Struct owlyshield_ransom::driver_com::shared_def::IOMessage[][src]

#[repr(C)]
pub struct IOMessage {
Show 14 fields
    pub extension: [wchar_t; 12],
    pub file_id_vsn: c_ulonglong,
    pub file_id_id: [u8; 16],
    pub mem_sized_used: c_ulonglong,
    pub entropy: f64,
    pub pid: c_ulong,
    pub irp_op: c_uchar,
    pub is_entropy_calc: u8,
    pub file_change: c_uchar,
    pub file_location_info: c_uchar,
    pub filepathstr: String,
    pub gid: c_ulonglong,
    pub runtime_features: RuntimeFeatures,
    pub file_size: i64,

}
Expand description

Represents a driver message.

  • extension: The file extension
  • file_id_vsn: Hard Disk Volume Serial Number where the file is saved (from FILE_ID_INFO)
  • file_id_id: File ID on the disk (FILE_ID_INFO)
  • mem_size_used: Number of bytes transferred (IO_STATUS_BLOCK.Information)
  • entropy: (Optional) File Entropy calculated by the driver
  • is_entropy_calc: is the entropy calculated?
  • pid: Pid responsible for this io activity
  • irp_op: Windows IRP Type catched by the minifilter:
    • NONE (0)
    • READ (1)
    • WRITE (2)
    • SETINFO (3)
    • CREATE (4)
    • CLEANUP (5)
  • file_change: type of i/o operation:
    • FILE_CHANGE_NOT_SET (0)
    • FILE_OPEN_DIRECTORY (1)
    • FILE_CHANGE_WRITE (2)
    • FILE_CHANGE_NEW_FILE (3)
    • FILE_CHANGE_RENAME_FILE (4)
    • FILE_CHANGE_EXTENSION_CHANGED (5)
    • FILE_CHANGE_DELETE_FILE (6)
    • FILE_CHANGE_DELETE_NEW_FILE (7)
    • FILE_CHANGE_OVERWRITE_FILE (8)
  • file_location_info: the driver has the ability to monitor specific directories only (feature currently not used):
    • FILE_NOT_PROTECTED (0): Monitored dirs do not contained this file
    • FILE_PROTECTED (1)
    • FILE_MOVED_IN (2)
    • FILE_MOVED_OUT (3)
  • filepath: File path on the disk
  • gid: Group Identifier (maintained by the minifilter) of the operation
  • runtime_features: see class RuntimeFeatures
  • file_size: size of the file. Can be equal to -1 if the file path is not found.

Fields

extension: [wchar_t; 12]file_id_vsn: c_ulonglongfile_id_id: [u8; 16]mem_sized_used: c_ulonglongentropy: f64pid: c_ulongirp_op: c_ucharis_entropy_calc: u8file_change: c_ucharfile_location_info: c_ucharfilepathstr: Stringgid: c_ulonglongruntime_features: RuntimeFeaturesfile_size: i64

Implementations

Trait Implementations

Returns a copy of the value. Read more

Performs copy-assignment from source. Read more

Formats the value using the given formatter. Read more

Deserialize this value from the given Serde deserializer. Read more

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations

Blanket Implementations

Gets the TypeId of self. Read more

Immutably borrows from an owned value. Read more

Mutably borrows from an owned value. Read more

Performs the conversion.

Performs the conversion.

The alignment of pointer.

The type for initializers.

Initializes a with the given initializer. Read more

Dereferences the given pointer. Read more

Mutably dereferences the given pointer. Read more

Drops the object pointed to by the given pointer. Read more

The resulting type after obtaining ownership.

Creates owned data from borrowed data, usually by cloning. Read more

🔬 This is a nightly-only experimental API. (toowned_clone_into)

Uses borrowed data to replace owned data, usually by cloning. Read more

The type returned in the event of a conversion error.

Performs the conversion.

The type returned in the event of a conversion error.

Performs the conversion.