procmon_phdr Struct Reference

Pseudo-header for Microsoft ProcMon (Process Monitor) captures. More...

#include <wtap.h>

Public Attributes
uint32_t *	process_index_map
size_t	process_index_map_size
struct procmon_process_t *	process_array
size_t	process_array_size
bool	system_bitness

Detailed Description

Pseudo-header for Microsoft ProcMon (Process Monitor) captures.

Member Data Documentation

process_array

struct procmon_process_t* procmon_phdr::process_array

Array of captured process descriptors.

process_array_size

size_t procmon_phdr::process_array_size

Number of entries in process_array.

process_index_map

uint32_t* procmon_phdr::process_index_map

Map from raw process index to process_array index.

process_index_map_size

size_t procmon_phdr::process_index_map_size

Number of entries in process_index_map.

system_bitness

bool procmon_phdr::system_bitness

True if the captured system was 64-bit, false if 32-bit.

---

The documentation for this struct was generated from the following file:

• /builds/wireshark/wireshark/wiretap/wtap.h