public EtwEventCorrelator(EventProvider transferProvider, EventDescriptor transferEvent) { if (transferProvider == null) { throw new ArgumentNullException("transferProvider"); } this._transferProvider = transferProvider; this._transferEvent = transferEvent; }
protected override void Dispose(bool disposing) { if (disposing && (this.m_eventProvider != null)) { this.m_eventProvider.Dispose(); this.m_eventProvider = null; } base.Dispose(disposing); }
private void InitProvider(string providerId) { Guid controlGuid = new Guid(providerId); // // Create The ETW TraceProvider // _provider = new EventProvider(controlGuid); }
protected override void InitializeTarget() { base.InitializeTarget(); // we will create an EventProvider for ETW try { provider = new EventProvider(providerId); } catch (PlatformNotSupportedException) { // sorry :( } }
public DesignerPerfEventProvider() { try { this.provider = new EventProvider(new Guid("{B5697126-CBAF-4281-A983-7851DAF56454}")); } catch (PlatformNotSupportedException) { this.provider = null; } }
public VSDesignerPerfEventProvider() { try { this.provider = new EventProvider(new Guid("{92C79DA3-CA7D-43d6-BF20-BBD15E7A4E49}")); } catch (PlatformNotSupportedException) { this.provider = null; } }
public byte[] CreateManifest() { if (this.channelTab != null) { this.sb.Append(" <channels>").AppendLine(); foreach (int num in this.channelTab.Keys) { this.sb.Append(" <channel name=\"").Append(this.channelTab[num]).Append("\" value=\"").Append(num).Append("\"/>").AppendLine(); } this.sb.Append(" </channels>").AppendLine(); } if (this.taskTab != null) { this.sb.Append(" <tasks>").AppendLine(); foreach (int num2 in this.taskTab.Keys) { Guid guid = EventProvider.GenTaskGuidFromProviderGuid(this.providerGuid, (ushort)num2); this.sb.Append(" <task name=\"").Append(this.taskTab[num2]).Append("\" eventGUID=\"{").Append(guid.ToString()).Append("}").Append("\" value=\"").Append(num2).Append("\"/>").AppendLine(); } this.sb.Append(" </tasks>").AppendLine(); } this.sb.Append(" <opcodes>").AppendLine(); foreach (int num3 in this.opcodeTab.Keys) { this.sb.Append(" <opcode name=\"").Append(this.opcodeTab[num3]).Append("\" value=\"").Append(num3).Append("\"/>").AppendLine(); } this.sb.Append(" </opcodes>").AppendLine(); if (this.keywordTab != null) { this.sb.Append(" <keywords>").AppendLine(); foreach (ulong num4 in this.keywordTab.Keys) { StringBuilder introduced9 = this.sb.Append(" <keyword name=\"").Append(this.keywordTab[num4]).Append("\" mask=\""); introduced9.Append(num4.ToString("x", CultureInfo.InvariantCulture)).Append("\"/>").AppendLine(); } this.sb.Append(" </keywords>").AppendLine(); } this.sb.Append(" <events>").AppendLine(); this.sb.Append(this.events); this.sb.Append(" </events>").AppendLine(); if (this.templates.Length > 0) { this.sb.Append(" <templates>").AppendLine(); this.sb.Append(this.templates); this.sb.Append(" </templates>").AppendLine(); } this.sb.Append("</provider>").AppendLine(); return(Encoding.UTF8.GetBytes(this.sb.ToString())); }
public object RunPowershell(string command) //Based off of SharpSploit. Look in to AMSI bypass research personally { using (PowerShell ps = PowerShell.Create()) { var PSEtwLogProvider = ps.GetType().Assembly.GetType("System.Management.Automation.Tracing.PSEtwLogProvider"); if (PSEtwLogProvider != null) { var EtwProvider = PSEtwLogProvider.GetField("etwProvider", BindingFlags.NonPublic | BindingFlags.Static); var EventProvider = new System.Diagnostics.Eventing.EventProvider(Guid.NewGuid()); EtwProvider.SetValue(null, EventProvider); } ps.AddScript(command); var results = ps.Invoke(); string output = String.Join(Environment.NewLine, results.Select(R => R.ToString()).ToArray()); ps.Commands.Clear(); return(output); } }
public CalculatorServiceEventProvider() { Guid providerId; if (HostingEnvironment.IsHosted) { DiagnosticSection config = (DiagnosticSection)WebConfigurationManager.GetSection(DiagnosticsConfigSectionName); providerId = new Guid(config.EtwProviderId); hostReferenceIsComplete = false; } else { DiagnosticSection config = (DiagnosticSection)ConfigurationManager.GetSection(DiagnosticsConfigSectionName); providerId = new Guid(config.EtwProviderId); hostReference = string.Empty; hostReferenceIsComplete = true; } innerEventProvider = new EventProvider(providerId); errorDescriptor = new EventDescriptor(ErrorEventId, Version, Channel, ErrorLevel, Opcode, Task, Keywords); warningDescriptor = new EventDescriptor(WarningEventId, Version, Channel, WarningLevel, Opcode, Task, Keywords); infoDescriptor = new EventDescriptor(InfoEventId, Version, Channel, InfoLevel, Opcode, Task, Keywords); }
static WcfEvents() { _provider = new EventProvider(new Guid("83093276-1f35-45a2-8b19-6964cc85c70f")); _startRequest = new EventDescriptor(1, 0, 0, 4, 0, 0, 1); _endRequest = new EventDescriptor(2, 0, 0, 4, 0, 0, 1); }
public OrchestrationEtwListener(string guid) { Guid providerGuid = new Guid(guid); this.m_eventProvider = new EventProvider(providerGuid); }
private EventProvider GetProvider() { if (this.currentProvider == null) { lock (syncLock) { if (this.currentProvider != null) { return this.currentProvider; } if (providers.ContainsKey(this.ProviderId)) { this.currentProvider = providers[this.ProviderId]; } else { this.currentProvider = new EventProvider(this.ProviderId); providers[this.ProviderId] = this.currentProvider; } } } return this.currentProvider; }
public EventWriteInputGenerator(EventSize size) : base(size) { _provider = new EventProvider(new Guid("3838EF9A-CB6F-4A1C-9033-84C0E8EBF5A7")); _descriptor = new EventDescriptor((ushort)size, 0, 0, 4, 0, 0, 1); }
private EventProvider GetProvider() { if (currentProvider != null) return currentProvider; lock (syncLock) { if (currentProvider != null) return currentProvider; if (!providers.TryGetValue(ProviderId, out currentProvider)) { currentProvider = new EventProvider(ProviderId); providers[ProviderId] = currentProvider; } } return currentProvider; }
public BackgroundDispatcher(EventProvider transferProvider, EventDescriptor transferEvent) : this(new EtwActivityReverterMethodInvoker(new EtwEventCorrelator(transferProvider, transferEvent))) { }
private void InitProvider(string providerId) { Guid providerGuid = new Guid(providerId); this.m_provider = new EventProvider(providerGuid); }
private void InitProvider(string providerId) { Guid providerGuid = new Guid(providerId); this.m_provider = new EventProvider(providerGuid); }
/// <summary> /// Class constructor /// </summary> static PSEtwLogProvider() { etwProvider = new EventProvider(new Guid(PowerShellEventProviderGuid)); }
/// <summary> /// ProcessRecord /// </summary> protected override void ProcessRecord() { using (EventProvider provider = new EventProvider(_providerMetadata.Id)) { EventDescriptor ed = _eventDescriptor.Value; if (_payload != null && _payload.Length > 0) { for (int i = 0; i < _payload.Length; i++) { if (_payload[i] == null) { _payload[i] = string.Empty; } } provider.WriteEvent(ref ed, _payload); } else { provider.WriteEvent(ref ed); } } base.ProcessRecord(); }
private void InitProvider(string providerId) { Guid controlGuid = new Guid(providerId); // // Create The ETW TraceProvider // _provider = new EventProvider(controlGuid); }
protected override void ProcessRecord() { using (EventProvider provider = new EventProvider(this.providerMetadata.Id)) { EventDescriptor eventDescriptor = this.eventDescriptor.Value; if ((this.payload != null) && (this.payload.Length > 0)) { for (int i = 0; i < this.payload.Length; i++) { if (this.payload[i] == null) { this.payload[i] = string.Empty; } } provider.WriteEvent(ref eventDescriptor, this.payload); } else { provider.WriteEvent(ref eventDescriptor, new object[0]); } } base.ProcessRecord(); }