#include <phapp.h>
#include <kphuser.h>
#include <extmgri.h>
#include <phplug.h>
#include <verify.h>
#include <winsta.h>

Macros
#define	PROCESS_ID_BUCKETS 64

#define	PROCESS_ID_TO_BUCKET_INDEX(ProcessId) (((ULONG)(ProcessId) / 4) & (PROCESS_ID_BUCKETS - 1))

Typedefs
typedef struct _PH_PROCESS_QUERY_DATA	PH_PROCESS_QUERY_DATA

typedef struct _PH_PROCESS_QUERY_DATA *	PPH_PROCESS_QUERY_DATA

typedef struct _PH_PROCESS_QUERY_S1_DATA	PH_PROCESS_QUERY_S1_DATA

typedef struct _PH_PROCESS_QUERY_S1_DATA *	PPH_PROCESS_QUERY_S1_DATA

typedef struct _PH_PROCESS_QUERY_S2_DATA	PH_PROCESS_QUERY_S2_DATA

typedef struct _PH_PROCESS_QUERY_S2_DATA *	PPH_PROCESS_QUERY_S2_DATA

typedef struct _PH_VERIFY_CACHE_ENTRY	PH_VERIFY_CACHE_ENTRY

typedef struct _PH_VERIFY_CACHE_ENTRY *	PPH_VERIFY_CACHE_ENTRY

Functions
VOID NTAPI	PhpProcessItemDeleteProcedure (_In_ PVOID Object, _In_ ULONG Flags)

INT NTAPI	PhpVerifyCacheCompareFunction (_In_ PPH_AVL_LINKS Links1, _In_ PPH_AVL_LINKS Links2)

VOID	PhpQueueProcessQueryStage1 (_In_ PPH_PROCESS_ITEM ProcessItem)

VOID	PhpQueueProcessQueryStage2 (_In_ PPH_PROCESS_ITEM ProcessItem)

PPH_PROCESS_RECORD	PhpCreateProcessRecord (_In_ PPH_PROCESS_ITEM ProcessItem)

VOID	PhpAddProcessRecord (_Inout_ PPH_PROCESS_RECORD ProcessRecord)

VOID	PhpRemoveProcessRecord (_Inout_ PPH_PROCESS_RECORD ProcessRecord)

PHAPPAPI	PH_CALLBACK_DECLARE (PhProcessAddedEvent)

PHAPPAPI	PH_CALLBACK_DECLARE (PhProcessModifiedEvent)

PHAPPAPI	PH_CALLBACK_DECLARE (PhProcessRemovedEvent)

PHAPPAPI	PH_CALLBACK_DECLARE (PhProcessesUpdatedEvent)

BOOLEAN	PhProcessProviderInitialization (VOID)

PPH_STRING	PhGetClientIdName (_In_ PCLIENT_ID ClientId)

PPH_STRING	PhGetClientIdNameEx (_In_ PCLIENT_ID ClientId, _In_opt_ PPH_STRING ProcessName)

PWSTR	PhGetProcessPriorityClassString (_In_ ULONG PriorityClass)

PPH_PROCESS_ITEM	PhCreateProcessItem (_In_ HANDLE ProcessId)
	Creates a process item.

FORCEINLINE BOOLEAN	PhCompareProcessItem (_In_ PPH_PROCESS_ITEM Value1, _In_ PPH_PROCESS_ITEM Value2)

FORCEINLINE ULONG	PhHashProcessItem (_In_ PPH_PROCESS_ITEM Value)

PPH_PROCESS_ITEM	PhpLookupProcessItem (_In_ HANDLE ProcessId)
	Finds a process item in the hash set.

PPH_PROCESS_ITEM	PhReferenceProcessItem (_In_ HANDLE ProcessId)
	Finds and references a process item.

VOID	PhEnumProcessItems (_Out_opt_ PPH_PROCESS_ITEM **ProcessItems, _Out_ PULONG NumberOfProcessItems)
	Enumerates the process items.

VOID	PhpAddProcessItem (_In_ _Assume_refs_(1) PPH_PROCESS_ITEM ProcessItem)

VOID	PhpRemoveProcessItem (_In_ PPH_PROCESS_ITEM ProcessItem)

VERIFY_RESULT	PhVerifyFileWithAdditionalCatalog (_In_ PPH_VERIFY_FILE_INFO Information, _In_opt_ PWSTR PackageFullName, _Out_opt_ PPH_STRING *SignerName)

VERIFY_RESULT	PhVerifyFileCached (_In_ PPH_STRING FileName, _In_opt_ PWSTR PackageFullName, _Out_opt_ PPH_STRING *SignerName, _In_ BOOLEAN CachedOnly)
	Verifies a file's digital signature, using a cached result if possible.

VOID	PhpProcessQueryStage1 (_Inout_ PPH_PROCESS_QUERY_S1_DATA Data)

VOID	PhpProcessQueryStage2 (_Inout_ PPH_PROCESS_QUERY_S2_DATA Data)

NTSTATUS	PhpProcessQueryStage1Worker (_In_ PVOID Parameter)

NTSTATUS	PhpProcessQueryStage2Worker (_In_ PVOID Parameter)

VOID	PhpFillProcessItemStage1 (_In_ PPH_PROCESS_QUERY_S1_DATA Data)

VOID	PhpFillProcessItemStage2 (_In_ PPH_PROCESS_QUERY_S2_DATA Data)

VOID	PhpFillProcessItem (_Inout_ PPH_PROCESS_ITEM ProcessItem, _In_ PSYSTEM_PROCESS_INFORMATION Process)

FORCEINLINE VOID	PhpUpdateDynamicInfoProcessItem (_Inout_ PPH_PROCESS_ITEM ProcessItem, _In_ PSYSTEM_PROCESS_INFORMATION Process)

VOID	PhpUpdatePerfInformation (VOID)

VOID	PhpUpdateCpuInformation (_In_ BOOLEAN SetCpuUsage, _Out_ PULONG64 TotalTime)

VOID	PhpUpdateCpuCycleInformation (_Out_ PULONG64 IdleCycleTime)

VOID	PhpUpdateCpuCycleUsageInformation (_In_ ULONG64 TotalCycleTime, _In_ ULONG64 IdleCycleTime)

VOID	PhpInitializeProcessStatistics (VOID)

VOID	PhpUpdateSystemHistory (VOID)

BOOLEAN	PhGetStatisticsTime (_In_opt_ PPH_PROCESS_ITEM ProcessItem, _In_ ULONG Index, _Out_ PLARGE_INTEGER Time)
	Retrieves a time value recorded by the statistics system.

PPH_STRING	PhGetStatisticsTimeString (_In_opt_ PPH_PROCESS_ITEM ProcessItem, _In_ ULONG Index)

VOID	PhFlushProcessQueryData (_In_ BOOLEAN SendModifiedEvent)

VOID	PhpGetProcessThreadInformation (_In_ PSYSTEM_PROCESS_INFORMATION Process, _Out_opt_ PBOOLEAN IsSuspended, _Out_opt_ PBOOLEAN IsPartiallySuspended, _Out_opt_ PULONG ContextSwitches)

VOID	PhProcessProviderUpdate (_In_ PVOID Object)

PPH_PROCESS_RECORD	PhpSearchProcessRecordList (_In_ PLARGE_INTEGER Time, _Out_opt_ PULONG Index, _Out_opt_ PULONG InsertIndex)

VOID	PhReferenceProcessRecord (_In_ PPH_PROCESS_RECORD ProcessRecord)

BOOLEAN	PhReferenceProcessRecordSafe (_In_ PPH_PROCESS_RECORD ProcessRecord)

VOID	PhReferenceProcessRecordForStatistics (_In_ PPH_PROCESS_RECORD ProcessRecord)

VOID	PhDereferenceProcessRecord (_In_ PPH_PROCESS_RECORD ProcessRecord)

PPH_PROCESS_RECORD	PhpFindProcessRecord (_In_ PPH_PROCESS_RECORD ProcessRecord, _In_ HANDLE ProcessId)

PPH_PROCESS_RECORD	PhFindProcessRecord (_In_opt_ HANDLE ProcessId, _In_ PLARGE_INTEGER Time)
	Finds a process record.

VOID	PhPurgeProcessRecords (VOID)
	Deletes unused process records.

PPH_PROCESS_ITEM	PhReferenceProcessItemForParent (_In_ HANDLE ParentProcessId, _In_ HANDLE ProcessId, _In_ PLARGE_INTEGER CreateTime)

PPH_PROCESS_ITEM	PhReferenceProcessItemForRecord (_In_ PPH_PROCESS_RECORD Record)

Variables
PPH_OBJECT_TYPE	PhProcessItemType

PPH_HASH_ENTRY	PhProcessHashSet [256] = PH_HASH_SET_INIT

ULONG	PhProcessHashSetCount = 0

PH_QUEUED_LOCK	PhProcessHashSetLock = PH_QUEUED_LOCK_INIT

SLIST_HEADER	PhProcessQueryDataListHead

PPH_LIST	PhProcessRecordList

PH_QUEUED_LOCK	PhProcessRecordListLock = PH_QUEUED_LOCK_INIT

ULONG	PhStatisticsSampleCount = 512

BOOLEAN	PhEnableProcessQueryStage2 = FALSE

BOOLEAN	PhEnablePurgeProcessRecords = TRUE

BOOLEAN	PhEnableCycleCpuUsage = TRUE

PVOID	PhProcessInformation

SYSTEM_PERFORMANCE_INFORMATION	PhPerfInformation

PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION	PhCpuInformation

SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION	PhCpuTotals

ULONG	PhTotalProcesses

ULONG	PhTotalThreads

ULONG	PhTotalHandles

SYSTEM_PROCESS_INFORMATION	PhDpcsProcessInformation

SYSTEM_PROCESS_INFORMATION	PhInterruptsProcessInformation

ULONG64	PhCpuTotalCycleDelta

PLARGE_INTEGER	PhCpuIdleCycleTime

PLARGE_INTEGER	PhCpuSystemCycleTime

PH_UINT64_DELTA	PhCpuIdleCycleDelta

PH_UINT64_DELTA	PhCpuSystemCycleDelta

FLOAT	PhCpuKernelUsage

FLOAT	PhCpuUserUsage

PFLOAT	PhCpusKernelUsage

PFLOAT	PhCpusUserUsage

PH_UINT64_DELTA	PhCpuKernelDelta

PH_UINT64_DELTA	PhCpuUserDelta

PH_UINT64_DELTA	PhCpuIdleDelta

PPH_UINT64_DELTA	PhCpusKernelDelta

PPH_UINT64_DELTA	PhCpusUserDelta

PPH_UINT64_DELTA	PhCpusIdleDelta

PH_UINT64_DELTA	PhIoReadDelta

PH_UINT64_DELTA	PhIoWriteDelta

PH_UINT64_DELTA	PhIoOtherDelta

PH_CIRCULAR_BUFFER_FLOAT	PhCpuKernelHistory

PH_CIRCULAR_BUFFER_FLOAT	PhCpuUserHistory

PPH_CIRCULAR_BUFFER_FLOAT	PhCpusKernelHistory

PPH_CIRCULAR_BUFFER_FLOAT	PhCpusUserHistory

PH_CIRCULAR_BUFFER_ULONG64	PhIoReadHistory

PH_CIRCULAR_BUFFER_ULONG64	PhIoWriteHistory

PH_CIRCULAR_BUFFER_ULONG64	PhIoOtherHistory

PH_CIRCULAR_BUFFER_ULONG	PhCommitHistory

PH_CIRCULAR_BUFFER_ULONG	PhPhysicalHistory

PH_CIRCULAR_BUFFER_ULONG	PhMaxCpuHistory

PH_CIRCULAR_BUFFER_ULONG	PhMaxIoHistory

Macro Definition Documentation

#define PROCESS_ID_BUCKETS 64

Definition at line 65 of file procprv.c.

#define PROCESS_ID_TO_BUCKET_INDEX ( ProcessId ) (((ULONG)(ProcessId) / 4) & (PROCESS_ID_BUCKETS - 1))

Definition at line 66 of file procprv.c.

Typedef Documentation

typedef struct _PH_PROCESS_QUERY_DATA PH_PROCESS_QUERY_DATA

typedef struct _PH_PROCESS_QUERY_S1_DATA PH_PROCESS_QUERY_S1_DATA

typedef struct _PH_PROCESS_QUERY_S2_DATA PH_PROCESS_QUERY_S2_DATA

typedef struct _PH_VERIFY_CACHE_ENTRY PH_VERIFY_CACHE_ENTRY

typedef struct _PH_PROCESS_QUERY_DATA * PPH_PROCESS_QUERY_DATA

typedef struct _PH_PROCESS_QUERY_S1_DATA * PPH_PROCESS_QUERY_S1_DATA

typedef struct _PH_PROCESS_QUERY_S2_DATA * PPH_PROCESS_QUERY_S2_DATA

typedef struct _PH_VERIFY_CACHE_ENTRY * PPH_VERIFY_CACHE_ENTRY

Function Documentation

PHAPPAPI PH_CALLBACK_DECLARE ( PhProcessAddedEvent )

PHAPPAPI PH_CALLBACK_DECLARE ( PhProcessModifiedEvent )

PHAPPAPI PH_CALLBACK_DECLARE ( PhProcessRemovedEvent )

PHAPPAPI PH_CALLBACK_DECLARE ( PhProcessesUpdatedEvent )

FORCEINLINE BOOLEAN PhCompareProcessItem	(	_In_ PPH_PROCESS_ITEM	Value1,
		_In_ PPH_PROCESS_ITEM	Value2
	)

Definition at line 500 of file procprv.c.

PPH_PROCESS_ITEM PhCreateProcessItem ( _In_ HANDLE ProcessId )

Creates a process item.

Definition at line 421 of file procprv.c.

VOID PhDereferenceProcessRecord ( _In_ PPH_PROCESS_RECORD ProcessRecord )

Definition at line 2621 of file procprv.c.

VOID PhEnumProcessItems	(	_Out_opt_ PPH_PROCESS_ITEM **	ProcessItems,
		_Out_ PULONG	NumberOfProcessItems
	)

Enumerates the process items.

Parameters

ProcessItems	A variable which receives an array of pointers to process items. You must free the buffer with PhFree() when you no longer need it.
NumberOfProcessItems	A variable which receives the number of process items returned in ProcessItems.

Definition at line 584 of file procprv.c.

PPH_PROCESS_RECORD PhFindProcessRecord	(	_In_opt_ HANDLE	ProcessId,
		_In_ PLARGE_INTEGER	Time
	)

Finds a process record.

Parameters

ProcessId	The ID of the process.
Time	A time in which the process was active.

Returns: The newest record older than Time, or NULL if the record could not be found. You must call PhDereferenceProcessRecord() when you no longer need the record.

Definition at line 2668 of file procprv.c.

VOID PhFlushProcessQueryData ( _In_ BOOLEAN SendModifiedEvent )

Definition at line 1763 of file procprv.c.

PPH_STRING PhGetClientIdName ( _In_ PCLIENT_ID ClientId )

Definition at line 319 of file procprv.c.

PPH_STRING PhGetClientIdNameEx	(	_In_ PCLIENT_ID	ClientId,
		_In_opt_ PPH_STRING	ProcessName
	)

Definition at line 341 of file procprv.c.

PWSTR PhGetProcessPriorityClassString ( _In_ ULONG PriorityClass )

Definition at line 395 of file procprv.c.

BOOLEAN PhGetStatisticsTime	(	_In_opt_ PPH_PROCESS_ITEM	ProcessItem,
		_In_ ULONG	Index,
		_Out_ PLARGE_INTEGER	Time
	)

Retrieves a time value recorded by the statistics system.

Parameters

ProcessItem	A process item to synchronize with, or NULL if no synchronization is necessary.
Index	The history index.
Time	A variable which receives the time at Index.

Returns: TRUE if the function succeeded, otherwise FALSE if ProcessItem was specified and Index is too far into the past for that process item.

Definition at line 1707 of file procprv.c.

PPH_STRING PhGetStatisticsTimeString	(	_In_opt_ PPH_PROCESS_ITEM	ProcessItem,
		_In_ ULONG	Index
	)

Definition at line 1743 of file procprv.c.

FORCEINLINE ULONG PhHashProcessItem ( _In_ PPH_PROCESS_ITEM Value )

Definition at line 508 of file procprv.c.

VOID PhpAddProcessItem ( _In_ _Assume_refs_(1) PPH_PROCESS_ITEM ProcessItem )

Definition at line 623 of file procprv.c.

VOID PhpAddProcessRecord ( _Inout_ PPH_PROCESS_RECORD ProcessRecord )

Definition at line 2544 of file procprv.c.

PPH_PROCESS_RECORD PhpCreateProcessRecord ( _In_ PPH_PROCESS_ITEM ProcessItem )

Definition at line 2454 of file procprv.c.

VOID PhpFillProcessItem	(	_Inout_ PPH_PROCESS_ITEM	ProcessItem,
		_In_ PSYSTEM_PROCESS_INFORMATION	Process
	)

Definition at line 1237 of file procprv.c.

VOID PhpFillProcessItemStage1 ( _In_ PPH_PROCESS_QUERY_S1_DATA Data )

Definition at line 1197 of file procprv.c.

VOID PhpFillProcessItemStage2 ( _In_ PPH_PROCESS_QUERY_S2_DATA Data )

Definition at line 1224 of file procprv.c.

PPH_PROCESS_RECORD PhpFindProcessRecord	(	_In_ PPH_PROCESS_RECORD	ProcessRecord,
		_In_ HANDLE	ProcessId
	)

Definition at line 2637 of file procprv.c.

VOID PhpGetProcessThreadInformation	(	_In_ PSYSTEM_PROCESS_INFORMATION	Process,
		_Out_opt_ PBOOLEAN	IsSuspended,
		_Out_opt_ PBOOLEAN	IsPartiallySuspended,
		_Out_opt_ PULONG	ContextSwitches
	)

Definition at line 1808 of file procprv.c.

VOID PhpInitializeProcessStatistics ( VOID )

Definition at line 1630 of file procprv.c.

PPH_PROCESS_ITEM PhpLookupProcessItem ( _In_ HANDLE ProcessId )

Finds a process item in the hash set.

Parameters

ProcessId The process ID of the process item.

Remarks: The hash set must be locked before calling this function. The reference count of the found process item is not incremented.

Definition at line 524 of file procprv.c.

VOID PhpProcessItemDeleteProcedure	(	_In_ PVOID	Object,
		_In_ ULONG	Flags
	)

Definition at line 454 of file procprv.c.

VOID PhpProcessQueryStage1 ( _Inout_ PPH_PROCESS_QUERY_S1_DATA Data )

Definition at line 847 of file procprv.c.

NTSTATUS PhpProcessQueryStage1Worker ( _In_ PVOID Parameter )

Definition at line 1138 of file procprv.c.

VOID PhpProcessQueryStage2 ( _Inout_ PPH_PROCESS_QUERY_S2_DATA Data )

Definition at line 1093 of file procprv.c.

NTSTATUS PhpProcessQueryStage2Worker ( _In_ PVOID Parameter )

Definition at line 1157 of file procprv.c.

VOID PhpQueueProcessQueryStage1 ( _In_ PPH_PROCESS_ITEM ProcessItem )

Definition at line 1176 of file procprv.c.

VOID PhpQueueProcessQueryStage2 ( _In_ PPH_PROCESS_ITEM ProcessItem )

Definition at line 1186 of file procprv.c.

VOID PhpRemoveProcessItem ( _In_ PPH_PROCESS_ITEM ProcessItem )

Definition at line 636 of file procprv.c.

VOID PhpRemoveProcessRecord ( _Inout_ PPH_PROCESS_RECORD ProcessRecord )

Definition at line 2569 of file procprv.c.

BOOLEAN PhProcessProviderInitialization ( VOID )

Definition at line 245 of file procprv.c.

VOID PhProcessProviderUpdate ( _In_ PVOID Object )

Definition at line 1847 of file procprv.c.

PPH_PROCESS_RECORD PhpSearchProcessRecordList	(	_In_ PLARGE_INTEGER	Time,
		_Out_opt_ PULONG	Index,
		_Out_opt_ PULONG	InsertIndex
	)

Definition at line 2479 of file procprv.c.

VOID PhpUpdateCpuCycleInformation ( _Out_ PULONG64 IdleCycleTime )

Definition at line 1511 of file procprv.c.

VOID PhpUpdateCpuCycleUsageInformation	(	_In_ ULONG64	TotalCycleTime,
		_In_ ULONG64	IdleCycleTime
	)

Definition at line 1559 of file procprv.c.

VOID PhpUpdateCpuInformation	(	_In_ BOOLEAN	SetCpuUsage,
		_Out_ PULONG64	TotalTime
	)

Definition at line 1433 of file procprv.c.

FORCEINLINE VOID PhpUpdateDynamicInfoProcessItem	(	_Inout_ PPH_PROCESS_ITEM	ProcessItem,
		_In_ PSYSTEM_PROCESS_INFORMATION	Process
	)

Definition at line 1377 of file procprv.c.

VOID PhpUpdatePerfInformation ( VOID )

Definition at line 1417 of file procprv.c.

VOID PhpUpdateSystemHistory ( VOID )

Definition at line 1659 of file procprv.c.

VOID PhPurgeProcessRecords ( VOID )

Deletes unused process records.

Definition at line 2755 of file procprv.c.

INT NTAPI PhpVerifyCacheCompareFunction	(	_In_ PPH_AVL_LINKS	Links1,
		_In_ PPH_AVL_LINKS	Links2
	)

Definition at line 645 of file procprv.c.

PPH_PROCESS_ITEM PhReferenceProcessItem ( _In_ HANDLE ProcessId )

Finds and references a process item.

Parameters

ProcessId The process ID of the process item.

Returns: The found process item.

Definition at line 557 of file procprv.c.

PPH_PROCESS_ITEM PhReferenceProcessItemForParent	(	_In_ HANDLE	ParentProcessId,
		_In_ HANDLE	ProcessId,
		_In_ PLARGE_INTEGER	CreateTime
	)

Definition at line 2819 of file procprv.c.

PPH_PROCESS_ITEM PhReferenceProcessItemForRecord ( _In_ PPH_PROCESS_RECORD Record )

Definition at line 2847 of file procprv.c.

VOID PhReferenceProcessRecord ( _In_ PPH_PROCESS_RECORD ProcessRecord )

Definition at line 2596 of file procprv.c.

VOID PhReferenceProcessRecordForStatistics ( _In_ PPH_PROCESS_RECORD ProcessRecord )

Definition at line 2610 of file procprv.c.

BOOLEAN PhReferenceProcessRecordSafe ( _In_ PPH_PROCESS_RECORD ProcessRecord )

Definition at line 2603 of file procprv.c.

VERIFY_RESULT PhVerifyFileCached	(	_In_ PPH_STRING	FileName,
		_In_opt_ PWSTR	PackageFullName,
		_Out_opt_ PPH_STRING *	SignerName,
		_In_ BOOLEAN	CachedOnly
	)

Verifies a file's digital signature, using a cached result if possible.

Parameters

FileName	A file name.
ProcessItem	An associated process item.
SignerName	A variable which receives a pointer to a string containing the signer name. You must free the string using PhDereferenceObject() when you no longer need it. Note that the signer name may be NULL if it is not valid.
CachedOnly	Specify TRUE to fail the function when no cached result exists.

Returns: A VERIFY_RESULT value.

Definition at line 731 of file procprv.c.

VERIFY_RESULT PhVerifyFileWithAdditionalCatalog	(	_In_ PPH_VERIFY_FILE_INFO	Information,
		_In_opt_ PWSTR	PackageFullName,
		_Out_opt_ PPH_STRING *	SignerName
	)

Definition at line 656 of file procprv.c.

Variable Documentation

PH_CIRCULAR_BUFFER_ULONG PhCommitHistory

Definition at line 226 of file procprv.c.

PH_UINT64_DELTA PhCpuIdleCycleDelta

Definition at line 189 of file procprv.c.

PLARGE_INTEGER PhCpuIdleCycleTime

Definition at line 187 of file procprv.c.

PH_UINT64_DELTA PhCpuIdleDelta

Definition at line 200 of file procprv.c.

PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION PhCpuInformation

Definition at line 177 of file procprv.c.

PH_UINT64_DELTA PhCpuKernelDelta

Definition at line 198 of file procprv.c.

PH_CIRCULAR_BUFFER_FLOAT PhCpuKernelHistory

Definition at line 214 of file procprv.c.

FLOAT PhCpuKernelUsage

Definition at line 193 of file procprv.c.

PPH_UINT64_DELTA PhCpusIdleDelta

Definition at line 204 of file procprv.c.

PPH_UINT64_DELTA PhCpusKernelDelta

Definition at line 202 of file procprv.c.

PPH_CIRCULAR_BUFFER_FLOAT PhCpusKernelHistory

Definition at line 218 of file procprv.c.

PFLOAT PhCpusKernelUsage

Definition at line 195 of file procprv.c.

PPH_UINT64_DELTA PhCpusUserDelta

Definition at line 203 of file procprv.c.

PPH_CIRCULAR_BUFFER_FLOAT PhCpusUserHistory

Definition at line 219 of file procprv.c.

PFLOAT PhCpusUserUsage

Definition at line 196 of file procprv.c.

PH_UINT64_DELTA PhCpuSystemCycleDelta

Definition at line 190 of file procprv.c.

PLARGE_INTEGER PhCpuSystemCycleTime

Definition at line 188 of file procprv.c.

ULONG64 PhCpuTotalCycleDelta

Definition at line 186 of file procprv.c.

SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION PhCpuTotals

Definition at line 178 of file procprv.c.

PH_UINT64_DELTA PhCpuUserDelta

Definition at line 199 of file procprv.c.

PH_CIRCULAR_BUFFER_FLOAT PhCpuUserHistory

Definition at line 215 of file procprv.c.

FLOAT PhCpuUserUsage

Definition at line 194 of file procprv.c.

SYSTEM_PROCESS_INFORMATION PhDpcsProcessInformation

Definition at line 183 of file procprv.c.

BOOLEAN PhEnableCycleCpuUsage = TRUE

Definition at line 173 of file procprv.c.

BOOLEAN PhEnableProcessQueryStage2 = FALSE

Definition at line 171 of file procprv.c.

BOOLEAN PhEnablePurgeProcessRecords = TRUE

Definition at line 172 of file procprv.c.

SYSTEM_PROCESS_INFORMATION PhInterruptsProcessInformation

Definition at line 184 of file procprv.c.

PH_UINT64_DELTA PhIoOtherDelta

Definition at line 208 of file procprv.c.

PH_CIRCULAR_BUFFER_ULONG64 PhIoOtherHistory

Definition at line 224 of file procprv.c.

PH_UINT64_DELTA PhIoReadDelta

Definition at line 206 of file procprv.c.

PH_CIRCULAR_BUFFER_ULONG64 PhIoReadHistory

Definition at line 222 of file procprv.c.

PH_UINT64_DELTA PhIoWriteDelta

Definition at line 207 of file procprv.c.

PH_CIRCULAR_BUFFER_ULONG64 PhIoWriteHistory

Definition at line 223 of file procprv.c.

PH_CIRCULAR_BUFFER_ULONG PhMaxCpuHistory

Definition at line 229 of file procprv.c.

PH_CIRCULAR_BUFFER_ULONG PhMaxIoHistory

Definition at line 230 of file procprv.c.

SYSTEM_PERFORMANCE_INFORMATION PhPerfInformation

Definition at line 176 of file procprv.c.

PH_CIRCULAR_BUFFER_ULONG PhPhysicalHistory

Definition at line 227 of file procprv.c.

PPH_HASH_ENTRY PhProcessHashSet[256] = PH_HASH_SET_INIT

Definition at line 156 of file procprv.c.

ULONG PhProcessHashSetCount = 0

Definition at line 157 of file procprv.c.

PH_QUEUED_LOCK PhProcessHashSetLock = PH_QUEUED_LOCK_INIT

Definition at line 158 of file procprv.c.

PVOID PhProcessInformation

Definition at line 175 of file procprv.c.

PPH_OBJECT_TYPE PhProcessItemType

Definition at line 154 of file procprv.c.

SLIST_HEADER PhProcessQueryDataListHead

Definition at line 160 of file procprv.c.

PPH_LIST PhProcessRecordList

Definition at line 167 of file procprv.c.

PH_QUEUED_LOCK PhProcessRecordListLock = PH_QUEUED_LOCK_INIT

Definition at line 168 of file procprv.c.

ULONG PhStatisticsSampleCount = 512

Definition at line 170 of file procprv.c.

ULONG PhTotalHandles

Definition at line 181 of file procprv.c.

ULONG PhTotalProcesses

Definition at line 179 of file procprv.c.

ULONG PhTotalThreads

Definition at line 180 of file procprv.c.

Macros

Typedefs

Functions

Variables

Macro Definition Documentation

Typedef Documentation

Function Documentation

Variable Documentation