116 #define STATS_DISABLE_TIMER 1 119 #if defined(USER_MODE) && !defined(CFG_DISABLE_HIRES_COUNTERS) && !defined(STATS_DISABLE_TIMER) 121 # define STATS_HAS_HIGHRES_TIMER 1 124 #ifdef STATS_HAS_HIGHRES_TIMER 137 #ifndef STATS_DISABLE_TIMER 152 #ifdef STATS_DISABLE_TIMER 153 #define STATS_ENTER(id) 154 #define STATS_DISCARD(id) 156 #define STATS_ENTER(id) IntStatStart(id) 157 #define STATS_DISCARD(id) IntStatDiscard(id) 160 #define STATS_EXIT(id) IntStatStop(id) 167 #ifdef STATS_DISABLE_TIMER 199 #endif // STATS_DISABLE_TIMER Measures kernel mode exceptions checks.
Measures IntWinHandleException invocations done for DEP violations.
Measures the integrity checks on the process security descriptor.
Measures the security descriptor DPI protection information gathering.
Measures the pivoted stack DPI protection information gathering.
Measures CR violation exits.
Measures the debug flag DPI protection information gathering.
Measures page table writes emulation.
Measures user mode exceptions checks.
Measures page table writes.
Measures page tables integrity checks.
STAT_COUNTER gCounters[statsMaxCounter]
The list of counters.
Measures the instruction search done for the page table filtering agent.
Measures XCR violation exits.
Measures all EPT violations.
void IntStatsInit(void)
Initialization routine.
Measures reads done from the kernel EAT.
Measures the IntWinProcHandleCopyMemory detour handler.
Measures page table writes done by the VAS monitor.
Measures the checks done on SharedUserData.
Measures all the page table writes.
Measures the stolen token flag DPI protection information gathering.
Writes done from kernel mode over user mode.
Measures the DTR violation exits.
Measures the cases in which the stack trace mechanism encounters a JMP after a CALL.
Measures the thread start DPI protection information gathering.
void IntStatsResetAll(void)
Resets all the stats.
Measures the process creation checks.
Measures the heap spray DPI protection information gathering.
Measures the EPT violations for which the instruction does a read and a write.
void IntStatStop(STAT_ID StatId)
Measures the execution handling on SharedUserData page.
Measures page table entries writes.
Measures event injections.
Measures the handling of VMCALL exits.
Measures the hook commits.
Measures the execution of EPT violation handlers.
Measures the INT3 exits generated by the page table filtering mechanism.
Measures EPT violations generated while the guest was in kernel mode.
Measures the IntWinVadHandleCommit detour handler.
Measures the deletion of HOOK_REGION_DESCRIPTOR objects.
Measures the stack trace mechanism for 32-bit execution contexts.
Measures the handling of memory reads in which a write protection policy exists.
Measures the decoding of instructions that generate EPT violations.
Measures the checks to see if the token has been changed when a token swap occurs.
Measures EPT violations generated while the guest was in user mode.
Measures the INT3 events.
struct _STAT_COUNTER STAT_COUNTER
A stats counter.
Measures page table writes that are actually relevant for Introcore.
void IntStatsReset(STAT_ID StatId)
Resets a stat.
void IntStatDiscard(STAT_ID StatId)
Discards the current measurement for a stat counter.
Measures the checks to see if the token has been changed when a write occurs over the token...
#define UNREFERENCED_PARAMETER(P)
void IntStatsDumpAll(void)
Prints all the non-zero stats.
Measures the timer events.
Measures the VMCALL exists generated by the page table filtering agent.
QWORD TotalCount
The total number of times an event was measured.
struct _STAT_COUNTER * PSTAT_COUNTER
Measures IntWinProcHandleCopyMemory invocations done for memory reads.
Measures the self map entry validation.
The number of valid stats IDs. Not a valid ID. Must always be the last entry in the enum...
Measures the instruction search done for the SWAPGS protection.
Measures MSR violation exits.
Measures write EPT violations.
enum _STAT_ID STAT_ID
Stat IDs.
void IntStatStart(STAT_ID StatId)
Measures the handling of memory reads in which a read protection policy exists.
Measures the look-up of EPT violation handlers.
Measures the information gathering for the DPI mechanism.
Measures exits on NtSetInformationProcess.
Measures module load violation handling.
Measures user mode crash handlers.
Measures execute EPT violations.
Measures glob-match exceptions.
Measures read EPT violations.
Measures the deletion of HOOK_GVA objects.
Measures the token privileges DPI protection information gathering.
1.8.13