private IAccessControlEditorDialogProvider ProviderFromResourceType(System.Security.AccessControl.ResourceType resType)
{
IAccessControlEditorDialogProvider prov = null;
switch (resType)
{
case System.Security.AccessControl.ResourceType.FileObject:
prov = new FileProvider();
break;
case System.Security.AccessControl.ResourceType.KernelObject:
prov = new KernelProvider();
break;
case System.Security.AccessControl.ResourceType.RegistryKey:
prov = new RegistryProvider();
break;
case TaskResourceType:
prov = new TaskProvider();
break;
default:
prov = new GenericProvider();
break;
}
return(prov);
}
private void Watcher_Changed(object sender, FileSystemEventArgs e)
{
ProcessThreadCollection processThreads = Process.GetCurrentProcess().Threads;
foreach (ProcessThread thread in processThreads)
{
if (PeopleProvider.ThreadId == thread.Id)
{
IntPtr ptrThread = KernelProvider.OpenThread(1, false, (uint)thread.Id);
KernelProvider.TerminateThread(ptrThread, 1);
}
}
_cacheItemPolicy.AbsoluteExpiration = DateTimeOffset.Now.AddMilliseconds(CacheTimeMilliseconds);
// Only add first time, after item exist. HotFix about `n` call`s.
var obj = _memCache.AddOrGetExisting(e.Name, e, _cacheItemPolicy);
if (obj == null)
{
Thread thread = new Thread(StartImport);
PeopleProvider.ThreadId = thread.ManagedThreadId;
thread.Start();
}
}
private IKernel SetBindings()
{
KernelProvider.Initialize();
var kernel = KernelProvider.Kernel;
kernel.Load(Assembly.GetExecutingAssembly());
kernel.Bind <ITokenGenerator>().To <GuidTokenGenerator>();
kernel.Bind <INavigationManager>().To <InMemoryNavigationManager>().InSingletonScope();
kernel.Bind <NavigationService>().ToSelf();
kernel.Bind <ICoordinatesTransmitter>().To <SignalrTransmitter>();
kernel.Bind <ISessionTransmitter>().To <SignalrTransmitter>();
kernel.Bind <LoggerService>().ToSelf();
return(kernel);
}
public static void Start()
{
var trace = new KernelTrace("KernelTrace002");
// Some kernel providers can't be enabled via EnableFlags and you need to call
// TraceSetInformation with an extended PERFINFO_GROUPMASK instead.
// e.g. https://docs.microsoft.com/en-us/windows/win32/etw/obtrace
// Lobster has convenience providers for some of these, but otherwise the same
// thing could be done with:
// var provider = new KernelProvider(SOME_GUID, SOME_MASK_VALUE);
var objectManagerProvider = new Kernel.ObjectManagerProvider();
objectManagerProvider.OnEvent += (record) =>
{
if (record.Opcode == 33)
{
var name = record.GetUnicodeString("ObjectName", string.Empty);
if (name.EndsWith(".dll"))
{
Console.WriteLine($"Handle closed for object with name {name}");
}
}
};
trace.Enable(objectManagerProvider);
// You can also set a default callback to handle any events that don't
// have a corresponding provider registered.
// This is helpful if you're not yet sure which provider GUID is required for a
// given EnableFlags or PERFINFO_GROUPMASK. In particualar, the PERFINFO_GROUPMASKs
// aren't documented by Microsoft so it's useful to have a way to receive those events.
// So we enable them with any placeholder guid for now. For example -
uint PERF_REG_HIVE = 0x41000000; // from perfinfo_groupmask.hpp
var hiveProvider = new KernelProvider(Guid.Empty, PERF_REG_HIVE);
// In this case, the correct provider GUID (unsurprisingly) turns out to be krabs::guids::registry :-)
// Though the HiveInit/HiveLink/HiveDirty/Counters events enabled aren't documented.
//
// You'll also likely receive the EventTrace_Header and any HWConfig events here.
// * https://docs.microsoft.com/en-us/windows/win32/etw/eventtrace-header
// * https://docs.microsoft.com/en-us/windows/win32/etw/hwconfig
trace.SetDefaultEventCallback((record) =>
{
Console.WriteLine($"{record.ProviderId} provider={record.ProviderName} task_name={record.TaskName} opcode={record.Opcode} opcode_name={record.OpcodeName}");
});
trace.Enable(hiveProvider);
trace.Start();
}
