Panoptes 1.0.0
Endpoint Detection and Response
Loading...
Searching...
No Matches
trace.h
Go to the documentation of this file.
1#pragma once
2#include <wdm.h>
3#include <TraceLoggingProvider.h>
4
5#pragma region TraceLogging Initialization
6void TraceInit();
7
8void TraceUninit();
9#pragma endregion
10
11#pragma region Driver Operations
12void Log_DriverEntry(
13 PDRIVER_OBJECT DriverObject,
14 PUNICODE_STRING RegistryPath
15);
16
17void Log_DriverExit(
18 PDRIVER_OBJECT DriverObject
19);
20#pragma endregion
21
22#pragma region Mail Slot Operations
23void Log_MailSlotOpen(
24 HANDLE ProcessId,
25 HANDLE ThreadId,
26 PWCH FileName
27);
28
29void Log_MailSlotCreate(
30 HANDLE ProcessId,
31 HANDLE ThreadId,
32 PWCH FileName
33);
34#pragma endregion
35
36#pragma region Named Pipe Operations
37void Log_NamedPipeOpen(
38 HANDLE ProcessId,
39 HANDLE ThreadId,
40 PWCH FileName
41);
42
43void Log_NamedPipeCreate(
44 HANDLE ProcessId,
45 HANDLE ThreadId,
46 PWCH FileName
47);
48#pragma endregion
49
50#pragma region File Operations
51void Log_FileSuperseded(
52 HANDLE ProcessId,
53 HANDLE ThreadId,
54 PWCH FileName
55);
56
57void Log_FileOverwritten(
58 HANDLE ProcessId,
59 HANDLE ThreadId,
60 PWCH FileName
61);
62
63void Log_FileOpen(
64 HANDLE ProcessId,
65 HANDLE ThreadId,
66 PWCH FileName,
67 BOOLEAN Oplocked
68);
69
70void Log_FileCreated(
71 HANDLE ProcessId,
72 HANDLE ThreadId,
73 PWCH FileName,
74 BOOLEAN Oplocked
75);
76
77void Log_FileRead(
78 HANDLE ProcessId,
79 HANDLE ThreadId,
80 PWCH FileName,
81 LARGE_INTEGER FileOffset,
82 ULONG ReadLength,
83 BOOLEAN Compressed
84);
85
86void Log_FileWrite(
87 HANDLE ProcessId,
88 HANDLE ThreadId,
89 PWCH FileName,
90 LARGE_INTEGER FileOffset,
91 ULONG ReadLength,
92 BOOLEAN Compressed
93);
94
95#pragma endregion
Log_FileOpen
void Log_FileOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Log a file open event.
Definition trace.cpp:111
Log_DriverExit
void Log_DriverExit(PDRIVER_OBJECT DriverObject)
Definition trace.cpp:34
Log_NamedPipeCreate
void Log_NamedPipeCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a named pipe create event.
Definition trace.cpp:70
Log_DriverEntry
void Log_DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
Definition trace.cpp:22
TraceUninit
void TraceUninit()
Definition trace.cpp:15
Log_NamedPipeOpen
void Log_NamedPipeOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a named pipe open event.
Definition trace.cpp:82
Log_FileOverwritten
void Log_FileOverwritten(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a file overwrite event.
Definition trace.cpp:125
TraceInit
void TraceInit()
Definition trace.cpp:10
Log_FileSuperseded
void Log_FileSuperseded(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a file superseded event.
Definition trace.cpp:173
Log_FileRead
void Log_FileRead(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Log a file read event.
Definition trace.cpp:137
Log_MailSlotOpen
void Log_MailSlotOpen(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a mail slot open event.
Definition trace.cpp:44
Log_MailSlotCreate
void Log_MailSlotCreate(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName)
Log a mail slot create event.
Definition trace.cpp:56
Log_FileWrite
void Log_FileWrite(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, LARGE_INTEGER FileOffset, ULONG ReadLength, BOOLEAN Compressed)
Log a file write event.
Definition trace.cpp:155
Log_FileCreated
void Log_FileCreated(HANDLE ProcessId, HANDLE ThreadId, PWCH FileName, BOOLEAN Oplocked)
Log a file create event.
Definition trace.cpp:97
Generated by doxygen 1.9.8