PROCESS_LOGGING_INFORMATION - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTPSAPI_H
#if (PHNT_MODE != PHNT_MODE_KERNEL)

/**
 * The PROCESS_LOGGING_INFORMATION structure provides flags to enable or disable logging
 * for specific process and thread events, such as virtual memory access, suspend/resume,
 * execution protection, and impersonation.
 */
typedef struct _PROCESS_LOGGING_INFORMATION
{
    union
    {
        ULONG Flags;
        struct
        {
            ULONG EnableReadVmLogging : 1;                  // Enables logging of read operations to process virtual memory.
            ULONG EnableWriteVmLogging : 1;                 // Enables logging of write operations to process virtual memory.
            ULONG EnableProcessSuspendResumeLogging : 1;    // Enables logging of process suspend and resume events.
            ULONG EnableThreadSuspendResumeLogging : 1;     // Enables logging of thread suspend and resume events.
            ULONG EnableLocalExecProtectVmLogging : 1;      // Enables logging of local execution protection for virtual memory.
            ULONG EnableRemoteExecProtectVmLogging : 1;     // Enables logging of remote execution protection for virtual memory.
            ULONG EnableImpersonationLogging : 1;           // Enables logging of impersonation events.
            ULONG Reserved : 25;
        };
    };
} PROCESS_LOGGING_INFORMATION, *PPROCESS_LOGGING_INFORMATION;

#endif
#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub