PROCESS_LOGGING_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The PROCESS_LOGGING_INFORMATION structure provides flags to enable or disable logging
 * for specific process and thread events, such as virtual memory access, suspend/resume,
 * execution protection, and impersonation.
 */
typedef union _PROCESS_LOGGING_INFORMATION
{
    ULONG Flags;
    struct
    {
        ULONG EnableReadVmLogging : 1;                  // Enables logging of read operations to process virtual memory.
        ULONG EnableWriteVmLogging : 1;                 // Enables logging of write operations to process virtual memory.
        ULONG EnableProcessSuspendResumeLogging : 1;    // Enables logging of process suspend and resume events.
        ULONG EnableThreadSuspendResumeLogging : 1;     // Enables logging of thread suspend and resume events.
        ULONG EnableLocalExecProtectVmLogging : 1;      // Enables logging of local execution protection for virtual memory.
        ULONG EnableRemoteExecProtectVmLogging : 1;     // Enables logging of remote execution protection for virtual memory.
        ULONG EnableImpersonationLogging : 1;           // Enables logging of impersonation events.
        ULONG Reserved : 25;
    };
} PROCESS_LOGGING_INFORMATION, *PPROCESS_LOGGING_INFORMATION;

#endif
#endif

View code on GitHub

No description available.

Edit description on GitHub