65 | *************************************************************************************************************
66 | ******** Quick Start: Turning on the 'MyEventSource', get callbacks in real time (no files involved).
67 |
68 | using (var session = new TraceEventSession("MyRealTimeSession")) // Create a session to listen for events
69 | {
70 | session.Source.Dynamic.All += delegate(TraceEvent data) // Set Source (stream of events) from session.
71 | { // Get dynamic parser (knows about EventSources)
72 | // Subscribe to all EventSource events
73 | Console.WriteLine("GOT Event " + data); // Print each message as it comes in
74 | };
75 |
76 | var eventSourceGuid = TraceEventProviders.GetEventSourceGuidFromName("MyEventSource"); // Get the unique ID for the eventSouce.
77 | session.EnableProvider(eventSourceGuid); // Enable MyEventSource.
78 | session.Source.Process(); // Wait for incoming events (forever).
79 | }
80 |
--------------------------------------------------------------------------------
/ProcMonX/TraceEvent.ReleaseNotes.txt:
--------------------------------------------------------------------------------
1 | Version 1.0.0.3 - Initial release to NuGet, pre-release.
2 |
3 | TraceEvent has been available from the site http://bcl.codeplex.com/wikipage?title=TraceEvent for some time now
4 | this NuGet Version of the library supersedes that one. WHile the 'core' part of the library is unchanged,
5 | we did change lesser used features, and change the namespace and DLL name, which will cause break. We anticipate
6 | it will take an hour or so to 'port' to this version from the old one. Below are specific details on what
7 | has changed to help in this port.
8 |
9 | * The DLL has been renamed from TraceEvent.dll to Microsoft.Diagnostics.Tracing.TraceEvent.dll
10 | * The name spaces for all classes have been changed. The easiest way to port is to simply place
11 | the following using clauses at the top of any file that uses TraceEvent classes
12 | using Microsoft.Diagnostics.Symbols;
13 | using Microsoft.Diagnostics.Tracing;
14 | using Microsoft.Diagnostics.Tracing.Etlx;
15 | using Microsoft.Diagnostics.Tracing.Parsers.Clr;
16 | using Microsoft.Diagnostics.Tracing.Parsers.Kernel;
17 | using Microsoft.Diagnostics.Tracing.Session;
18 | using Microsoft.Diagnostics.Tracing.Stacks;
19 | * Any method with the name RelMSec in it has been changed to be RelativeMSec. The easiest port is to
20 | simply globally rename RelMSec to RelativeMSec
21 | * Any property in the Trace* classes that has the form Max*Index has been renamed to Count.
22 | * A number of methods have been declared obsolete, these are mostly renames and the warning will tell you
23 | how to update them.
24 | * The following classes have been rename
25 | SymPath -> SymbolPath
26 | SymPathElement -> SymbolPathElement
27 | SymbolReaderFlags -> SymbolReaderOptions
28 | * TraceEventSession is now StopOnDispose (it will stop the session when TraceEventSesssion dies), by default
29 | If you were relying on the kernel session living past the process that started it, you must now set
30 | the StopOnDispose explicitly
31 | * There used to be XmlAttrib extensions methods on StringBuilder for use in manifest generated TraceEventParsers
32 | These have been moved to protected members of TraceEvent. The result is that in stead of writing
33 | sb.XmlAttrib(...) you write XmlAttrib(sb, ...)
34 | * References to Pdb in names have been replaced with 'Symbol' to conform to naming guidelines.
35 |
36 | ***********************************************************************************************
37 | Version 1.0.0.4 - Initial stable release
38 |
39 | Mostly this was insuring that the library was cleaned up in preparation
40 | for release the TraceParserGen tool
41 |
42 | Improved the docs, removed old code, fixed some naming convention stuff
43 |
44 | * Additional changes from the PreRelease copy to the first Stable release
45 |
46 | * The arguments to AddCallbackForProviderEvent were reversed!!!! (now provider than event)
47 | * The arguments to Observe(string, string)!!!! (now provider than event)
48 | * Event names for these APIs must include a / between the Task and Opcode names
49 |
50 | * Many Events in KernelTraceEventParser were harmonized to be consistent with other conventions
51 | * Events of the form PageFault* were typically renamed to Memory*
52 | * The 'End' suffix was renamed to 'Stop' (its official name)
53 | * PerfInfoSampleProf -> PerfInfoSample
54 | * PerfInfoSampleProf -> PerfInfoSample
55 | * ReadyThread -> DispatcherReadyThread
56 | * StackWalkTraceData -> StackWalkStackTraceData
57 | * FileIo -> FileIO
58 | * DiskIo -> DiskIO
59 |
60 | * Many Events in SymbolTraceEventParser were harmonized to be consistent with other conventions
61 | * names with Symbol -> ImageID
62 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/FilterFactory.cs:
--------------------------------------------------------------------------------
1 | using ProcMonX.Tracing.Filters;
2 | using ProcMonX.ViewModels;
3 | using ProcMonX.ViewModels.Filters;
4 | using ProcMonX.Views;
5 | using System;
6 | using System.Collections.Generic;
7 | using System.Diagnostics;
8 | using System.Linq;
9 | using System.Reflection;
10 | using System.Text;
11 | using System.Threading.Tasks;
12 | using Zodiacon.WPF;
13 |
14 | namespace ProcMonX.Tracing {
15 | static class FilterFactory {
16 | public static string GetRuleDetails(IFilterRule rule) {
17 | switch (rule) {
18 | case ProcessNameFilter filter:
19 | return $"Process Names: {string.Join(",", filter.Names)}";
20 |
21 | case ProcessIdFilter filter:
22 | return $"Process IDs: {string.Join(",", filter.Pids.Select(pid => pid.ToString()))} Include: {filter.Include}";
23 | }
24 | return string.Empty;
25 | }
26 |
27 | public static FilterTypeViewModel[] GetFilterTypes() {
28 | var filters = from type in Assembly.GetExecutingAssembly().GetTypes()
29 | let filterAttribute = type.GetCustomAttribute()
30 | where filterAttribute != null
31 | select new FilterTypeViewModel {
32 | Name = filterAttribute.Name,
33 | Type = type
34 | };
35 | return filters.ToArray();
36 | }
37 |
38 | public static FilterDialogViewModelBase CreateFilterDialog(FilterTypeViewModel type, IDialogService dialogService) {
39 | var viewModelType = type.Type.GetCustomAttribute().ViewModelType;
40 | if (viewModelType == null)
41 | return null; // not yet available
42 |
43 | var creator = dialogService.GetType();
44 | var method = creator.GetMethod("CreateDialog", new Type[] { typeof(object[]) });
45 | var createMethod = method.MakeGenericMethod(viewModelType, typeof(FilterDialogWindow));
46 | var vm = (FilterDialogViewModelBase) createMethod.Invoke(dialogService, new object[1] { new object[0] });
47 | return vm;
48 | }
49 |
50 | }
51 | }
52 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/Filters/ProcessIdFilter.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using Microsoft.Diagnostics.Tracing;
8 |
9 | namespace ProcMonX.Tracing.Filters {
10 | [DebuggerDisplay("Active: {IsActive} Include: {Include} Names: {Pids}")]
11 | [Filter("Process IDs")]
12 | sealed class ProcessIdFilter : IFilterRule {
13 | public int[] Pids { get; }
14 | public bool Include { get; set; }
15 |
16 | public string Name => "Process IDs";
17 |
18 | public bool IsActive { get; set; } = true;
19 |
20 | public ProcessIdFilter(bool include, params int[] pids) {
21 | Pids = pids;
22 | Include = include;
23 | }
24 |
25 | public FilterRuleResult Evaluate(TraceEvent evt) {
26 | if (!Pids.Contains(evt.ProcessID))
27 | return FilterRuleResult.Skip;
28 |
29 | return Include ? FilterRuleResult.Include : FilterRuleResult.Exclude;
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/Filters/ProcessNameFilter.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Diagnostics;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 | using Microsoft.Diagnostics.Tracing;
8 | using ProcMonX.ViewModels.Filters;
9 |
10 | namespace ProcMonX.Tracing.Filters {
11 | [DebuggerDisplay("Active: {IsActive} Include: {Include} Names: {Names}")]
12 | [Filter("Process Names", ViewModelType = typeof(ProcessNamesFilterViewModel))]
13 | class ProcessNameFilter : IFilterRule {
14 | public string[] Names { get; }
15 | public bool Include { get; set; }
16 |
17 | public bool IsActive { get; set; } = true;
18 |
19 | public ProcessNameFilter(bool include, params string[] names) {
20 | Names = names.Select(n => n.ToLower()).ToArray();
21 | Include = include;
22 | }
23 |
24 | public FilterRuleResult Evaluate(TraceEvent evt) {
25 | var processName = evt.ProcessName.ToLower();
26 | if (!Names.Contains(processName))
27 | return FilterRuleResult.Skip;
28 |
29 | return Include ? FilterRuleResult.Include : FilterRuleResult.Exclude;
30 | }
31 | }
32 | }
33 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/IFilterRule.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Diagnostics.Tracing;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace ProcMonX.Tracing {
9 | enum FilterRuleResult {
10 | Skip,
11 | Include,
12 | Exclude
13 | }
14 |
15 | enum CompareType {
16 | Equals,
17 | NotEquals,
18 | Contains,
19 | NotContains
20 | }
21 |
22 | interface IFilterRule {
23 | FilterRuleResult Evaluate(TraceEvent evt);
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/TraceEventFilter.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Diagnostics.Tracing;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Collections.ObjectModel;
5 | using System.Linq;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 |
9 | namespace ProcMonX.Tracing {
10 | enum FilterRuleResult {
11 | Skip,
12 | Include,
13 | Exclude
14 | }
15 |
16 | enum CompareType {
17 | Equals,
18 | NotEquals,
19 | Contains,
20 | NotContains
21 | }
22 |
23 | interface IFilterRule {
24 | FilterRuleResult Evaluate(TraceEvent evt);
25 | bool IsActive { get; set; }
26 | bool Include { get; set; }
27 | }
28 |
29 | [AttributeUsage(AttributeTargets.Class)]
30 | sealed class FilterAttribute : Attribute {
31 | public string Name { get; }
32 |
33 | public FilterAttribute(string name) {
34 | Name = name;
35 | }
36 |
37 | public string Description { get; set; }
38 | public Type ViewModelType { get; set; }
39 | }
40 |
41 | class TraceEventFilter {
42 | ObservableCollection _filterRules = new ObservableCollection();
43 |
44 | public FilterRuleResult DefaultResult { get; set; } = FilterRuleResult.Exclude;
45 |
46 | public IList FilterRules => _filterRules;
47 |
48 | public virtual FilterRuleResult EvaluateEvent(TraceEvent evt) {
49 | if (FilterRules.Count == 0)
50 | return FilterRuleResult.Include;
51 |
52 | foreach (var rule in FilterRules) {
53 | if (rule.IsActive) {
54 | var result = rule.Evaluate(evt);
55 | if (result != FilterRuleResult.Skip)
56 | return result;
57 | }
58 | }
59 | return DefaultResult;
60 | }
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/TraceFilter.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Diagnostics.Tracing;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Collections.ObjectModel;
5 | using System.Linq;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 |
9 | namespace ProcMonX.Tracing {
10 | class TraceFilter {
11 | ObservableCollection _filterRules = new ObservableCollection();
12 |
13 | public IList FilterRules => _filterRules;
14 |
15 | public FilterRuleResult EvaluateEvent(TraceEvent evt) {
16 | foreach (var rule in FilterRules) {
17 | var result = rule.Evaluate(evt);
18 | if (result != FilterRuleResult.Skip)
19 | return result;
20 | }
21 | return FilterRuleResult.Include;
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/ProcMonX/Tracing/TraceManager.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Diagnostics.Tracing;
2 | using Microsoft.Diagnostics.Tracing.Parsers;
3 | using Microsoft.Diagnostics.Tracing.Parsers.Kernel;
4 | using Microsoft.Diagnostics.Tracing.Session;
5 | using ProcMonX.Models;
6 | using System;
7 | using System.Collections.Generic;
8 | using System.Linq;
9 | using System.Text;
10 | using System.Threading;
11 | using System.Threading.Tasks;
12 |
13 | namespace ProcMonX.Tracing {
14 | sealed class TraceManager : IDisposable {
15 | TraceEventSession _kernelSession;
16 | KernelTraceEventParser _kernelParser;
17 | TraceEventSession _customSession;
18 | //ClrTraceEventParser _clrParser;
19 |
20 | Thread _processingThread;
21 |
22 | public event Action EventTrace;
23 |
24 | public TraceManager() {
25 | TraceEventSession.SetDebugPrivilege();
26 |
27 | _handlers = new Dictionary> {
28 | { EventType.ProcessStart, obj => HandleEvent(obj, EventType.ProcessStart) },
29 | };
30 | }
31 |
32 | public void Dispose() {
33 | _kernelSession.Dispose();
34 | }
35 |
36 | public void Start(IEnumerable types) {
37 | if (EventTrace == null)
38 | throw new InvalidOperationException("Must register for event notifications");
39 |
40 | _kernelSession = new TraceEventSession(KernelTraceEventParser.KernelSessionName, TraceEventSessionOptions.NoRestartOnCreate) {
41 | BufferSizeMB = 128,
42 | CpuSampleIntervalMSec = 10,
43 | };
44 | var keywords = KernelTraceEventParser.Keywords.All;
45 | //foreach (var type in types)
46 | // keywords |= EventInfo.AllEventsByType[type].Keyword;
47 |
48 | //_kernelSession.EnableKernelProvider(keywords | KernelTraceEventParser.Keywords.Job);
49 |
50 | //_customSession = new TraceEventSession("CustomSession");
51 | //_customSession.EnableProvider("Microsoft-Windows-WMI-Activity");
52 | //var parser = new RegisteredTraceEventParser(_customSession.Source);
53 | //parser.All += Parser_All;
54 |
55 | //Task.Run(() => _customSession.Source.Process());
56 |
57 | _processingThread = new Thread(() => {
58 | _kernelSession.EnableKernelProvider(keywords);
59 | _kernelParser = new KernelTraceEventParser(_kernelSession.Source);
60 | SetupCallbacks(types);
61 | _kernelSession.Source.Process();
62 | });
63 | _processingThread.Priority = ThreadPriority.Lowest;
64 | _processingThread.IsBackground = true;
65 | _processingThread.Start();
66 |
67 | }
68 |
69 | private void Parser_All(TraceEvent obj) {
70 | HandleEvent(obj, EventType.Custom);
71 | }
72 |
73 | public TraceEventFilter Filter { get; set; }
74 |
75 | public void Stop() {
76 | _kernelSession.Flush();
77 | _kernelSession.Stop();
78 | _customSession?.Stop();
79 | }
80 |
81 | void HandleEvent(TraceEvent evt, EventType type) {
82 | var include = Filter?.EvaluateEvent(evt);
83 | if (include == null || include == FilterRuleResult.Include) {
84 | EventTrace(evt.Clone(), type);
85 | }
86 | }
87 |
88 | Dictionary> _handlers;
89 |
90 | void SetupCallback(EventType type) {
91 | switch (type) {
92 | case EventType.ProcessStart:
93 | _kernelParser.ProcessStart += _handlers[EventType.ProcessStart];
94 | break;
95 |
96 | case EventType.ProcessDCStart:
97 | _kernelParser.ProcessDCStart += obj => HandleEvent(obj, EventType.ProcessDCStart);
98 | break;
99 |
100 | case EventType.ProcessStop:
101 | _kernelParser.ProcessStop += obj => HandleEvent(obj, EventType.ProcessStop);
102 | break;
103 |
104 | case EventType.ThreadStart:
105 | _kernelParser.ThreadStart += obj => HandleEvent(obj, EventType.ThreadStart);
106 | break;
107 |
108 | case EventType.ThreadDCStart:
109 | _kernelParser.ThreadDCStart += obj => HandleEvent(obj, EventType.ThreadDCStart);
110 | break;
111 |
112 | case EventType.ThreadStop:
113 | _kernelParser.ThreadStop += obj => HandleEvent(obj, EventType.ThreadStop);
114 | break;
115 |
116 | case EventType.RegistryCreateKey:
117 | _kernelParser.RegistryCreate += obj => HandleEvent(obj, EventType.RegistryCreateKey);
118 | break;
119 |
120 | case EventType.RegistryOpenKey:
121 | _kernelParser.RegistryOpen += obj => HandleEvent(obj, EventType.RegistryOpenKey);
122 | break;
123 |
124 | case EventType.RegistryQueryValue:
125 | _kernelParser.RegistryQueryValue += obj => HandleEvent(obj, EventType.RegistryQueryValue);
126 | break;
127 |
128 | case EventType.RegistryQueryMultipleValues:
129 | _kernelParser.RegistryQueryMultipleValue += obj => HandleEvent(obj, EventType.RegistryQueryMultipleValues);
130 | break;
131 |
132 | case EventType.RegistrySetValue:
133 | _kernelParser.RegistrySetValue += obj => HandleEvent(obj, EventType.RegistrySetValue);
134 | break;
135 |
136 | case EventType.RegistryDeleteKey:
137 | _kernelParser.RegistryDelete += obj => HandleEvent(obj, EventType.RegistryDeleteKey);
138 | break;
139 |
140 | case EventType.RegistryDeleteValue:
141 | _kernelParser.RegistryDeleteValue += obj => HandleEvent(obj, EventType.RegistryDeleteValue);
142 | break;
143 |
144 | case EventType.ModuleLoad:
145 | _kernelParser.ImageLoad += obj => HandleEvent(obj, EventType.ModuleLoad);
146 | break;
147 |
148 | case EventType.ModuleDCLoad:
149 | _kernelParser.ImageDCStart += obj => HandleEvent(obj, EventType.ModuleDCLoad);
150 | break;
151 |
152 | case EventType.ModuleDCUnload:
153 | _kernelParser.ImageDCStop += obj => HandleEvent(obj, EventType.ModuleDCUnload);
154 | break;
155 |
156 | case EventType.ModuleUnload:
157 | _kernelParser.ImageUnload += obj => HandleEvent(obj, EventType.ModuleUnload);
158 | break;
159 |
160 | case EventType.AlpcSendMessage:
161 | _kernelParser.ALPCSendMessage += obj => HandleEvent(obj, EventType.AlpcSendMessage);
162 | break;
163 |
164 | case EventType.AlpcReceiveMessage:
165 | _kernelParser.ALPCReceiveMessage += obj => HandleEvent(obj, EventType.AlpcReceiveMessage);
166 | break;
167 |
168 | case EventType.ALPCWaitForNewMessage:
169 | _kernelParser.ALPCWaitForNewMessage += obj => HandleEvent(obj, EventType.ALPCWaitForNewMessage);
170 | break;
171 |
172 | case EventType.AlpcWaitForReply:
173 | _kernelParser.ALPCWaitForReply += obj => HandleEvent(obj, EventType.AlpcWaitForReply);
174 | break;
175 |
176 | case EventType.FileRead:
177 | _kernelParser.FileIORead += obj => HandleEvent(obj, EventType.FileRead);
178 | break;
179 |
180 | case EventType.FileWrite:
181 | _kernelParser.FileIOWrite += obj => HandleEvent(obj, EventType.FileWrite);
182 | break;
183 |
184 | case EventType.FileRename:
185 | _kernelParser.FileIORename += obj => HandleEvent(obj, EventType.FileRename);
186 | break;
187 |
188 | case EventType.FileCreate:
189 | _kernelParser.FileIOCreate += obj => HandleEvent(obj, EventType.FileCreate);
190 | break;
191 |
192 | case EventType.FileClose:
193 | _kernelParser.FileIOClose += obj => HandleEvent(obj, EventType.FileClose);
194 | break;
195 |
196 | case EventType.FileFlush:
197 | _kernelParser.FileIOFlush += obj => HandleEvent(obj, EventType.FileFlush);
198 | break;
199 |
200 | case EventType.FileDelete:
201 | _kernelParser.FileIOFileDelete += obj => HandleEvent(obj, EventType.FileDelete);
202 | break;
203 |
204 | case EventType.MemoryAlloc:
205 | _kernelParser.VirtualMemAlloc += obj => HandleEvent(obj, EventType.MemoryAlloc);
206 | break;
207 |
208 | case EventType.MemoryFree:
209 | _kernelParser.VirtualMemFree += obj => HandleEvent(obj, EventType.MemoryFree);
210 | break;
211 |
212 | case EventType.DiskRead:
213 | _kernelParser.DiskIORead += obj => HandleEvent(obj, EventType.DiskRead);
214 | break;
215 |
216 | case EventType.DiskWrite:
217 | _kernelParser.DiskIOWrite += obj => HandleEvent(obj, EventType.DiskWrite);
218 | break;
219 |
220 | case EventType.TcpIpConnect:
221 | _kernelParser.TcpIpConnect += obj => HandleEvent(obj, EventType.TcpIpConnect);
222 | _kernelParser.TcpIpConnectIPV6 += obj => HandleEvent(obj, EventType.TcpIpConnect);
223 | break;
224 |
225 | case EventType.TcpIpDisconnect:
226 | _kernelParser.TcpIpDisconnect += obj => HandleEvent(obj, EventType.TcpIpDisconnect);
227 | _kernelParser.TcpIpDisconnectIPV6 += obj => HandleEvent(obj, EventType.TcpIpDisconnect);
228 | break;
229 |
230 | case EventType.TcpIpAccept:
231 | _kernelParser.TcpIpAccept += obj => HandleEvent(obj, EventType.TcpIpAccept);
232 | _kernelParser.TcpIpAcceptIPV6 += obj => HandleEvent(obj, EventType.TcpIpAccept);
233 | break;
234 |
235 | case EventType.TcpIpSend:
236 | _kernelParser.TcpIpSend += obj => HandleEvent(obj, EventType.TcpIpSend);
237 | _kernelParser.TcpIpSendIPV6 += obj => HandleEvent(obj, EventType.TcpIpSend);
238 | break;
239 |
240 | case EventType.TcpIpReceive:
241 | _kernelParser.TcpIpRecv += obj => HandleEvent(obj, EventType.TcpIpReceive);
242 | _kernelParser.TcpIpRecvIPV6 += obj => HandleEvent(obj, EventType.TcpIpReceive);
243 | break;
244 |
245 | case EventType.FileMapDCStart:
246 | _kernelParser.FileIOMapFileDCStart += obj => HandleEvent(obj, EventType.FileMapDCStart);
247 | break;
248 |
249 | case EventType.FileMapDCStop:
250 | _kernelParser.FileIOMapFileDCStop+= obj => HandleEvent(obj, EventType.FileMapDCStop);
251 | break;
252 |
253 | case EventType.FileMap:
254 | _kernelParser.FileIOMapFile += obj => HandleEvent(obj, EventType.FileMap);
255 | break;
256 |
257 | case EventType.FileUnmap:
258 | _kernelParser.FileIOUnmapFile += obj => HandleEvent(obj, EventType.FileUnmap);
259 | break;
260 |
261 | case EventType.DriverMajorFunctionCall:
262 | _kernelParser.DiskIODriverMajorFunctionCall += obj => HandleEvent(obj, EventType.DriverMajorFunctionCall);
263 | break;
264 |
265 | case EventType.ProcessMemoryInfo:
266 | _kernelParser.MemoryProcessMemInfo += obj => HandleEvent(obj, EventType.ProcessMemoryInfo);
267 | break;
268 |
269 | case EventType.MemorySystemMemoryInfo:
270 | _kernelParser.MemorySystemMemInfo += obj => HandleEvent(obj, EventType.MemorySystemMemoryInfo);
271 | break;
272 |
273 | case EventType.VirtualAllocDCStart:
274 | _kernelParser.MemoryVirtualAllocDCStart += obj => HandleEvent(obj, EventType.VirtualAllocDCStart);
275 | break;
276 |
277 | case EventType.VirtualAllocDCStop:
278 | _kernelParser.MemoryVirtualAllocDCStop += obj => HandleEvent(obj, EventType.VirtualAllocDCStop);
279 | break;
280 |
281 |
282 | }
283 | }
284 |
285 | private void SetupCallbacks(IEnumerable types, bool add = true) {
286 | foreach (var type in types) {
287 | SetupCallback(type);
288 | }
289 | }
290 |
291 | public int LostEvents => _kernelSession?.IsActive == true ? _kernelSession.EventsLost : 0;
292 |
293 | }
294 | }
295 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/CaptureViewModel.cs:
--------------------------------------------------------------------------------
1 | using Prism.Mvvm;
2 | using ProcMonX.Models;
3 | using System;
4 | using System.Collections.Generic;
5 | using System.Linq;
6 | using System.Text;
7 | using System.Threading.Tasks;
8 |
9 | namespace ProcMonX.ViewModels {
10 | class CaptureViewModel : BindableBase {
11 | CaptureSettings _settings = new CaptureSettings();
12 | List _events;
13 |
14 | public CaptureViewModel() {
15 | _events = EventInfo.AllEvents.Select(evt =>
16 | new EventViewModel {
17 | Icon = $"/icons/events/{evt.EventType}.ico",
18 | IsSelected = _settings.EventTypes.Contains(evt.EventType),
19 | Name = evt.AsString,
20 | Category = evt.Category.ToString()
21 | }).ToList();
22 |
23 | SelectedCategory = Categories[0];
24 | }
25 |
26 | IList _categories = EventInfo.AllEventsByCategory.Select(cat =>
27 | new CategoryViewModel {
28 | Header = cat.Key.ToString(),
29 | Icon = $"/icons/category/{cat.Key.ToString()}.ico"
30 | }).ToList();
31 |
32 | public IList Categories => _categories;
33 |
34 | private CategoryViewModel _selectedCategory;
35 |
36 | public string Name {
37 | get => _settings.Name;
38 | set {
39 | _settings.Name = value;
40 | RaisePropertyChanged(nameof(Name));
41 | }
42 | }
43 |
44 | public CategoryViewModel SelectedCategory {
45 | get => _selectedCategory;
46 | set {
47 | if (SetProperty(ref _selectedCategory, value)) {
48 | RaisePropertyChanged(nameof(EventTypes));
49 | }
50 | }
51 | }
52 |
53 | public IEnumerable EventTypes => _events.Where(evt => evt.Category == SelectedCategory?.Header).OrderBy(evt => evt.Name);
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/CapturesViewModel.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Collections.ObjectModel;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace ProcMonX.ViewModels {
9 | class CapturesViewModel : TabViewModelBase {
10 | ObservableCollection _captures = new ObservableCollection();
11 |
12 | public IList Captures => _captures;
13 |
14 | public CapturesViewModel() {
15 | Captures.Add(new CaptureViewModel());
16 | Captures.Add(new CaptureViewModel());
17 | Captures.Add(new CaptureViewModel());
18 | }
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/CategoryViewModel.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Threading.Tasks;
6 |
7 | namespace ProcMonX.ViewModels {
8 | class CategoryViewModel {
9 | public string Header { get; set; }
10 | public string Icon { get; set; }
11 |
12 | }
13 | }
14 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/EventCategories/ProcessTraceEventViewModel.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Diagnostics.Tracing;
2 | using Microsoft.Diagnostics.Tracing.Parsers.Kernel;
3 | using ProcMonX.Models;
4 | using System;
5 | using System.Collections.Generic;
6 | using System.Diagnostics;
7 | using System.Linq;
8 | using System.Text;
9 | using System.Threading.Tasks;
10 |
11 | namespace ProcMonX.ViewModels.EventCategories {
12 | sealed class ProcessTraceEventViewModel : TraceEventDataViewModel{
13 | public readonly ProcessTraceData ProcessData;
14 |
15 | internal ProcessTraceEventViewModel(TraceEventDataViewModel root) : base(root.Data, root.Type) {
16 | ProcessData = (ProcessTraceData)root.Data;
17 | Debug.Assert(ProcessData != null);
18 | }
19 |
20 | public string CommandLine => ProcessData.CommandLine;
21 | public int Session => ProcessData.SessionID;
22 | public ulong Key => ProcessData.UniqueProcessKey;
23 | public string ImageFileName => ProcessData.ImageFileName;
24 | public int ParentId => ProcessData.ParentID;
25 | public string PackageFullName => ProcessData.PackageFullName;
26 | public int ExitCode => ProcessData.ExitStatus;
27 | public ProcessFlags Flags => ProcessData.Flags;
28 | public string AppId => ProcessData.ApplicationID;
29 |
30 | }
31 | }
32 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/EventTypeViewModel.cs:
--------------------------------------------------------------------------------
1 | using Prism.Mvvm;
2 | using ProcMonX.Models;
3 | using ProcMonX.Tracing;
4 | using System;
5 | using System.Collections.Generic;
6 | using System.Linq;
7 | using System.Text;
8 | using System.Threading.Tasks;
9 |
10 | namespace ProcMonX.ViewModels {
11 | sealed class EventTypeViewModel : BindableBase {
12 | public EventInfo Info { get; }
13 |
14 | public EventTypeViewModel(EventInfo info) {
15 | Info = info;
16 | }
17 |
18 | public string Name => Info.AsString;
19 | public string Icon => $"/icons/events/{Info.EventType.ToString()}.ico";
20 | public string Category => Info.Category.Name;
21 | public string Description => Info.Description;
22 |
23 | public bool IsMonitoring {
24 | get => _isMonitoring;
25 | set => SetProperty(ref _isMonitoring, value);
26 | }
27 |
28 | bool _isMonitoring;
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/EventViewModel.cs:
--------------------------------------------------------------------------------
1 | using Prism.Mvvm;
2 | using System;
3 | using System.Collections.Generic;
4 | using System.Linq;
5 | using System.Text;
6 | using System.Threading.Tasks;
7 |
8 | namespace ProcMonX.ViewModels {
9 | class EventViewModel : BindableBase {
10 | public string Icon { get; set; }
11 | public string Name { get; set; }
12 | public string Category { get; set; }
13 |
14 | private bool _isSelected;
15 |
16 | public bool IsSelected {
17 | get => _isSelected;
18 | set => SetProperty(ref _isSelected, value);
19 | }
20 |
21 | }
22 | }
23 |
--------------------------------------------------------------------------------
/ProcMonX/ViewModels/EventsTabViewModel.cs:
--------------------------------------------------------------------------------
1 | using Microsoft.Diagnostics.Tracing;
2 | using ProcMonX.Models;
3 | using System;
4 | using System.Collections.Generic;
5 | using System.Collections.ObjectModel;
6 | using System.Linq;
7 | using System.Text;
8 | using System.Threading.Tasks;
9 | using System.Windows.Data;
10 | using System.ComponentModel;
11 |
12 | namespace ProcMonX.ViewModels {
13 | enum TabKind {
14 | None = 0,
15 | AllEvents,
16 | Processes,
17 | Threads,
18 | Modules,
19 | Alpc,
20 | Registry,
21 | Files,
22 | Memory,
23 | Driver,
24 | Network,
25 | Custom = 99
26 | }
27 |
28 | class EventsTabViewModel : TabViewModelBase {
29 | readonly CollectionViewSource _cvs;
30 | Func _baseFilter;
31 | ListCollectionView _view;
32 |
33 | public TabKind Kind { get; }
34 |
35 | public ICollectionView Items => _view;
36 |
37 | public EventsTabViewModel(TabKind kind, IEnumerable events, Func filter = null) {
38 | Kind = kind;
39 | _baseFilter = filter;
40 | _cvs = new CollectionViewSource() {
41 | Source = events
42 | };
43 | _cvs.View.Filter = filter == null ? default(Predicate