示例#1
0
        public ListViewItem FormatRegistryMessage(FilterAPI.MessageSendData messageSend)
        {
            ListViewItem lvItem = new ListViewItem();

            try
            {
                string userName    = string.Empty;
                string processName = string.Empty;

                FilterAPI.DecodeUserName(messageSend.Sid, out userName);
                FilterAPI.DecodeProcessName(messageSend.ProcessId, out processName);

                string[] listData = new string[listView_Message.Columns.Count];
                int      col      = 0;
                listData[col++] = messageSend.MessageId.ToString();
                listData[col++] = FormatDateTime(messageSend.TransactionTime);
                listData[col++] = userName;
                listData[col++] = processName + "  (" + messageSend.ProcessId + ")";
                listData[col++] = messageSend.ThreadId.ToString();
                listData[col++] = GetRegCallbackClassName(messageSend);
                listData[col++] = messageSend.FileName;
                listData[col++] = FilterMessage.FormatStatus(messageSend.Status);
                listData[col++] = RegistryHandler.FormatDescription(messageSend);

                lvItem = new ListViewItem(listData, 0);

                if (messageSend.Status >= (uint)NtStatus.Status.Error)
                {
                    lvItem.BackColor = Color.LightGray;
                    lvItem.ForeColor = Color.Red;
                }
                else if (messageSend.Status > (uint)NtStatus.Status.Warning)
                {
                    lvItem.BackColor = Color.LightGray;
                    lvItem.ForeColor = Color.Yellow;
                }


                if (GlobalConfig.EnableLogTransaction)
                {
                    FilterMessage.LogTrasaction(listData);
                }

                AddItemToList(lvItem);
            }
            catch (Exception ex)
            {
                EventManager.WriteMessage(445, "GetFilterMessage", EventLevel.Error, "Add callback message failed." + ex.Message);
                lvItem = null;
            }

            return(lvItem);
        }
示例#2
0
        public ListViewItem FormatProcessInfo(FilterAPI.PROCESS_INFO processInfo)
        {
            ListViewItem lvItem = new ListViewItem();

            try
            {
                string userName = string.Empty;
                FilterAPI.DecodeUserName(processInfo.Sid, out userName);

                string[] listData = new string[listView_Message.Columns.Count];
                int      col      = 0;
                listData[col++] = processInfo.MessageId.ToString();
                listData[col++] = ((FilterAPI.FilterCommand)processInfo.MessageType).ToString();
                listData[col++] = userName;
                listData[col++] = processInfo.ImageFileName + "  (" + processInfo.ProcessId + ")";
                listData[col++] = processInfo.ThreadId.ToString();
                listData[col++] = FormatDescription(processInfo);

                lvItem = new ListViewItem(listData, 0);

                if (processInfo.Status >= (uint)NtStatus.Status.Error)
                {
                    lvItem.BackColor = Color.LightGray;
                    lvItem.ForeColor = Color.Red;
                }
                else if (processInfo.Status > (uint)NtStatus.Status.Warning)
                {
                    lvItem.BackColor = Color.LightGray;
                    lvItem.ForeColor = Color.Yellow;
                }


                if (GlobalConfig.EnableLogTransaction)
                {
                    FilterMessage.LogTrasaction(listData);
                }

                AddItemToList(lvItem);
            }
            catch (Exception ex)
            {
                EventManager.WriteMessage(445, "GetFilterMessage", EventLevel.Error, "Add callback message failed." + ex.Message);
                lvItem = null;
            }

            return(lvItem);
        }