_ERequestType enum

Summary

Type of request reported by the IRPMon driver.

Definition

typedef enum _ERequestType {
    erpUndefined = 0,
    ertIRP = 1,
    ertIRPCompletion = 2,
    ertAddDevice = 3,
    ertDriverUnload = 4,
    ertFastIo = 5,
    ertStartIo = 6,
    ertDriverDetected = 7,
    ertDeviceDetected = 8,
    ertFileObjectNameAssigned = 9,
    ertFileObjectNameDeleted = 10,
    ertProcessCreated = 11,
    ertProcessExitted = 12,
    ertImageLoad = 13,
} ERequestType, *PERequestType;

Values

erpUndefined

Exists only for debugging purposes, should not be ever used.

ertIRP

I/O request packet (IRP).

ertIRPCompletion

An IRP is completed.

ertAddDevice

Driver's AddDevice routine was called in order to inform the driver about a newly detected device.

ertDriverUnload

A driver was unloaded.

ertFastIo

A fast I/O request was serviced by a driver.

ertStartIo

Driver's StartIo routine was invoked.

ertDriverDetected

A previously unknown driver was detected.

ertDeviceDetected

A previously unknown device was detected.

ertFileObjectNameAssigned

A file object just got its file name

ertFileObjectNameDeleted

A file object was stripped from its file name.

The IRPMon driver send this event when an IRP_MJ_CLEANUP IRP IS received and completed for the file object.

ertProcessCreated

New process has been created.

ertProcessExitted

An existing process has terminated.

ertImageLoad

A PE image (EXE, DLL or driver) was mapped into memory.

Requirements

Header	general-types.h