:py:mod:`dissect.etl.headers.system` ==================================== .. py:module:: dissect.etl.headers.system Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.etl.headers.system.SystemSpecificHeader dissect.etl.headers.system.SystemHeader dissect.etl.headers.system.CompactSystemHeader dissect.etl.headers.system.PerfinfoTraceHeader .. py:class:: SystemSpecificHeader(marker: Marker, data: memoryview, etl) Bases: :py:obj:`dissect.etl.headers.headers.Header` A baseclass for the different ETL headers. .. py:property:: size :type: int The size of the event. In most cases this is inside the remainder field of the marker. .. py:property:: minimal_size :type: int Minimum header size. Adds additional header bytes to the result to create a correct payload offset. .. py:property:: hook_id :type: int An ID that identifies who created the event. .. py:property:: opcode :type: int A code used to select the type of event inside the header. .. py:property:: group :type: int A code used to select the provider for this header. .. py:property:: provider_id :type: uuid.UUID Provider that generated this event. .. py:class:: SystemHeader(marker: Marker, data: memoryview, etl) Bases: :py:obj:`SystemSpecificHeader` Creates a System header. This header has the following types associated with them. Version Marker Size OpCode Group ThreadId ProcessId TimeDelta ProcessorTime .. py:property:: process_id :type: int The process id that created this event. .. py:property:: processor_time :type: int The time it took on the processor. .. py:property:: thread_id :type: int The thread id that created this event. .. py:method:: additional_header_fields() -> dict[str, Any] Additional fields that hold interesting information. each header subclass defines what additional information it wants to return to a record. .. py:class:: CompactSystemHeader(marker: Marker, data: memoryview, etl) Bases: :py:obj:`SystemSpecificHeader` Creates a compact system header. This header has the following types associated with them. Version Marker Size OpCode Group ThreadId ProcessId TimeDelta .. py:property:: process_id :type: int The process id that created this event. .. py:property:: thread_id :type: int The thread id that created this event. .. py:method:: additional_header_fields() -> dict[str, Any] Additional fields that hold interesting information. each header subclass defines what additional information it wants to return to a record. .. py:class:: PerfinfoTraceHeader(marker: Marker, data: memoryview, etl) Bases: :py:obj:`SystemSpecificHeader` A header that records performance events for windows. .. py:method:: additional_header_fields() -> dict[str, Any] Additional fields that hold interesting information. each header subclass defines what additional information it wants to return to a record.