SYMBOL INDEX (273 symbols across 61 files) FILE: Sysmon.sys/CDeviceExtension.h function class (line 5) | class CDeviceExtension FILE: Sysmon.sys/CDriverEntry.cpp function CDriverEntry (line 32) | CDriverEntry& CDriverEntry::Instance() function BOOL (line 48) | BOOL CDriverEntry::IsSupportFlt() function NTSTATUS (line 62) | NTSTATUS function CErrorStatus (line 229) | CErrorStatus function CErrorStatus (line 254) | CErrorStatus FILE: Sysmon.sys/CDriverEntry.h function class (line 13) | class CDriverEntry FILE: Sysmon.sys/CReportRecord.h function class (line 8) | class CSysmonRecord function class (line 18) | class CReportSysmonRecord FILE: Sysmon.sys/CSysmonControl.h function class (line 4) | class CSysmonControl FILE: Sysmon.sys/CSysmonDispatchEngine.cpp function NTSTATUS (line 28) | NTSTATUS function NTSTATUS (line 112) | NTSTATUS function NTSTATUS (line 244) | NTSTATUS function PIRP (line 290) | PIRP FILE: Sysmon.sys/CSysmonDispatchEngine.h function class (line 7) | class CSysmonDispatchEngine FILE: Sysmon.sys/CSysmonIoControl.h type Base_Sysmon_FileObj_Type (line 4) | typedef enum _Base_Sysmon_FileObj_Type type Sysmon_Flt_CompletionContext (line 11) | typedef struct _Sysmon_Flt_CompletionContext type Sysmon_Flt_Stream_Context (line 20) | typedef struct _Sysmon_Flt_Stream_Context FILE: Sysmon.sys/CSysmonMiniFltFilter.cpp function CErrorStatus (line 22) | CErrorStatus CSysmonMiniFltFilter::Init(PDRIVER_OBJECT DriverObj) function NTSTATUS (line 97) | NTSTATUS function NTSTATUS (line 109) | NTSTATUS function NTSTATUS (line 132) | NTSTATUS FILE: Sysmon.sys/CSysmonMiniFltFilter.h function class (line 9) | class CSysmonMiniFltFilter : FILE: Sysmon.sys/Sysmon.sys.cpp function NTSTATUS (line 13) | NTSTATUS FILE: Sysmon.sys/cpplib/CAttachDevice.cpp function CErrorStatus (line 28) | CErrorStatus function CErrorStatus (line 45) | CErrorStatus FILE: Sysmon.sys/cpplib/CAttachDevice.h function class (line 9) | class CAttachDevice function PDEVICE_OBJECT (line 21) | PDEVICE_OBJECT Device() function PDEVICE_OBJECT (line 26) | PDEVICE_OBJECT LowDevice() FILE: Sysmon.sys/cpplib/CDebug.h function class (line 5) | class CDebug FILE: Sysmon.sys/cpplib/CDeviceObject.cpp function PDEVICE_OBJECT (line 37) | PDEVICE_OBJECT* CDeviceObject::operator &() function ULONG (line 57) | ULONG& CDeviceObject::Flags() function PVOID (line 62) | PVOID& CDeviceObject::DeviceExtension() function PDRIVER_OBJECT (line 67) | PDRIVER_OBJECT& CDeviceObject::DriverObject() function ULONG (line 72) | ULONG& CDeviceObject::DeviceType() function PDEVICE_OBJECT (line 77) | PDEVICE_OBJECT& CDeviceObject::AttachedDevice() function PDEVICE_OBJECT (line 82) | PDEVICE_OBJECT& CDeviceObject::NextDevice() function ULONG (line 87) | ULONG& CDeviceObject::Characteristics() function CErrorStatus (line 96) | CErrorStatus function CErrorStatus (line 138) | CErrorStatus function CErrorStatus (line 175) | CErrorStatus FILE: Sysmon.sys/cpplib/CDeviceObject.h function class (line 8) | class CDeviceObject FILE: Sysmon.sys/cpplib/CDispatchEngine.h function class (line 4) | class CDispatchEngine FILE: Sysmon.sys/cpplib/CDriverDispatch.cpp function BOOL (line 23) | BOOL CDriverDispatch::operator !() const function PDRIVER_DISPATCH (line 28) | PDRIVER_DISPATCH& CDriverDispatch::operator [](int n) FILE: Sysmon.sys/cpplib/CDriverDispatch.h function class (line 5) | class CDriverDispatch FILE: Sysmon.sys/cpplib/CDriverObject.h function class (line 5) | class CDriverObject FILE: Sysmon.sys/cpplib/CEResource.h function class (line 6) | class CEResource FILE: Sysmon.sys/cpplib/CErrorStatus.cpp function BOOL (line 30) | BOOL FILE: Sysmon.sys/cpplib/CErrorStatus.h function class (line 6) | class CErrorStatus FILE: Sysmon.sys/cpplib/CFileObject.cpp function PVOID (line 30) | PVOID CFileObject::operator !() function PUNICODE_STRING (line 35) | PUNICODE_STRING CFileObject::FileName() function PFILE_OBJECT (line 40) | PFILE_OBJECT& CFileObject::RelatedFileObject() FILE: Sysmon.sys/cpplib/CFileObject.h function class (line 4) | class CFileObject FILE: Sysmon.sys/cpplib/CFilterDevice.cpp function CErrorStatus (line 28) | CErrorStatus function CErrorStatus (line 90) | CErrorStatus function CErrorStatus (line 151) | CErrorStatus function CErrorStatus (line 178) | CErrorStatus function CErrorStatus (line 199) | CErrorStatus function PDEVICE_OBJECT (line 237) | PDEVICE_OBJECT function CAttachDevice (line 243) | CAttachDevice& FILE: Sysmon.sys/cpplib/CFilterDevice.h function class (line 17) | class CFilterDevice FILE: Sysmon.sys/cpplib/CIoStackLocation.cpp function BOOLEAN (line 37) | BOOLEAN function BOOLEAN (line 43) | BOOLEAN CIoStackLocation::operator !=(const PIO_STACK_LOCATION Stack) function PVOID (line 48) | PVOID CIoStackLocation::operator !() function CFileObject (line 53) | CFileObject CIoStackLocation::FileObject() function UCHAR (line 58) | UCHAR& CIoStackLocation::Flags() FILE: Sysmon.sys/cpplib/CIoStackLocation.h function class (line 6) | class CIoStackLocation FILE: Sysmon.sys/cpplib/CIrp.cpp function PIRP (line 23) | PIRP function NTSTATUS (line 29) | NTSTATUS& function KPROCESSOR_MODE (line 35) | KPROCESSOR_MODE& function ULONG_PTR (line 41) | ULONG_PTR& function PMDL (line 47) | PMDL& function PVOID (line 53) | PVOID& function PVOID (line 60) | PVOID& function PVOID (line 66) | PVOID& function PVOID (line 72) | PVOID& function PVOID (line 78) | PVOID& function UINT8 (line 84) | UINT8& function UINT8 (line 90) | UINT8& function UINT8 (line 96) | UINT8& function UINT8 (line 102) | UINT8& function ULONG (line 108) | ULONG& function INT64 (line 114) | INT64& function ULONG (line 120) | ULONG& function INT64 (line 126) | INT64& function ULONG (line 132) | ULONG& function ULONG (line 144) | ULONG& function ULONG (line 157) | ULONG& function PDEVICE_OBJECT (line 169) | PDEVICE_OBJECT& CIrp::Device() const function PFILE_OBJECT (line 174) | PFILE_OBJECT& CIrp::FileObject() const function PIO_STACK_LOCATION (line 179) | PIO_STACK_LOCATION function NTSTATUS (line 211) | NTSTATUS function NTSTATUS (line 220) | NTSTATUS SimpleCompletion( function NTSTATUS (line 238) | NTSTATUS function CErrorStatus (line 286) | CErrorStatus function CErrorStatus (line 320) | CErrorStatus FILE: Sysmon.sys/cpplib/CIrp.h function class (line 7) | class CIrp FILE: Sysmon.sys/cpplib/CListEntry.h type C_LIST_NODE (line 9) | typedef struct _C_LIST_NODE function class (line 49) | class Iterator function BOOLEAN (line 213) | BOOLEAN Insert( T* _X ) function BOOLEAN (line 259) | BOOLEAN Remove( T* _X ) function LIST_ENTRY (line 324) | LIST_ENTRY* End() function UnLock (line 336) | void UnLock() FILE: Sysmon.sys/cpplib/CMiniFltFilter.cpp function CErrorStatus (line 178) | CErrorStatus function NTSTATUS (line 196) | NTSTATUS function NTSTATUS (line 208) | NTSTATUS function NTSTATUS (line 233) | NTSTATUS FILE: Sysmon.sys/cpplib/CMiniFltFilter.h type Flt_Fn_Callback (line 10) | typedef enum _Flt_Fn_Callback function class (line 25) | class CMiniFltFilter FILE: Sysmon.sys/cpplib/CNPagedLookaside.h function T (line 27) | T* Allocate() function Free (line 32) | void Free( T* pT ) FILE: Sysmon.sys/cpplib/CPool.h function operator (line 37) | operator T*() const function BOOL (line 42) | BOOL function BOOL (line 48) | BOOL function T (line 54) | const function T (line 92) | T* Allocate( SIZE_T _S ) function T (line 111) | T* Allocate() function Free (line 129) | void Free() function INT3264 (line 139) | INT3264 Size() FILE: Sysmon.sys/cpplib/CString.h function virtual (line 14) | virtual ~CStringT(void) function operator (line 19) | operator T*() function operator (line 65) | operator WCHAR*() FILE: Sysmon.sys/cpplib/CSysmonBase.cpp function USHORT (line 18) | USHORT function BOOL (line 116) | BOOL FILE: Sysmon.sys/cpplib/CSysmonBase.h function class (line 7) | class CSysmonBase FILE: Sysmon.sys/cpplib/CUnicodeString.cpp function PUNICODE_STRING (line 56) | PUNICODE_STRING CUnicodeString::operator &() FILE: Sysmon.sys/cpplib/CUnicodeString.h function class (line 8) | class CUnicodeString FILE: Sysmon.sys/cpplib/CVersion.cpp function ULONG (line 41) | ULONG CVersion::GetMajorVersion() function ULONG (line 50) | ULONG CVersion::GetMinorVersion() function ULONG (line 59) | ULONG CVersion::GetBuilderNumber() FILE: Sysmon.sys/cpplib/CVersion.h function class (line 5) | class CVersion FILE: Sysmon.sys/cpplib/CppLib.cpp function EXTERN_C (line 42) | EXTERN_C function atexit (line 57) | int function EXTERN_C (line 81) | EXTERN_C function DeleteHelper (line 124) | void function CallGlobalConstructors (line 131) | void function CallGlobalDestructors (line 148) | void function EXCEPTION_DISPOSITION (line 167) | EXCEPTION_DISPOSITION function _CxxThrowException (line 182) | void function _CxxThrowException (line 193) | void FILE: Sysmon.sys/cpplib/CppLib.h type CHAR (line 6) | typedef char CHAR; type UCHAR (line 7) | typedef unsigned char UCHAR; type BOOLEAN (line 8) | typedef unsigned char BOOLEAN; type wchar_t (line 9) | typedef wchar_t WCHAR; type boolean (line 10) | typedef unsigned char boolean; type UINT32 (line 11) | typedef unsigned __int32 UINT32; type ULONG32 (line 12) | typedef unsigned int ULONG32, *PULONG32; type DWORD32 (line 13) | typedef unsigned int DWORD32, *PDWORD32; type BOOL (line 14) | typedef int BOOL; type INT8 (line 15) | typedef signed char INT8, *PINT8; type INT16 (line 16) | typedef signed short INT16, *PINT16; type INT32 (line 17) | typedef signed int INT32, *PINT32; type INT64 (line 18) | typedef signed __int64 INT64, *PINT64; type UINT8 (line 19) | typedef unsigned char UINT8, *PUINT8; type UINT16 (line 20) | typedef unsigned short UINT16, *PUINT16; type UINT32 (line 21) | typedef unsigned int UINT32, *PUINT32; type UINT64 (line 22) | typedef unsigned __int64 UINT64, *PUINT64; type __int64 (line 24) | typedef __int64 INT64; type __int3264 (line 25) | typedef __int3264 ADDRPOINT; type __int3264 (line 26) | typedef __int3264 INT3264; type UINT (line 27) | typedef unsigned int UINT; type BYTE (line 28) | typedef unsigned char BYTE; type ULONG (line 29) | typedef unsigned long ULONG; type SHORT (line 30) | typedef short SHORT; type USHORT (line 31) | typedef unsigned short USHORT; type AtExitEntry (line 49) | struct AtExitEntry type MemoryType (line 65) | enum MemoryType function operator (line 81) | operator new(size_t size) function operator (line 89) | operator new[](size_t size) function operator (line 97) | operator new(size_t size, MemoryType memType) function operator (line 105) | operator new[](size_t size, MemoryType memType) function operator (line 115) | operator new(size_t size, void *pMem) function operator (line 124) | operator new[](size_t size, void *pMem) function operator (line 136) | operator delete(void *p) function operator (line 144) | operator delete[](void *p) function operator (line 152) | operator delete(void *p, MemoryType memType) function operator (line 161) | operator delete[](void *p, MemoryType memType) function operator (line 173) | operator delete(void *pMem1, void *pMem2) function operator (line 184) | operator delete[](void *pMem1, void *pMem2) function class (line 206) | class type_info { FILE: Sysmon/CDName.h function class (line 4) | class CDName FILE: Sysmon/CDigitalSign.h type CATALOG_INFO (line 8) | typedef struct CATALOG_INFO_ { type CRYPT_PROVIDER_SGNR (line 22) | typedef type CRYPT_PROVIDER_DATA (line 30) | typedef type const (line 76) | typedef function class (line 121) | class CDigitalSign FILE: Sysmon/CEventLogger.cpp function HRESULT (line 33) | HRESULT CEventLogger::Init( function HRESULT (line 164) | HRESULT CEventLogger::DeInit() function ULONG (line 229) | ULONG CEventLogger::ControlCallback( function ULONG (line 245) | ULONG CEventLogger::_ControlCallback( FILE: Sysmon/CEventLogger.h function class (line 10) | class CEventLogger FILE: Sysmon/CMofDataParser.cpp function CMofDataParser (line 21) | CMofDataParser* CMofDataParser::Instance() function HRESULT (line 37) | HRESULT CMofDataParser::Connect( function BOOL (line 94) | BOOL CMofDataParser::Parse( function IWbemClassObject (line 258) | IWbemClassObject* function CMofParseRes (line 446) | CMofParseRes* function BOOL (line 769) | BOOL CMofDataParser::GetPropertyList( function PBYTE (line 949) | PBYTE CMofDataParser::GetPropertyValue( function LONG (line 1908) | LONG CMofDataParser::GetArraySize( function LONG (line 1930) | LONG CMofDataParser::GetArrayValue( FILE: Sysmon/CMofDataParser.h type uint32 (line 16) | typedef unsigned int uint32; type uint64 (line 17) | typedef unsigned long long uint64; type MOF_DATA_HEADER (line 26) | typedef struct _MOF_DATA_HEADER type MOF_CHAR_ARRAY (line 38) | typedef struct _MOF_CHAR_ARRAY type MOF_ITEM (line 49) | typedef struct _MOF_ITEM type MOF_PROPERTY (line 64) | typedef struct _MOF_PROPERTY function class (line 73) | class CMofParseRes type PROPERTY_LIST (line 110) | typedef struct _propertyList function class (line 118) | class CMofData function UINT32 (line 283) | UINT32 GetProcessId() function UINT64 (line 288) | UINT64 GetUniqueProcessKey() function UINT64 (line 311) | UINT64 GetFileObject() function TCHAR (line 316) | TCHAR* GetFileOpenPath() function class (line 340) | class CMofDataParser function class (line 419) | class FileCreateNameX86 function class (line 440) | class CPropertyRes function Init (line 488) | void Init() function TCHAR (line 494) | TCHAR* GetFileName() function TCHAR (line 504) | TCHAR* GetQueryDomainName() function TCHAR (line 509) | TCHAR* GetQueryResult() function ULONGLONG (line 514) | ULONGLONG GetFileObject() function ULONG (line 524) | ULONG GetProcessId() function WORD (line 534) | WORD GetPort() function ULONG (line 544) | ULONG GetQueryStatus() function ULONG (line 554) | ULONG GetIpAddress() function ULONG (line 564) | ULONG GetIoSize() function BOOL (line 574) | BOOL operator == ( TCHAR* StrName) FILE: Sysmon/CSsymonEtw.cpp function ULONG (line 41) | ULONG CSsymonEtw::InitData() function HRESULT (line 70) | HRESULT CSsymonEtw::StartTrace(BOOL bStart) function UINT (line 237) | UINT CSsymonEtw::ProcessTraceThread(void* lp) function ULONG (line 324) | ULONG function VOID (line 333) | VOID function UINT (line 362) | UINT FILE: Sysmon/CSsymonEtw.h type Sysomn_Event_Properties (line 57) | typedef struct _Sysomn_Event_Properties function class (line 74) | class CSsymonEtw FILE: Sysmon/CSysmonDriverOpt.cpp function BOOL (line 23) | BOOL CSysmonDriverOpt::InstallDriver( function BOOL (line 190) | BOOL CSysmonDriverOpt::StartDriver(LPCTSTR lpszDriverName) function BOOL (line 251) | BOOL CSysmonDriverOpt::StopDriver(LPCTSTR lpszDriverName) function BOOL (line 294) | BOOL CSysmonDriverOpt::DeleteDriver(LPCTSTR lpszDriverName) FILE: Sysmon/CSysmonDriverOpt.h function class (line 4) | class CSysmonDriverOpt FILE: Sysmon/CSysmonMofData.cpp function HRESULT (line 53) | HRESULT CSysmonMofData::CoCreateInstance() function CSysmonDataEntry (line 99) | CSysmonDataEntry* CSysmonMofData::Phase_1( function CSysmonDataEntry (line 407) | CSysmonDataEntry* function CSysmonDataEntry (line 722) | CSysmonDataEntry* CSysmonMofData::GetPropertyList( function CSysmonEventList (line 1126) | CSysmonEventList* CSysmonMofData::AddEvent( function LONG (line 1180) | LONG CSysmonMofData::GetArrayValue( function LONG (line 1365) | LONG CSysmonMofData::GetArraySize( function BOOL (line 1400) | BOOL CSysmonData::Compare(BSTR pString) function BOOL (line 1409) | BOOL CSysmonData::CompareN(BSTR pString,ULONG Size) function LONG (line 1451) | LONG CSysmonDataEntry::GetCLassNameLen() function CSysmonDataEntry (line 1461) | CSysmonDataEntry* CSysmonDataEntry::InitData(CSysmonData** pData,BSTR pS... function CSysmonEventList (line 1553) | CSysmonEventList* CSysmonEventList::InsertBack(LIST_ENTRY* Blink,void* p... FILE: Sysmon/CSysmonMofData.h type CTcpIpInfo (line 21) | typedef struct _CTcpIpInfo type Sysmon_Net_Report (line 27) | typedef struct _Sysmon_Net_Report function class (line 38) | class CSysmonData function class (line 72) | class CSysmonEventList function class (line 91) | class CSysmonDataEntry function class (line 114) | class CSysmonProperty function InitData (line 146) | void InitData(CSysmonData** pData,BSTR pString) function class (line 206) | class CSysmonMofData FILE: Sysmon/CSysmonUtil.cpp function BOOL (line 14) | BOOL CSysmonUtil::SysmonVersionIsSupport() FILE: Sysmon/CSysmonUtil.h type QWORD (line 4) | typedef unsigned __int64 QWORD; function class (line 6) | class CSysmonUtil FILE: Sysmon/Sysmon.cpp function _tWinMain (line 20) | int APIENTRY _tWinMain( function BOOLEAN (line 103) | BOOLEAN __fastcall SysmonTempFileName(wchar_t * FileName, wchar_t* TempN... function BOOLEAN (line 178) | BOOLEAN __fastcall SysmonExtractResource(LPCWSTR lpName, wchar_t *Filename) function DWORD (line 204) | DWORD RunSysmonX64() FILE: Sysmon/Sysmon.h function BOOLEAN (line 5) | BOOLEAN function FORCEINLINE (line 14) | FORCEINLINE function FORCEINLINE (line 23) | FORCEINLINE function FORCEINLINE (line 39) | FORCEINLINE function FORCEINLINE (line 55) | FORCEINLINE