C# (CSharp) ProcessHacker.Native.SsLogging SsLogger Examples

Programming Language: C# (CSharp)

Namespace/Package Name: ProcessHacker.Native.SsLogging

Class/Type: SsLogger

Examples at hotexamples.com: 2

C# (CSharp) ProcessHacker.Native.SsLogging SsLogger - 2 examples found. These are the top rated real world C# (CSharp) examples of ProcessHacker.Native.SsLogging.SsLogger extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

AddPreviousModeRule(1)

AddProcessIdRule(1)

ReadWString(1)

Example #1

Show file

File: SsHandle.cs Project: wumn290/processhacker-3

        internal SsHandle(MemoryRegion data)
        {
            KphSsHandle handleInfo = data.ReadStruct <KphSsHandle>();

            if (handleInfo.TypeNameOffset != 0)
            {
                this.TypeName = SsLogger.ReadWString(new MemoryRegion(data, handleInfo.TypeNameOffset));
            }

            if (handleInfo.NameOffset != 0)
            {
                this.Name = SsLogger.ReadWString(new MemoryRegion(data, handleInfo.NameOffset));
            }

            this.ProcessId = handleInfo.ClientId.ProcessId;
            this.ThreadId  = handleInfo.ClientId.ThreadId;
        }

Example #2

Show file

File: MainWindow.cs Project: RoDaniel/featurehouse

        public MainWindow()
        {
            InitializeComponent();

            Win32.LoadLibrary("C:\\Program Files\\Debugging Tools for Windows (x86)\\dbghelp.dll");

            SymbolProvider symbols = new SymbolProvider(ProcessHandle.Current);

            SymbolProvider.Options |= SymbolOptions.PublicsOnly;

            IntPtr ntdllBase = Loader.GetDllHandle("ntdll.dll");
            FileHandle ntdllFileHandle = null;
            Section section = null;

            ProcessHandle.Current.EnumModules((module) =>
                {
                    if (module.BaseName.Equals("ntdll.dll", StringComparison.InvariantCultureIgnoreCase))
                    {
                        section = new Section(
                            ntdllFileHandle = new FileHandle(@"\??\" + module.FileName,
                                FileShareMode.ReadWrite,
                                FileAccess.GenericExecute | FileAccess.GenericRead
                                ),
                            true,
                            MemoryProtection.ExecuteRead
                            );

                        symbols.LoadModule(module.FileName, module.BaseAddress, module.Size);
                        return false;
                    }

                    return true;
                });

            SectionView view = section.MapView((int)ntdllFileHandle.GetSize());

            ntdllFileHandle.Dispose();

            symbols.EnumSymbols("ntdll!Zw*", (symbol) =>
                {
                    int number = Marshal.ReadInt32(
                        (symbol.Address.ToIntPtr().Decrement(ntdllBase)).Increment(view.Memory).Increment(1));

                    _sysCallNames.Add(
                        number,
                        "Nt" + symbol.Name.Substring(2)
                        );

                    return true;
                });

            view.Dispose();
            section.Dispose();

            symbols.Dispose();

            KProcessHacker.Instance = new KProcessHacker();

            _logger = new SsLogger(4096, false);
            _logger.EventBlockReceived += new EventBlockReceivedDelegate(logger_EventBlockReceived);
            _logger.ArgumentBlockReceived += new ArgumentBlockReceivedDelegate(logger_ArgumentBlockReceived);
            _logger.AddPreviousModeRule(FilterType.Include, KProcessorMode.UserMode);
            _logger.AddProcessIdRule(FilterType.Exclude, ProcessHandle.GetCurrentId());

            listEvents.SetDoubleBuffered(true);
        }