Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
panoptes_trace.h
Go to the documentation of this file.
1#pragma once
2#include <Windows.h>
3#include <TraceLoggingProvider.h>
4
5#pragma region TraceLogging Initialization
6void TraceInit();
7
8void TraceUninit();
9#pragma endregion
10
11#pragma region Mail Slot Operations
12void Log_MailSlotOpen(
13 HANDLE ProcessId,
14 HANDLE ThreadId,
15 PWCH FileName
16);
17
18void Log_MailSlotCreate(
19 HANDLE ProcessId,
20 HANDLE ThreadId,
21 PWCH FileName
22);
23#pragma endregion
24
25#pragma region Named Pipe Operations
26void Log_NamedPipeOpen(
27 HANDLE ProcessId,
28 HANDLE ThreadId,
29 PWCH FileName
30);
31
32void Log_NamedPipeCreate(
33 HANDLE ProcessId,
34 HANDLE ThreadId,
35 PWCH FileName
36);
37#pragma endregion
38
39#pragma region File Operations
40void Log_FileSuperseded(
41 HANDLE ProcessId,
42 HANDLE ThreadId,
43 PWCH FileName
44);
45
46void Log_FileOverwritten(
47 HANDLE ProcessId,
48 HANDLE ThreadId,
49 PWCH FileName
50);
51
52void Log_FileOpen(
53 HANDLE ProcessId,
54 HANDLE ThreadId,
55 PWCH FileName,
56 BOOLEAN Oplocked
57);
58
59void Log_FileCreated(
60 HANDLE ProcessId,
61 HANDLE ThreadId,
62 PWCH FileName,
63 BOOLEAN Oplocked
64);
65
66void Log_FileRead(
67 HANDLE ProcessId,
68 HANDLE ThreadId,
69 PWCH FileName,
70 LARGE_INTEGER FileOffset,
71 ULONG ReadLength,
72 BOOLEAN Compressed
73);
74
75void Log_FileWrite(
76 HANDLE ProcessId,
77 HANDLE ThreadId,
78 PWCH FileName,
79 LARGE_INTEGER FileOffset,
80 ULONG ReadLength,
81 BOOLEAN Compressed
82);
83
84#pragma endregion
Log_FileOpen
void Log_FileOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Log a file open event.
Definition trace.cpp:111
Log_NamedPipeCreate
void Log_NamedPipeCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a named pipe create event.
Definition trace.cpp:70
TraceUninit
void TraceUninit()
Definition trace.cpp:15
Log_NamedPipeOpen
void Log_NamedPipeOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a named pipe open event.
Definition trace.cpp:82
Log_FileOverwritten
void Log_FileOverwritten(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a file overwrite event.
Definition trace.cpp:125
TraceInit
void TraceInit()
Definition trace.cpp:10
Log_FileSuperseded
void Log_FileSuperseded(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a file superseded event.
Definition trace.cpp:173
Log_FileRead
void Log_FileRead(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Log a file read event.
Definition trace.cpp:137
Log_MailSlotOpen
void Log_MailSlotOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a mail slot open event.
Definition trace.cpp:44
Log_MailSlotCreate
void Log_MailSlotCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a mail slot create event.
Definition trace.cpp:56
Log_FileWrite
void Log_FileWrite(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Log a file write event.
Definition trace.cpp:155
Log_FileCreated
void Log_FileCreated(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Log a file create event.
Definition trace.cpp:97
Generated by doxygen 1.9.8