DescriptionImprove tracing on OSX and Windows
OSX:
- Make the execve more strict to be able to extract more arguments later.
- Fix the initial trace to be less hacky, add strict handling of the initial
process.
Windows:
- Only handle files that were opened by the relevant processes. Keep a
threadid->processid map to be able to figure which process generated the
Create event.
- Only handle files that were actually opened. Detect this implicitly by
looking if the file has a Cleanup event and tracking the kernel file object
instances.
- Add strict handling of the initial process.
- Properly process \\?\ header.
NOTRY=true
R=mad@chromium.org
BUG=98636
TEST=
Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=139546
Patch Set 1 #Patch Set 2 : Rebase #
Total comments: 4
Patch Set 3 : reword comment #Messages
Total messages: 5 (0 generated)
|