Struct ferrisetw::parser::Parser

[+] Show declaration

pub struct Parser<'a> { /* fields omitted */ }

[−] Expand description

Represents a Parser

This structure holds the necessary data to parse the ETW event and retrieve the data from the event

Implementations

impl<'a> Parser<'a>[−]

pub fn create(schema: &'a Schema) -> Self[−]

Use the create function to create an instance of a Parser

Arguments

• schema - The Schema from the ETW Event we want to parse

Example

let my_callback = |record: EventRecord, schema_locator: &mut SchemaLocator| {
    let schema = schema_locator.event_schema(record)?;
    let parser = Parse::create(&schema);
};

Trait Implementations

impl<'_> TryParse<Guid> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<Guid, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<IpAddr> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<IpAddr, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<Pointer> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<Pointer, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<String> for Parser<'_>[+]

The String impl of the TryParse trait should be used to retrieve the following TdhInTypes:

• InTypeUnicodeString
• InTypeAnsiString
• InTypeCountedString
• InTypeGuid

On success a String with the with the data from the name property will be returned

Arguments

• name - Name of the property to be found in the Schema

Example

let my_callback = |record: EventRecord, schema_locator: &mut SchemaLocator| {
    let schema = schema_locator.event_schema(record)?;
    let parser = Parse::create(&schema);
    let image_name: String = parser.try_parse("ImageName")?;
};

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<String, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<Vec<u8>> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<Vec<u8>, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<i16> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<i16, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<i32> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<i32, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<i64> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<i64, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<i8> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<i8, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<isize> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<isize, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<u16> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<u16, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<u32> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<u32, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<u64> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<u64, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<u8> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<u8, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed

impl<'_> TryParse<usize> for Parser<'_>[+]

[+] Show hidden undocumented items

fn try_parse(&mut self, name: &str) -> Result<usize, ParserError>[−]

Implement the try_parse function to provide a way to Parse T from an ETW event or return an Error in case the type T can't be parsed