Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
//A Quick POC for monitoring .NET Assembly Load Events with ETW
// References:
// - Microsoft CLR Provider: https://docs.microsoft.com/en-us/dotnet/framework/performance/clr-etw-providers
// - ETW Assembly Load Events: https://docs.microsoft.com/en-us/dotnet/framework/performance/loader-etw-events
// - Source Code Sample: https://github.com/microsoft/perfview/blob/master/src/TraceEvent/Samples/31_KernelAndClrMonitor.cs
using Microsoft.Diagnostics.Tracing;
using Microsoft.Diagnostics.Tracing.Parsers;
using Microsoft.Diagnostics.Tracing.Session;
using System;
using System.Diagnostics;
namespace AssemblyLoadTracer
{
public class AssemblyLoadMonitor
{
public static void Main()
{
if (TraceEventSession.IsElevated() != true)
{
Console.WriteLine("Must be elevated (Admin) to run this program.");
Debugger.Break();
return;
}
TraceEventSession session = null;
using (session = new TraceEventSession("AssemblyLoadMonitor"))
{
session.EnableProvider(ClrTraceEventParser.ProviderGuid, TraceEventLevel.Informational, (ulong)(ClrTraceEventParser.Keywords.Loader));
session.Source.Clr.All += Print;
session.Source.Process();
}
}
private static void Print(TraceEvent data)
{
if (data.Opcode == TraceEventOpcode.DataCollectionStart)
{
return;
}
Console.WriteLine(data.ToString());
if (data is UnhandledTraceEvent)
{
Console.WriteLine(data.Dump());
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment