private void SetupCallbacks(TraceElements elements)
{
if (elements.HasFlag(TraceElements.Process))
{
_parser.ProcessStart += OnProcessStart;
if (_includeInit)
{
_parser.ProcessDCStart += OnProcessDCStart;
_parser.ProcessDCStop += obj => ProcessTrace?.Invoke((ProcessTraceData)obj.Clone(), EventType.ProcessExited);
}
_parser.ProcessStop += OnProcessStop;
}
if (elements.HasFlag(TraceElements.Thread))
{
_parser.ThreadStart += OnThreadStart;
_parser.ThreadStop += OnThreadStop;
}
if (elements.HasFlag(TraceElements.Registry))
{
_parser.RegistryCreate += OnRegistryCreate;
_parser.RegistryOpen += obj => RegistryTrace?.Invoke((RegistryTraceData)obj.Clone(), EventType.RegistryOpenKey);
}
}
private void OnRegistryCreate(RegistryTraceData obj)
{
RegistryTrace?.Invoke((RegistryTraceData)obj.Clone(), EventType.RegistryCreateKey);
}