add provider on the fly #39
Description
Hi guys,
I'm trying to add providers on the fly after the session is started. I tried different ways but I can't do it.
The next code is a part about what I'm trying to do but It doesn't work
providers = [etw.ProviderInfo('Microsoft-Windows-Kernel-Process', etw.GUID("{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}"))]
job = etw.ETW(providers=providers, event_callback=lambda x: print(x))
job.start()
job.add_provider(etw.ProviderInfo('Microsoft-Windows-Kernel-File', etw.GUID("{EDD08927-9CC4-4E65-B970-C2560FB5C289}")))However, if I add the provider before starting the job, it is added.
providers = [etw.ProviderInfo('Microsoft-Windows-Kernel-Process', etw.GUID("{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}"))]
job = etw.ETW(providers=providers, event_callback=lambda x: print(x))
job.add_provider(etw.ProviderInfo('Microsoft-Windows-Kernel-File', etw.GUID("{EDD08927-9CC4-4E65-B970-C2560FB5C289}")))
job.start()Am I doing something wrong?
Thanks in advance :)
PS: I've tried also with job.query() and job.update() methods without success.