private void SetupCallbacks(TraceElements elements)
{
if (elements.HasFlag(TraceElements.Process))
{
_parser.ProcessStart += OnProcessStart;
if (_includeInit)
{
_parser.ProcessDCStart += OnProcessDCStart;
_parser.ProcessDCStop += obj => ProcessTrace?.Invoke((ProcessTraceData)obj.Clone(), EventType.ProcessExited);
}
_parser.ProcessStop += OnProcessStop;
}
if (elements.HasFlag(TraceElements.Thread))
{
_parser.ThreadStart += OnThreadStart;
_parser.ThreadStop += OnThreadStop;
}
if (elements.HasFlag(TraceElements.Registry))
{
_parser.RegistryCreate += OnRegistryCreate;
_parser.RegistryOpen += obj => RegistryTrace?.Invoke((RegistryTraceData)obj.Clone(), EventType.RegistryOpenKey);
}
}
private void OnProcessDCStart(ProcessTraceData obj)
{
var data = (ProcessTraceData)obj.Clone();
ProcessTrace?.Invoke(data, EventType.ProcessExists);
}
private void OnProcessStart(ProcessTraceData obj)
{
ProcessTrace?.Invoke((ProcessTraceData)obj.Clone(), EventType.ProcessStart);
}