mirror of
https://github.com/donnaskiez/ac.git
synced 2024-11-21 22:24:08 +01:00
o yeh
This commit is contained in:
parent
7280c7eec6
commit
30ab652a56
4 changed files with 26 additions and 7 deletions
|
@ -2117,8 +2117,6 @@ HeartbeatWorkItem(_In_ PDEVICE_OBJECT DeviceObject, _In_opt_ PVOID Context)
|
||||||
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
||||||
PHEARTBEAT_CONFIGURATION config = (PHEARTBEAT_CONFIGURATION)Context;
|
PHEARTBEAT_CONFIGURATION config = (PHEARTBEAT_CONFIGURATION)Context;
|
||||||
|
|
||||||
DEBUG_INFO("heartbeat work routine called");
|
|
||||||
|
|
||||||
/* Ensure we wait until our heartbeats DPC has terminated. */
|
/* Ensure we wait until our heartbeats DPC has terminated. */
|
||||||
KeFlushQueuedDpcs();
|
KeFlushQueuedDpcs();
|
||||||
FreeHeartbeatObjects(config);
|
FreeHeartbeatObjects(config);
|
||||||
|
|
|
@ -156,11 +156,10 @@ STATIC
|
||||||
VOID
|
VOID
|
||||||
IncrementPacketMetics(_In_ PIRP_QUEUE_HEAD Queue, UINT16 Type)
|
IncrementPacketMetics(_In_ PIRP_QUEUE_HEAD Queue, UINT16 Type)
|
||||||
{
|
{
|
||||||
if (Type == PACKET_TYPE_REPORT)
|
switch (Type) {
|
||||||
Queue->total_reports_completed++;
|
case PACKET_TYPE_HEARTBEAT: Queue->total_heartbeats_completed++; break;
|
||||||
|
case PACKET_TYPE_REPORT: Queue->total_reports_completed++; break;
|
||||||
if (Type == PACKET_TYPE_HEARTBEAT)
|
}
|
||||||
Queue->total_heartbeats_completed++;
|
|
||||||
|
|
||||||
Queue->total_irps_completed++;
|
Queue->total_irps_completed++;
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,6 +53,20 @@ void helper::print_kernel_report(void *buffer) {
|
||||||
kernel_interface::packet_header *header =
|
kernel_interface::packet_header *header =
|
||||||
reinterpret_cast<kernel_interface::packet_header *>(buffer);
|
reinterpret_cast<kernel_interface::packet_header *>(buffer);
|
||||||
LOG_INFO("packet type: %lx", header->packet_type);
|
LOG_INFO("packet type: %lx", header->packet_type);
|
||||||
|
|
||||||
|
if (header->packet_type == 1)
|
||||||
|
{
|
||||||
|
kernel_interface::heartbeat_packet* hb =
|
||||||
|
reinterpret_cast<kernel_interface::heartbeat_packet*>(buffer);
|
||||||
|
LOG_INFO("Heartbeat Count: %lx", hb->heartbeat_count);
|
||||||
|
LOG_INFO("Total Reports Completed: %lx", hb->total_reports_completed);
|
||||||
|
LOG_INFO("Total IRPs Completed: %lx", hb->total_irps_completed);
|
||||||
|
LOG_INFO("Total Heartbeats Completed: %lx",
|
||||||
|
hb->total_heartbeats_completed);
|
||||||
|
LOG_INFO("********************************");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
kernel_interface::report_header *report_header =
|
kernel_interface::report_header *report_header =
|
||||||
reinterpret_cast<kernel_interface::report_header *>(
|
reinterpret_cast<kernel_interface::report_header *>(
|
||||||
(uint64_t)buffer + sizeof(kernel_interface::packet_header));
|
(uint64_t)buffer + sizeof(kernel_interface::packet_header));
|
||||||
|
|
|
@ -123,6 +123,14 @@ struct process_module_validation_report {
|
||||||
wchar_t module_path[MODULE_PATH_LEN];
|
wchar_t module_path[MODULE_PATH_LEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct heartbeat_packet {
|
||||||
|
packet_header header;
|
||||||
|
uint32_t heartbeat_count;
|
||||||
|
uint32_t total_reports_completed;
|
||||||
|
uint32_t total_irps_completed;
|
||||||
|
uint32_t total_heartbeats_completed;
|
||||||
|
};
|
||||||
|
|
||||||
enum apc_operation { operation_stackwalk = 0x1 };
|
enum apc_operation { operation_stackwalk = 0x1 };
|
||||||
|
|
||||||
// clang-format off
|
// clang-format off
|
||||||
|
|
Loading…
Reference in a new issue