[][src]Struct ferrisetw::provider::Provider

pub struct Provider {
    pub guid: Option<Guid>,
    pub any: u64,
    pub all: u64,
    pub level: u8,
    pub trace_flags: u32,
    pub flags: u32,
    // some fields omitted
}
[]

Main Provider structure

Fields

guid: Option<Guid>
[]

Option that represents a Provider GUID

any: u64
[]

Provider Any keyword

all: u64
[]

Provider All keyword

level: u8
[]

Provider level flag

trace_flags: u32
[]

Provider trace flags

flags: u32
[]

Provider kernel flags, only apply to KernelProvider

Implementations

impl Provider[src][]

pub fn new() -> Self[src][]

Use the new function to create a Provider builder

This function will create a by-default provider which can be tweaked afterwards

Example

let my_provider = Provider::new();

pub fn kernel(kernel_provider: &KernelProvider) -> Self[src][]

Use the new_kernel function to create a Provider builder wrapping a Kernel Provider

Arguments

  • kernel_provider - Reference to a KernelProvider which will be tied to the Provider struct

Example

let my_provider = Provider::kernel(&kernel_providers::IMAGE_LOAD_PROVIDER);

pub fn by_guid(self, guid: &str) -> Self[src][]

Use the by_guid function to bind a GUID with a Provider

Arguments

  • guid - A string representation of the GUID, without curly braces, that is being binded to the Provider

Example

let my_provider = Provider::new().by_guid("22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716");

pub fn by_name(self, name: String) -> Self[src][]

Use the by_name function to bind a GUID with a Provider

This function will look for the Provider GUID by means of the ITraceDataProviderCollection interface.

Remark

This function is considerably slow, prefer using the by_guid function when possible

Arguments

  • name - Provider name to find

Safety Note

This function won't fail if the Provider GUID can't be found, it will log the event and set the Guid field to None. This behavior might change in the future

Example

let my_provider = Provider::new().by_name(String::from("Microsoft-Windows-WinINet"));

pub fn any(self, any: u64) -> Self[src][]

Use the any function to set the any flag in the Provider instance More info

Arguments

  • any - Any flag value to set

Example

let my_provider = Provider::new().any(0xf0010000000003ff);

pub fn all(self, all: u64) -> Self[src][]

Use the all function to set the all flag in the Provider instance More info

Arguments

  • all - All flag value to set

Example

let my_provider = Provider::new().all(0x4000000000000000);

pub fn level(self, level: u8) -> Self[src][]

Use the level function to set the level flag in the Provider instance

Arguments

  • level - Level flag value to set

Example

// LogAlways (0x0)
// Critical (0x1)
// Error (0x2)
// Warning (0x3)
// Information (0x4)
// Verbose (0x5)
let my_provider = Provider::new().level(0x5);

pub fn trace_flags(self, trace_flag: u32) -> Self[src][]

Use the trace_flags function to set the trace_flags flag in the Provider instance More info

Arguments

  • trace_flags - TraceFlags value to set

Example

let my_provider = Provider::new().trace_flags(0x1);

pub fn add_callback<T>(self, callback: T) -> Self where
    T: FnMut(EventRecord, &mut SchemaLocator) + Send + Sync + 'static, [src][]

Use the add_callback function to add a callback function that will be called when the Provider generates an Event

Arguments

  • callback - Callback to add

Remarks

The SchemaLocator has to be mutable because whenever we obtain a new Schema it will be saved into the SchemaLocator instance cache

Example

Provider::new().add_callback(|record: EventRecord, schema_locator: &mut SchemaLocator| {
    // Handle Event
});

pub fn build(self) -> Result<Self, ProviderError>[src][]

Use the build function to build the provider

Safety Note

This function might return an ProviderError::NoGuid if the GUID is not set in the Provider struct

Example

Provider::new()
  .by_guid("22fb2cd6-0e7b-422b-a0c7-2fad1fd0e716")
  .add_callback(process_callback)
  .build()?

Trait Implementations

impl Debug for Provider[src][+]

Auto Trait Implementations

impl RefUnwindSafe for Provider

impl Send for Provider

impl Sync for Provider

impl Unpin for Provider

impl UnwindSafe for Provider

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized[src][+]

impl<T> Borrow<T> for T where
    T: ?Sized[src][+]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src][+]

impl<T> From<T> for T[src][+]

impl<T, U> Into<U> for T where
    U: From<T>, [src][+]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src][+]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src][+]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>, [+]