-
Notifications
You must be signed in to change notification settings - Fork 96
Type__IRPMNDRV_SETTINGS
Global IRPMon driver statistics and settings.
typedef struct _IRPMNDRV_SETTINGS {
volatile LONG ReqQueueLastRequestId;
volatile LONG ReqQueueLength;
volatile LONG ReqQueueNonPagedLength;
volatile LONG ReqQueuePagedLength;
BOOLEAN ReqQueueConnected;
BOOLEAN ReqQueueClearOnDisconnect;
BOOLEAN ReqQueueCollectWhenDisconnected;
BOOLEAN ProcessEventsCollect;
BOOLEAN FileObjectEventsCollect;
BOOLEAN DriverSnapshotEventsCollect;
BOOLEAN ProcessEmulateOnConnect;
BOOLEAN DriverSnapshotOnConnect;
ULONG DataStripThreshold;
BOOLEAN StripData;
} IRPMNDRV_SETTINGS, *PIRPMNDRV_SETTINGS;Specifies ID of the newest event/request generated by the driver. This member is read-only.
Total number of events/requests currently present in the Event Queue. This member is read-only.
Specifies number of events allocated from nonpaged pool currently present in the Event Queue. This member is read only.
Specifies number of events allocated from paged pool currently present in the Event Queue. This member is read only.
Indicates whether someone is connected to the driver event queue, thus receiving requests detected by the driver. This is a read-only member.
If set to TRUE, the Event Queue is cleared (all requests in
it discared) when disconnected.
Set this member to TRUE to instruct the driver to store
requests in the Event Queue even when no one is connected to it.
By default, the driver puts requests into the queue only if a
library instance is connected to it (i.e. there is a consumer).
Instructs the driver to collect process-related events (process creation, process exit).
Instructs the driver to collect events about file objects (file object name assignment and deletion).
Instructs the driver to generate events when a new driver or device object are detected.
If set to TRUE, any library instance that connects to
the Event Queue gets process creation event for all processes
currently running in the system. Thus, the instance needs not
to enumerate running processes by itself.
If set to TRUE, any library instance that connects to
the Event Queue gets driver detected and device detected events for all drivers and devices
currently present in the system. Thus, the instance needs not
to obtain this information by itself (e.g. via IRPMonDllSnapshotRetrieve).
Defines maximum amount of data that can be associated with an event. Set this to zero to disable the limit.
Defines driver behavior for events with associated data of length
greater than the limit (IRPMNDRV_SETTINGS.DataStripThreshold).
If set to FALSE the limit is not enforced. If set to TRUE,
data are stripped to match the limit, if necessary.
| Header | general-types.h |
- IRPMonDllClassWatchEnum
- IRPMonDllClassWatchEnumFree
- IRPMonDllClassWatchRegister
- IRPMonDllClassWatchUnregister
- IRPMonDllCloseHookedDeviceHandle
- IRPMonDllCloseHookedDriverHandle
- IRPMonDllConnect
- IRPMonDllDisconnect
- IRPMonDllDriverHooksEnumerate
- IRPMonDllDriverHooksFree
- IRPMonDllDriverNameWatchEnum
- IRPMonDllDriverNameWatchEnumFree
- IRPMonDllDriverNameWatchRegister
- IRPMonDllDriverNameWatchUnregister
- IRPMonDllDriverSetInfo
- IRPMonDllDriverStartMonitoring
- IRPMonDllDriverStopMonitoring
- IRPMonDllEmulateDriverDevices
- IRPMonDllEmulateProcesses
- IRPMonDllFinalize
- IRPMonDllGetRequest
- IRPMonDllHookDeviceByAddress
- IRPMonDllHookDeviceByName
- IRPMonDllHookDriver
- IRPMonDllHookedDeviceGetInfo
- IRPMonDllHookedDeviceSetInfo
- IRPMonDllHookedDriverGetInfo
- IRPMonDllInitialize
- IRPMonDllInitialized
- IRPMonDllOpenHookedDevice
- IRPMonDllOpenHookedDriver
- IRPMonDllQueueClear
- IRPMonDllSettingsQuery
- IRPMonDllSettingsSet
- IRPMonDllSnapshotFree
- IRPMonDllSnapshotRetrieve
- IRPMonDllUnhookDevice
- IRPMonDllUnhookDriver
- CLASS_WATCH_RECORD
- DRIVER_MONITOR_SETTINGS
- DRIVER_NAME_WATCH_RECORD
- EFastIoOperationType
- EIRPMonConnectorType
- ERequestHeaderFlags
- ERequestResultType
- ERequestType
- HOOKED_DEVICE_INFO
- HOOKED_DEVICE_UMINFO
- HOOKED_DRIVER_INFO
- HOOKED_DRIVER_UMINFO
- HOOKED_OBJECTS_INFO
- IRPMNDRV_SETTINGS
- IRPMON_DEVICE_INFO
- IRPMON_DEVICE_INIT_INFO
- IRPMON_DRIVER_INFO
- IRPMON_INIT_INFO
- IRPMON_INIT_INFO_DATA
- IRPMON_NETWORK_INIT_INFO
- PCLASS_WATCH_RECORD
- PDRIVER_MONITOR_SETTINGS
- PDRIVER_NAME_WATCH_RECORD
- PEFastIoOperationType
- PEIRPMonConnectorType
- PERequestHeaderFlags
- PERequestResultType
- PERequestType
- PHOOKED_DEVICE_INFO
- PHOOKED_DEVICE_UMINFO
- PHOOKED_DRIVER_INFO
- PHOOKED_DRIVER_UMINFO
- PHOOKED_OBJECTS_INFO
- PIRPMNDRV_SETTINGS
- PIRPMON_DEVICE_INFO
- PIRPMON_DEVICE_INIT_INFO
- PIRPMON_DRIVER_INFO
- PIRPMON_INIT_INFO
- PIRPMON_INIT_INFO_DATA
- PIRPMON_NETWORK_INIT_INFO
- PREQUEST_ADDDEVICE
- PREQUEST_FASTIO
- PREQUEST_HEADER
- PREQUEST_IRP
- PREQUEST_STARTIO
- PREQUEST_UNLOAD
- REQUEST_ADDDEVICE
- REQUEST_FASTIO
- REQUEST_HEADER
- REQUEST_IRP
- REQUEST_STARTIO
- REQUEST_UNLOAD
- _CLASS_WATCH_RECORD
- _DRIVER_MONITOR_SETTINGS
- _DRIVER_NAME_WATCH_RECORD
- _EFastIoOperationType
- _EIRPMonConnectorType
- _ERequestHeaderFlags
- _ERequestResultType
- _ERequestType
- _HOOKED_DEVICE_INFO
- _HOOKED_DEVICE_UMINFO
- _HOOKED_DRIVER_INFO
- _HOOKED_DRIVER_UMINFO
- _HOOKED_OBJECTS_INFO
- _IRPMNDRV_SETTINGS
- _IRPMON_DEVICE_INFO
- _IRPMON_DEVICE_INIT_INFO
- _IRPMON_DRIVER_INFO
- _IRPMON_INIT_INFO
- _IRPMON_INIT_INFO_DATA
- _IRPMON_NETWORK_INIT_INFO
- _REQUEST_ADDDEVICE
- _REQUEST_FASTIO
- _REQUEST_HEADER
- _REQUEST_IRP
- _REQUEST_STARTIO
- _REQUEST_UNLOAD