internal static ServiceTriggerInformation GetTriggerInformation(SERVICE_TRIGGER trigger)
{
switch (trigger.dwTriggerType)
{
case ServiceTriggerType.Custom:
return(new EtwServiceTriggerInformation(trigger));
case ServiceTriggerType.CustomSystemStateChange:
return(new WnfServiceTriggerInformation(trigger));
case ServiceTriggerType.NetworkEndpoint:
{
Guid sub_type = trigger.GetSubType();
if (sub_type == NAMED_PIPE_EVENT_GUID)
{
return(new NamedPipeServiceTriggerInformation(trigger));
}
else if (sub_type == RPC_INTERFACE_EVENT_GUID)
{
return(new RpcInterfaceServiceTriggerInformation(trigger));
}
}
break;
case ServiceTriggerType.FirewallPortEvent:
return(new FirewallServiceTriggerInformation(trigger));
}
return(new ServiceTriggerInformation(trigger));
}
static IEnumerable <ServiceTriggerInformation> GetTriggersForService(SafeServiceHandle service)
{
List <ServiceTriggerInformation> triggers = new List <ServiceTriggerInformation>();
using (var buf = new SafeStructureInOutBuffer <SERVICE_TRIGGER_INFO>(8192, false))
{
int required = 0;
if (!QueryServiceConfig2(service, SERVICE_CONFIG_TRIGGER_INFO, buf, 8192, out required))
{
return(triggers.AsReadOnly());
}
SERVICE_TRIGGER_INFO trigger_info = buf.Result;
if (trigger_info.cTriggers == 0)
{
return(triggers.AsReadOnly());
}
SERVICE_TRIGGER[] trigger_arr;
using (SafeHGlobalBuffer trigger_buffer = new SafeHGlobalBuffer(trigger_info.pTriggers, trigger_info.cTriggers * Marshal.SizeOf(typeof(SERVICE_TRIGGER)), false))
{
trigger_arr = new SERVICE_TRIGGER[trigger_info.cTriggers];
trigger_buffer.ReadArray(0, trigger_arr, 0, trigger_arr.Length);
}
for (int i = 0; i < trigger_arr.Length; ++i)
{
triggers.Add(new ServiceTriggerInformation(trigger_arr[i]));
}
return(triggers.AsReadOnly());
}
}
internal static ServiceTriggerInformation GetTriggerInformation(SERVICE_TRIGGER trigger)
{
if (trigger.dwTriggerType == ServiceTriggerType.Custom)
{
return(new EtwServiceTriggerInformation(trigger));
}
return(new ServiceTriggerInformation(trigger));
}
internal static ServiceTriggerInformation GetTriggerInformation(SERVICE_TRIGGER trigger)
{
if (trigger.dwTriggerType == ServiceTriggerType.Custom)
{
return(new EtwServiceTriggerInformation(trigger));
}
else if (trigger.dwTriggerType == ServiceTriggerType.CustomSystemStateChange)
{
return(new WnfServiceTriggerInformation(trigger));
}
return(new ServiceTriggerInformation(trigger));
}
internal WnfServiceTriggerInformation(SERVICE_TRIGGER trigger)
: base(trigger)
{
var data = CustomData.FirstOrDefault();
if (data?.RawData?.Length != 8)
{
return;
}
Name = NtWnf.Open(BitConverter.ToUInt64(data.RawData, 0), true, false).GetResultOrDefault();
}
internal EtwServiceTriggerInformation(SERVICE_TRIGGER trigger)
: base(trigger)
{
var sd = EventTracing.QueryTraceSecurity(SubType, false);
if (sd.IsSuccess)
{
SecurityDescriptor = sd.Result;
}
else
{
SecurityDescriptor = new SecurityDescriptor();
}
}
internal ServiceTriggerInformation(SERVICE_TRIGGER trigger)
{
TriggerType = trigger.dwTriggerType;
Action = trigger.dwAction;
SubType = trigger.GetSubType();
SubTypeDescription = GetSubTypeDescription();
List <ServiceTriggerCustomData> data = new List <ServiceTriggerCustomData>();
if (trigger.pDataItems != IntPtr.Zero && trigger.cDataItems > 0)
{
SERVICE_TRIGGER_SPECIFIC_DATA_ITEM[] data_items;
ReadArray(trigger.pDataItems, trigger.cDataItems, out data_items);
for (int i = 0; i < data_items.Length; ++i)
{
data.Add(new ServiceTriggerCustomData(data_items[i]));
}
}
CustomData = data.AsReadOnly();
}
