private void ProcessExited(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData data)
{
if (data.ImageFileName.EndsWith("csgo.exe") || data.ImageFileName.EndsWith("ProcessHacker.exe"))
{
Text.ImportantMessageRemove(MsgHandle);
MsgHandle = IntPtr.Zero;
}
}
private void Kernel_ProcessStop(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData obj)
{
ProcessData ev = null;
if (ProcessDataMap.TryGetValue(obj.ProcessID, out ev))
{
ev.Finish = obj.TimeStamp;
ev.Result = obj.ExitStatus;
ProcessDataMap.Remove(obj.ProcessID);
}
}
private void ProcessCreated(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData data)
{
if (data.ImageFileName.EndsWith("csgo.exe"))
{
var phs = Process.GetProcessesByName("ProcessHacker");
if (phs.Count() != 0 && MsgHandle == IntPtr.Zero)
{
MsgHandle = Text.ImportantMessageAdd("VAC proc block");
}
}
}
private void Kernel_ProcessStart(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData obj)
{
if (Filters.Contains(obj.ImageFileName))
{
ProcessData ev = new ProcessData()
{
Name = obj.ImageFileName,
CommandLine = obj.CommandLine,
Start = obj.TimeStamp,
ProcessID = obj.ProcessID,
UniqueKey = obj.UniqueProcessKey,
};
ProcessDataMap.Add(obj.ProcessID, ev);
ProcessEvent?.Invoke(ev);
Task.Run(() => CollectArtifacts(ev));
}
}
private void Parser_OnProcessEndedWithDuration(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData endEvent, TimeSpan processDuration)
{
var kvp = new KeyValuePair <string, int>(endEvent.CommandLine, endEvent.ProcessID);
if (myProcessCmdLineWithPids.Contains(kvp))
{
myProcessCmdLineWithPids.Remove(kvp);
string msg = Row.Print(
DateString(endEvent.TimeStamp),
TimeString(endEvent.TimeStamp),
WMIOperation.ProcessEnd.ToString(),
endEvent.CommandLine,
endEvent.ProcessID.ToString(),
null,
null,
null,
null,
null,
processDuration.TotalSeconds.ToString("F1"));
FileLogger.Logger.Log(msg);
}
}
