internal void CreateFileScanOperation(AMFilter_FileScanArgsTraceData data)
{
// If we can't get the process or thread index, bail.
ProcessIndex processIndex = data.Process().ProcessIndex;
if (processIndex == ProcessIndex.Invalid)
{
return;
}
ThreadIndex threadIndex = data.Thread().ThreadIndex;
if (threadIndex == ThreadIndex.Invalid)
{
return;
}
// Get the process container.
Dictionary <ThreadIndex, FileScanOperation> processContainer = GetOrCreateProcessContainer(processIndex);
// Create a new file scan operation.
// This happens when the scan is requested inside the user process.
FileScanOperation scan = new FileScanOperation()
{
File = data.FileName,
Reason = data.Reason,
RequestorStack = _stackSource.GetCallStack(data.CallStackIndex(), data)
};
processContainer[threadIndex] = scan;
}
protected internal override void EnumerateTemplates(Func <string, string, EventFilterResponse> eventsToObserve, Action <TraceEvent> callback)
{
if (s_templates == null)
{
var templates = new TraceEvent[4];
templates[0] = new AMFilter_CacheRemoveArgsTraceData(null, 2, 2, "AMFilter_CacheRemove", Guid.Empty, 0, "", ProviderGuid, ProviderName);
templates[1] = new AMFilter_TrustedProcessArgsTraceData(null, 7, 7, "AMFilter_TrustedProcess", Guid.Empty, 0, "", ProviderGuid, ProviderName);
templates[2] = new AMFilter_ProcessContextArgsTraceData(null, 8, 8, "AMFilter_ProcessContext", Guid.Empty, 0, "", ProviderGuid, ProviderName);
templates[3] = new AMFilter_FileScanArgsTraceData(null, 9, 9, "AMFilter_FileScan", Guid.Empty, 0, "", ProviderGuid, ProviderName);
s_templates = templates;
}
foreach (var template in s_templates)
{
if (eventsToObserve == null || eventsToObserve(template.ProviderName, template.EventName) == EventFilterResponse.AcceptEvent)
{
callback(template);
}
}
}
