Skip to content

Commit

Permalink
Use Update() method instead of exposing the internal fields on EventR…
Browse files Browse the repository at this point in the history 
…ecordMetadata
  • Loading branch information
@mjeong92
mjeong92 committed Nov 12, 2024
1 parent 2c19173 commit 5b9e81e
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
11 changes: 9 additions & 2 deletions Microsoft.O365.Security.Native.ETW/EventRecordMetadata.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,15 +17,22 @@ namespace Microsoft { namespace O365 { namespace Security { namespace ETW {
/// </summary>
public ref class EventRecordMetadata : public IEventRecordMetadata
{
protected:
const EVENT_RECORD* record_;
const EVENT_HEADER* header_;

internal:
EventRecordMetadata(const EVENT_RECORD& record)
: record_(&record)
, header_(&record.EventHeader) { }

EventRecordMetadata() { }

const EVENT_RECORD* record_;
const EVENT_HEADER* header_;
virtual void Update(const EVENT_RECORD& record)
{
record_ = &record;
header_ = &record.EventHeader;
}

public:
// For container ID's, we are expecting format "00000000-0000-0000-0000-0000000000000",
Expand Down
3 changes: 1 addition & 2 deletions Microsoft.O365.Security.Native.ETW/RawProvider.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,8 +168,7 @@ namespace Microsoft { namespace O365 { namespace Security { namespace ETW {

inline void RawProvider::EventNotification(const EVENT_RECORD &record)
{
data_->record_ = &record;
data_->header_ = &record.EventHeader;
data_->Update(record);

OnEvent(data_);
}
Expand Down

0 comments on commit 5b9e81e

Please sign in to comment.