fix lock guard issure in on_event

threathunters-io · Aug 28, 2024 · b6cd4bb · b6cd4bb
1 parent b1b1ea7
commit b6cd4bb
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 9 deletions.
diff --git a/BlueKrabsetw.Native.ETW.nuspec b/BlueKrabsetw.Native.ETW.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
     <metadata>
         <id>BlueKrabsetw.Native.ETW</id>
-        <version>4.4.0</version>
+        <version>4.4.2</version>
         <title>BlueKrabsetw.Native.ETW - managed wrappers for BlueKrabsetw</title>
         <authors>Dominik Phillips</authors>
         <owners>non</owners>
@@ -12,11 +12,8 @@
         <description>BlueKrabsetw.Native.ETW is a managed wrapper around the BlueKrabsetw ETW library.</description>
         <summary>BlueKrabsetw.Native.ETW is a managed wrapper around the BlueKrabsetw ETW library. It originates from the Microsoft.O365.Security.Native.ETW library and seeks to improve and include capabilities that have not yet been included in the former library.</summary>
         <releaseNotes>
-            Version 4.4.0:
-              - Provider Enhanced Runtime Capabilities.
-              - Session Enhanced Runtime Capabilities.
-              - Decoupling of Functionality to Allow Better Control of Sessions.
-              - Improved Pre-Filtering Mechanisms
+            Version 4.4.2:
+              - Remove mutex in on_event handler
         </releaseNotes>
         <copyright>non</copyright>
         <language />

diff --git a/bluekrabs/bluekrabs/trace.hpp b/bluekrabs/bluekrabs/trace.hpp
@@ -478,7 +478,7 @@ namespace krabs {
     void trace<T>::on_event(const EVENT_RECORD &record)
     {
         ++eventsHandled_;
-        std::lock_guard<std::mutex> lock(providers_mutex_);
+        //std::lock_guard<std::mutex> lock(providers_mutex_);
         T::forward_events(record, *this);
     }
 

diff --git a/examples/NativeExamples/user_trace_012_open_trace.cpp b/examples/NativeExamples/user_trace_012_open_trace.cpp
@@ -105,7 +105,7 @@ void user_trace_012_open_trace::start()
 
 
     trace.enable(sec_provider);
-    trace.enable(file_provider);
+    //trace.enable(file_provider);
 
     auto stats = trace.query_stats();
 
@@ -115,14 +115,23 @@ void user_trace_012_open_trace::start()
 
     trace.open();
 
+    if ((stats.log_file_mode & 0x40) == 0) {
+        EVENT_TRACE_PROPERTIES etp = { 0 };
+        etp.LogFileMode = (stats.log_file_mode | 0x40);
+        trace.set_trace_properties(&etp);
+        trace.update();
+    }
+
     std::thread workerThread([&]() {
         trace.process();
         });
 
-    const int durationInSeconds = 30;
+    const int durationInSeconds = 10;
     std::this_thread::sleep_for(std::chrono::seconds(durationInSeconds));
+    auto stats1 = trace.query_stats();
     trace.close();
     workerThread.join();
+
 }