PssCaptureFlags Enumeration
Namespace: DevCase.Win32.EnumsAssembly: DevCase.net48 (in DevCase.net48.dll) Version: 6.0.0.0 (6.0)
XMLNS for XAML: Not mapped to an xmlns.
[FlagsAttribute]
public enum PssCaptureFlags
<FlagsAttribute>
Public Enumeration PssCaptureFlags
Dim instance As PssCaptureFlags
[FlagsAttribute]
public enum class PssCaptureFlags
[<FlagsAttribute>]
type PssCaptureFlags
No code example is currently available or this language may not be supported.
| None |
0 |
Capture nothing.
|
| CaptureVirtualAddressClone |
1 |
Capture a snapshot of all cloneable pages in the process.
The clone includes all MEM_PRIVATE regions,
as well as all sections (MEM_MAPPED and MEM_IMAGE) that are shareable.
All Win32 sections created via CreateFileMapping function are shareable.
|
| Reserved_00000002 |
2 |
Reserved by the system. Do not use this flag.
|
| CaptureHandles |
4 |
Capture the handle table (handle values only).
|
| CaptureHandleNameInformation |
8 |
Capture name information for each handle.
|
| CaptureHandleBasicInformation |
16 |
Capture basic handle information such as HandleCount, PointerCount, GrantedAccess, etc.
|
| CaptureHandleTypeSpecificInformation |
32 |
Capture type-specific information for supported object types: Process, Thread, Event, Mutant, Section.
|
| CaptureHandleTrace |
64 |
Capture the handle tracing table.
|
| CaptureThreads |
128 |
Capture thread information (IDs only).
|
| CaptureThreadContext |
256 |
Capture the context for each thread.
|
| CaptureThreadContextExtended |
512 |
Capture extended context for each thread (e.g. ContextXSTATE).
|
| Reserved_00000400 |
1,024 |
Reserved by the system. Do not use this flag.
|
| CaptureVirtualAddressSpace |
2,048 |
Capture a snapshot of the virtual address space.
The Virtual Address (VA) space is captured as an array of MEMORY_BASIC_INFORMATION structures.
This flag does not capture the contents of the pages.
|
| CaptureVirtualAddressSpaceSectionInformation |
4,096 |
For MEM_IMAGE and MEM_MAPPED regions,
dumps the path to the file backing the sections (identical to what GetMappedFileName returns).
For MEM_IMAGE regions, also dumps:
The VirtualMemoryRead access right is required on the process handle.
|
| CaptureIptTrace |
8,192 |
(missing documentation).
|
| CreateBreakawayOptional |
67,108,864 |
The breakaway is optional.
If the clone process fails to create as a breakaway, then it is created still inside the job.
This flag must be specified in combination with either
CreateForceBreakaway and/or
CreateBreakaway.
|
| CreateBreakaway |
134,217,728 |
The clone is broken away from the parent process' job.
This is equivalent to CreateProcess flag CREATE_BREAKAWAY_FROM_JOB.
|
| CreateForceBreakaway |
268,435,456 |
The clone is forcefully broken away the parent process's job.
This is only allowed for Tcb-privileged callers.
|
| CreateUseVmAllocations |
536,870,912 |
The facility should not use the process heap for any persistent or transient allocations.
The use of the heap may be undesirable in certain contexts such as
creation of snapshots in the exception reporting path (where the heap may be corrupted).
|
| CreateMeasurePerformance |
1,073,741,824 |
Measure performance of the facility.
Performance counters can be retrieved via PssQuerySnapshot(IntPtr, PssQueryInformationClass, IntPtr, UInt32) function
with the PerformanceCounters information class.
|
| CreateReleaseSection |
2,147,483,648 |
The virtual address (VA) clone process does not hold a reference to the underlying image.
This will cause functions such as QueryFullProcessImageName to fail on the Virtual Address (VA) clone process.
This flag has no effect unless CaptureVirtualAddressClone is specified.
|