From 642a8fe0eb0b49f4046e434dc16748ea5c963d51 Mon Sep 17 00:00:00 2001 From: cobbr Date: Sat, 16 Dec 2017 22:57:07 -0800 Subject: [PATCH 1/2] Disable security features --- .../engine/ExecutionContext.cs | 26 +- .../engine/Modules/ModuleCmdletBase.cs | 54 +-- .../engine/hostifaces/MshHostUserInterface.cs | 59 +--- .../engine/runtime/CompiledScriptBlock.cs | 326 +----------------- .../utils/tracing/PSEtwLog.cs | 40 +-- .../utils/tracing/PSEtwLogProvider.cs | 2 +- 6 files changed, 33 insertions(+), 474 deletions(-) diff --git a/src/System.Management.Automation/engine/ExecutionContext.cs b/src/System.Management.Automation/engine/ExecutionContext.cs index e67e8fcb394..96f1b0e4080 100644 --- a/src/System.Management.Automation/engine/ExecutionContext.cs +++ b/src/System.Management.Automation/engine/ExecutionContext.cs @@ -314,27 +314,7 @@ internal PSLanguageMode LanguageMode } set { - // If we're moving to ConstrainedLanguage, invalidate the binding - // caches. After that, the binding rules encode the language mode. - if (value == PSLanguageMode.ConstrainedLanguage) - { - ExecutionContext.HasEverUsedConstrainedLanguage = true; - HasRunspaceEverUsedConstrainedLanguageMode = true; - - System.Management.Automation.Language.PSSetMemberBinder.InvalidateCache(); - System.Management.Automation.Language.PSInvokeMemberBinder.InvalidateCache(); - System.Management.Automation.Language.PSConvertBinder.InvalidateCache(); - System.Management.Automation.Language.PSBinaryOperationBinder.InvalidateCache(); - System.Management.Automation.Language.PSGetIndexBinder.InvalidateCache(); - System.Management.Automation.Language.PSSetIndexBinder.InvalidateCache(); - System.Management.Automation.Language.PSCreateInstanceBinder.InvalidateCache(); - } - - // Conversion caches don't have version info / binding rules, so must be - // cleared every time. - LanguagePrimitives.RebuildConversionCache(); - - _languageMode = value; + _languageMode = PSLanguageMode.FullLanguage; } } private PSLanguageMode _languageMode = PSLanguageMode.FullLanguage; @@ -342,13 +322,13 @@ internal PSLanguageMode LanguageMode /// /// True if this runspace has ever used constrained language mode /// - internal bool HasRunspaceEverUsedConstrainedLanguageMode { get; private set; } + internal bool HasRunspaceEverUsedConstrainedLanguageMode { get; set; } /// /// True if we've ever used ConstrainedLanguage. If this is the case, then the binding restrictions /// need to also validate against the language mode. /// - internal static bool HasEverUsedConstrainedLanguage { get; private set; } + internal static bool HasEverUsedConstrainedLanguage { get; set; } /// /// If true the PowerShell debugger will use FullLanguage mode, otherwise it will use the current language mode diff --git a/src/System.Management.Automation/engine/Modules/ModuleCmdletBase.cs b/src/System.Management.Automation/engine/Modules/ModuleCmdletBase.cs index a44549cf99c..92aba756584 100644 --- a/src/System.Management.Automation/engine/Modules/ModuleCmdletBase.cs +++ b/src/System.Management.Automation/engine/Modules/ModuleCmdletBase.cs @@ -4715,31 +4715,7 @@ internal void SetModuleLoggingInformation(PSModuleInfo m) private void SetModuleLoggingInformation(ModuleLoggingGroupPolicyStatus status, PSModuleInfo m, IEnumerable moduleNames) { - // TODO, insivara : What happens when Enabled but none of the other options (DefaultSystemModules, NonDefaultSystemModule, NonSystemModule, SpecificModules) are set? - // After input from GP team for this behavior, need to revisit the commented out part - //if ((status & ModuleLoggingGroupPolicyStatus.Enabled) != 0) - //{ - - //} - - if (((status & ModuleLoggingGroupPolicyStatus.Enabled) != 0) && moduleNames != null) - { - foreach (string currentGPModuleName in moduleNames) - { - if (string.Equals(m.Name, currentGPModuleName, StringComparison.OrdinalIgnoreCase)) - { - m.LogPipelineExecutionDetails = true; - } - else if (WildcardPattern.ContainsWildcardCharacters(currentGPModuleName)) - { - WildcardPattern wildcard = WildcardPattern.Get(currentGPModuleName, WildcardOptions.IgnoreCase); - if (wildcard.IsMatch(m.Name)) - { - m.LogPipelineExecutionDetails = true; - } - } - } - } + } /// @@ -4748,33 +4724,7 @@ private void SetModuleLoggingInformation(ModuleLoggingGroupPolicyStatus status, internal static ModuleLoggingGroupPolicyStatus GetModuleLoggingInformation(out IEnumerable moduleNames) { moduleNames = null; - ModuleLoggingGroupPolicyStatus status = ModuleLoggingGroupPolicyStatus.Undefined; - Dictionary groupPolicySettings = Utils.GetGroupPolicySetting("ModuleLogging", Utils.RegLocalMachineThenCurrentUser); - - if (groupPolicySettings != null) - { - object enableModuleLoggingValue = null; - if (groupPolicySettings.TryGetValue("EnableModuleLogging", out enableModuleLoggingValue)) - { - if (String.Equals(enableModuleLoggingValue.ToString(), "0", StringComparison.OrdinalIgnoreCase)) - { - return ModuleLoggingGroupPolicyStatus.Disabled; - } - - if (String.Equals(enableModuleLoggingValue.ToString(), "1", StringComparison.OrdinalIgnoreCase)) - { - status = ModuleLoggingGroupPolicyStatus.Enabled; - - object moduleNamesValue = null; - if (groupPolicySettings.TryGetValue("ModuleNames", out moduleNamesValue)) - { - moduleNames = new List((string[])moduleNamesValue); - } - } - } - } - - return status; + return ModuleLoggingGroupPolicyStatus.Disabled; } /// diff --git a/src/System.Management.Automation/engine/hostifaces/MshHostUserInterface.cs b/src/System.Management.Automation/engine/hostifaces/MshHostUserInterface.cs index 3caa17609b3..db66216b636 100644 --- a/src/System.Management.Automation/engine/hostifaces/MshHostUserInterface.cs +++ b/src/System.Management.Automation/engine/hostifaces/MshHostUserInterface.cs @@ -909,69 +909,14 @@ internal void TranscribeError(ExecutionContext context, InvocationInfo invocatio /// internal static TranscriptionOption GetSystemTranscriptOption(TranscriptionOption currentTranscript) { - Dictionary groupPolicySettings = Utils.GetGroupPolicySetting("Transcription", Utils.RegLocalMachineThenCurrentUser); - - if (groupPolicySettings != null) - { - // If we have an existing system transcript for this process, use that. - // Otherwise, populate the static variable with the result of the group policy setting. - // - // This way, multiple runspaces opened by the same process will share the same transcript. - lock (s_systemTranscriptLock) - { - if (systemTranscript == null) - { - systemTranscript = PSHostUserInterface.GetTranscriptOptionFromSettings(groupPolicySettings, currentTranscript); - } - } - } - - return systemTranscript; + return null; } internal static TranscriptionOption systemTranscript = null; private static Object s_systemTranscriptLock = new Object(); private static TranscriptionOption GetTranscriptOptionFromSettings(Dictionary settings, TranscriptionOption currentTranscript) { - TranscriptionOption transcript = null; - - object keyValue = null; - if (settings.TryGetValue("EnableTranscripting", out keyValue)) - { - if (String.Equals(keyValue.ToString(), "1", StringComparison.OrdinalIgnoreCase)) - { - if (currentTranscript != null) - { - return currentTranscript; - } - - transcript = new TranscriptionOption(); - - // Pull out the transcript path - object outputDirectoryValue = null; - if (settings.TryGetValue("OutputDirectory", out outputDirectoryValue)) - { - string outputDirectoryString = outputDirectoryValue as string; - transcript.Path = GetTranscriptPath(outputDirectoryString, true); - } - else - { - transcript.Path = GetTranscriptPath(); - } - - // Pull out the "enable invocation header" - object enableInvocationHeaderValue = null; - if (settings.TryGetValue("EnableInvocationHeader", out enableInvocationHeaderValue)) - { - if (String.Equals("1", enableInvocationHeaderValue.ToString(), StringComparison.OrdinalIgnoreCase)) - { - transcript.IncludeInvocationHeader = true; - } - } - } - } - - return transcript; + return null; } internal static string GetTranscriptPath() diff --git a/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs b/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs index 87d7e3b140b..7447feddeb9 100644 --- a/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs +++ b/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs @@ -168,7 +168,7 @@ private void ReallyCompile(bool optimize) this.IsProductCode = true; } - bool etwEnabled = ParserEventSource.Log.IsEnabled(); + bool etwEnabled = false; if (etwEnabled) { var extent = _ast.Body.Extent; @@ -198,19 +198,6 @@ private void PerformSecurityChecks() // Checks are only needed at the top level. return; } - - // Call the AMSI API to determine if the script block has malicious content - var scriptExtent = scriptBlockAst.Extent; - if (AmsiUtils.ScanContent(scriptExtent.Text, scriptExtent.File) == AmsiUtils.AmsiNativeMethods.AMSI_RESULT.AMSI_RESULT_DETECTED) - { - var parseError = new ParseError(scriptExtent, "ScriptContainedMaliciousContent", ParserStrings.ScriptContainedMaliciousContent); - throw new ParseException(new[] { parseError }); - } - - if (ScriptBlock.CheckSuspiciousContent(scriptBlockAst) != null) - { - HasSuspiciousContent = true; - } } // We delay parsing scripts loaded on startup, so we save the text. @@ -1029,16 +1016,7 @@ internal void InvokeWithPipeImpl(ScriptBlockClauseToInvoke clauseToInvoke, _sequencePoints = SequencePoints, }; - ScriptBlock.LogScriptBlockStart(this, context.CurrentRunspace.InstanceId); - - try - { - codeToInvoke(functionContext); - } - finally - { - ScriptBlock.LogScriptBlockEnd(this, context.CurrentRunspace.InstanceId); - } + codeToInvoke(functionContext); } catch (TargetInvocationException tie) { @@ -1234,114 +1212,11 @@ internal bool Compile(bool optimized) internal static void LogScriptBlockCreation(ScriptBlock scriptBlock, bool force) { - if (force || ShouldLogScriptBlockActivity("EnableScriptBlockLogging")) - { - if (!scriptBlock.HasLogged || InternalTestHooks.ForceScriptBlockLogging) - { - // If script block logging is explicitly disabled, or it's from a trusted - // file or internal, skip logging. - if (ScriptBlockLoggingExplicitlyDisabled() || - scriptBlock.ScriptBlockData.IsProductCode) - { - return; - } - - string scriptBlockText = scriptBlock.Ast.Extent.Text; - bool written = false; - - // Maximum size of ETW events is 64kb. Split a message if it is larger than 20k (Unicode) characters. - if (scriptBlockText.Length < 20000) - { - written = WriteScriptBlockToLog(scriptBlock, 0, 1, scriptBlock.Ast.Extent.Text); - } - else - { - // But split the segments into random sizes (10k + between 0 and 10kb extra) - // so that attackers can't creatively force their scripts to span well-known - // segments (making simple rules less reliable). - int segmentSize = 10000 + (new Random()).Next(10000); - int segments = (int)Math.Floor((double)(scriptBlockText.Length / segmentSize)) + 1; - int currentLocation = 0; - int currentSegmentSize = 0; - - for (int segment = 0; segment < segments; segment++) - { - currentLocation = segment * segmentSize; - currentSegmentSize = Math.Min(segmentSize, scriptBlockText.Length - currentLocation); - - string textToLog = scriptBlockText.Substring(currentLocation, currentSegmentSize); - written = WriteScriptBlockToLog(scriptBlock, segment, segments, textToLog); - } - } - - if (written) - { - scriptBlock.HasLogged = true; - } - } - } + } private static bool WriteScriptBlockToLog(ScriptBlock scriptBlock, int segment, int segments, string textToLog) { - // See if we need to encrypt the event log message. This info is all cached by Utils.GetGroupPolicySetting(), - // so we're not hitting the registry for every script block we compile. - Dictionary protectedEventLoggingSettings = Utils.GetGroupPolicySetting( - "Software\\Policies\\Microsoft\\Windows\\EventLog", "ProtectedEventLogging", Utils.RegLocalMachine); - if (protectedEventLoggingSettings != null) - { - lock (s_syncObject) - { - // Populates the encryptionRecipients list from the Group Policy, if possible. If not possible, - // does all appropriate logging and encryptionRecipients is 'null'. 'CouldLog' being false - // implies the engine wasn't ready for logging yet. - bool couldLog = GetAndValidateEncryptionRecipients(scriptBlock); - if (!couldLog) - { - return false; - } - - // If we have recipients to encrypt to, then do so. Otherwise, we'll just log the plain text - // version. - if (s_encryptionRecipients != null) - { - ExecutionContext executionContext = LocalPipeline.GetExecutionContextFromTLS(); - ErrorRecord error = null; - byte[] contentBytes = System.Text.Encoding.UTF8.GetBytes(textToLog); - string encodedContent = CmsUtils.Encrypt(contentBytes, s_encryptionRecipients, executionContext.SessionState, out error); - - // Can't cache the reporting of encryption errors, as they are likely content-based. - if (error != null) - { - // If we got an error encrypting the content, log an error and continue - // logging the (unencrypted) message anyways. Logging trumps protected logging - - // being able to detect that an attacker has compromised a box outweighs the danger of the - // attacker seeing potentially sensitive data. Because if they aren't detected, then - // they can just wait on the compromised box and see the sensitive data eventually anyways. - - string errorMessage = StringUtil.Format(SecuritySupportStrings.CouldNotEncryptContent, textToLog, error.ToString()); - PSEtwLog.LogOperationalError(PSEventId.ScriptBlock_Compile_Detail, PSOpcode.Create, PSTask.ExecuteCommand, PSKeyword.UseAlwaysAnalytic, - 0, 0, errorMessage, scriptBlock.Id.ToString(), scriptBlock.File ?? String.Empty); - } - else - { - textToLog = encodedContent; - } - } - } - } - - if (scriptBlock._scriptBlockData.HasSuspiciousContent) - { - PSEtwLog.LogOperationalWarning(PSEventId.ScriptBlock_Compile_Detail, PSOpcode.Create, PSTask.ExecuteCommand, PSKeyword.UseAlwaysAnalytic, - segment + 1, segments, textToLog, scriptBlock.Id.ToString(), scriptBlock.File ?? String.Empty); - } - else - { - PSEtwLog.LogOperationalVerbose(PSEventId.ScriptBlock_Compile_Detail, PSOpcode.Create, PSTask.ExecuteCommand, PSKeyword.UseAlwaysAnalytic, - segment + 1, segments, textToLog, scriptBlock.Id.ToString(), scriptBlock.File ?? String.Empty); - } - return true; } @@ -1474,20 +1349,6 @@ private static void ResetCertificateCacheIfNeeded(string certificate) private static bool ShouldLogScriptBlockActivity(string activity) { - // If script block logging is turned on, log this one. - Dictionary groupPolicySettings = Utils.GetGroupPolicySetting("ScriptBlockLogging", Utils.RegLocalMachineThenCurrentUser); - if (groupPolicySettings != null) - { - object logScriptBlockExecution = null; - if (groupPolicySettings.TryGetValue(activity, out logScriptBlockExecution)) - { - if (String.Equals("1", logScriptBlockExecution.ToString(), StringComparison.OrdinalIgnoreCase)) - { - return true; - } - } - } - return false; } @@ -1542,144 +1403,7 @@ static string LookupHash(uint h) { switch (h) { - // Calling Add-Type - case 3012981990: return "Add-Type"; - case 3359423881: return "DllImport"; - - // Doing dynamic assembly building / method indirection - case 2713126922: return "DefineDynamicAssembly"; - case 2407049616: return "DefineDynamicModule"; - case 3276870517: return "DefineType"; - case 419507039: return "DefineConstructor"; - case 1370182198: return "CreateType"; - case 1973546644: return "DefineLiteral"; - case 3276413244: return "DefineEnum"; - case 2785322015: return "DefineField"; - case 837002512: return "ILGenerator"; - case 3117011: return "Emit"; - case 883134515: return "UnverifiableCodeAttribute"; - case 2920989166: return "DefinePInvokeMethod"; - case 1996222179: return "GetTypes"; - case 3935635674: return "GetAssemblies"; - case 955534258: return "Methods"; - case 3368914227: return "Properties"; - - // Suspicious methods / properties on "Type" - case 398423780: return "GetConstructor"; - case 3761202703: return "GetConstructors"; - case 1998297230: return "GetDefaultMembers"; - case 1982269700: return "GetEvent"; - case 1320818671: return "GetEvents"; - case 1982805860: return "GetField"; - case 1337439631: return "GetFields"; - case 2784018083: return "GetInterface"; - case 2864332761: return "GetInterfaceMap"; - case 405214768: return "GetInterfaces"; - case 1534378352: return "GetMember"; - case 321088771: return "GetMembers"; - case 1534592951: return "GetMethod"; - case 327741340: return "GetMethods"; - case 1116240007: return "GetNestedType"; - case 243701964: return "GetNestedTypes"; - case 1077700873: return "GetProperties"; - case 1020114731: return "GetProperty"; - case 257791250: return "InvokeMember"; - case 3217683173: return "MakeArrayType"; - case 821968872: return "MakeByRefType"; - case 3538448099: return "MakeGenericType"; - case 3207725129: return "MakePointerType"; - case 1617553224: return "DeclaringMethod"; - case 3152745313: return "DeclaringType"; - case 4144122198: return "ReflectedType"; - case 3455789538: return "TypeHandle"; - case 624373608: return "TypeInitializer"; - case 637454598: return "UnderlyingSystemType"; - - // Doing things with System.Runtime.InteropServices - case 1855303451: return "InteropServices"; - case 839491486: return "Marshal"; - case 1928879414: return "AllocHGlobal"; - case 3180922282: return "PtrToStructure"; - case 1718292736: return "StructureToPtr"; - case 3390778911: return "FreeHGlobal"; - case 3111215263: return "IntPtr"; - - // General Obfuscation - case 1606191041: return "MemoryStream"; - case 2147536747: return "DeflateStream"; - case 1820815050: return "FromBase64String"; - case 3656724093: return "EncodedCommand"; - case 2920836328: return "Bypass"; - case 3473847323: return "ToBase64String"; - case 4192166699: return "ExpandString"; - case 2462813217: return "GetPowerShell"; - - // Suspicious Win32 API calls - case 2123968741: return "OpenProcess"; - case 3630248714: return "VirtualAlloc"; - case 3303847927: return "VirtualFree"; - case 512407217: return "WriteProcessMemory"; - case 2357873553: return "CreateUserThread"; - case 756544032: return "CloseHandle"; - case 3400025495: return "GetDelegateForFunctionPointer"; - case 314128220: return "kernel32"; - case 2469462534: return "CreateThread"; - case 3217199031: return "memcpy"; - case 2283745557: return "LoadLibrary"; - case 3317813738: return "GetModuleHandle"; - case 2491894472: return "GetProcAddress"; - case 1757922660: return "VirtualProtect"; - case 2693938383: return "FreeLibrary"; - case 2873914970: return "ReadProcessMemory"; - case 2717270220: return "CreateRemoteThread"; - case 2867203884: return "AdjustTokenPrivileges"; - case 2889068903: return "WriteByte"; - case 3667925519: return "WriteInt32"; - case 2742077861: return "OpenThreadToken"; - case 2826980154: return "PtrToString"; - case 3735047487: return "ZeroFreeGlobalAllocUnicode"; - case 788615220: return "OpenProcessToken"; - case 1264589033: return "GetTokenInformation"; - case 2165372045: return "SetThreadToken"; - case 197357349: return "ImpersonateLoggedOnUser"; - case 1259149099: return "RevertToSelf"; - case 2446460563: return "GetLogonSessionData"; - case 2534763616: return "CreateProcessWithToken"; - case 3512478977: return "DuplicateTokenEx"; - case 3126049082: return "OpenWindowStation"; - case 3990594194: return "OpenDesktop"; - case 3195806696: return "MiniDumpWriteDump"; - case 3990234693: return "AddSecurityPackage"; - case 611728017: return "EnumerateSecurityPackages"; - case 4283779521: return "GetProcessHandle"; - case 845600244: return "DangerousGetHandle"; - - // Crypto - ransomware, etc. - case 2691669189: return "CryptoServiceProvider"; - case 1413809388: return "Cryptography"; - case 4113841312: return "RijndaelManaged"; - case 1650652922: return "SHA1Managed"; - case 1759701889: return "CryptoStream"; - case 2439640460: return "CreateEncryptor"; - case 1446703796: return "CreateDecryptor"; - case 1638240579: return "TransformFinalBlock"; - case 1464730593: return "DeviceIoControl"; - case 3966822309: return "SetInformationProcess"; - case 851965993: return "PasswordDeriveBytes"; - - // Keylogging - case 793353336: return "GetAsyncKeyState"; - case 293877108: return "GetKeyboardState"; - case 2448894537: return "GetForegroundWindow"; - - // Using internal types - case 4059335458: return "BindingFlags"; - case 1085624182: return "NonPublic"; - - // Changing logging settings - case 904148605: return "ScriptBlockLogging"; - case 4150524432: return "LogPipelineExecutionDetails"; - case 3704712755: return "ProtectedEventLogging"; + default: return null; } @@ -1810,53 +1534,17 @@ char ToLower(char c) internal static bool ScriptBlockLoggingExplicitlyDisabled() { - // Verify they haven't explicitly turned off script block logging. - Dictionary groupPolicySettings = Utils.GetGroupPolicySetting("ScriptBlockLogging", Utils.RegLocalMachineThenCurrentUser); - if (groupPolicySettings != null) - { - object logScriptBlockExecution; - if (groupPolicySettings.TryGetValue("EnableScriptBlockLogging", out logScriptBlockExecution)) - { - // If it is configured and explicitly disabled, return true. - // (Don't even auto-log ones with suspicious content) - if (String.Equals("0", logScriptBlockExecution.ToString(), StringComparison.OrdinalIgnoreCase)) - { - return true; - } - } - } - - return false; + return true; } internal static void LogScriptBlockStart(ScriptBlock scriptBlock, Guid runspaceId) { - // When invoking, log the creation of the script block if it has suspicious - // content - bool forceLogCreation = false; - if (scriptBlock._scriptBlockData.HasSuspiciousContent) - { - forceLogCreation = true; - } - - // We delay logging the creation util the 'Start' so that we can be sure we've - // properly analyzed the script block's security. - LogScriptBlockCreation(scriptBlock, forceLogCreation); - - if (ShouldLogScriptBlockActivity("EnableScriptBlockInvocationLogging")) - { - PSEtwLog.LogOperationalVerbose(PSEventId.ScriptBlock_Invoke_Start_Detail, PSOpcode.Create, PSTask.CommandStart, PSKeyword.UseAlwaysAnalytic, - scriptBlock.Id.ToString(), runspaceId.ToString()); - } + } internal static void LogScriptBlockEnd(ScriptBlock scriptBlock, Guid runspaceId) { - if (ShouldLogScriptBlockActivity("EnableScriptBlockInvocationLogging")) - { - PSEtwLog.LogOperationalVerbose(PSEventId.ScriptBlock_Invoke_Complete_Detail, PSOpcode.Create, PSTask.CommandStop, PSKeyword.UseAlwaysAnalytic, - scriptBlock.Id.ToString(), runspaceId.ToString()); - } + } internal CompiledScriptBlockData ScriptBlockData { get { return _scriptBlockData; } } diff --git a/src/System.Management.Automation/utils/tracing/PSEtwLog.cs b/src/System.Management.Automation/utils/tracing/PSEtwLog.cs index 8ba057e94bf..0915b13beba 100644 --- a/src/System.Management.Automation/utils/tracing/PSEtwLog.cs +++ b/src/System.Management.Automation/utils/tracing/PSEtwLog.cs @@ -40,7 +40,7 @@ static PSEtwLog() /// internal static void LogEngineHealthEvent(LogContext logContext, int eventId, Exception exception, Dictionary additionalInfo) { - provider.LogEngineHealthEvent(logContext, eventId, exception, additionalInfo); + } /// @@ -52,7 +52,7 @@ internal static void LogEngineHealthEvent(LogContext logContext, int eventId, Ex /// internal static void LogEngineLifecycleEvent(LogContext logContext, EngineState newState, EngineState previousState) { - provider.LogEngineLifecycleEvent(logContext, newState, previousState); + } /// @@ -62,7 +62,7 @@ internal static void LogEngineLifecycleEvent(LogContext logContext, EngineState /// internal static void LogCommandHealthEvent(LogContext logContext, Exception exception) { - provider.LogCommandHealthEvent(logContext, exception); + } /// @@ -73,7 +73,7 @@ internal static void LogCommandHealthEvent(LogContext logContext, Exception exce /// internal static void LogCommandLifecycleEvent(LogContext logContext, CommandState newState) { - provider.LogCommandLifecycleEvent(() => logContext, newState); + } /// @@ -83,7 +83,7 @@ internal static void LogCommandLifecycleEvent(LogContext logContext, CommandStat /// internal static void LogPipelineExecutionDetailEvent(LogContext logContext, List pipelineExecutionDetail) { - provider.LogPipelineExecutionDetailEvent(logContext, pipelineExecutionDetail); + } /// @@ -94,7 +94,7 @@ internal static void LogPipelineExecutionDetailEvent(LogContext logContext, List /// internal static void LogProviderHealthEvent(LogContext logContext, string providerName, Exception exception) { - provider.LogProviderHealthEvent(logContext, providerName, exception); + } /// @@ -106,7 +106,7 @@ internal static void LogProviderHealthEvent(LogContext logContext, string provid /// internal static void LogProviderLifecycleEvent(LogContext logContext, string providerName, ProviderState newState) { - provider.LogProviderLifecycleEvent(logContext, providerName, newState); + } /// @@ -119,7 +119,7 @@ internal static void LogProviderLifecycleEvent(LogContext logContext, string pro /// internal static void LogSettingsEvent(LogContext logContext, string variableName, string value, string previousValue) { - provider.LogSettingsEvent(logContext, variableName, value, previousValue); + } /// @@ -132,7 +132,7 @@ internal static void LogSettingsEvent(LogContext logContext, string variableName /// internal static void LogOperationalInformation(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Operational, opcode, PSLevel.Informational, task, keyword, args); + } /// @@ -145,7 +145,7 @@ internal static void LogOperationalInformation(PSEventId id, PSOpcode opcode, PS /// internal static void LogOperationalWarning(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Operational, opcode, PSLevel.Warning, task, keyword, args); + } /// @@ -158,7 +158,7 @@ internal static void LogOperationalWarning(PSEventId id, PSOpcode opcode, PSTask /// internal static void LogOperationalVerbose(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Operational, opcode, PSLevel.Verbose, task, keyword, args); + } /// @@ -171,7 +171,7 @@ internal static void LogOperationalVerbose(PSEventId id, PSOpcode opcode, PSTask /// internal static void LogAnalyticError(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Analytic, opcode, PSLevel.Error, task, keyword, args); + } /// @@ -184,7 +184,7 @@ internal static void LogAnalyticError(PSEventId id, PSOpcode opcode, PSTask task /// internal static void LogAnalyticWarning(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Analytic, opcode, PSLevel.Warning, task, keyword, args); + } /// @@ -229,7 +229,7 @@ internal static void LogAnalyticVerbose(PSEventId id, PSOpcode opcode, PSTask ta /// internal static void LogAnalyticVerbose(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Analytic, opcode, PSLevel.Verbose, task, keyword, args); + } /// @@ -242,7 +242,7 @@ internal static void LogAnalyticVerbose(PSEventId id, PSOpcode opcode, PSTask ta /// internal static void LogAnalyticInformational(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Analytic, opcode, PSLevel.Informational, task, keyword, args); + } /// @@ -255,7 +255,7 @@ internal static void LogAnalyticInformational(PSEventId id, PSOpcode opcode, PST /// internal static void LogOperationalError(PSEventId id, PSOpcode opcode, PSTask task, PSKeyword keyword, params object[] args) { - provider.WriteEvent(id, PSChannel.Operational, opcode, PSLevel.Error, task, keyword, args); + } /// @@ -268,7 +268,7 @@ internal static void LogOperationalError(PSEventId id, PSOpcode opcode, PSTask t /// internal static void LogOperationalError(PSEventId id, PSOpcode opcode, PSTask task, LogContext logContext, string payLoad) { - provider.WriteEvent(id, PSChannel.Operational, opcode, task, logContext, payLoad); + } @@ -301,11 +301,7 @@ internal static void ReplaceActivityIdForCurrentThread(Guid newActivityId, internal static void WriteTransferEvent(Guid relatedActivityId, PSEventId eventForOperationalChannel, PSEventId eventForAnalyticChannel, PSKeyword keyword, PSTask task) { - provider.WriteEvent(eventForOperationalChannel, PSChannel.Operational, PSOpcode.Method, PSLevel.Informational, task, - PSKeyword.UseAlwaysOperational); - - provider.WriteEvent(eventForAnalyticChannel, PSChannel.Analytic, PSOpcode.Method, PSLevel.Informational, task, - PSKeyword.UseAlwaysAnalytic); + } /// diff --git a/src/System.Management.Automation/utils/tracing/PSEtwLogProvider.cs b/src/System.Management.Automation/utils/tracing/PSEtwLogProvider.cs index 574508a004c..a818434b1dd 100755 --- a/src/System.Management.Automation/utils/tracing/PSEtwLogProvider.cs +++ b/src/System.Management.Automation/utils/tracing/PSEtwLogProvider.cs @@ -40,7 +40,7 @@ static PSEtwLogProvider() /// internal bool IsEnabled(PSLevel level, PSKeyword keywords) { - return etwProvider.IsEnabled((byte)level, (long)keywords); + return false; } /// From fed7a542da3346c0f686157990e0c8a954b108c8 Mon Sep 17 00:00:00 2001 From: cobbr Date: Sun, 17 Dec 2017 23:56:16 -0800 Subject: [PATCH 2/2] Remove PSReadLine history logging, Remove ConsoleHost history logging --- src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHost.cs | 4 ---- src/Microsoft.PowerShell.PSReadLine/History.cs | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHost.cs b/src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHost.cs index 060fa942b56..b1646c6b698 100644 --- a/src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHost.cs +++ b/src/Microsoft.PowerShell.ConsoleHost/host/msh/ConsoleHost.cs @@ -248,10 +248,6 @@ internal static int Start( // Send startup telemetry for ConsoleHost startup ApplicationInsightsTelemetry.SendPSCoreStartupTelemetry(); - ClrFacade.StartProfileOptimization( - s_theConsoleHost.LoadPSReadline() - ? "StartupProfileData-Interactive" - : "StartupProfileData-NonInteractive"); exitCode = s_theConsoleHost.Run(s_cpp, false); } } diff --git a/src/Microsoft.PowerShell.PSReadLine/History.cs b/src/Microsoft.PowerShell.PSReadLine/History.cs index 0b77feb70f5..ba2e2e27387 100644 --- a/src/Microsoft.PowerShell.PSReadLine/History.cs +++ b/src/Microsoft.PowerShell.PSReadLine/History.cs @@ -47,7 +47,7 @@ class HistoryItem private string MaybeAddToHistory(string result, List edits, int undoEditIndex, bool readingHistoryFile, bool fromDifferentSession) { - bool addToHistory = !string.IsNullOrWhiteSpace(result) && ((Options.AddToHistoryHandler == null) || Options.AddToHistoryHandler(result)); + bool addToHistory = false; if (addToHistory) { _history.Enqueue(new HistoryItem