lywsvip/MemProcFS-plugins
1
0
Fork 0
mirror of https://github.com/ufrisk/MemProcFS-plugins.git synced 2026-05-08 06:43:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b89bee2c38d7adf613f9620e366cd4be40468203
MemProcFS-plugins/vmm/statistics.h
ufrisk 49ba556bb8 Initial Commit
2018-11-18 19:50:41 +01:00

101 lines
4.3 KiB
C
Raw Blame History

// statistics.h : definitions of statistics related functionality.
//
// (c) Ulf Frisk, 2016-2018
// Author: Ulf Frisk, pcileech@frizk.net
//
#ifndef __STATISTICS_H__
#define __STATISTICS_H__
#include "vmm.h"
#define PAGE_STATISTICS_MEM_MAP_MAX_ENTRY 4096
typedef struct tdPageStatistics {
QWORD qwAddr;
QWORD cPageTotal;
QWORD cPageSuccess;
QWORD cPageFail;
BOOL fKMD;
LPSTR szAction;
struct _InternalUseOnly {
BOOL fUpdate;
BOOL fThreadExit;
BOOL fMemMap;
BOOL fIsFirstPrintCompleted;
HANDLE hThread;
WORD wConsoleCursorPosition;
QWORD qwTickCountStart;
QWORD qwAddrBase;
QWORD MemMapIdx;
QWORD MemMapPrintCommitIdx;
QWORD MemMapPrintCommitPages;
DWORD MemMap[PAGE_STATISTICS_MEM_MAP_MAX_ENTRY];
} i;
} PAGE_STATISTICS, *PPAGE_STATISTICS;
/*
* Initialize the page statistics. This will also start displaying the page statistics
* on the screen asynchronously. PageStatClose must be called to stop this.
* -- ps = ptr to the PAGE_STATISTICS struct to initialize.
* -- qwAddrBase = the base address that the statistics will be based upon.
* -- qwAddrMax = the maximum address.
* -- szAction = the text shown as action.
* -- fKMD = is KMD mode.
* -- fPageMap = display read memory map when PageStatClose is called.
*/
VOID PageStatInitialize(_Inout_ PPAGE_STATISTICS ps, _In_ QWORD qwAddrBase, _In_ QWORD qwAddrMax, _In_ LPSTR szAction, _In_ BOOL fKMD, _In_ BOOL fMemMap);
/*
* Do one last update of the on-screen page statistics, display the read memory map if
* previously set in PageStatInitialize and stop the on-screen updates.
* -- ps = ptr to the PAGE_STATISTICS struct to stop using.
*/
VOID PageStatClose(_Inout_ PPAGE_STATISTICS ps);
/*
* Update the page statistics with the current address and with successfully and failed
* pages. Should not be called before PageStatInitialize and not after PageStatClose.
* This function must be used if the memory map should be shown; otherwise it's possible
* to alter the PPAGE_STATISTICS struct members directly.
* -- ps = pointer to page statistics struct (optional).
* -- qwAddr = new address (after completed operation).
* -- cPageSuccessAdd = number of successfully read pages.
* -- cPageFailAdd = number of pages that failed.
*/
VOID PageStatUpdate(_Inout_opt_ PPAGE_STATISTICS ps, _In_ QWORD qwAddr, _In_ QWORD cPageSuccessAdd, _In_ QWORD cPageFailAdd);
#define STATISTICS_ID_INITIALIZE 0x00
#define STATISTICS_ID_VMMDLL_VfsList 0x01
#define STATISTICS_ID_VMMDLL_VfsRead 0x02
#define STATISTICS_ID_VMMDLL_VfsWrite 0x03
#define STATISTICS_ID_VMMDLL_VfsInitializePlugins 0x04
#define STATISTICS_ID_VMMDLL_MemReadEx 0x05
#define STATISTICS_ID_VMMDLL_MemWrite 0x06
#define STATISTICS_ID_VMMDLL_MemVirt2Phys 0x07
#define STATISTICS_ID_VMMDLL_PidList 0x08
#define STATISTICS_ID_VMMDLL_PidGetFromName 0x09
#define STATISTICS_ID_VMMDLL_ProcessGetInformation 0x0a
#define STATISTICS_ID_VMMDLL_ProcessGetMemoryMap 0x0b
#define STATISTICS_ID_VMMDLL_ProcessGetMemoryMapEntry 0x0c
#define STATISTICS_ID_VMMDLL_ProcessGetModuleMap 0x0d
#define STATISTICS_ID_VMMDLL_ProcessGetModuleFromName 0x0e
#define STATISTICS_ID_VMMDLL_ProcessGetDirectories 0x0f
#define STATISTICS_ID_VMMDLL_ProcessGetSections 0x10
#define STATISTICS_ID_VMMDLL_ProcessGetEAT 0x11
#define STATISTICS_ID_VMMDLL_ProcessGetIAT 0x12
#define STATISTICS_ID_PluginManager_List 0x13
#define STATISTICS_ID_PluginManager_Read 0x14
#define STATISTICS_ID_PluginManager_Write 0x15
#define STATISTICS_ID_PluginManager_Notify 0x16
#define STATISTICS_ID_DeviceReadScatterMEM 0x17
#define STATISTICS_ID_DeviceWriteMEM 0x18
#define STATISTICS_ID_MAX 0x18
#define STATISTICS_ID_NOLOG 0xffffffff
VOID Statistics_CallSetEnabled(_In_ BOOL fEnabled);
BOOL Statistics_CallGetEnabled();
QWORD Statistics_CallStart();
VOID Statistics_CallEnd(_In_ DWORD fId, QWORD tmCallStart);
VOID Statistics_CallToString(_In_opt_ PBYTE pb, _In_ DWORD cb, _Out_ PDWORD pcb);
#endif /* __STATISTICS_H__ */
Reference in New Issue View Git Blame Copy Permalink