-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathCaptureSoapServer.h
executable file
·45 lines (38 loc) · 1.66 KB
/
CaptureSoapServer.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
/*
**Created by Xeno Kovah of the MITRE HoneyClient Project 5/20/2008
*/
#pragma once
#include "CaptureGlobal.h" //This needs to be first, due to a macro it defines
#include "Visitor.h"
#include "RegistryMonitor.h"
#include "FileMonitor.h"
#include "ProcessMonitor.h"
using namespace std;
using namespace boost;
//While we could put typedefs in the definition, they don't follow through to the auto-generated
//soap files. Therefore you would have to include captureGSOAP.h, but that would cause double definitions
typedef struct ns__regkey ns__regkey_t;
typedef struct ns__processFile ns__processFile_t;
typedef struct ns__osProcess ns__osProcess_t;
class CaptureSoapServer : public Runnable
{
public:
typedef boost::signal<void (DWORD, DWORD, wstring, wstring)> signal_visitEvent;
boost::signals::connection onRegistryEventConnection;
boost::signals::connection onFileEventConnection;
boost::signals::connection onProcessEventConnection;
CaptureSoapServer(Visitor *, RegistryMonitor * r, FileMonitor * f, ProcessMonitor * p);
~CaptureSoapServer();
void run();
void onRegistryEvent(wstring registryEventType, wstring time, wstring processPath,
wstring registryEventPath, vector<wstring> extra);
void onFileEvent(wstring fileEventType, wstring time, wstring processPath, wstring fileEventPath,
vector<wstring> extra);
void onProcessEvent(BOOLEAN created, wstring time, DWORD parentProcessId, wstring parentProcess,
DWORD processId, wstring process);
Thread * CaptureSoapServerThread;
static Visitor * myVisitor;
RegistryMonitor* registryMonitor;
FileMonitor * fileMonitor;
ProcessMonitor * processMonitor;
};