FS_Conf
The directory conf exists as a sub-directory to the file system root.
The file contains global Memory Process File System status and configuration settings not related to individual processes. The settings are exposed as files and are listed in the table below:
| File | Type | Description |
|---|---|---|
| cache_file_enable.txt | read/write | In-memory caching of memory pages when reading/writing memory |
| cache_paging_enable.txt | read/write | Enable virtual memory - including Win10 compressed memory |
| config_fileinfoheader_enable | read/write | Enable info header in most file system info files |
| config_printf_enable.txt | read/write | Enable various informational texts in the console window |
| config_printf_v.txt | read/write | Enable verbosity level 1 |
| config_printf_vv.txt | read/write | Enable verbosity level 2 |
| config_printf_vvv.txt | read/write | Enable verbosity level 3 |
| config_process_ _show_terminated.txt |
read/write | Show terminated processes |
| config_refresh_enable.txt | read | Is memory/process list refresh enabled? (only applies to read/write capable memory acquisition devices) |
| config_refresh_proc_partial.txt | read/write | Partial refresh of process list every tick_period ms |
| config_refresh_proc_total.txt | read/write | Total refresh of process list every tick_period ms |
| config_refresh_read.txt | read/write | Refresh of memory read cache every tick_period ms |
| config_refresh_registry.txt | read/write | Refresh registry |
| config_refresh_ _tick_period_ms.txt |
read/write | Refresh tick period in milliseconds (ms) |
| config_refresh_tlb.txt | read/write | Refresh page table cache every tick_period ms |
| config_symbol_enable.txt | read/write | Enable debugging symbol subsystem |
| config_symbolcache.txt | read/write | Local debugging symbol cache directory |
| config_symbolserver.txt | read/write | Remote symbol server |
| config_symbolserver_ _enable.txt |
read/write | Enable Microsoft remote symbol server functionality |
| native_max_address.txt | read | Max physical address of target system/memory acquisition device |
| statistics.txt | read | Various internal statistics primarily related to memory management |
| statistics_fncall.txt | read | Internal function call statistics |
MemProcFS utilizes debugging symbols retrieved from .pdb files for some features. By default MemProcFS will load symbols from the Microsoft Symbol Server, after the user has accepted the EULA popup, into a local cache directory. The local cache directory resides by-default in the \Symbols sub-directory from the MemProcFS directory.
It is possible to configure non-default values of the local symbol cache directory and the symbol server by editing the files config_symbolcache.txt and config_symbolserver.txt in the conf directory. Valid non-default changes to these files will be persisted under the registry key HKCU\Software\UlfFrisk\MemProcFS\ in the per-user registry hive.
It is possible to permanently disable symbols or the symbol server by DWORD values named SymbolEnable and SymbolServerEnable consisting of the value 0 under the above registry key. It is also possible to disable the symbol server at startup with the -symbolserverdisable startup option.
The example show the conf directory and its contents. The statistics file content is generated from various statistics - such as internal cache hits/misses. It is also possible to check and alter various settings. The example shows enabling verbosity by editing the file config_printf_enable.txt and looking at the maximum physical address of the target system.
The conf sub-directory is implemented as a built-in native C-code plugin. The plugin source is located in the file m_conf.c in the vmm project. In addition of being responsible for global status and configuration settings it's responsible for per-process status and configuration settings.