PROCESS_DISK_COUNTERS

The PROCESS_DISK_COUNTERS structure holds information whose collection can be managed by such exported functions PsIsDiskCountersEnabled and PsUpdateDiskCounters. A pointer to the counters is held in each EPROCESS and can be extracted to a SYSTEM_PROCESS_INFORMATION_EXTENSION through the ZwQuerySystemInformation function.

The PROCESS_DISK_COUNTERS is 0x28 bytes in both 32-bit and 64-bit Windows.

Offset Definition
0x00 
ULONGLONG BytesRead;
0x08 
ULONGLONG BytesWritten;
0x10 
ULONGLONG ReadOperationCount;
0x18 
ULONGLONG WriteOperationCount;
0x20 
ULONGLONG FlushOperationCount;

This page was created on 3rd November 2016. and was last modified on 9th November 2016.

Copyright © 2016. Geoff Chappell. All rights reserved. Conditions apply.