etw

package

v1.3.2 Latest Latest Go to latest Published: Aug 13, 2021 License: Apache-2.0 Imports: 7 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/0xrawsec/golang-etw

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

type AllInFilter
- func (f *AllInFilter) Match(*Event) bool
type BaseFilter
- func (f *BaseFilter) FilterIn(key string, eventIds []uint16)
- func (f *BaseFilter) MatchKey(key string, e *Event) bool
type ChannelFilter
- func NewChannelFilter() *ChannelFilter
- func (f *ChannelFilter) Match(e *Event) bool
type Event
- func (e *Event) ToMap() (m map[string]interface{})
type EventFilter
type EventID
type GUID
- func GUIDFromString(guid string) (g *GUID, err error)
- func MustGUIDFromString(sguid string) (guid *GUID)
- func (g *GUID) IsZero() bool
- func (g *GUID) String() string
type ProviderFilter
- func NewEventFilter() *ProviderFilter
- func (f *ProviderFilter) Match(e *Event) bool

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AllInFilter ¶

type AllInFilter struct{}

func (*AllInFilter) Match ¶

func (f *AllInFilter) Match(*Event) bool

type BaseFilter ¶

type BaseFilter struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func (*BaseFilter) FilterIn ¶

func (f *BaseFilter) FilterIn(key string, eventIds []uint16)

func (*BaseFilter) MatchKey ¶

func (f *BaseFilter) MatchKey(key string, e *Event) bool

type ChannelFilter ¶

type ChannelFilter struct {
	BaseFilter
}

func NewChannelFilter ¶

func NewChannelFilter() *ChannelFilter

func (*ChannelFilter) Match ¶

func (f *ChannelFilter) Match(e *Event) bool

type Event ¶

type Event struct {
	EventData map[string]interface{} `json:",omitempty"`
	UserData  map[string]interface{} `json:",omitempty"`
	System    struct {
		Channel   string
		Computer  string
		EventID   uint16
		EventType string `json:",omitempty"`
		EventGuid string `json:",omitempty"`
		Execution struct {
			ProcessID uint32
			ThreadID  uint32
		}
		Keywords struct {
			Value uint64
			Name  string
		}
		Level struct {
			Value uint8
			Name  string
		}
		Opcode struct {
			Value uint8
			Name  string
		}
		Task struct {
			Value uint8
			Name  string
		}
		Provider struct {
			Guid string
			Name string
		}
		TimeCreated struct {
			SystemTime time.Time
		}
	}
	ExtendedData []string `json:",omitempty"`
}

func (*Event) ToMap ¶

func (e *Event) ToMap() (m map[string]interface{})

type EventFilter ¶

type EventFilter interface {
	Match(*Event) bool
}

type EventID ¶

type EventID uint16

type GUID ¶

type GUID struct {
	Data1 uint32
	Data2 uint16
	Data3 uint16
	Data4 [8]byte
}

GUID structure manually ported

func GUIDFromString ¶

func GUIDFromString(guid string) (g *GUID, err error)

func MustGUIDFromString ¶

func MustGUIDFromString(sguid string) (guid *GUID)

func (*GUID) IsZero ¶

func (g *GUID) IsZero() bool

func (*GUID) String ¶

func (g *GUID) String() string

type ProviderFilter ¶

type ProviderFilter struct {
	BaseFilter
}

func NewEventFilter ¶

func NewEventFilter() *ProviderFilter

func (*ProviderFilter) Match ¶

func (f *ProviderFilter) Match(e *Event) bool

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL