Type__HOOKED_DEVICE_UMINFO - MartinDrab/IRPMon GitHub Wiki

_HOOKED_DEVICE_UMINFO struct

Summary

Contains information about one device monitored by the IRPMon driver.

Definition

typedef struct _HOOKED_DEVICE_UMINFO {
    PVOID ObjectId;
    PVOID DeviceObject;
    PWCHAR DeviceName;
    ULONG DeviceNameLen;
    UCHAR FastIoSettings[FastIoMax];
    UCHAR IRPSettings[0x1b + 1];
    BOOLEAN MonitoringEnabled;
} HOOKED_DEVICE_UMINFO, *PHOOKED_DEVICE_UMINFO;

Members

ObjectId

ID of the object, used within the IRPMon driver.

DeviceObject

Address of device's DEVICE_OBJECT structure.

DeviceName

Name of the hooked device. Can never be NULL.

DeviceNameLen

Length of the device name, in bytes. The value does not include the terminating null character.

FastIoSettings

Indicates which types of fast I/O requests are monitored. THe exact meaning of each entry is still undefined.

IRPSettings

Indicates which types of IRP requests are monitored. THe exact meaning of each entry is still undefined. NOTE: 0x1b = IRP_MJ_MAXIMUM_FUNCTION.

MonitoringEnabled

Indicates whether the monitoring is active for the device.

Requirements


Header	general-types.h