public override bool Matches(IPMLEntity pmlEntity)
{
var evt = pmlEntity as PMLEvent;
var proc = ConvertedXMLProcessor.FindProcessByPID(evt.PID);
var actualValue = string.Empty;
switch (PropertyName)
{
case "ProcessName":
actualValue = ProcessNameList.GetProcessName(proc.ProcessNameIndex);
break;
case "ImagePath":
actualValue = ModuleList.GetModulePath(proc.ImageIndex);
break;
case "FinishTime":
if (proc.FinishTime == DateTimeZero)
{
actualValue = "0";
}
else
{
actualValue = proc.FinishTime.ToString();
}
break;
case "Modules":
if (FilterOperator != FilterOperators.Contains)
{
throw new Exception(string.Format("Filter Operator {0} is invalid when PropertyName is \"Modules\"", FilterOperator.ToString()));
}
var sbModules = new StringBuilder();
foreach (var i in proc.LoadedModuleList)
{
sbModules.Append(ModuleList.GetModulePath(i)).Append(Environment.NewLine);
}
actualValue = sbModules.ToString();
break;
case "":
throw new Exception("PropertyName cannot be empty.");
default:
throw new Exception(string.Format("Unidentified PropertyName {0}.", PropertyName));
}
return(CompareStringValuesAsPerFilterOperator(actualValue, this));
}