#include "panoptes_trace.h"

Functions
	TRACELOGGING_DEFINE_PROVIDER (g_hPanoCommonProvider, "Panoptes",(0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6))

void	TraceInit ()

void	TraceUninit ()

void	Log_MailSlotOpen (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
	Log a mail slot open event.

void	Log_MailSlotCreate (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
	Log a mail slot create event.

void	Log_NamedPipeCreate (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
	Log a named pipe create event.

void	Log_NamedPipeOpen (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
	Log a named pipe open event.

void	Log_FileCreated (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
	Log a file create event.

void	Log_FileOpen (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
	Log a file open event.

void	Log_FileOverwritten (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
	Log a file overwrite event.

void	Log_FileRead (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
	Log a file read event.

void	Log_FileWrite (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
	Log a file write event.

void	Log_FileSuperseded (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
	Log a file superseded event.

Function Documentation

◆ Log_FileCreated()

void Log_FileCreated	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName,
		BOOLEAN	Oplocked
	)

Log a file create event.

Parameters

ProcessId	The ID of the process that created the file
ThreadId	The ID of the thread that created the file
FileName	The name of the file
Oplocked	Whether the file is oplocked

Definition at line 94 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "FileCreated",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "FileName"),
        TraceLoggingBool(Oplocked, "Oplocked"));
}

Referenced by FileCreationStatus(), and main().

◆ Log_FileOpen()

void Log_FileOpen	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName,
		BOOLEAN	Oplocked
	)

Log a file open event.

Parameters

ProcessId	The ID of the process that opened the file
ThreadId	The ID of the thread that opened the file
FileName	The name of the file
Oplocked	Whether the file is oplocked

Definition at line 113 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "FileOpened",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "FileName"),
        TraceLoggingBool(Oplocked, "Oplocked"));
}

Referenced by FileCreationStatus().

◆ Log_FileOverwritten()

void Log_FileOverwritten	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName
	)

Log a file overwrite event.

Parameters

ProcessId	The ID of the process that overwrote the file
ThreadId	The ID of the thread that overwrote the file
FileName	The name of the file

Definition at line 131 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "FileOverwritten",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "FileName"));
}

Referenced by FileCreationStatus().

◆ Log_FileRead()

void Log_FileRead	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName,
		LARGE_INTEGER	FileOffset,
		ULONG	ReadLength,
		BOOLEAN	Compressed
	)

Log a file read event.

Parameters

ProcessId	The ID of the process that read the file
ThreadId	The ID of the thread that read the file
FileName	The name of the file
FileOffset	The offset of the file
ReadLength	The length of the read
Compressed	Whether the file is compressed

Definition at line 150 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "FileRead",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "FileName"),
        TraceLoggingULong(ReadLength, "ReadLength"),
        TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
        TraceLoggingBoolean(Compressed, "CompressedFile"));
}

Referenced by FileReadStatus().

◆ Log_FileSuperseded()

void Log_FileSuperseded	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName
	)

Log a file superseded event.

Parameters

ProcessId	The ID of the process that superseded the file
ThreadId	The ID of the thread that superseded the file
FileName	The name of the file

Definition at line 197 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "FileSuperseded",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "FileName"));
}

Referenced by FileCreationStatus().

◆ Log_FileWrite()

void Log_FileWrite	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName,
		LARGE_INTEGER	FileOffset,
		ULONG	ReadLength,
		BOOLEAN	Compressed
	)

Log a file write event.

Parameters

ProcessId	The ID of the process that wrote the file
ThreadId	The ID of the thread that wrote the file
FileName	The name of the file
FileOffset	The offset of the file
ReadLength	The length of the write
Compressed	Whether the file is compressed

Definition at line 175 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "FileWrite",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "FileName"),
        TraceLoggingULong(ReadLength, "WriteLength"),
        TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
        TraceLoggingBoolean(Compressed, "CompressedFile"));
}

Referenced by FileWriteStatus().

◆ Log_MailSlotCreate()

void Log_MailSlotCreate	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName
	)

Log a mail slot create event.

Parameters

ProcessId	The ID of the process that created the mail slot
ThreadId	The ID of the thread that created the mail slot
FileName	The name of the mail slot

Definition at line 40 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "MailSlotCreate",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "MailSlotName"));
}

Referenced by MailSlotStatus().

◆ Log_MailSlotOpen()

void Log_MailSlotOpen	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName
	)

Log a mail slot open event.

Parameters

ProcessId	The ID of the process that opened the mail slot
ThreadId	The ID of the thread that opened the mail slot
FileName	The name of the mail slot

Definition at line 24 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "MailSlotOpen",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "MailSlotName"));
}

Referenced by MailSlotStatus().

◆ Log_NamedPipeCreate()

void Log_NamedPipeCreate	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName
	)

Log a named pipe create event.

Parameters

ProcessId	The ID of the process that created the named pipe
ThreadId	The ID of the thread that created the named pipe
FileName	The name of the named pipe

Definition at line 58 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "NamedPipeCreate",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "NamedPipeName"));
}

Referenced by NamedPipeStatus().

◆ Log_NamedPipeOpen()

void Log_NamedPipeOpen	(	HANDLE	ProcessId,
		HANDLE	ThreadId,
		PWCH	FileName
	)

Log a named pipe open event.

Parameters

ProcessId	The ID of the process that opened the named pipe
ThreadId	The ID of the thread that opened the named pipe
FileName	The name of the named pipe

Definition at line 74 of file panoptes_trace.cpp.

{
    TraceLoggingWrite(g_hPanoCommonProvider, "NamedPipeOpen",
        TraceLoggingValue(ProcessId, "SourceProcessId"),
        TraceLoggingValue(ThreadId, "SourceThreadId"),
        TraceLoggingWideString(FileName, "NamedPipeName"));
}

Referenced by NamedPipeStatus().

◆ TraceInit()

void TraceInit ( )

Definition at line 8 of file panoptes_trace.cpp.

{
    TraceLoggingRegister(g_hPanoCommonProvider);
}

Referenced by DriverEntry(), and main().

◆ TRACELOGGING_DEFINE_PROVIDER()

TRACELOGGING_DEFINE_PROVIDER	(	g_hPanoCommonProvider	,
		"Panoptes"	,
		(0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6)
	)

◆ TraceUninit()

void TraceUninit ( )

Definition at line 13 of file panoptes_trace.cpp.

{
    TraceLoggingUnregister(g_hPanoCommonProvider);
}

Referenced by UnloadPanoptes().

Functions

Function Documentation

◆ Log_FileCreated()

◆ Log_FileOpen()

◆ Log_FileOverwritten()

◆ Log_FileRead()

◆ Log_FileSuperseded()

◆ Log_FileWrite()

◆ Log_MailSlotCreate()

◆ Log_MailSlotOpen()

◆ Log_NamedPipeCreate()

◆ Log_NamedPipeOpen()

◆ TraceInit()

◆ TRACELOGGING_DEFINE_PROVIDER()

◆ TraceUninit()