Wireshark 4.7.2
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
procmon.h
Go to the documentation of this file.
1
8
9#ifndef __PROCMON_H__
10#define __PROCMON_H__
11
12#include "wtap.h"
13
17typedef struct procmon_module_t {
18 nstime_t timestamp;
19 uint64_t base_address;
20 uint32_t size;
21 const char *image_path;
22 const char *version;
23 const char *company;
24 const char *description;
25} procmon_module_t;
26
30typedef struct procmon_process_t {
31 nstime_t start_time;
32 nstime_t end_time;
33 uint64_t authentication_id;
34 uint32_t process_id;
35 uint32_t parent_process_id;
36 uint32_t parent_process_index;
37 uint32_t session_number;
38 const char *integrity;
39 const char *user_name;
40 const char *process_name;
41 const char *image_path;
42 const char *command_line;
43 const char *company;
44 const char *version;
45 const char *description;
46 procmon_module_t *modules;
47 uint32_t num_modules;
48 bool is_virtualized : 1;
49 bool is_64_bit : 1;
50} procmon_process_t;
51
60wtap_open_return_val procmon_open(wtap *wth, int *err, char **err_info);
61
62#endif
procmon_open
wtap_open_return_val procmon_open(wtap *wth, int *err, char **err_info)
Opens a procmon file and initializes the wtap structure.
Definition procmon.c:436
nstime_t
Definition nstime.h:26
procmon_module_t
Describes a single loaded module (DLL or executable image) within a monitored process.
Definition procmon.h:17
procmon_module_t::image_path
const char * image_path
Definition procmon.h:21
procmon_module_t::base_address
uint64_t base_address
Definition procmon.h:19
procmon_module_t::company
const char * company
Definition procmon.h:23
procmon_module_t::size
uint32_t size
Definition procmon.h:20
procmon_module_t::description
const char * description
Definition procmon.h:24
procmon_module_t::version
const char * version
Definition procmon.h:22
procmon_module_t::timestamp
nstime_t timestamp
Definition procmon.h:18
procmon_process_t
Describes a single process observed by Process Monitor, including its identity, security context,...
Definition procmon.h:30
procmon_process_t::command_line
const char * command_line
Definition procmon.h:42
procmon_process_t::version
const char * version
Definition procmon.h:44
procmon_process_t::is_64_bit
bool is_64_bit
Definition procmon.h:49
procmon_process_t::process_id
uint32_t process_id
Definition procmon.h:34
procmon_process_t::company
const char * company
Definition procmon.h:43
procmon_process_t::modules
procmon_module_t * modules
Definition procmon.h:46
procmon_process_t::description
const char * description
Definition procmon.h:45
procmon_process_t::is_virtualized
bool is_virtualized
Definition procmon.h:48
procmon_process_t::authentication_id
uint64_t authentication_id
Definition procmon.h:33
procmon_process_t::num_modules
uint32_t num_modules
Definition procmon.h:47
procmon_process_t::end_time
nstime_t end_time
Definition procmon.h:32
procmon_process_t::user_name
const char * user_name
Definition procmon.h:39
procmon_process_t::image_path
const char * image_path
Definition procmon.h:41
procmon_process_t::process_name
const char * process_name
Definition procmon.h:40
procmon_process_t::session_number
uint32_t session_number
Definition procmon.h:37
procmon_process_t::parent_process_index
uint32_t parent_process_index
Definition procmon.h:36
procmon_process_t::integrity
const char * integrity
Definition procmon.h:38
procmon_process_t::start_time
nstime_t start_time
Definition procmon.h:31
procmon_process_t::parent_process_id
uint32_t parent_process_id
Definition procmon.h:35
wtap
Definition wtap_module.h:58
wtap_open_return_val
wtap_open_return_val
For registering file types that we can open.
Definition wtap.h:1849
Generated by doxygen 1.15.0