Wireshark
4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
wiretap
procmon.h
Go to the documentation of this file.
1
9
#ifndef __PROCMON_H__
10
#define __PROCMON_H__
11
12
#include "
wtap.h
"
13
14
typedef
struct
procmon_module_t
{
15
nstime_t
timestamp;
16
uint64_t base_address;
17
uint32_t size;
18
const
char
*image_path;
19
const
char
*version;
20
const
char
*company;
21
const
char
*description;
22
}
procmon_module_t
;
23
24
typedef
struct
procmon_process_t
{
25
nstime_t
start_time;
26
nstime_t
end_time;
27
uint64_t authentication_id;
28
uint32_t process_id;
29
uint32_t parent_process_id;
30
uint32_t parent_process_index;
31
uint32_t session_number;
32
const
char
*integrity;
33
const
char
*user_name;
34
const
char
*process_name;
35
const
char
*image_path;
36
const
char
*command_line;
37
const
char
*company;
38
const
char
*version;
39
const
char
*description;
40
procmon_module_t
*modules;
41
uint32_t num_modules;
42
bool
is_virtualized : 1;
43
bool
is_64_bit : 1;
44
}
procmon_process_t
;
45
54
wtap_open_return_val
procmon_open
(
wtap
*wth,
int
*err,
char
**err_info);
55
56
#endif
procmon_open
wtap_open_return_val procmon_open(wtap *wth, int *err, char **err_info)
Opens a procmon file and initializes the wtap structure.
Definition
procmon.c:436
nstime_t
Definition
nstime.h:26
procmon_module_t
Definition
procmon.h:14
procmon_process_t
Definition
procmon.h:24
wtap
Definition
wtap_module.h:58
wtap.h
wtap_open_return_val
wtap_open_return_val
For registering file types that we can open.
Definition
wtap.h:1779
Generated by
1.9.8
1.9.8