Hrm, interesting. That would be pretty nice - I've...
# windowst
thor
10/02/2017, 3:14 AM
Hrm, interesting. That would be pretty nice - I've been wanting process process auditing, FIM, and socket events on Windows for a while now but just have never had the time. Any thought put towards building out the native publishers via the Windows APIs? I think there's some libraries that'll support doing various eventing with the native Win32 APIs
o
OpenPlgx
10/04/2017, 12:09 PMCan be done, to some extent, using the native Win32 APIs but would lack the granularity the kernel callbacks can provide. And you probably will not get file_access events with native APIs. So the idea was to see if we could build it with an extension first and achieve the _events feature parity on windows. Still struggling to understand all the DataBase APIs for an extension 🙂
OpenPlgx
10/04/2017, 12:09 PMIn particular, can you help with what is this code supposed to do in the sample extension?
OpenPlgx
10/04/2017, 12:10 PMstd::string content;
setDatabaseValue(kPersistentSettings, "complex_example", "1");
if (getDatabaseValue(kPersistentSettings, "complex_example", content)) {
r["database_test"] = content;
}
OpenPlgx
10/04/2017, 12:11 PMAm i right in interpreting that 'content' will always be "1"? Is it just to demo the set/getDataBase API usage from an extension?
3 Views