atomicshop 2.14.2__py3-none-any.whl → 2.14.3__py3-none-any.whl

{atomicshop-2.14.2.dist-info → atomicshop-2.14.3.dist-info}/RECORD

@@ -1,4 +1,4 @@
-atomicshop/__init__.py,sha256=z4rThLLSu1i3Wlh2xQO9kTZiAnom3boVcidQ2m4F8V0,123
+atomicshop/__init__.py,sha256=oGFh-WMJw07HDbokeQe5ZNDZSUzB3jHxbH8krJL842c,123
 atomicshop/_basics_temp.py,sha256=6cu2dd6r2dLrd1BRNcVDKTHlsHs_26Gpw8QS6v32lQ0,3699
 atomicshop/_create_pdf_demo.py,sha256=Yi-PGZuMg0RKvQmLqVeLIZYadqEZwUm-4A9JxBl_vYA,3713
 atomicshop/_patch_import.py,sha256=ENp55sKVJ0e6-4lBvZnpz9PQCt3Otbur7F6aXDlyje4,6334
@@ -16,6 +16,8 @@ atomicshop/emails.py,sha256=I0KyODQpIMEsNRi9YWSOL8EUPBiWyon3HRdIuSj3AEU,1410
 atomicshop/file_types.py,sha256=-0jzQMRlmU1AP9DARjk-HJm1tVE22E6ngP2mRblyEjY,763
 atomicshop/filesystem.py,sha256=202ue2LkjI1KdaxvB_RHV-2eIczy2-caZGLO4PSePik,53887
 atomicshop/functions.py,sha256=pK8hoCE9z61PtWCxQJsda7YAphrLH1wxU5x-1QJP-sY,499
+atomicshop/get_process_list.py,sha256=hi1NOG-i8S6EcyQ6LTfP4pdxqRfjEijz9SZ5nEbcM9Q,6076
+atomicshop/get_process_name_cmd_dll.py,sha256=CtaSp3mgxxJKCCVW8BLx6BJNx4giCklU_T7USiCEwfc,5162
 atomicshop/hashing.py,sha256=Le8qGFyt3_wX-zGTeQShz7L2HL_b6nVv9PnawjglyHo,3474
 atomicshop/http_parse.py,sha256=nrf2rZcprLqtW8HVrV7TCZ1iTBcWRRy-mXIlAOzcaJs,9703
 atomicshop/inspect_wrapper.py,sha256=sGRVQhrJovNygHTydqJj0hxES-aB2Eg9KbIk3G31apw,11429
@@ -25,9 +27,7 @@ atomicshop/on_exit.py,sha256=Wf1iy2e0b0Zu7oRxrct3VkLdQ_x9B32-z_JerKTt9Z0,5493
 atomicshop/pbtkmultifile_argparse.py,sha256=aEk8nhvoQVu-xyfZosK3ma17CwIgOjzO1erXXdjwtS4,4574
 atomicshop/permissions.py,sha256=P6tiUKV-Gw-c3ePEVsst9bqWaHJbB4ZlJB4xbDYVpEs,4436
 atomicshop/print_api.py,sha256=DhbCQd0MWZZ5GYEk4oTu1opRFC-b31g1VWZgTGewG2Y,11568
-atomicshop/process.py,sha256=R1BtXWjG2g2Q3WlsyhbIlXZz0UkQeagY7fQyBOIX_DM,15951
-atomicshop/process_name_cmd.py,sha256=CtaSp3mgxxJKCCVW8BLx6BJNx4giCklU_T7USiCEwfc,5162
-atomicshop/process_poller.py,sha256=17sc332AcTfSVPorjYsgRwNm75rLCqvpOQsieMwLMKU,16105
+atomicshop/process.py,sha256=U2gyRl0bw2138y-rOMABMVptRvAL81ZfX1JyfxJI_Oo,15973
 atomicshop/python_file_patcher.py,sha256=kd3rBWvTcosLEk-7TycNdfKW9fZbe161iVwmH4niUo0,5515
 atomicshop/python_functions.py,sha256=zJg4ogUwECxrDD7xdDN5JikIUctITM5lsyabr_ZNsRw,4435
 atomicshop/question_answer_engine.py,sha256=DuOn7QEgKKfqZu2cR8mVeFIfFgayfBHiW-jY2VPq_Fo,841
@@ -106,10 +106,10 @@ atomicshop/etws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/etws/const.py,sha256=v3x_IdCYeSKbCGywiZFOZln80ldpwKW5nuMDuUe51Jg,1257
 atomicshop/etws/providers.py,sha256=fVmWi-uGdtnsQTDpu_ty6dzx0GMhGokiST73LNBEJ38,129
 atomicshop/etws/sessions.py,sha256=k3miewU278xn829cqDbsuH_bmZHPQE9-Zn-hINbxUSE,1330
-atomicshop/etws/trace.py,sha256=v2yA3FicR9WIg5n5KlZEuYbLAzTTjiDk7avWxcEjwp8,8439
+atomicshop/etws/trace.py,sha256=KddD6_pXWhB1nr_ZsPTX1W3zayAdy5v0UxDsTcrme_w,7286
 atomicshop/etws/traces/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/etws/traces/trace_dns.py,sha256=-bw7JGDeAl2UtNGoSPeD_gh6ij4IGAbPdB8VWip8fXc,5960
-atomicshop/etws/traces/trace_sysmon_process_creation.py,sha256=WdlQiOfRZC-_PpuE6BkOw5zB0DLc3fhVrANyLrgfCac,4833
+atomicshop/etws/traces/trace_dns.py,sha256=rWQ8bv8eMHBRRkA8oxO9caYqj0h4Emw4aZXmoI3Q6fg,6292
+atomicshop/etws/traces/trace_sysmon_process_creation.py,sha256=OM-bkK38uYMwWLZKNOTDa0Xdk3sO6sqsxoMUIiPvm5g,4656
 atomicshop/file_io/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/file_io/csvs.py,sha256=y8cJtnlN-NNxNupzJgSeGq9aQ4wNxYLFPX9vNNlUiIc,5830
 atomicshop/file_io/docxs.py,sha256=6tcYFGp0vRsHR47VwcRqwhdt2DQOwrAUYhrwN996n9U,5117
@@ -139,13 +139,22 @@ atomicshop/mitm/engines/__reference_general/parser___reference_general.py,sha256
 atomicshop/mitm/engines/__reference_general/recorder___reference_general.py,sha256=KENDVf9OwXD9gwSh4B1XxACCe7iHYjrvnW1t6F64wdE,695
 atomicshop/mitm/engines/__reference_general/responder___reference_general.py,sha256=1AM49UaFTKA0AHw-k3SV3uH3QbG-o6ux0c-GoWkKNU0,6993
 atomicshop/monitor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/change_monitor.py,sha256=dGhk5bJPxLCHa2FOVkort99E7vjVojra9GlvhpcKSqE,7551
+atomicshop/monitor/change_monitor.py,sha256=K5NlVp99XIDDPnQQMdru4BDmua_DtcDIhVAzkTOvD5s,7673
 atomicshop/monitor/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/checks/dns.py,sha256=clslElMi2HZaO3G1nXt2t0O2Yj0vFsJd6CXRdIXCGJM,7038
+atomicshop/monitor/checks/dns.py,sha256=GHBQ2GEPaU3hAmK6l2vM2PKTcBNzDDF9ThZixqnl9Qk,7108
 atomicshop/monitor/checks/file.py,sha256=2tIDSlX2KZNc_9i9ji1tcOqupbFTIOj7cKXLyBEDWMk,3263
 atomicshop/monitor/checks/network.py,sha256=CGZWl4WlQrxayZeVF9JspJXwYA-zWx8ECWTVGSlXc98,3825
 atomicshop/monitor/checks/process_running.py,sha256=x66wd6-l466r8sbRQaIli0yswyGt1dH2DVXkGDL6O0Q,1891
 atomicshop/monitor/checks/url.py,sha256=1PvKt_d7wFg7rDMFpUejAQhj0mqWsmlmrNfjNAV2G4g,4123
+atomicshop/process_poller/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/process_poller/process_pool.py,sha256=1CaG6Cov-Pt_kZohfFeQFT42YBnEwNBA6ge55dxok_8,9600
+atomicshop/process_poller/simple_process_pool.py,sha256=hJkrn-efetLjyC8CevAFcsiKwBBKS8onYbf2ygq2J18,4540
+atomicshop/process_poller/tracer_base.py,sha256=IOiHcnmF-MccOSCErixN5mve9RifZ9cPnGVHCIRchrs,1091
+atomicshop/process_poller/pollers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/process_poller/pollers/psutil_pywin32wmi_dll.py,sha256=XRRfOIy62iOYU8IKRcyECWiL0rqQ35DeYbPsv_SHDVM,4510
+atomicshop/process_poller/tracers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/process_poller/tracers/event_log.py,sha256=Ob5v18VPZ__PN8TP6aJJjQZcDMwfGA2pIKwKjrl5j3k,1417
+atomicshop/process_poller/tracers/sysmon_etw.py,sha256=zn5YGX0Uro_Om7Gp1O4r0nlP1cR7BX1nYQmELPLZc9I,2500
 atomicshop/ssh_scripts/process_from_ipv4.py,sha256=uDBKZ2Ds20614JW1xMLr4IPB-z1LzIwy6QH5-SJ4j0s,1681
 atomicshop/ssh_scripts/process_from_port.py,sha256=uDTkVh4zc3HOTTGv1Et3IxM3PonDJCPuFRL6rnZDQZ4,1389
 atomicshop/startup/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -251,9 +260,10 @@ atomicshop/wrappers/pywin32w/console.py,sha256=LstHajPLgXp9qQxFNR44QfH10nOnNp3bC
 atomicshop/wrappers/pywin32w/winshell.py,sha256=i2bKiMldPU7_azsD5xGQDdMwjaM7suKJd3k0Szmcs6c,723
 atomicshop/wrappers/pywin32w/wmi_win32process.py,sha256=qMzXtJ5hBZ5ydAyqpDbSx0nO2RJQL95HdmV5SzNKMhk,6826
 atomicshop/wrappers/pywin32w/win_event_log/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/wrappers/pywin32w/win_event_log/subscribe.py,sha256=a0SqjtUfo-fVR5jlsoygFlDrjHelOKgCBvia3suyzW8,8217
+atomicshop/wrappers/pywin32w/win_event_log/subscribe.py,sha256=FYo2X0Xm3lb3GIdIt_8usoj7JPSDWj0iwsIJ4OwZLQM,8156
 atomicshop/wrappers/pywin32w/win_event_log/subscribes/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/wrappers/pywin32w/win_event_log/subscribes/process_create.py,sha256=_no1MnXjhLgOi9Y7xc7HHgTe6sjZkHIIhcVCd5BKZgM,6865
+atomicshop/wrappers/pywin32w/win_event_log/subscribes/process_create.py,sha256=1PrPiDiuiVfzfzN5BUuxMfUoCgGW7RGgH6HVrjpTnQc,6064
+atomicshop/wrappers/pywin32w/win_event_log/subscribes/process_terminate.py,sha256=0k09fiAwKDJO404bjxUWSSSLOiNANl-VTJDD_YLq-I8,3763
 atomicshop/wrappers/pywin32w/win_event_log/subscribes/schannel_logging.py,sha256=8nxIcNcbeEuvoBwhujgh7-oIpL9A6J-gg1NM8hOGAVA,3442
 atomicshop/wrappers/socketw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/wrappers/socketw/accepter.py,sha256=HQC1EyZmyUtVEfFbaBkHCE-VZp6RWyd9mEqAkgsE1fk,1749
@@ -271,8 +281,8 @@ atomicshop/wrappers/socketw/socket_server_tester.py,sha256=AhpurHJmP2kgzHaUbq5ey
 atomicshop/wrappers/socketw/socket_wrapper.py,sha256=aXBwlEIJhFT0-c4i8iNlFx2It9VpCEpsv--5Oqcpxao,11624
 atomicshop/wrappers/socketw/ssl_base.py,sha256=k4V3gwkbq10MvOH4btU4onLX2GNOsSfUAdcHmL1rpVE,2274
 atomicshop/wrappers/socketw/statistics_csv.py,sha256=t3dtDEfN47CfYVi0CW6Kc2QHTEeZVyYhc57IYYh5nmA,826
-atomicshop-2.14.2.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
-atomicshop-2.14.2.dist-info/METADATA,sha256=VIgp-Go_u3KNgCb_tRAE6XcD9IyNa2lHdn0C2WFmscY,10478
-atomicshop-2.14.2.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-atomicshop-2.14.2.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
-atomicshop-2.14.2.dist-info/RECORD,,
+atomicshop-2.14.3.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
+atomicshop-2.14.3.dist-info/METADATA,sha256=JhF66mFvmwPdaPxY9XiSY3ZjfBDikdaCzCF2PRNO0Ac,10478
+atomicshop-2.14.3.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+atomicshop-2.14.3.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
+atomicshop-2.14.3.dist-info/RECORD,,

atomicshop/process_poller.py

@@ -1,345 +0,0 @@
-import threading
-import multiprocessing
-import time
-from typing import Literal, Union
-from pathlib import Path
-
-from .wrappers.pywin32w import wmi_win32process
-from .wrappers.pywin32w.win_event_log.subscribes import process_create
-from .wrappers.psutilw import psutilw
-from .etws.traces import trace_sysmon_process_creation
-from .basics import dicts
-from .process_name_cmd import ProcessNameCmdline
-from .print_api import print_api
-
-
-def get_process_time_tester(
-        get_method: Literal['psutil', 'pywin32', 'process_dll'] = 'process_dll',
-        times_to_test: int = 50
-):
-    """
-    The function will test the time it takes to get the list of processes with different methods and cycles.
-
-    :param get_method: str, The method to get the list of processes. Default is 'process_list_dll'.
-        'psutil': Get the list of processes by 'psutil' library. Resource intensive and slow.
-        'pywin32': Get the list of processes by 'pywin32' library, using WMI. Not resource intensive, but slow.
-        'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64
-    :param times_to_test: int, how many times to test the function.
-    """
-
-    import timeit
-
-    setup_code = '''
-from atomicshop import process_poller
-get_process_list = process_poller.GetProcessList(get_method=get_method, connect_on_init=True)
-'''
-
-    test_code = '''
-test = get_process_list.get_processes()
-'''
-
-    # globals need to be specified, otherwise the setup_code won't work with passed variables.
-    times = timeit.timeit(setup=setup_code, stmt=test_code, number=times_to_test, globals=locals())
-    print(f'Execution time: {times}')
-
-
-class GetProcessList:
-    """
-    The class is responsible for getting the list of running processes.
-
-    Example of one time polling with 'pywin32' method:
-    from atomicshop import process_poller
-    process_list: dict = \
-        process_poller.GetProcessList(get_method='pywin32', connect_on_init=True).get_processes(as_dict=True)
-    """
-    def __init__(
-            self,
-            get_method: Literal['psutil', 'pywin32', 'process_dll'] = 'process_dll',
-            connect_on_init: bool = False
-    ):
-        """
-        :param get_method: str, The method to get the list of processes. Default is 'process_list_dll'.
-            'psutil': Get the list of processes by 'psutil' library. Resource intensive and slow.
-            'pywin32': Get the list of processes by 'pywin32' library, using WMI. Not resource intensive, but slow.
-            'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64.
-        :param connect_on_init: bool, if True, will connect to the service on init. 'psutil' don't need to connect.
-        """
-        self.get_method = get_method
-        self.process_polling_instance = None
-
-        self.connected = False
-
-        if self.get_method == 'psutil':
-            self.process_polling_instance = psutilw.PsutilProcesses()
-            self.connected = True
-        elif self.get_method == 'pywin32':
-            self.process_polling_instance = wmi_win32process.Pywin32Processes()
-        elif self.get_method == 'process_dll':
-            self.process_polling_instance = ProcessNameCmdline()
-
-        if connect_on_init:
-            self.connect()
-
-    def connect(self):
-        """
-        Connect to the service. 'psutil' don't need to connect.
-        """
-
-        # If the service is not connected yet. Since 'psutil' don't need to connect.
-        if not self.connected:
-            if self.get_method == 'pywin32':
-                self.process_polling_instance.connect()
-                self.connected = True
-            elif self.get_method == 'process_dll':
-                self.process_polling_instance.load()
-                self.connected = True
-
-    def get_processes(self, as_dict: bool = True) -> Union[list, dict]:
-        """
-        The function will get the list of opened processes and return it as a list of dicts.
-
-        :return: dict while key is pid or list of dicts, of opened processes (depending on 'as_dict' setting).
-        """
-
-        if as_dict:
-            if self.get_method == 'psutil':
-                return self.process_polling_instance.get_processes_as_dict(
-                    attrs=['pid', 'name', 'cmdline'], cmdline_to_string=True)
-            elif self.get_method == 'pywin32':
-                processes = self.process_polling_instance.get_processes_as_dict(
-                    attrs=['ProcessId', 'Name', 'CommandLine'])
-
-                # Convert the keys from WMI to the keys that are used in 'psutil'.
-                converted_process_dict = dict()
-                for pid, process_info in processes.items():
-                    converted_process_dict[pid] = dicts.convert_key_names(
-                        process_info, {'Name': 'name', 'CommandLine': 'cmdline'})
-
-                return converted_process_dict
-            elif self.get_method == 'process_dll':
-                return self.process_polling_instance.get_process_details(as_dict=True)
-        else:
-            if self.get_method == 'psutil':
-                return self.process_polling_instance.get_processes_as_list_of_dicts(
-                    attrs=['pid', 'name', 'cmdline'], cmdline_to_string=True)
-            elif self.get_method == 'pywin32':
-                processes = self.process_polling_instance.get_processes_as_list_of_dicts(
-                    attrs=['ProcessId', 'Name', 'CommandLine'])
-
-                # Convert the keys from WMI to the keys that are used in 'psutil'.
-                for process_index, process_info in enumerate(processes):
-                    processes[process_index] = dicts.convert_key_names(
-                        process_info, {'ProcessId': 'pid', 'Name': 'name', 'CommandLine': 'cmdline'})
-
-                return processes
-            elif self.get_method == 'process_dll':
-                return self.process_polling_instance.get_process_details(as_dict=as_dict)
-
-
-class ProcessPollerPool:
-    """
-    The class is responsible for polling processes and storing them in a pool.
-    Currently, this works with 'psutil' library and takes up to 16% of CPU on my machine.
-    Because 'psutil' fetches 'cmdline' for each 'pid' dynamically, and it takes time and resources
-    Later, I'll find a solution to make it more efficient.
-    """
-    def __init__(
-            self,
-            interval_seconds: Union[int, float] = 0,
-            operation: Literal['thread', 'process'] = 'thread',
-            poller_method: Literal['psutil', 'pywin32', 'process_dll', 'sysmon_etw', 'event_log'] = 'event_log',
-            sysmon_etw_session_name: str = None,
-            sysmon_directory: str = None
-    ):
-        """
-        :param interval_seconds: float, how many seconds to wait between each cycle.
-            Default is 0, which means that the polling will be as fast as possible.
-
-            Basically, you want it to be '0' if you want to get the most recent processes.
-            Any polling by itself takes time, so if you want to get the most recent processes, you want to do it as fast
-            as possible.
-        :param operation: str, 'thread' or 'process'. Default is 'process'.
-            'process': The polling will be done in a new process.
-            'thread': The polling will be done in a new thread.
-
-            Python is slow, if you are going to use 'thread' all other operations inside this thread will be very slow.
-            You can even get exceptions, if you're using process polling for correlations of PIDs and process names.
-            It is advised to use the 'process' operation, which will not affect other operations in the thread.
-        :param poller_method: str. Default is 'process_dll'. Available:
-            'psutil': Get the list of processes by 'psutil' library. Resource intensive and slow.
-            'pywin32': Get the list of processes by 'pywin32' library, using WMI. Not resource intensive, but slow.
-            'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64.
-            'sysmon_etw': Get the list of processes with running SysMon by ETW - Event Tracing for Windows.
-                In this case 'store_cycles' and 'interval_seconds' are irrelevant, since the ETW is real-time.
-                Steps we take:
-                    1. Check if SysMon is Running. If not, check if the executable exists in specified
-                        location and start it as a service.
-                    2. Start the "Microsoft-Windows-Sysmon" ETW session.
-                    3. Take a snapshot of current processes and their CMDs with psutil and store it in a dict.
-                    4. Each new process creation from ETW updates the dict.
-            'event_log': Get the list of processes by subscribing to the Windows Event Log.
-                Log Channel: Security, Event ID: 4688.
-                We enable the necessary prerequisites in registry and subscribe to the event.
-        :param sysmon_etw_session_name: str, only for 'sysmon_etw' get_method.
-            The name of the ETW session for tracing process creation.
-        :param sysmon_directory: str, only for 'sysmon_etw' get_method.
-            The directory where the SysMon executable is located. If non-existed will be downloaded.
-        ---------------------------------------------
-        If there is an exception, ProcessPollerPool.processes will be set to the exception.
-        While getting the processes you can use this to execute the exception:
-
-        processes = ProcessPollerPool.processes
-
-        if isinstance(processes, BaseException):
-            raise processes
-        """
-
-        self.interval_seconds: float = interval_seconds
-        self.operation: str = operation
-        self.poller_method = poller_method
-        self.sysmon_etw_session_name: str = sysmon_etw_session_name
-        self.sysmon_directory: str = sysmon_directory
-
-        # Current process pool.
-        self._processes: dict = dict()
-
-        # The variable is responsible to stop the thread if it is running.
-        self._running: bool = False
-
-        self._process_queue = multiprocessing.Queue()
-        self._running_state_queue = multiprocessing.Queue()
-
-    def start(self):
-        if self.operation == 'thread':
-            self._start_thread()
-        elif self.operation == 'process':
-            self._start_process()
-        else:
-            raise ValueError(f'Invalid operation type [{self.operation}]')
-
-        thread = threading.Thread(target=self._thread_get_queue)
-        thread.daemon = True
-        thread.start()
-
-    def stop(self):
-        self._running = False
-        self._running_state_queue.put(False)
-
-    def get_processes(self):
-        return self._processes
-
-    def _start_thread(self):
-        self._running = True
-
-        thread = threading.Thread(
-            target=_worker, args=(
-                self.poller_method, self._running_state_queue, self.interval_seconds,
-                self._process_queue, self.sysmon_etw_session_name, self.sysmon_directory,
-            )
-        )
-        thread.daemon = True
-        thread.start()
-
-    def _start_process(self):
-        self._running = True
-        multiprocessing.Process(
-            target=_worker, args=(
-                self.poller_method, self._running_state_queue, self.interval_seconds,
-                self._process_queue, self.sysmon_etw_session_name, self.sysmon_directory,
-            )).start()
-
-    def _thread_get_queue(self):
-        while True:
-            self._processes = self._process_queue.get()
-
-
-def _worker(
-        poller_method, running_state_queue, interval_seconds, process_queue, sysmon_etw_session_name, sysmon_directory):
-    def _worker_to_get_running_state():
-        nonlocal running_state
-        running_state = running_state_queue.get()
-
-    running_state: bool = True
-
-    thread = threading.Thread(target=_worker_to_get_running_state)
-    thread.daemon = True
-    thread.start()
-
-    if poller_method == 'sysmon_etw':
-        poller_instance = trace_sysmon_process_creation.SysmonProcessCreationTrace(
-            attrs=['pid', 'original_file_name', 'command_line'],
-            session_name=sysmon_etw_session_name,
-            close_existing_session_name=True,
-            sysmon_directory=sysmon_directory
-        )
-
-        # We must initiate the connection inside the thread/process, because it is not thread-safe.
-        poller_instance.start()
-
-        processes = GetProcessList(get_method='pywin32', connect_on_init=True).get_processes(as_dict=True)
-        process_queue.put(processes)
-    elif poller_method == 'event_log':
-        poller_instance = process_create.ProcessCreateSubscriber()
-        poller_instance.start()
-
-        processes = GetProcessList(get_method='pywin32', connect_on_init=True).get_processes(as_dict=True)
-        process_queue.put(processes)
-    else:
-        poller_instance = GetProcessList(get_method=poller_method)
-        poller_instance.connect()
-        processes = {}
-
-    exception = None
-    while running_state:
-        try:
-            if poller_method == 'sysmon_etw':
-                # Get the current processes and reinitialize the instance of the dict.
-                current_cycle: dict = poller_instance.emit()
-                current_processes: dict = {int(current_cycle['pid']): {
-                    'name': current_cycle['original_file_name'],
-                    'cmdline': current_cycle['command_line']}
-                }
-            elif poller_method == 'event_log':
-                # Get the current processes and reinitialize the instance of the dict.
-                current_cycle: dict = poller_instance.emit()
-                current_processes: dict = {current_cycle['pid']: {
-                    'name': Path(current_cycle['process_name']).name,
-                    'cmdline': current_cycle['command_line']}
-                }
-            else:
-                # Get the current processes and reinitialize the instance of the dict.
-                current_processes: dict = dict(poller_instance.get_processes())
-
-            # Remove Command lines that contains only numbers, since they are useless.
-            for pid, process_info in current_processes.items():
-                if process_info['cmdline'].isnumeric():
-                    current_processes[pid]['cmdline'] = str()
-                elif process_info['cmdline'] == 'Error':
-                    current_processes[pid]['cmdline'] = str()
-
-            # This loop is essential for keeping the command lines.
-            # When the process unloads from memory, the last polling will have only pid and executable name, but not
-            # the command line. This loop will keep the command line from the previous polling if this happens.
-            for pid, process_info in current_processes.items():
-                if pid in processes:
-                    if processes[pid]['name'] == current_processes[pid]['name']:
-                        if current_processes[pid]['cmdline'] == '':
-                            current_processes[pid]['cmdline'] = processes[pid]['cmdline']
-            processes.update(current_processes)
-
-            process_queue.put(processes)
-
-            # Since ETW is a blocking operation, we don't need to sleep in tracing pollers [sysmon_etw, event_log].
-            if poller_method not in ['sysmon_etw', 'event_log']:
-                time.sleep(interval_seconds)
-        except KeyboardInterrupt as e:
-            running_state = False
-            exception = e
-        except Exception as e:
-            running_state = False
-            exception = e
-            print_api(f'Exception in ProcessPollerPool: {e}', color='red')
-            raise
-
-    if not running_state:
-        process_queue.put(exception)