public void analyzeData(Dictionary <int, List <SessionData> > debugList = null) { foreach (var process in StateManager.monitored_processes.ToList()) { List <SessionData> somedata = ETWwrapper.getData(process.process.Id); if (somedata.Count > 0) { process.data_processor.Append(somedata); process.disconnected = somedata.LastOrDefault().disconnected; process.suspicious = somedata.LastOrDefault().suspicious; ClientProcessDTO newData = new ClientProcessDTO() { processID = process.process.Id, alias = process.alias, disconnected = somedata.LastOrDefault().disconnected, suspicious = somedata.LastOrDefault().suspicious, timestamp = somedata.LastOrDefault().timestamp, processStarted = process.process.StartTime, monitorStartTime = process.monitorStartTime }; StateManager.addData(newData); if (debugList != null) { // only passed for debugging if (!debugList.ContainsKey(newData.processID)) { debugList[newData.processID] = new List <SessionData>(); } //debugList[newData.processID][typeof(SessionData)] = somedata; foreach (var data in somedata) { debugList[process.process.Id].Add(data); } } } else { ClientProcessDTO newData = new ClientProcessDTO() { processID = process.process.Id, alias = process.alias, suspicious = true, timestamp = DateTime.Now, processStarted = process.process.StartTime, monitorStartTime = process.monitorStartTime }; StateManager.addData(newData); } } ETWwrapper.rotate(); }
public bool publishActiveProcesses(List <int> processIdToInclude = null) { Process[] localAll = Process.GetProcessesByName(StateManager.m_config.ProcessName); bool monitoredProcessesChanged = false; lock (StateManager.monitoredProcessesMutex) { // remove dead processes foreach (var monitored_process in StateManager.monitored_processes.ToList()) { bool monitored_process_is_alive = false; // clear processes that are not exist anymore foreach (var process_ in localAll) { if (process_.Id == monitored_process.process.Id) { // process still alive monitored_process_is_alive = true; break; } } if (!monitored_process_is_alive) { // monitored process is dead, should remove it from list ETWwrapper.removeProcess(monitored_process.process.Id); StateManager.monitored_processes.Remove(monitored_process); monitoredProcessesChanged = true; } } foreach (var process in localAll) { bool isMonitored = false; foreach (var monitored_process in StateManager.monitored_processes.ToList()) { if (process.Id == monitored_process.process.Id) { // this process already monitored skip isMonitored = true; break; } } if (isMonitored) { //this process already monitored continue to next process continue; } if (processIdToInclude == null || (processIdToInclude != null && processIdToInclude.Contains(process.Id))) { // this is a new process which we should add to the list to monitor P_Process monitoredProcess = new P_Process(); monitoredProcess.doMonitor = true; monitoredProcess.process = process; monitoredProcess.monitorStartTime = DateTime.Now; monitoredProcess.data_processor = new DataProcessor(process.Id); StateManager.monitored_processes.Add(monitoredProcess); ETWwrapper.addProcess(process.Id); //sort the monitored processes according to their start time StateManager.monitored_processes.Sort((x, y) => x.process.StartTime.CompareTo(y.process.StartTime)); monitoredProcessesChanged = true; } } } return(monitoredProcessesChanged); }
public void run() { ETWwrapper.start(); }