Ejemplo n.º 1
0
        ProcessData GetProcessData(TraceEvent obj)
        {
            ProcessData process = null;

            ProcessDataMap.TryGetValue(obj.ProcessID, out process);
            return(process);
        }
Ejemplo n.º 2
0
 private void ETWCollector_ProcessEvent(ProcessData obj)
 {
     Application.Current.Dispatcher.Invoke((Action)(() =>
     {
         lock (GroupLock)
         {
             Group.Add(obj);
         }
     }));
 }
Ejemplo n.º 3
0
        private void Kernel_ProcessStop(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData obj)
        {
            ProcessData ev = null;

            if (ProcessDataMap.TryGetValue(obj.ProcessID, out ev))
            {
                ev.Finish = obj.TimeStamp;
                ev.Result = obj.ExitStatus;
                ProcessDataMap.Remove(obj.ProcessID);
            }
        }
Ejemplo n.º 4
0
        ThreadData GetThreadData(TraceEvent obj)
        {
            ThreadData  thread  = null;
            ProcessData process = GetProcessData(obj);

            if (process != null)
            {
                process.Threads.TryGetValue(obj.ThreadID, out thread);
            }
            return(thread);
        }
Ejemplo n.º 5
0
        private void Kernel_ThreadStart(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ThreadTraceData obj)
        {
            ProcessData process = GetProcessData(obj);

            if (process != null)
            {
                process.Threads[obj.ThreadID] = new ThreadData()
                {
                    ThreadID = obj.ThreadID,
                    Start    = obj.TimeStamp,
                };
            }
        }
Ejemplo n.º 6
0
        private void Kernel_ImageLoad(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ImageLoadTraceData obj)
        {
            ProcessData process = GetProcessData(obj);

            if (process != null)
            {
                process.Images.Add(new ImageData()
                {
                    FileName      = obj.FileName,
                    DefaultBase   = obj.DefaultBase,
                    ImageBase     = obj.ImageBase,
                    ImageChecksum = obj.ImageChecksum,
                    ImageSize     = obj.ImageSize
                });
            }
        }
Ejemplo n.º 7
0
        private static void CollectArtifacts(ProcessData ev)
        {
            for (int start = ev.CommandLine.IndexOf('@'); start != -1; start = ev.CommandLine.IndexOf('@', start + 1))
            {
                int    finish = Math.Max(ev.CommandLine.IndexOf(' ', start), ev.CommandLine.Length);
                String path   = ev.CommandLine.Substring(start + 1, finish - start - 1);
                path = path.Trim(CharacterToTrim);

                try
                {
                    String text = File.ReadAllText(path);
                    ev.AddArtifact(path, text);
                }
                catch (FileNotFoundException) { }
            }
        }
Ejemplo n.º 8
0
        private void Kernel_ProcessStart(Microsoft.Diagnostics.Tracing.Parsers.Kernel.ProcessTraceData obj)
        {
            if (Filters.Contains(obj.ImageFileName))
            {
                ProcessData ev = new ProcessData()
                {
                    Name        = obj.ImageFileName,
                    CommandLine = obj.CommandLine,
                    Start       = obj.TimeStamp,
                    ProcessID   = obj.ProcessID,
                    UniqueKey   = obj.UniqueProcessKey,
                };

                ProcessDataMap.Add(obj.ProcessID, ev);

                ProcessEvent?.Invoke(ev);

                Task.Run(() => CollectArtifacts(ev));
            }
        }
Ejemplo n.º 9
0
 public void Add(ProcessData process)
 {
     Processes.Add(process);
 }