System and method for capturing kernel-resident information
First Claim
1. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode modules having a second level of protection, a method for consistently collecting information associated with the execution of a user mode module, the method comprising:
- transmitting, by a requester application, a request to collect kernel mode module information, wherein the request to collect kernel mode module information includes an identification of one or more process threads from which kernel mode information will be collected;
obtaining, by a kernel mode module, the request to collect kernel mode module information;
capturing, by the kernel mode module, information corresponding to each thread identified in the request to collect kernel mode module information;
transmitting, by the kernel mode module, a result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information; and
receiving, by the requestor application, the result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and interface for consistently capturing kernel resident information are provided. An operating system architecture includes user mode modules and kernel mode applications. A user mode module initiates a kernel mode information request through an application program interface identifying one or more process threads of interest. A kernel mode module captures information corresponding to standard kernel mode information and corresponding to the specifically identified process threads. The information is returned in a pre-allocated buffer.
72 Citations
32 Claims
-
1. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode modules having a second level of protection, a method for consistently collecting information associated with the execution of a user mode module, the method comprising:
-
transmitting, by a requester application, a request to collect kernel mode module information, wherein the request to collect kernel mode module information includes an identification of one or more process threads from which kernel mode information will be collected;
obtaining, by a kernel mode module, the request to collect kernel mode module information;
capturing, by the kernel mode module, information corresponding to each thread identified in the request to collect kernel mode module information;
transmitting, by the kernel mode module, a result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information; and
receiving, by the requestor application, the result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 22)
-
-
14. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode modules having a second level of protection, a method for consistently collecting information associated with the execution of a user mode module, the method comprising:
-
obtaining a user mode module request to collect kernel mode module information including an identification of one or more process threads from which kernel mode information will be collected;
capturing information corresponding to each thread identified in the request to collect kernel mode module information; and
transmitting the captured kernel mode module information. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 23, 24)
-
-
25. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode applications having a second level of protection, a software architecture for consistently collecting information associated with the execution of a user mode module, the architecture comprising:
-
a processing component for capturing kernel mode module information corresponding to one or more processing threads identified in a request to collect kernel mode module information; and
at least one application program interface for accessing the processing component and identifying the one or more processing threads from which to collect kernel mode module information. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
Specification