Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
trace.cpp
Go to the documentation of this file.
1#include "trace.h"
2
3PDRIVER_OBJECT g_DriverObject;
4
5#pragma region TraceLogging Initialization
6// {7036AF95-9DAF-4486-8D93-7005D45A6A06}
7TRACELOGGING_DEFINE_PROVIDER(g_hPanoProvider, "Panoptes",
8 (0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6));
9
10void TraceInit()
11{
12 TraceLoggingRegister(g_hPanoProvider);
13}
14
15void TraceUninit()
16{
17 TraceLoggingUnregister(g_hPanoProvider);
18}
19#pragma endregion
20
21#pragma region Driver Operations
22void Log_DriverEntry(
23 PDRIVER_OBJECT DriverObject,
24 PUNICODE_STRING RegistryPath
25)
26{
27 g_DriverObject = DriverObject;
28
29 TraceLoggingWrite(g_hPanoProvider, "PanoptesStart",
30 TraceLoggingPointer(DriverObject),
31 TraceLoggingUnicodeString(RegistryPath, "RegPath"));
32}
33
34void Log_DriverExit(
35 PDRIVER_OBJECT DriverObject
36)
37{
38 TraceLoggingWrite(g_hPanoProvider, "PanoptesExit",
39 TraceLoggingPointer(DriverObject));
40}
41#pragma endregion
42
43#pragma region Mail Slot Operations
44void Log_MailSlotOpen(
45 HANDLE ProcessId,
46 HANDLE ThreadId,
47 PWCH FileName
48)
49{
50 TraceLoggingWrite(g_hPanoProvider, "MailSlotOpen",
51 TraceLoggingValue(ProcessId, "SourceProcessId"),
52 TraceLoggingValue(ThreadId, "SourceThreadId"),
53 TraceLoggingWideString(FileName, "MailSlotName"));
54}
55
56void Log_MailSlotCreate(
57 HANDLE ProcessId,
58 HANDLE ThreadId,
59 PWCH FileName
60)
61{
62 TraceLoggingWrite(g_hPanoProvider, "MailSlotCreate",
63 TraceLoggingValue(ProcessId, "SourceProcessId"),
64 TraceLoggingValue(ThreadId, "SourceThreadId"),
65 TraceLoggingWideString(FileName, "MailSlotName"));
66}
67#pragma endregion
68
69#pragma region Named Pipe Operations
70void Log_NamedPipeCreate(
71 HANDLE ProcessId,
72 HANDLE ThreadId,
73 PWCH FileName
74)
75{
76 TraceLoggingWrite(g_hPanoProvider, "NamedPipeCreate",
77 TraceLoggingValue(ProcessId, "SourceProcessId"),
78 TraceLoggingValue(ThreadId, "SourceThreadId"),
79 TraceLoggingWideString(FileName, "NamedPipeName"));
80}
81
82void Log_NamedPipeOpen(
83 HANDLE ProcessId,
84 HANDLE ThreadId,
85 PWCH FileName
86)
87{
88 TraceLoggingWrite(g_hPanoProvider, "NamedPipeOpen",
89 TraceLoggingValue(ProcessId, "SourceProcessId"),
90 TraceLoggingValue(ThreadId, "SourceThreadId"),
91 TraceLoggingWideString(FileName, "NamedPipeName"));
92}
93#pragma endregion
94
95#pragma region File Operations
96
97void Log_FileCreated(
98 HANDLE ProcessId,
99 HANDLE ThreadId,
100 PWCH FileName,
101 BOOLEAN Oplocked
102)
103{
104 TraceLoggingWrite(g_hPanoProvider, "FileCreated",
105 TraceLoggingValue(ProcessId, "SourceProcessId"),
106 TraceLoggingValue(ThreadId, "SourceThreadId"),
107 TraceLoggingWideString(FileName, "FileName"),
108 TraceLoggingBool(Oplocked, "Oplocked"));
109}
110
111void Log_FileOpen(
112 HANDLE ProcessId,
113 HANDLE ThreadId,
114 PWCH FileName,
115 BOOLEAN Oplocked
116)
117{
118 TraceLoggingWrite(g_hPanoProvider, "FileOpened",
119 TraceLoggingValue(ProcessId, "SourceProcessId"),
120 TraceLoggingValue(ThreadId, "SourceThreadId"),
121 TraceLoggingWideString(FileName, "FileName"),
122 TraceLoggingBool(Oplocked, "Oplocked"));
123}
124
125void Log_FileOverwritten(
126 HANDLE ProcessId,
127 HANDLE ThreadId,
128 PWCH FileName
129)
130{
131 TraceLoggingWrite(g_hPanoProvider, "FileOverwritten",
132 TraceLoggingValue(ProcessId, "SourceProcessId"),
133 TraceLoggingValue(ThreadId, "SourceThreadId"),
134 TraceLoggingWideString(FileName, "FileName"));
135}
136
137void Log_FileRead(
138 HANDLE ProcessId,
139 HANDLE ThreadId,
140 PWCH FileName,
141 LARGE_INTEGER FileOffset,
142 ULONG ReadLength,
143 BOOLEAN Compressed
144)
145{
146 TraceLoggingWrite(g_hPanoProvider, "FileRead",
147 TraceLoggingValue(ProcessId, "SourceProcessId"),
148 TraceLoggingValue(ThreadId, "SourceThreadId"),
149 TraceLoggingWideString(FileName, "FileName"),
150 TraceLoggingULong(ReadLength, "ReadLength"),
151 TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
152 TraceLoggingBoolean(Compressed, "CompressedFile"));
153}
154
155void Log_FileWrite(
156 HANDLE ProcessId,
157 HANDLE ThreadId,
158 PWCH FileName,
159 LARGE_INTEGER FileOffset,
160 ULONG ReadLength,
161 BOOLEAN Compressed
162)
163{
164 TraceLoggingWrite(g_hPanoProvider, "FileWrite",
165 TraceLoggingValue(ProcessId, "SourceProcessId"),
166 TraceLoggingValue(ThreadId, "SourceThreadId"),
167 TraceLoggingWideString(FileName, "FileName"),
168 TraceLoggingULong(ReadLength, "WriteLength"),
169 TraceLoggingValue(FileOffset.QuadPart, "FileOffset"),
170 TraceLoggingBoolean(Compressed, "CompressedFile"));
171}
172
173void Log_FileSuperseded(
174 HANDLE ProcessId,
175 HANDLE ThreadId,
176 PWCH FileName
177)
178{
179 TraceLoggingWrite(g_hPanoProvider, "FileSuperseded",
180 TraceLoggingValue(ProcessId, "SourceProcessId"),
181 TraceLoggingValue(ThreadId, "SourceThreadId"),
182 TraceLoggingWideString(FileName, "FileName"));
183}
184
185#pragma endregion
Log_FileOpen
void Log_FileOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Definition trace.cpp:111
TRACELOGGING_DEFINE_PROVIDER
TRACELOGGING_DEFINE_PROVIDER(g_hPanoProvider, "Panoptes",(0x7036af95, 0x9daf, 0x4486, 0x8d, 0x93, 0x70, 0x5, 0xd4, 0x5a, 0x6a, 0x6))
Log_DriverExit
void Log_DriverExit(PDRIVER_OBJECT DriverObject)
Definition trace.cpp:34
Log_NamedPipeCreate
void Log_NamedPipeCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Definition trace.cpp:70
Log_DriverEntry
void Log_DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
Definition trace.cpp:22
TraceUninit
void TraceUninit()
Definition trace.cpp:15
g_DriverObject
PDRIVER_OBJECT g_DriverObject
Definition trace.cpp:3
Log_NamedPipeOpen
void Log_NamedPipeOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Definition trace.cpp:82
Log_FileOverwritten
void Log_FileOverwritten(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Definition trace.cpp:125
TraceInit
void TraceInit()
Definition trace.cpp:10
Log_FileSuperseded
void Log_FileSuperseded(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Definition trace.cpp:173
Log_FileRead
void Log_FileRead(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Definition trace.cpp:137
Log_MailSlotOpen
void Log_MailSlotOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Definition trace.cpp:44
Log_MailSlotCreate
void Log_MailSlotCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Definition trace.cpp:56
Log_FileWrite
void Log_FileWrite(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Definition trace.cpp:155
Log_FileCreated
void Log_FileCreated(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Definition trace.cpp:97
Generated by doxygen 1.9.8