/// <nodoc />
public static ProcessExecutionMonitoringReportedEvent ToProcessExecutionMonitoringReportedEvent(this ProcessExecutionMonitoringReportedEventData data, uint workerID, PathTable pathTable, NameExpander nameExpander)
{
var processExecutionMonitoringReportedEvent = new ProcessExecutionMonitoringReportedEvent
{
WorkerID = workerID,
PipID = data.PipId.Value
};
processExecutionMonitoringReportedEvent.ReportedProcesses.AddRange(
data.ReportedProcesses.Select(rp => rp.ToReportedProcess()));
processExecutionMonitoringReportedEvent.ReportedFileAccesses.AddRange(
data.ReportedFileAccesses.Select(reportedFileAccess => reportedFileAccess.ToReportedFileAccess(pathTable, nameExpander)));
processExecutionMonitoringReportedEvent.AllowlistedReportedFileAccesses.AddRange(
data.AllowlistedReportedFileAccesses.Select(
allowListReportedFileAccess => allowListReportedFileAccess.ToReportedFileAccess(pathTable, nameExpander)));
foreach (var processDetouringStatus in data.ProcessDetouringStatuses)
{
processExecutionMonitoringReportedEvent.ProcessDetouringStatuses.Add(new Xldb.Proto.ProcessDetouringStatusData()
{
ProcessID = processDetouringStatus.ProcessId,
ReportStatus = processDetouringStatus.ReportStatus,
ProcessName = processDetouringStatus.ProcessName,
StartApplicationName = processDetouringStatus.StartApplicationName,
StartCommandLine = processDetouringStatus.StartCommandLine,
NeedsInjection = processDetouringStatus.NeedsInjection,
IsCurrent64BitProcess = processDetouringStatus.IsCurrent64BitProcess,
IsCurrentWow64Process = processDetouringStatus.IsCurrentWow64Process,
IsProcessWow64 = processDetouringStatus.IsProcessWow64,
NeedsRemoteInjection = processDetouringStatus.NeedsRemoteInjection,
Job = processDetouringStatus.Job,
DisableDetours = processDetouringStatus.DisableDetours,
CreationFlags = processDetouringStatus.CreationFlags,
Detoured = processDetouringStatus.Detoured,
Error = processDetouringStatus.Error,
CreateProcessStatusReturn = processDetouringStatus.CreateProcessStatusReturn
});
}
return(processExecutionMonitoringReportedEvent);
}
/// <nodoc />
public static ProcessExecutionMonitoringReportedEvent ToProcessExecutionMonitoringReportedEvent(this ProcessExecutionMonitoringReportedEventData data, uint workerID, PathTable pathTable)
{
var processExecutionMonitoringReportedEvent = new ProcessExecutionMonitoringReportedEvent
{
WorkerID = workerID,
PipID = data.PipId.Value
};
processExecutionMonitoringReportedEvent.ReportedProcesses.AddRange(
data.ReportedProcesses.Select(rp => rp.ToReportedProcess()));
processExecutionMonitoringReportedEvent.ReportedFileAccesses.AddRange(
data.ReportedFileAccesses.Select(reportedFileAccess => reportedFileAccess.ToReportedFileAccess(pathTable)));
processExecutionMonitoringReportedEvent.WhitelistedReportedFileAccesses.AddRange(
data.WhitelistedReportedFileAccesses.Select(
whiteListReportedFileAccess => whiteListReportedFileAccess.ToReportedFileAccess(pathTable)));
foreach (var processDetouringStatus in data.ProcessDetouringStatuses)
{
processExecutionMonitoringReportedEvent.ProcessDetouringStatuses.Add(new ProcessDetouringStatusData()
{
ProcessID = processDetouringStatus.ProcessId,
ReportStatus = processDetouringStatus.ReportStatus,
ProcessName = processDetouringStatus.ProcessName,
StartApplicationName = processDetouringStatus.StartApplicationName,
StartCommandLine = processDetouringStatus.StartCommandLine,
NeedsInjection = processDetouringStatus.NeedsInjection,
Job = processDetouringStatus.Job,
DisableDetours = processDetouringStatus.DisableDetours,
CreationFlags = processDetouringStatus.CreationFlags,
Detoured = processDetouringStatus.Detoured,
Error = processDetouringStatus.Error
});
}
return(processExecutionMonitoringReportedEvent);
}
