private bool ReportLineReceived(string data) { SandboxedProcessFactory.Counters.IncrementCounter(SandboxedProcessFactory.SandboxedProcessCounters.AccessReportCount); using (SandboxedProcessFactory.Counters.StartStopwatch(SandboxedProcessFactory.SandboxedProcessCounters.HandleAccessReportDuration)) { return(m_reports.ReportLineReceived(data)); } }
private void ReportProcessCreated() { var pidHex = Process.Id.ToString("X"); var fileAccess = (int)ReportType.FileAccess; var pipIdHex = PipId.ToString("X"); var desiredAccessHex = DesiredAccess.GENERIC_READ.ToString("X"); var dispositionHex = CreationDisposition.OPEN_EXISTING.ToString("X"); var procArgs = ProcessInfo.FileAccessManifest.ReportProcessArgs ? I($"{ProcessInfo.FileName} {ProcessInfo.Arguments}") : string.Empty; var reportLine = I($"{fileAccess},Process:{pidHex}|1|1|0|0|{pipIdHex}|{desiredAccessHex}|0|{dispositionHex}|0|0|{ProcessInfo.FileName}||{procArgs}"); m_reports.ReportLineReceived(reportLine); }