We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When I start irpmonc it lists the current settings, and I see:
[INFO]: Collect process events: 0
Still the monitoring shows entries with:
Type = ImageLoad
Example of entries:
ID = 1316814 Time = 20/10/2023 07:36:07 Type = ImageLoad File object = 0x0000000000000000 File name = \Device\HarddiskVolume3\Windows\System32\version.dll Image base = 0x00007FF876980000 Image size = 40960 Signature type = None Signature level = Unchecked Thread ID = 10844 Process ID = 2916 Process name = WUDFHost.exe IRQL = Passive Emulated = True Associated data = True Data stripped = False Data size = 104 Admin = False Impersonated = False ImpAdmin = False Stack: 0: 0x00007FF885C2D5B4 1: 0x00007FF885BA4D42 2: 0x00007FF885BA4AAA 3: 0x00007FF885BEFDD3 4: 0x00007FF885BEF830 5: 0x00007FF885BEECF0 6: 0x00007FF885BEEC63 7: 0x00007FF885BF22B0 8: 0x00007FF885BE31FA 9: 0x00007FF883CF7614 10: 0x00007FF885BE26F1 ID = 1316815 Time = 20/10/2023 07:36:07 Type = ImageLoad File object = 0x0000000000000000 File name = \Device\HarddiskVolume3\Windows\System32\ole32.dll Image base = 0x00007FF883F50000 Image size = 1220608 Signature type = None Signature level = Unchecked Thread ID = 10844 Process ID = 2916 Process name = WUDFHost.exe IRQL = Passive Emulated = True Associated data = True Data stripped = False Data size = 100 Admin = False Impersonated = False ImpAdmin = False Stack: 0: 0x00007FF885C2D5B4 1: 0x00007FF885BA4D42 2: 0x00007FF885BA4AAA 3: 0x00007FF885BA4479 4: 0x00007FF885BA88A8 5: 0x00007FF885BA7B29 6: 0x00007FF885BA4C14 7: 0x00007FF885BEFDD3 8: 0x00007FF885BEFB00 9: 0x00007FF885BEED9F 10: 0x00007FF885BAFB53 11: 0x00007FF885BA73E4 12: 0x00007FF885BA6AF4 13: 0x00007FF8837C56B2 14: 0x00007FF875A14541 15: 0x00007FF8759E13E6 16: 0x00007FF8759E1506 17: 0x00007FF8759E1556 18: 0x00007FF875A22DED 19: 0x00007FF875A1CF5D 20: 0x00007FF875A22F53 21: 0x00007FF875A2E2E3 22: 0x00007FF875A2A9E0 23: 0x00007FF875A2BD3A 24: 0x00007FF875A2CEAC 25: 0x00007FF885C01769 26: 0x00007FF885BE31FA 27: 0x00007FF883CF7614 28: 0x00007FF885BE26F1
irpmonc startup dump of settings:
[INFO]: 0 parsers loaded loading connector device-connector.dll deviceName = \\.\irpmndrv [INFO]: Driver settings: [INFO]: Clear on disconnect: 1 [INFO]: Collect when disconnected: 0 [INFO]: Collect process events: 0 [INFO]: Collect file name events: 0 [INFO]: Collect object name events: 1 [INFO]: Process snapshot on connect: 1 [INFO]: Driver snapshot on connect: 0 [INFO]: Strip data: 1 [INFO]: Data strip threshold: 1024 bytes [INFO]: Log boot: 0 [INFO]: Save to registry: 0 [INFO]: [INFO]: Driver "\Driver\libusb0" is already hooked [INFO]: Device "\Device\libusb00001" (0xffffbd04a27e0050) is already hooked [INFO]: Driver "\Driver\libusb0" is already hooked [INFO]: Device "\Device\libusb00001" (0xffffbd04a27e0050) is already hooked [INFO]: Driver "\Driver\USBHUB3" is already hooked [INFO]: Device "\Device\libusb00001" (0xffffbd04a27e0050) is already hooked [INFO]: Already watching for driver "\Driver\libusb0" [INFO]: Already watching for driver "libusb0.sys" [INFO]: Connecting to the driver...
The text was updated successfully, but these errors were encountered:
No branches or pull requests
When I start irpmonc it lists the current settings, and I see:
Still the monitoring shows entries with:
Example of entries:
irpmonc startup dump of settings:
The text was updated successfully, but these errors were encountered: