Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
panoptes_trace.cpp
Go to the documentation of this file.
1#include "panoptes_trace.h"
2
3#pragma region TraceLogging Initialization
4// {7036AF95-9DAF-4486-8D93-7005D45A6A06}
5TRACELOGGING_DEFINE_PROVIDER(g_hPanoCommonProvider, "Panoptes",
6 (0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6));
7
8void TraceInit()
9{
10 TraceLoggingRegister(g_hPanoCommonProvider);
11}
12
13void TraceUninit()
14{
15 TraceLoggingUnregister(g_hPanoCommonProvider);
16}
17#pragma endregion
18
19#pragma region Mail Slot Operations
24void Log_MailSlotOpen(
25 HANDLE ProcessId,
26 HANDLE ThreadId,
27 PWCH FileName
28)
29{
30 TraceLoggingWrite(g_hPanoCommonProvider, "MailSlotOpen",
31 TraceLoggingValue(ProcessId, "SourceProcessId"),
32 TraceLoggingValue(ThreadId, "SourceThreadId"),
33 TraceLoggingWideString(FileName, "MailSlotName"));
34}
35
40void Log_MailSlotCreate(
41 HANDLE ProcessId,
42 HANDLE ThreadId,
43 PWCH FileName
44)
45{
46 TraceLoggingWrite(g_hPanoCommonProvider, "MailSlotCreate",
47 TraceLoggingValue(ProcessId, "SourceProcessId"),
48 TraceLoggingValue(ThreadId, "SourceThreadId"),
49 TraceLoggingWideString(FileName, "MailSlotName"));
50}
51#pragma endregion
52
53#pragma region Named Pipe Operations
58void Log_NamedPipeCreate(
59 HANDLE ProcessId,
60 HANDLE ThreadId,
61 PWCH FileName
62)
63{
64 TraceLoggingWrite(g_hPanoCommonProvider, "NamedPipeCreate",
65 TraceLoggingValue(ProcessId, "SourceProcessId"),
66 TraceLoggingValue(ThreadId, "SourceThreadId"),
67 TraceLoggingWideString(FileName, "NamedPipeName"));
68}
69
74void Log_NamedPipeOpen(
75 HANDLE ProcessId,
76 HANDLE ThreadId,
77 PWCH FileName
78)
79{
80 TraceLoggingWrite(g_hPanoCommonProvider, "NamedPipeOpen",
81 TraceLoggingValue(ProcessId, "SourceProcessId"),
82 TraceLoggingValue(ThreadId, "SourceThreadId"),
83 TraceLoggingWideString(FileName, "NamedPipeName"));
84}
85#pragma endregion
86
87#pragma region File Operations
88
94void Log_FileCreated(
95 HANDLE ProcessId,
96 HANDLE ThreadId,
97 PWCH FileName,
98 BOOLEAN Oplocked
99)
100{
101 TraceLoggingWrite(g_hPanoCommonProvider, "FileCreated",
102 TraceLoggingValue(ProcessId, "SourceProcessId"),
103 TraceLoggingValue(ThreadId, "SourceThreadId"),
104 TraceLoggingWideString(FileName, "FileName"),
105 TraceLoggingBool(Oplocked, "Oplocked"));
106}
107
113void Log_FileOpen(
114 HANDLE ProcessId,
115 HANDLE ThreadId,
116 PWCH FileName,
117 BOOLEAN Oplocked
118)
119{
120 TraceLoggingWrite(g_hPanoCommonProvider, "FileOpened",
121 TraceLoggingValue(ProcessId, "SourceProcessId"),
122 TraceLoggingValue(ThreadId, "SourceThreadId"),
123 TraceLoggingWideString(FileName, "FileName"),
124 TraceLoggingBool(Oplocked, "Oplocked"));
125}
126
131void Log_FileOverwritten(
132 HANDLE ProcessId,
133 HANDLE ThreadId,
134 PWCH FileName
135)
136{
137 TraceLoggingWrite(g_hPanoCommonProvider, "FileOverwritten",
138 TraceLoggingValue(ProcessId, "SourceProcessId"),
139 TraceLoggingValue(ThreadId, "SourceThreadId"),
140 TraceLoggingWideString(FileName, "FileName"));
141}
142
150void Log_FileRead(
151 HANDLE ProcessId,
152 HANDLE ThreadId,
153 PWCH FileName,
154 LARGE_INTEGER FileOffset,
155 ULONG ReadLength,
156 BOOLEAN Compressed
157)
158{
159 TraceLoggingWrite(g_hPanoCommonProvider, "FileRead",
160 TraceLoggingValue(ProcessId, "SourceProcessId"),
161 TraceLoggingValue(ThreadId, "SourceThreadId"),
162 TraceLoggingWideString(FileName, "FileName"),
163 TraceLoggingULong(ReadLength, "ReadLength"),
164 TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
165 TraceLoggingBoolean(Compressed, "CompressedFile"));
166}
167
175void Log_FileWrite(
176 HANDLE ProcessId,
177 HANDLE ThreadId,
178 PWCH FileName,
179 LARGE_INTEGER FileOffset,
180 ULONG ReadLength,
181 BOOLEAN Compressed
182)
183{
184 TraceLoggingWrite(g_hPanoCommonProvider, "FileWrite",
185 TraceLoggingValue(ProcessId, "SourceProcessId"),
186 TraceLoggingValue(ThreadId, "SourceThreadId"),
187 TraceLoggingWideString(FileName, "FileName"),
188 TraceLoggingULong(ReadLength, "WriteLength"),
189 TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
190 TraceLoggingBoolean(Compressed, "CompressedFile"));
191}
192
197void Log_FileSuperseded(
198 HANDLE ProcessId,
199 HANDLE ThreadId,
200 PWCH FileName
201)
202{
203 TraceLoggingWrite(g_hPanoCommonProvider, "FileSuperseded",
204 TraceLoggingValue(ProcessId, "SourceProcessId"),
205 TraceLoggingValue(ThreadId, "SourceThreadId"),
206 TraceLoggingWideString(FileName, "FileName"));
207}
208
209#pragma endregion
Log_FileOpen
void Log_FileOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Log a file open event.
Definition panoptes_trace.cpp:113
Log_NamedPipeCreate
void Log_NamedPipeCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a named pipe create event.
Definition panoptes_trace.cpp:58
TraceUninit
void TraceUninit()
Definition panoptes_trace.cpp:13
Log_NamedPipeOpen
void Log_NamedPipeOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a named pipe open event.
Definition panoptes_trace.cpp:74
Log_FileOverwritten
void Log_FileOverwritten(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a file overwrite event.
Definition panoptes_trace.cpp:131
TraceInit
void TraceInit()
Definition panoptes_trace.cpp:8
Log_FileSuperseded
void Log_FileSuperseded(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a file superseded event.
Definition panoptes_trace.cpp:197
TRACELOGGING_DEFINE_PROVIDER
TRACELOGGING_DEFINE_PROVIDER(g_hPanoCommonProvider, "Panoptes",(0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6))
Log_FileRead
void Log_FileRead(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Log a file read event.
Definition panoptes_trace.cpp:150
Log_MailSlotOpen
void Log_MailSlotOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a mail slot open event.
Definition panoptes_trace.cpp:24
Log_MailSlotCreate
void Log_MailSlotCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a mail slot create event.
Definition panoptes_trace.cpp:40
Log_FileWrite
void Log_FileWrite(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Log a file write event.
Definition panoptes_trace.cpp:175
Log_FileCreated
void Log_FileCreated(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Log a file create event.
Definition panoptes_trace.cpp:94
panoptes_trace.h
Generated by doxygen 1.9.8