Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
Functions | Variables
trace.cpp File Reference
#include "trace.h"

Go to the source code of this file.

Functions

 TRACELOGGING_DEFINE_PROVIDER (g_hPanoProvider, "Panoptes",(0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6))
 
void TraceInit ()
 
void TraceUninit ()
 
void Log_DriverEntry (PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
 
void Log_DriverExit (PDRIVER_OBJECT DriverObject)
 
void Log_MailSlotOpen (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
 
void Log_MailSlotCreate (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
 
void Log_NamedPipeCreate (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
 
void Log_NamedPipeOpen (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
 
void Log_FileCreated (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
 
void Log_FileOpen (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
 
void Log_FileOverwritten (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
 
void Log_FileRead (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
 
void Log_FileWrite (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
 
void Log_FileSuperseded (HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
 

Variables

PDRIVER_OBJECT g_DriverObject
 

Function Documentation

◆ Log_DriverEntry()

void Log_DriverEntry ( PDRIVER_OBJECT  DriverObject,
PUNICODE_STRING  RegistryPath 
)

Definition at line 22 of file trace.cpp.

26{
27 g_DriverObject = DriverObject;
28
29 TraceLoggingWrite(g_hPanoProvider, "PanoptesStart",
30 TraceLoggingPointer(DriverObject),
31 TraceLoggingUnicodeString(RegistryPath, "RegPath"));
32}
g_DriverObject
PDRIVER_OBJECT g_DriverObject
Definition trace.cpp:3

References g_DriverObject.

Referenced by DriverEntry().

◆ Log_DriverExit()

void Log_DriverExit ( PDRIVER_OBJECT  DriverObject)

Definition at line 34 of file trace.cpp.

37{
38 TraceLoggingWrite(g_hPanoProvider, "PanoptesExit",
39 TraceLoggingPointer(DriverObject));
40}

Referenced by UnloadPanoptes().

◆ Log_FileCreated()

void Log_FileCreated ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName,
BOOLEAN  Oplocked 
)

Definition at line 97 of file trace.cpp.

103{
104 TraceLoggingWrite(g_hPanoProvider, "FileCreated",
105 TraceLoggingValue(ProcessId, "SourceProcessId"),
106 TraceLoggingValue(ThreadId, "SourceThreadId"),
107 TraceLoggingWideString(FileName, "FileName"),
108 TraceLoggingBool(Oplocked, "Oplocked"));
109}

◆ Log_FileOpen()

void Log_FileOpen ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName,
BOOLEAN  Oplocked 
)

Definition at line 111 of file trace.cpp.

117{
118 TraceLoggingWrite(g_hPanoProvider, "FileOpened",
119 TraceLoggingValue(ProcessId, "SourceProcessId"),
120 TraceLoggingValue(ThreadId, "SourceThreadId"),
121 TraceLoggingWideString(FileName, "FileName"),
122 TraceLoggingBool(Oplocked, "Oplocked"));
123}

◆ Log_FileOverwritten()

void Log_FileOverwritten ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName 
)

Definition at line 125 of file trace.cpp.

130{
131 TraceLoggingWrite(g_hPanoProvider, "FileOverwritten",
132 TraceLoggingValue(ProcessId, "SourceProcessId"),
133 TraceLoggingValue(ThreadId, "SourceThreadId"),
134 TraceLoggingWideString(FileName, "FileName"));
135}

◆ Log_FileRead()

void Log_FileRead ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName,
LARGE_INTEGER  FileOffset,
ULONG  ReadLength,
BOOLEAN  Compressed 
)

Definition at line 137 of file trace.cpp.

145{
146 TraceLoggingWrite(g_hPanoProvider, "FileRead",
147 TraceLoggingValue(ProcessId, "SourceProcessId"),
148 TraceLoggingValue(ThreadId, "SourceThreadId"),
149 TraceLoggingWideString(FileName, "FileName"),
150 TraceLoggingULong(ReadLength, "ReadLength"),
151 TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
152 TraceLoggingBoolean(Compressed, "CompressedFile"));
153}

◆ Log_FileSuperseded()

void Log_FileSuperseded ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName 
)

Definition at line 173 of file trace.cpp.

178{
179 TraceLoggingWrite(g_hPanoProvider, "FileSuperseded",
180 TraceLoggingValue(ProcessId, "SourceProcessId"),
181 TraceLoggingValue(ThreadId, "SourceThreadId"),
182 TraceLoggingWideString(FileName, "FileName"));
183}

◆ Log_FileWrite()

void Log_FileWrite ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName,
LARGE_INTEGER  FileOffset,
ULONG  ReadLength,
BOOLEAN  Compressed 
)

Definition at line 155 of file trace.cpp.

163{
164 TraceLoggingWrite(g_hPanoProvider, "FileWrite",
165 TraceLoggingValue(ProcessId, "SourceProcessId"),
166 TraceLoggingValue(ThreadId, "SourceThreadId"),
167 TraceLoggingWideString(FileName, "FileName"),
168 TraceLoggingULong(ReadLength, "WriteLength"),
169 TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
170 TraceLoggingBoolean(Compressed, "CompressedFile"));
171}

◆ Log_MailSlotCreate()

void Log_MailSlotCreate ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName 
)

Definition at line 56 of file trace.cpp.

61{
62 TraceLoggingWrite(g_hPanoProvider, "MailSlotCreate",
63 TraceLoggingValue(ProcessId, "SourceProcessId"),
64 TraceLoggingValue(ThreadId, "SourceThreadId"),
65 TraceLoggingWideString(FileName, "MailSlotName"));
66}

◆ Log_MailSlotOpen()

void Log_MailSlotOpen ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName 
)

Definition at line 44 of file trace.cpp.

49{
50 TraceLoggingWrite(g_hPanoProvider, "MailSlotOpen",
51 TraceLoggingValue(ProcessId, "SourceProcessId"),
52 TraceLoggingValue(ThreadId, "SourceThreadId"),
53 TraceLoggingWideString(FileName, "MailSlotName"));
54}

◆ Log_NamedPipeCreate()

void Log_NamedPipeCreate ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName 
)

Definition at line 70 of file trace.cpp.

75{
76 TraceLoggingWrite(g_hPanoProvider, "NamedPipeCreate",
77 TraceLoggingValue(ProcessId, "SourceProcessId"),
78 TraceLoggingValue(ThreadId, "SourceThreadId"),
79 TraceLoggingWideString(FileName, "NamedPipeName"));
80}

◆ Log_NamedPipeOpen()

void Log_NamedPipeOpen ( HANDLE  ProcessId,
HANDLE  ThreadId,
PWCH  FileName 
)

Definition at line 82 of file trace.cpp.

87{
88 TraceLoggingWrite(g_hPanoProvider, "NamedPipeOpen",
89 TraceLoggingValue(ProcessId, "SourceProcessId"),
90 TraceLoggingValue(ThreadId, "SourceThreadId"),
91 TraceLoggingWideString(FileName, "NamedPipeName"));
92}

◆ TraceInit()

void TraceInit ( )

Definition at line 10 of file trace.cpp.

11{
12 TraceLoggingRegister(g_hPanoProvider);
13}

◆ TRACELOGGING_DEFINE_PROVIDER()

TRACELOGGING_DEFINE_PROVIDER ( g_hPanoProvider  ,
"Panoptes"  ,
(0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6)   
)

◆ TraceUninit()

void TraceUninit ( )

Definition at line 15 of file trace.cpp.

16{
17 TraceLoggingUnregister(g_hPanoProvider);
18}

Variable Documentation

◆ g_DriverObject

PDRIVER_OBJECT g_DriverObject

Definition at line 3 of file trace.cpp.

Referenced by Log_DriverEntry().

Generated by doxygen 1.9.8