#214 (#215)

* #214

* Updated the version to 4.3.2

---------

Co-authored-by: Kurnosov Aleksandr <[email protected]>

Microsoft.O365.Security.Native.ETW/Property.hpp

@@ -29,11 +29,12 @@ namespace Microsoft { namespace O365 { namespace Security { namespace ETW {
         /// </summary>
         /// <param name="name">the property's name</param>
         /// <param name="type">the property's type</param>
+        /// <param name="outType">the property's out type</param>
         /// <remarks>
         /// See <see href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa964763(v=vs.85).aspx"/>
         /// for more information about property types. In particular, the TDH_INTYPE_* values.
         /// </remarks>
-        Property(String ^name, unsigned int type);
+        Property(String ^name, unsigned int type, unsigned int outType);
 
         /// <summary>Returns the name of this property.</summary>
         /// <returns>the name of this property</returns>
@@ -51,6 +52,14 @@ namespace Microsoft { namespace O365 { namespace Security { namespace ETW {
             }
         }
 
+        /// <summary>Returns the out type of this property.</summary>
+        /// <returns>the out type of this property</returns>
+        property int OutType {
+            int get() {
+                return property_->out_type();
+            }
+        }
+
     private:
         NativePtr<krabs::property> property_;
     };
@@ -108,15 +117,15 @@ namespace Microsoft { namespace O365 { namespace Security { namespace ETW {
         /// <returns>the current element in the enumeration as a <see cref="O365::Security::ETW::Property"/></returns>
         property Property^ Current {
             virtual Property ^get() = IEnumerator<Property^>::Current::get {
-                return gcnew Property(gcnew String((*vecIterator_.Get())->name().c_str()), (*vecIterator_.Get())->type());
+                return gcnew Property(gcnew String((*vecIterator_.Get())->name().c_str()), (*vecIterator_.Get())->type(), (*vecIterator_.Get())->out_type());
             }
         };
 
         /// <summary>Return the current element in the enumeration</summary>
         /// <returns>the current element in the enumeration as a <see cref="System::Object"/></returns>
         property Object ^Current2 {
             virtual Object ^get() = System::Collections::IEnumerator::Current::get {
-                return gcnew Property(gcnew String((*vecIterator_.Get())->name().c_str()), (*vecIterator_.Get())->type());
+                return gcnew Property(gcnew String((*vecIterator_.Get())->name().c_str()), (*vecIterator_.Get())->type(), (*vecIterator_.Get())->out_type());
             }
         }
 
@@ -174,8 +183,8 @@ namespace Microsoft { namespace O365 { namespace Security { namespace ETW {
     // Implementation
     // ------------------------------------------------------------------------
 
-    inline Property::Property(String ^name, unsigned int type)
-    : property_(msclr::interop::marshal_as<std::wstring>(name), (_TDH_IN_TYPE)type)
+    inline Property::Property(String ^name, unsigned int type, unsigned int outType)
+    : property_(msclr::interop::marshal_as<std::wstring>(name), (_TDH_IN_TYPE)type, (_TDH_OUT_TYPE)outType)
     {
     }
 

O365.Security.Native.ETW.Debug.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
     <metadata>
         <id>Microsoft.O365.Security.Native.ETW.Debug</id>
-        <version>4.3.1</version>
+        <version>4.3.2</version>
         <title>Microsoft.O365.Security.Native.ETW Debug - managed wrappers for krabsetw</title>
         <authors>Microsoft</authors>
         <owners>Microsoft</owners>
@@ -12,7 +12,7 @@
         <description>Microsoft.O365.Security.Native.ETW Debug is a managed wrapper around the krabsetw ETW library. This is the Debug build.</description>
         <summary>Microsoft.O365.Security.Native.ETW Debug is a managed wrapper around the krabsetw ETW library. This is the Debug build.</summary>
         <releaseNotes>
-            Version 4.3.1:
+            Version 4.3.2:
               - Add support for ETL file sources
         </releaseNotes>
         <copyright>© Microsoft Corporation. All rights reserved.</copyright>

O365.Security.Native.ETW.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
     <metadata>
         <id>Microsoft.O365.Security.Native.ETW</id>
-        <version>4.3.1</version>
+        <version>4.3.2</version>
         <title>Microsoft.O365.Security.Native.ETW - managed wrappers for krabsetw</title>
         <authors>Microsoft</authors>
         <owners>Microsoft</owners>
@@ -12,7 +12,7 @@
         <description>Microsoft.O365.Security.Native.ETW is a managed wrapper around the krabsetw ETW library.</description>
         <summary>Microsoft.O365.Security.Native.ETW is a managed wrapper around the krabsetw ETW library.</summary>
         <releaseNotes>
-            Version 4.3.1:
+            Version 4.3.2:
               - Add support for ETL file sources
         </releaseNotes>
         <copyright>© Microsoft Corporation. All rights reserved.</copyright>

krabs/krabs/property.hpp

@@ -48,7 +48,7 @@ namespace krabs {
          *   object do this for you with its `properties` method.
          * </remarks>
          */
-        property(const std::wstring &name, _TDH_IN_TYPE type);
+        property(const std::wstring &name, _TDH_IN_TYPE type, _TDH_OUT_TYPE outType);
 
         /**
          * <summary>
@@ -64,9 +64,17 @@ namespace krabs {
          */
         _TDH_IN_TYPE type() const;
 
+        /**
+         * <summary>
+         * Retrieves the Tdh type of the property.
+         * </summary>
+         */
+        _TDH_OUT_TYPE out_type() const;
+
     private:
         std::wstring name_;
         _TDH_IN_TYPE type_;
+        _TDH_OUT_TYPE outType_;
     };
 
 
@@ -138,9 +146,10 @@ namespace krabs {
     // Implementation
     // ------------------------------------------------------------------------
 
-    inline property::property(const std::wstring &name, _TDH_IN_TYPE type)
+    inline property::property(const std::wstring &name, _TDH_IN_TYPE type, _TDH_OUT_TYPE outType)
     : name_(name)
     , type_(type)
+    , outType_(outType)
     {}
 
     inline const std::wstring &property::name() const
@@ -153,6 +162,11 @@ namespace krabs {
         return type_;
     }
 
+    inline _TDH_OUT_TYPE property::out_type() const
+    {
+        return outType_;
+    }
+
     // ------------------------------------------------------------------------
 
     inline property_iterator::property_iterator(const schema &s)
@@ -183,8 +197,9 @@ namespace krabs {
             curr_prop.NameOffset);
 
         auto tdh_type = (_TDH_IN_TYPE)curr_prop.nonStructType.InType;
+        auto tdh_out_type = (_TDH_OUT_TYPE)curr_prop.nonStructType.OutType;
 
-        return property(pName, tdh_type);
+        return property(pName, tdh_type, tdh_out_type);
     }
 
     inline std::vector<property> property_iterator::enum_properties() const

krabsetw.nuspec

@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
     <metadata>
         <id>Microsoft.O365.Security.Krabsetw</id>
-        <version>4.3.1</version>
+        <version>4.3.2</version>
         <title>Krabs ETW Wrappers</title>
         <authors>Microsoft</authors>
         <owners>Microsoft</owners>
@@ -12,7 +12,7 @@
         <description>Krabs ETW provides a modern C++ wrapper around the low-level ETW trace consumption functions</description>
         <summary>Krabs ETW provides a modern C++ wrapper around the low-level ETW trace consumption functions</summary>
         <releaseNotes>
-            Version 4.3.1:
+            Version 4.3.2:
               - Add support for ETL file sources
         </releaseNotes>
         <copyright>© Microsoft Corporation. All rights reserved.</copyright>