procmon

package

v0.0.0-...-4c50494 Latest Latest Go to latest Published: May 6, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/DataDog/datadog-agent

Documentation ¶

Rendered for windows/amd64

Index ¶

Constants
type DDProcessNotification
type DDProcessNotifyType
type DDProcmonStats
type ProcessStartNotification
type ProcessStopNotification
type WinProcmon
- func NewWinProcMon(onStart chan *ProcessStartNotification, onStop chan *ProcessStopNotification, ...) (*WinProcmon, error)

Constants ¶

View Source

const (

	// ProcmonDefaultReceiveSize is the default size of the receive buffer
	// 140k is the maximum size a notification can be, resulting in more memory usage traded off for
	// not missing notifications.
	ProcmonDefaultReceiveSize = (140 * 1024)

	// ProcmonDefaultNumBufs is the default number of overlapped receive buffers
	ProcmonDefaultNumBufs = 50
)

View Source

const (
	ProcmonStartIOCTL = 0x222006
	ProcmonStopIOCTL  = 0x22200a
	ProcmonStatsIOCTL = 0x22200e

	ProcmonSignature = 0xdd0100000004
)

View Source

const (
	ProcmonNotifyStop  = 0x0
	ProcmonNotifyStart = 0x1
)

View Source

const DDProcessNotificationSize = 0x68

View Source

const DDProcmonStatsSize = 0x30

View Source

const Signature = 0xdd0100000004

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DDProcessNotification ¶

type DDProcessNotification struct {
	Size              uint64
	SizeNeeded        uint64
	ProcessId         uint64
	NotifyType        uint64
	ParentProcessId   uint64
	CreatingProcessId uint64
	CreatingThreadId  uint64
	ImageFileLen      uint64
	ImageFileOffset   uint64
	CommandLineLen    uint64
	CommandLineOffset uint64
	SidLen            uint64
	SidOffset         uint64
}

type DDProcessNotifyType ¶

type DDProcessNotifyType uint32

type DDProcmonStats ¶

type DDProcmonStats struct {
	ProcessStartCount       uint64
	ProcessStopCount        uint64
	MissedNotifications     uint64
	AllocationFailures      uint64
	WorkItemFailures        uint64
	ReadBufferToSmallErrors uint64
}

type ProcessStartNotification ¶

type ProcessStartNotification struct {
	Pid               uint64
	PPid              uint64
	CreatingProcessId uint64
	CreatingThreadId  uint64
	OwnerSidString    string
	ImageFile         string
	CmdLine           string
	// if this is nonzero, functions as notification to
	// the probe that the buffer size isn't large enough
	RequiredSize uint32
}

type ProcessStopNotification ¶

type ProcessStopNotification struct {
	Pid uint64
}

type WinProcmon ¶

type WinProcmon struct {
	// contains filtered or unexported fields
}

func NewWinProcMon ¶

func NewWinProcMon(onStart chan *ProcessStartNotification, onStop chan *ProcessStopNotification, onError chan bool, bufsize, numbufs int) (*WinProcmon, error)

NewWinProcMon creates a new WinProcmon

requires 3 channels for notification of data (one for start notifications, stop notifications, and error notifications)

the bufsize and numbufs params, respectively, can be used to override the defaults for those parameters (if 0 is provided then defaults are used) Allows caller to configure the number & size of the overlapped buffers used for receiving notifications from the driver

func (*WinProcmon) OnData ¶

func (wp *WinProcmon) OnData(data []uint8)

func (*WinProcmon) OnError ¶

func (wp *WinProcmon) OnError(err error)

func (*WinProcmon) Start ¶

func (wp *WinProcmon) Start() error

func (*WinProcmon) Stop ¶

func (wp *WinProcmon) Stop()

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL