QRouland/injectionforge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f7aef334453790627046c731f246f1f4e961d71c
injectionforge/src/win_daemon.rs
Dimitris Zervas 936080b4e8 Rename leftovers to the new name InjectionForge 
Signed-off-by: Dimitris Zervas <dzervas@dzervas.gr>
2024-04-15 21:54:05 +03:00

100 lines
2.2 KiB
Rust
Raw Blame History

#![cfg(windows)]
use std::ffi::c_void;
use winapi::shared::minwindef::DWORD;
use winapi::um::evntprov::*;
use winapi::um::evntcons::*;
use winapi::um::evntprov::*;
use winapi::um::winnt::{EVENT_TRACE_CONTROL_STOP, EVENT_TRACE_FLAG_PROCESS};
pub fn start_daemon() {
// Create an event trace session
let session_name = "InjectionForge";
let session_handle = create_event_trace_session(session_name);
if session_handle.is_null() {
eprintln!("Failed to create event trace session");
return;
}
// Enable process creation events
enable_process_creation_events(session_handle);
// Process events until a termination event is received
process_events(session_handle);
// Stop the event trace session
stop_event_trace_session(session_handle);
}
fn create_event_trace_session(session_name: &str) -> TRACEHANDLE {
let session_name = widestring::WideCString::from_str(session_name).expect("Failed to convert session name");
let mut session_handle: TRACEHANDLE = 0;
let status = unsafe {
StartTraceW(
&mut session_handle,
session_name.as_ptr(),
ptr::null_mut(),
)
};
if status != ERROR_SUCCESS {
println!("Failed to start event trace session: {}", status);
}
session_handle
}
fn enable_process_creation_events(session_handle: TRACEHANDLE) {
let status = unsafe {
EnableTraceEx2(
session_handle,
&EVENT_TRACE_GUID_PROCESS,
EVENT_CONTROL_CODE_ENABLE_PROVIDER,
TRACE_LEVEL_INFORMATION,
EVENT_TRACE_FLAG_PROCESS,
0,
0,
0,
NULL,
)
};
if status != ERROR_SUCCESS {
println!("Failed to enable process creation events: {}", status);
}
}
fn process_events(session_handle: TRACEHANDLE) {
let mut buffer_size: DWORD = 64 * 1024;
let mut buffer = vec![0u8; buffer_size as usize];
let status = unsafe {
ProcessTrace(
&mut session_handle,
1,
NULL,
NULL,
)
};
if status != ERROR_SUCCESS && status != ERROR_CANCELLED {
println!("Failed to process events: {}", status);
}
}
fn stop_event_trace_session(session_handle: TRACEHANDLE) {
let status = unsafe {
ControlTraceW(
session_handle,
NULL,
NULL,
EVENT_TRACE_CONTROL_STOP,
)
};
if status != ERROR_SUCCESS {
println!("Failed to stop event trace session: {}", status);
}
}
Reference in New Issue View Git Blame Copy Permalink