Skip to content

Type__HOOKED_DEVICE_UMINFO

Jump to bottom Edit New page
Martin Drab edited this page Mar 20, 2020 · 3 revisions

_HOOKED_DEVICE_UMINFO struct

Summary

Contains information about one device monitored by the IRPMon driver.

Definition

typedef struct _HOOKED_DEVICE_UMINFO {
    PVOID ObjectId;
    PVOID DeviceObject;
    PWCHAR DeviceName;
    ULONG DeviceNameLen;
    UCHAR FastIoSettings[FastIoMax];
    UCHAR IRPSettings[0x1b + 1];
    BOOLEAN MonitoringEnabled;
} HOOKED_DEVICE_UMINFO, *PHOOKED_DEVICE_UMINFO;

Members

ObjectId

ID of the object, used within the IRPMon driver.

DeviceObject

Address of device's DEVICE_OBJECT structure.

DeviceName

Name of the hooked device. Can never be NULL.

DeviceNameLen

Length of the device name, in bytes. The value does not include the terminating null character.

FastIoSettings

Indicates which types of fast I/O requests are monitored. THe exact meaning of each entry is still undefined.

IRPSettings

Indicates which types of IRP requests are monitored. THe exact meaning of each entry is still undefined. NOTE: 0x1b = IRP_MJ_MAXIMUM_FUNCTION.

MonitoringEnabled

Indicates whether the monitoring is active for the device.

Requirements
Header general-types.h
Add a custom footer

General

For Users-Developers

Tutorial

Public API

Functions

Types

Clone this wiki locally