diff --git a/etw_listener.cpp b/etw_listener.cpp index 7379406..95a6edf 100644 --- a/etw_listener.cpp +++ b/etw_listener.cpp @@ -1,6 +1,6 @@ #include "etw_listener.h" #include "hh_scanner.h" -#include + #include #include #include @@ -297,13 +297,15 @@ bool ETWstart(ETWProfile& settings) // Process Start Trigger processProvider.add_on_event_callback([](const EVENT_RECORD& record, const krabs::trace_context& trace_context) { + const int OPCODE_START = 0x1; + const int OPCODE_STOP = 0x2; krabs::schema schema(record, trace_context.schema_locator); - if (schema.event_opcode() == WINEVENT_OPCODE_STOP) { + if (schema.event_opcode() == OPCODE_STOP) { krabs::parser parser(schema); std::uint32_t pid = parser.parse(L"ProcessId"); procStats[pid].cleanupThread(); } - if (schema.event_opcode() == WINEVENT_OPCODE_START) + if (schema.event_opcode() == OPCODE_START) { krabs::parser parser(schema); std::uint32_t parentPid = parser.parse(L"ParentId"); diff --git a/etw_listener.h b/etw_listener.h index 30d4693..47004fe 100644 --- a/etw_listener.h +++ b/etw_listener.h @@ -7,7 +7,7 @@ #include #include -#include +#include #include #include diff --git a/hh_scanner.cpp b/hh_scanner.cpp index 905a8f2..6fe887a 100644 --- a/hh_scanner.cpp +++ b/hh_scanner.cpp @@ -105,8 +105,7 @@ namespace util { { std::wstringstream stream; - std::set::iterator itr; - for (itr = list.begin(); itr != list.end(); ) { + for (auto itr = list.begin(); itr != list.end(); ) { stream << *itr; ++itr; if (itr != list.end()) { diff --git a/pe-sieve b/pe-sieve index 0fb3836..745f6a2 160000 --- a/pe-sieve +++ b/pe-sieve @@ -1 +1 @@ -Subproject commit 0fb38363bd6109f561256dc48ca2ba12ac813653 +Subproject commit 745f6a27b03392450d3f5b17db267f3582a21945