microsoft · LakshK98 · Oct 27, 2025 · Oct 21, 2025 · Oct 24, 2025 · Oct 25, 2025
@@ -88,7 +88,7 @@ jobs:
     uses: ./.github/workflows/reusable-test.yml
     with:
       name: process_monitor
-      pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.21.0 && powershell -file .\bin\process_monitor.Tests\win-x64\Setup-ProcessMonitorTests.ps1 -ArtifactsRoot .
+      pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 1.0.0-rc1 && powershell -file .\bin\process_monitor.Tests\win-x64\Setup-ProcessMonitorTests.ps1 -ArtifactsRoot .
       test_command: dotnet test .\bin\process_monitor.Tests\win-x64\process_monitor.Tests.dll
       build_artifact: Build-x64
       environment: windows-2022
@@ -102,7 +102,7 @@ jobs:
     uses: ./.github/workflows/reusable-test.yml
     with:
       name: neteventebpfext unit tests
-      pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 0.21.0
+      pre_test: powershell -file .\bin\process_monitor.Tests\win-x64\Install-eBpfForWindows.ps1 1.0.0-rc1
       test_command: .\neteventebpfext_unit.exe -d yes
       build_artifact: Build-x64
       environment: windows-2022

@@ -91,7 +91,7 @@ Do the following once:
 1. Open a command prompt as admin
 1. `cd <your local clone root>`
 1. `cd x64\Debug\bin\process_monitor.Tests\win-x64`
-1. `powershell -file .\Install-eBpfForWindows.ps1 0.21.0`
+1. `powershell -file .\Install-eBpfForWindows.ps1 1.0.0-rc1`
 1. `powershell -file .\Setup-ProcessMonitorTests.ps1`
 
 Then do this each time you want to re-run the tests:

@@ -4,13 +4,13 @@
 -->
 <Project>
   <PropertyGroup>
-    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+    <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>
   </PropertyGroup>
   <ItemGroup>
     <!-- Try to keep these in alphabetical order -->
     <PackageVersion Include="DotNet.ReproducibleBuilds" Version="1.2.4" />
     <PackageVersion Include="DotNet.ReproducibleBuilds.Isolated" Version="1.2.4" />
-    <PackageVersion Include="eBPF-for-Windows.x64" Version="0.21" />
+    <PackageVersion Include="eBPF-for-Windows.x64" Version="1.0.0-rc1" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="9.0.0" />
     <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,7 +1,11 @@
+<!--
+  Copyright (c) Microsoft Corporation
+  SPDX-License-Identifier: MIT
+-->
 <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
   <PropertyGroup>
     <!-- eBPF -->
-    <eBPFForWindowsVersion>0.21.0</eBPFForWindowsVersion>
+    <eBPFForWindowsVersion>1.0.0-rc1</eBPFForWindowsVersion>
     <eBPFForWindowsPackagePath>$(SolutionDir)packages\eBPF-for-Windows.x64.$(eBPFForWindowsVersion)</eBPFForWindowsPackagePath>
   </PropertyGroup>
 </Project>
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: MIT
 
 #define EBPF_VERSION_MAJOR 0
-#define EBPF_VERSION_MINOR 5
+#define EBPF_VERSION_MINOR 6
 #define EBPF_VERSION_REVISION 0
 
 #define QUOTE(str) #str

@@ -12,7 +12,7 @@ $commands = @(
     "git submodule update --init --recursive",
     "cmake -G 'Visual Studio 17 2022' -S external\catch2 -B external\catch2\build -DBUILD_TESTING=OFF",
     "nuget restore ntosebpfext.sln",
-    ".\packages\eBPF-for-Windows.x64.0.21.0\build\native\bin\export_program_info.exe"
+    ".\packages\eBPF-for-Windows.x64.1.0.0-rc1\build\native\bin\export_program_info.exe"
 )
 
 # Loop through each command and run them sequentially without opening a new window

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
   <package id="Microsoft.Windows.SDK.CPP" version="10.0.26100.4204" targetFramework="native" />
   <package id="Microsoft.Windows.SDK.CPP.arm64" version="10.0.26100.4204" targetFramework="native" />
   <package id="Microsoft.Windows.SDK.CPP.x64" version="10.0.26100.4204" targetFramework="native" />

@@ -28,6 +28,17 @@ if ("$majorVersion.$minorVersion.$revisionNumber" -match '^\d+\.\d+\.\d+$') {
         $newcontent | Set-Content $ntosebpfext_version_file -NoNewline
         Write-Host -ForegroundColor DarkGreen "Version number updated to '$majorVersion.$minorVersion.$revisionNumber' in $ntosebpfext_version_file"
 
+        # Set the new version number in the version.json file.
+        $version_json_file = "$PSScriptRoot\..\version.json"
+        Write-Host -ForegroundColor DarkGreen "Updating the version number in the '$version_json_file' file..."
+        $versionJson = [ordered]@{
+            major = [int]$majorVersion
+            minor = [int]$minorVersion
+            patch = [int]$revisionNumber
+        }
+        $versionJson | ConvertTo-Json | Set-Content $version_json_file -Encoding UTF8
+        Write-Host -ForegroundColor DarkGreen "Version number updated to '$majorVersion.$minorVersion.$revisionNumber' in $version_json_file"
+
     } else {
         Write-Host -ForegroundColor Red "'ntosebpfext.sln' not found in the current path."
         Write-Host -ForegroundColor DarkYellow "Please run this script from the root directory of the repository, within a Developer Poweshell for VS 2022."

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -145,13 +145,14 @@ TEST_CASE("netevent_attach_opt_simulation", "[neteventebpfext]")
     // Attach to the eBPF perf buffer event map.
     bpf_map* netevent_events_map = bpf_object__find_map_by_name(object, "netevent_events_map");
     REQUIRE(netevent_events_map != nullptr);
-    auto netevent_perf_buff = perf_buffer__new(
+    ebpf_perf_buffer_opts perf_opts = {.sz = sizeof(ebpf_perf_buffer_opts), .flags = EBPF_PERFBUF_FLAG_AUTO_CALLBACK};
+    auto netevent_perf_buff = ebpf_perf_buffer__new(
         bpf_map__fd(netevent_events_map),
         0,
         netevent_monitor_event_callback,
         netevent_monitor_lost_event_callback,
         nullptr,
-        nullptr);
+        &perf_opts);
     REQUIRE(netevent_perf_buff != nullptr);
 
     // Test attach with no attach params - this should fail.
@@ -276,13 +277,14 @@ TEST_CASE("netevent_drivers_load_unload_stress", "[neteventebpfext]")
     // Attach to the eBPF perf buffer event map.
     bpf_map* netevent_events_map = bpf_object__find_map_by_name(object, "netevent_events_map");
     REQUIRE(netevent_events_map != nullptr);
-    auto netevent_perf_buff = perf_buffer__new(
+    ebpf_perf_buffer_opts perf_opts = {.sz = sizeof(ebpf_perf_buffer_opts), .flags = EBPF_PERFBUF_FLAG_AUTO_CALLBACK};
+    auto netevent_perf_buff = ebpf_perf_buffer__new(
         bpf_map__fd(netevent_events_map),
         0,
         netevent_monitor_event_callback,
         netevent_monitor_lost_event_callback,
         nullptr,
-        nullptr);
+        &perf_opts);
     REQUIRE(netevent_perf_buff != nullptr);
 
     std::cout << "\n\n********** Test netevent_sim provider load/unload while the extension is running. **********"
@@ -392,13 +394,14 @@ TEST_CASE("netevent_bpf_prog_run_test", "[neteventebpfext]")
     // Attach to the eBPF perf buffer event map.
     bpf_map* netevent_events_map = bpf_object__find_map_by_name(object, "netevent_events_map");
     REQUIRE(netevent_events_map != nullptr);
-    auto netevent_perf_buff = perf_buffer__new(
+    ebpf_perf_buffer_opts perf_opts = {.sz = sizeof(ebpf_perf_buffer_opts), .flags = EBPF_PERFBUF_FLAG_AUTO_CALLBACK};
+    auto netevent_perf_buff = ebpf_perf_buffer__new(
         bpf_map__fd(netevent_events_map),
         0,
         netevent_monitor_event_callback,
         netevent_monitor_lost_event_callback,
         nullptr,
-        nullptr);
+        &perf_opts);
     REQUIRE(netevent_perf_buff != nullptr);
 
     // Initialize structures required for bpf_prog_test_run_opts

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -19,11 +19,13 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" />
-    <PackageReference Include="MSTest.TestAdapter" />
-    <PackageReference Include="MSTest.TestFramework" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Console" />
-  </ItemGroup>
+    <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.2.4" />
+    <PackageReference Include="DotNet.ReproducibleBuilds.Isolated" Version="1.2.4" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+    <PackageReference Include="MSTest.TestAdapter" Version="3.6.4" />
+    <PackageReference Include="MSTest.TestFramework" Version="3.6.4" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Console" Version="9.0.0" />
+ </ItemGroup>
 
   <ItemGroup>
     <ProjectReference Include="..\..\tools\process_monitor.Library\process_monitor.Library.csproj" />

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -28,7 +28,7 @@ internal static class PInvokes
         internal static extern IntPtr bpf_program__attach(IntPtr bpf_program);
 
         [DllImport(ebpfApiDll, CharSet = CharSet.Ansi, PreserveSig = true, CallingConvention = CallingConvention.Cdecl)]
-        internal static extern unsafe IntPtr ring_buffer__new(int map_fd, delegate* unmanaged[Cdecl]<IntPtr, IntPtr, nint, int> sample_cb, IntPtr ctx, IntPtr opts);
+        internal static extern unsafe IntPtr ebpf_ring_buffer__new(int map_fd, delegate* unmanaged[Cdecl]<IntPtr, IntPtr, nint, int> sample_cb, IntPtr ctx, ref process_monitor.Library.ProcessMonitorBPFLoader.ebpf_ring_buffer_opts opts);
 
         [DllImport(ebpfApiDll, CharSet = CharSet.Ansi, PreserveSig = true, CallingConvention = CallingConvention.Cdecl)]
         internal static extern void ring_buffer__free(IntPtr ring_buffer);

@@ -38,6 +38,17 @@ internal readonly struct process_info_t
             internal readonly byte operation;
         }
 
+        [StructLayout(LayoutKind.Sequential)]
+#pragma warning disable IDE1006 // Naming Styles - this matches the native definition's name
+        internal struct ebpf_ring_buffer_opts
+#pragma warning restore IDE1006 // Naming Styles
+        {
+            internal nuint sz;        // size_t - native unsigned integer
+            internal UInt64 flags;    // uint64_t
+        }
+
+        private const UInt64 EBPF_RINGBUF_FLAG_AUTO_CALLBACK = 1;
+
         internal static void Subscribe(ProcessMonitor pm, ILogger logger)
         {
             lock (_lock)
@@ -113,14 +124,21 @@ private static void Initialize(ILogger logger)
 
                 // Attach to ring buffer
                 (_, var process_ringbuf_map_fd) = LoadMapByName("process_ringbuf", logger);
-                process_ringbuf = PInvokes.ring_buffer__new(process_ringbuf_map_fd, &ProcessMonitor_history_callback, IntPtr.Zero, IntPtr.Zero);
+
+                var ring_opts = new ebpf_ring_buffer_opts
+                {
+                    sz = (nuint)Marshal.SizeOf<ebpf_ring_buffer_opts>(),
+                    flags = EBPF_RINGBUF_FLAG_AUTO_CALLBACK
+                };
+
+                process_ringbuf = PInvokes.ebpf_ring_buffer__new(process_ringbuf_map_fd, &ProcessMonitor_history_callback, IntPtr.Zero, ref ring_opts);
                 if (process_ringbuf == IntPtr.Zero)
                 {
-                    throw new InvalidOperationException("ring_buffer__new(process_ringbuf) failed!");
+                    throw new InvalidOperationException("ebpf_ring_buffer__new(process_ringbuf) failed!");
                 }
                 else
                 {
-                    logger.LogDebug("SUCCESS: ring_buffer__new(process_ringbuf) succeeded!");
+                    logger.LogDebug("SUCCESS: ebpf_ring_buffer__new(process_ringbuf) succeeded!");
                 }
             }
         }

@@ -10,7 +10,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <PackageReference Include="DotNet.ReproducibleBuilds" Version="1.2.4" />
+    <PackageReference Include="DotNet.ReproducibleBuilds.Isolated" Version="1.2.4" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions"  Version="9.0.0"/>
   </ItemGroup>
 
   <ItemGroup>

@@ -1,4 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
 <packages>
-  <package id="eBPF-for-Windows.x64" version="0.21.0" targetFramework="native" />
+  <package id="eBPF-for-Windows.x64" version="1.0.0-rc1" targetFramework="native" />
 </packages>
@@ -0,0 +1,5 @@
+{
+    "major":  0,
+    "minor":  6,
+    "patch":  0
+}