private void OrderProcessArtifacts()
{
Dictionary <ulong, ProcessArtifact> paList = new Dictionary <ulong, ProcessArtifact>();
List <ProcessArtifact> processList = new List <ProcessArtifact>();
foreach (ArtifactBase artifact in _artifacts)
{
ProcessArtifact pa = artifact as ProcessArtifact;
if (pa == null || pa.LinkedProcess == null)
{
continue;
}
paList.Add(pa.LinkedProcess.Pid, pa);
processList.Add(pa);
}
// check for parent
ProcessArtifact parent;
foreach (ProcessArtifact pa in processList)
{
if (paList.TryGetValue(pa.LinkedProcess.ParentPid, out parent))
{
if (pa.LinkedProcess.ParentPid != 0)
{
pa.Parent = parent;
}
}
}
// do I need to check for children now?
NotifyPropertyChange("Processes");
}
/// <summary>
/// This function gets called everytime something gets selected in the tree view
/// First do a check to see if the selected item is the currently selected item
/// </summary>
/// <param name="selectedArtifact"></param>
public void UpdateDetails(ArtifactBase selectedArtifact)
{
if (selectedArtifact == null || selectedArtifact == _activeArtifact)
{
return;
}
_activeArtifact = selectedArtifact;
RootArtifact ra = _activeArtifact as RootArtifact;
if (ra != null)
{
CurrentDetailsViewModelHint = "root";
_processInfoDictionary.Clear();
NotifyPropertyChange("CurrentDetailsViewModel"); // this forces the set property / INotifyPropertyCHange CurrentHexViewerContent CurrentDetailsViewModel
return;
}
ProcessArtifact pa = _activeArtifact as ProcessArtifact;
if (pa != null)
{
CurrentDetailsViewModelHint = "process";
_processInfoDictionary.Clear();
UpdateProcessInfoDictionary(pa.LinkedProcess);
_selectedProcess = pa.LinkedProcess;
NotifyPropertyChange("CurrentDetailsViewModel");
return;
}
}
private ArtifactBase AddArtifact(ArtifactType type, string name, bool selected = false, ArtifactBase parent = null)
{
ArtifactBase artifact;
switch (type)
{
case ArtifactType.Root:
artifact = new RootArtifact();
break;
case ArtifactType.Process:
artifact = new ProcessArtifact();
break;
default:
return(null);
}
artifact.Name = name;
artifact.Parent = parent;
artifact.IsExpanded = false;
artifact.IsSelected = selected;
lock (AccessLock)
{
_artifacts.Add(artifact);
}
NotifyPropertyChange("TreeItems"); // this forces the set property / INotifyPropertyCHange
NotifyPropertyChange("Processes");
return(artifact);
}
private void AddProcess(ProcessInfo process)
{
lock (AccessLock)
{
_processList.Add(process);
}
_rootArtifact.IsExpanded = true;
ProcessArtifact pa = AddArtifact(ArtifactType.Process, process.ProcessName, false, _rootArtifact) as ProcessArtifact;
pa.LinkedProcess = process;
}
private void AddOrUpdateAttribute(string name, object value)
{
IProcessArtifact attribute = null;
try
{
attribute = this.GetAttribute(name);
}
catch (Exception exception) { }
finally { }// [NOTE] - no need to handle exception; this is a guard;
if (attribute != null)
{
this.Attributes.TryRemove(name, out attribute); // delete existing attribute to remake it; simpler than updating generic types;
}
this.Attributes.TryAdd(name, ProcessArtifact.Create(name, value));
}