internal static PMLStackFrame[] LoadStackFrames(XmlDocument eventXMLDoc)
{
var stackFrames = eventXMLDoc.SelectNodes(ProcMonXMLTagNames.StackFrame_XPathInXML);
PMLStackFrame[] eventStackFrames = new PMLStackFrame[stackFrames.Count];
int i = 0;
foreach (XmlElement frame in stackFrames)
{
eventStackFrames[i++] = new PMLStackFrame(frame);
}
return(eventStackFrames);
}
internal PMLEvent(XmlReader eventListReader)
{
XmlDocument eventXMLDoc = new XmlDocument();
eventXMLDoc.Load(eventListReader);
ProcessIndex = XMLUtils.ParseTagContentAsInt(eventXMLDoc, ProcMonXMLTagNames.Event_ProcessIndex);
TimeOfDay = XMLUtils.ParseTagContentAsFileTime(eventXMLDoc, ProcMonXMLTagNames.Event_TimeOfDay);
var procName = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Process_Name);
ProcessNameIndex = ProcessNameList.AddProcessNameToList(procName);
PID = XMLUtils.ParseTagContentAsInt(eventXMLDoc, ProcMonXMLTagNames.Event_PID);
TID = XMLUtils.ParseTagContentAsInt(eventXMLDoc, ProcMonXMLTagNames.Event_TID);
var proc = ConvertedXMLProcessor.FindProcessByPID(PID);
var temp = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Integrity);
if (string.IsNullOrEmpty(temp))
{
Integrity = proc.ProcessIntegrity;
}
else
{
Integrity = temp.ToProcessIntegrityLevel();
}
Sequence = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Sequence);
temp = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Virtualized);
if (string.IsNullOrEmpty(temp))
{
Virtualized = proc.IsVirtualized;
}
else
{
Virtualized = temp.StringToBoolean();
}
//Virtualized = XMLUtils.ParseTagContentAsBoolean(eventXMLDoc, ProcMonXMLTagNames.Event_Virtualized);
Operation = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Operation);
pathIndex = FilePathList.AddFilePathToList(XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Path));
Result = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Result);
Detail = XMLUtils.GetInnerText(eventXMLDoc, ProcMonXMLTagNames.Event_Detail);
CallStack = PMLStackFrame.LoadStackFrames(eventXMLDoc);
#if DEBUG
Console.WriteLine("Stack:\n-------------------------------------------------------------");
foreach (var stackFrame in CallStack)
{
Console.WriteLine(stackFrame);
}
Console.WriteLine("-------------------------------------------------------------\n");
#endif
}
public bool Equals(PMLStackFrame otherStackFrame)
{
return((Address == otherStackFrame.Address) &&
(pathIndex == otherStackFrame.pathIndex) &&
(Location.Equals(otherStackFrame.Location, StringComparison.CurrentCultureIgnoreCase)));
}
