System and method for capturing kernel-resident information
First Claim
1. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode modules having a second level of protection, a method for consistently collecting information associated with the execution of a user mode module, the method comprising:
- transmitting, by a requestor application, a request to collect kernel mode module information, wherein the request to collect kernel mode module information includes an identification of one or more executing process threads from which kernel mode information will be collected;
obtaining, by a kernel mode module, corresponding to a driver application external to the operating system, the request to collect kernel mode module information;
capturing, by the kernel mode module, information corresponding to each thread identified in the request to collect kernel mode module information;
transmitting, by the kernel mode module, a result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information; and
receiving, by the requestor application, the result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and interface for consistently capturing kernel resident information are provided. An operating system architecture includes user mode modules and kernel mode applications. A user mode module initiates a kernel mode information request through an application program interface identifying one or more process threads of interest. A kernel mode module captures information corresponding to standard kernel mode information and corresponding to the specifically identified process threads. The information is returned in a pre-allocated buffer.
-
Citations
27 Claims
-
1. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode modules having a second level of protection, a method for consistently collecting information associated with the execution of a user mode module, the method comprising:
-
transmitting, by a requestor application, a request to collect kernel mode module information, wherein the request to collect kernel mode module information includes an identification of one or more executing process threads from which kernel mode information will be collected; obtaining, by a kernel mode module, corresponding to a driver application external to the operating system, the request to collect kernel mode module information; capturing, by the kernel mode module, information corresponding to each thread identified in the request to collect kernel mode module information; transmitting, by the kernel mode module, a result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information; and receiving, by the requestor application, the result of the capturing of the information corresponding to each thread identified in the request to collect kernel mode module information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. In a computer system having an operating environment including user mode modules having a first level of protection and kernel mode modules having a second level of protection, a method for consistently collecting information associated with the execution of a user mode module, the method comprising:
-
obtaining a user mode module request to collect kernel mode module information including an identification of one or more executing process threads from which kernel mode information will be collected; wherein obtaining a user mode module request includes obtaining, by a driver application external to the operating system, the user mode module request; capturing information corresponding to each thread identified in the request to collect kernel mode module information; and transmitting the captured kernel mode module information. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer system having a processor, a memory, and an operating environment, the operating environment including user mode modules having a first level of protection and kernel mode applications having a second level of protection, the system comprising:
-
a driver application comprising a processing component for capturing kernel mode module information corresponding to one or more executing processing threads identified in a request to collect kernel mode module information; and at least one application program interface for accessing the processing component and identifying the one or more executing processing threads from which to collect kernel mode module information; and wherein the kernel mode module information includes a thread kernel stack and all pending I/O request packet information for each identified process thread; and wherein all pending I/O request packet information includes an identification of the pending I/O request packet, a current stack location, device object information, file object information and driver object information for each identified I/O request packet corresponding to an identified process thread. - View Dependent Claims (24, 25, 26, 27)
-
Specification