From cc043f7fab23aa5cbca4a8b21c33a6a598a07c3b Mon Sep 17 00:00:00 2001
From: Keith Smiley <keithbsmiley@gmail.com>
Date: Sat, 8 Oct 2022 15:51:35 -0700
Subject: [PATCH] Add flags for hiding specific event types

This allows you to ignor specific event types when you potentially only
care about specific events like execs.
---
 App/ProcessMonitor/main.h |  9 +++++++++
 App/ProcessMonitor/main.m | 33 +++++++++++++++++++++++++++++++--
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/App/ProcessMonitor/main.h b/App/ProcessMonitor/main.h
index 193213e..3ed14f4 100644
--- a/App/ProcessMonitor/main.h
+++ b/App/ProcessMonitor/main.h
@@ -24,6 +24,15 @@ BOOL prettyPrint = NO;
 
 //'parseEnv' flag to capture environment variable information
 BOOL parseEnv = NO;
+
+//'hideForks' flag
+BOOL hideForks = NO;
+
+//'hideExecs' flag
+BOOL hideExecs = NO;
+
+//'hideExits' flag
+BOOL hideExits = NO;
  
 /* FUNCTIONS */
 
diff --git a/App/ProcessMonitor/main.m b/App/ProcessMonitor/main.m
index 45136ff..d5c48e4 100644
--- a/App/ProcessMonitor/main.m
+++ b/App/ProcessMonitor/main.m
@@ -89,6 +89,15 @@ BOOL processArgs(NSArray* arguments)
     
     //init 'parseEnv' flag
     parseEnv = [arguments containsObject:@"-parseEnv"];
+
+    //init 'hideForks' flag
+    hideForks = [arguments containsObject:@"-hideForks"];
+
+    //init 'hideExecs' flag
+    hideExecs = [arguments containsObject:@"-hideExecs"];
+
+    //init 'hideExits' flag
+    hideExits = [arguments containsObject:@"-hideExits"];
     
     //extract value for 'filterBy'
     index = [arguments indexOfObject:@"-filter"];
@@ -138,8 +147,11 @@ void usage()
     printf(" -pretty          JSON output is 'pretty-printed'\n");
     printf(" -skipApple       ignore Apple (platform) processes \n");
     printf(" -parseEnv        parse environment variable information\n");
-    printf(" -filter <name>   show events matching process name\n\n");
-    
+    printf(" -filter <name>   show events matching process name\n");
+    printf(" -hideForks       don't show process fork events\n");
+    printf(" -hideExecs       don't show process exec events\n");
+    printf(" -hideExits       don't show process exit events\n\n");
+
     return;
 }
 
@@ -167,6 +179,23 @@ BOOL monitor()
             //ignore
             return;
         }
+
+        switch (process.event) {
+            case ES_EVENT_TYPE_NOTIFY_FORK:
+                if(hideForks)
+                    return;
+                break;
+            case ES_EVENT_TYPE_NOTIFY_EXEC:
+                if(hideExecs)
+                    return;
+                break;
+            case ES_EVENT_TYPE_NOTIFY_EXIT:
+                if (hideExits)
+                    return;
+                break;
+            default:
+                break;
+        }
         
         //filter
         // and no match? skip