Ejemplo n.º 1
0
        /// <nodoc />
        public static ProcessExecutionMonitoringReportedEvent ToProcessExecutionMonitoringReportedEvent(this ProcessExecutionMonitoringReportedEventData data, uint workerID, PathTable pathTable, NameExpander nameExpander)
        {
            var processExecutionMonitoringReportedEvent = new ProcessExecutionMonitoringReportedEvent
            {
                WorkerID = workerID,
                PipID    = data.PipId.Value
            };

            processExecutionMonitoringReportedEvent.ReportedProcesses.AddRange(
                data.ReportedProcesses.Select(rp => rp.ToReportedProcess()));
            processExecutionMonitoringReportedEvent.ReportedFileAccesses.AddRange(
                data.ReportedFileAccesses.Select(reportedFileAccess => reportedFileAccess.ToReportedFileAccess(pathTable, nameExpander)));
            processExecutionMonitoringReportedEvent.AllowlistedReportedFileAccesses.AddRange(
                data.AllowlistedReportedFileAccesses.Select(
                    allowListReportedFileAccess => allowListReportedFileAccess.ToReportedFileAccess(pathTable, nameExpander)));

            foreach (var processDetouringStatus in data.ProcessDetouringStatuses)
            {
                processExecutionMonitoringReportedEvent.ProcessDetouringStatuses.Add(new Xldb.Proto.ProcessDetouringStatusData()
                {
                    ProcessID             = processDetouringStatus.ProcessId,
                    ReportStatus          = processDetouringStatus.ReportStatus,
                    ProcessName           = processDetouringStatus.ProcessName,
                    StartApplicationName  = processDetouringStatus.StartApplicationName,
                    StartCommandLine      = processDetouringStatus.StartCommandLine,
                    NeedsInjection        = processDetouringStatus.NeedsInjection,
                    IsCurrent64BitProcess = processDetouringStatus.IsCurrent64BitProcess,
                    IsCurrentWow64Process = processDetouringStatus.IsCurrentWow64Process,
                    IsProcessWow64        = processDetouringStatus.IsProcessWow64,
                    NeedsRemoteInjection  = processDetouringStatus.NeedsRemoteInjection,
                    Job                       = processDetouringStatus.Job,
                    DisableDetours            = processDetouringStatus.DisableDetours,
                    CreationFlags             = processDetouringStatus.CreationFlags,
                    Detoured                  = processDetouringStatus.Detoured,
                    Error                     = processDetouringStatus.Error,
                    CreateProcessStatusReturn = processDetouringStatus.CreateProcessStatusReturn
                });
            }

            return(processExecutionMonitoringReportedEvent);
        }
Ejemplo n.º 2
0
        /// <nodoc />
        public static ProcessExecutionMonitoringReportedEvent ToProcessExecutionMonitoringReportedEvent(this ProcessExecutionMonitoringReportedEventData data, uint workerID, PathTable pathTable)
        {
            var processExecutionMonitoringReportedEvent = new ProcessExecutionMonitoringReportedEvent
            {
                WorkerID = workerID,
                PipID    = data.PipId.Value
            };

            processExecutionMonitoringReportedEvent.ReportedProcesses.AddRange(
                data.ReportedProcesses.Select(rp => rp.ToReportedProcess()));
            processExecutionMonitoringReportedEvent.ReportedFileAccesses.AddRange(
                data.ReportedFileAccesses.Select(reportedFileAccess => reportedFileAccess.ToReportedFileAccess(pathTable)));
            processExecutionMonitoringReportedEvent.WhitelistedReportedFileAccesses.AddRange(
                data.WhitelistedReportedFileAccesses.Select(
                    whiteListReportedFileAccess => whiteListReportedFileAccess.ToReportedFileAccess(pathTable)));

            foreach (var processDetouringStatus in data.ProcessDetouringStatuses)
            {
                processExecutionMonitoringReportedEvent.ProcessDetouringStatuses.Add(new ProcessDetouringStatusData()
                {
                    ProcessID            = processDetouringStatus.ProcessId,
                    ReportStatus         = processDetouringStatus.ReportStatus,
                    ProcessName          = processDetouringStatus.ProcessName,
                    StartApplicationName = processDetouringStatus.StartApplicationName,
                    StartCommandLine     = processDetouringStatus.StartCommandLine,
                    NeedsInjection       = processDetouringStatus.NeedsInjection,
                    Job            = processDetouringStatus.Job,
                    DisableDetours = processDetouringStatus.DisableDetours,
                    CreationFlags  = processDetouringStatus.CreationFlags,
                    Detoured       = processDetouringStatus.Detoured,
                    Error          = processDetouringStatus.Error
                });
            }

            return(processExecutionMonitoringReportedEvent);
        }