internal void CreateFileScanOperation(AMFilter_FileScanArgsTraceData data) { // If we can't get the process or thread index, bail. ProcessIndex processIndex = data.Process().ProcessIndex; if (processIndex == ProcessIndex.Invalid) { return; } ThreadIndex threadIndex = data.Thread().ThreadIndex; if (threadIndex == ThreadIndex.Invalid) { return; } // Get the process container. Dictionary <ThreadIndex, FileScanOperation> processContainer = GetOrCreateProcessContainer(processIndex); // Create a new file scan operation. // This happens when the scan is requested inside the user process. FileScanOperation scan = new FileScanOperation() { File = data.FileName, Reason = data.Reason, RequestorStack = _stackSource.GetCallStack(data.CallStackIndex(), data) }; processContainer[threadIndex] = scan; }
protected internal override void EnumerateTemplates(Func <string, string, EventFilterResponse> eventsToObserve, Action <TraceEvent> callback) { if (s_templates == null) { var templates = new TraceEvent[4]; templates[0] = new AMFilter_CacheRemoveArgsTraceData(null, 2, 2, "AMFilter_CacheRemove", Guid.Empty, 0, "", ProviderGuid, ProviderName); templates[1] = new AMFilter_TrustedProcessArgsTraceData(null, 7, 7, "AMFilter_TrustedProcess", Guid.Empty, 0, "", ProviderGuid, ProviderName); templates[2] = new AMFilter_ProcessContextArgsTraceData(null, 8, 8, "AMFilter_ProcessContext", Guid.Empty, 0, "", ProviderGuid, ProviderName); templates[3] = new AMFilter_FileScanArgsTraceData(null, 9, 9, "AMFilter_FileScan", Guid.Empty, 0, "", ProviderGuid, ProviderName); s_templates = templates; } foreach (var template in s_templates) { if (eventsToObserve == null || eventsToObserve(template.ProviderName, template.EventName) == EventFilterResponse.AcceptEvent) { callback(template); } } }