1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef _EVNTCONS_H_ 7 #define _EVNTCONS_H_ 8 9 #include <wmistr.h> 10 #include <evntrace.h> 11 #include <evntprov.h> 12 13 #ifdef __cplusplus 14 extern "C" { 15 #endif 16 17 typedef enum EVENTSECURITYOPERATION { 18 EventSecuritySetDACL, 19 EventSecuritySetSACL, 20 EventSecurityAddDACL, 21 EventSecurityAddSACL, 22 EventSecurityMax 23 } EVENTSECURITYOPERATION; 24 25 typedef struct _EVENT_EXTENDED_ITEM_INSTANCE { 26 ULONG InstanceId; 27 ULONG ParentInstanceId; 28 GUID ParentGuid; 29 } EVENT_EXTENDED_ITEM_INSTANCE, *PEVENT_EXTENDED_ITEM_INSTANCE; 30 31 typedef struct _EVENT_EXTENDED_ITEM_TS_ID { 32 ULONG SessionId; 33 } EVENT_EXTENDED_ITEM_TS_ID, *PEVENT_EXTENDED_ITEM_TS_ID; 34 35 typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID { 36 GUID RelatedActivityId; 37 } EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID, *PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID; 38 39 typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM { 40 USHORT Reserved1; 41 USHORT ExtType; 42 __C89_NAMELESS struct { 43 USHORT Linkage : 1; 44 USHORT Reserved2 :15; 45 } DUMMYSTRUCTNAME; 46 USHORT DataSize; 47 ULONGLONG DataPtr; 48 } EVENT_HEADER_EXTENDED_DATA_ITEM, *PEVENT_HEADER_EXTENDED_DATA_ITEM; 49 50 typedef struct _EVENT_HEADER { 51 USHORT Size; 52 USHORT HeaderType; 53 USHORT Flags; 54 USHORT EventProperty; 55 ULONG ThreadId; 56 ULONG ProcessId; 57 LARGE_INTEGER TimeStamp; 58 GUID ProviderId; 59 EVENT_DESCRIPTOR EventDescriptor; 60 __C89_NAMELESS union { 61 __C89_NAMELESS struct { 62 ULONG KernelTime; 63 ULONG UserTime; 64 } DUMMYSTRUCTNAME; 65 ULONG64 ProcessorTime; 66 } DUMMYUNIONNAME; 67 GUID ActivityId; 68 } EVENT_HEADER, *PEVENT_HEADER; 69 70 #define EVENT_HEADER_PROPERTY_XML 0x0001 71 #define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002 72 #define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004 73 74 #define EVENT_HEADER_FLAG_EXTENDED_INFO 0x0001 75 #define EVENT_HEADER_FLAG_PRIVATE_SESSION 0x0002 76 #define EVENT_HEADER_FLAG_STRING_ONLY 0x0004 77 #define EVENT_HEADER_FLAG_TRACE_MESSAGE 0x0008 78 #define EVENT_HEADER_FLAG_NO_CPUTIME 0x0010 79 #define EVENT_HEADER_FLAG_32_BIT_HEADER 0x0020 80 #define EVENT_HEADER_FLAG_64_BIT_HEADER 0x0040 81 #define EVENT_HEADER_FLAG_CLASSIC_HEADER 0x0100 82 83 #define EVENT_HEADER_EXT_TYPE_RELATED_ACTIVITYID 0x0001 84 #define EVENT_HEADER_EXT_TYPE_SID 0x0002 85 #define EVENT_HEADER_EXT_TYPE_TS_ID 0x0003 86 #define EVENT_HEADER_EXT_TYPE_INSTANCE_INFO 0x0004 87 #define EVENT_HEADER_EXT_TYPE_STACK_TRACE32 0x0005 88 #define EVENT_HEADER_EXT_TYPE_STACK_TRACE64 0x0006 89 90 struct _EVENT_RECORD { 91 EVENT_HEADER EventHeader; 92 ETW_BUFFER_CONTEXT BufferContext; 93 USHORT ExtendedDataCount; 94 USHORT UserDataLength; 95 PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData; 96 PVOID UserData; 97 PVOID UserContext; 98 }; 99 #ifndef DEFINED_PEVENT_RECORD 100 typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD; 101 #define DEFINED_PEVENT_RECORD 1 102 #endif /* for evntrace.h */ 103 104 #if (_WIN32_WINNT >= 0x0601) 105 typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 { 106 ULONG64 MatchId; 107 ULONG Address[ANYSIZE_ARRAY]; 108 } EVENT_EXTENDED_ITEM_STACK_TRACE32, *PEVENT_EXTENDED_ITEM_STACK_TRACE32; 109 110 typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 { 111 ULONG64 MatchId; 112 ULONG64 Address[ANYSIZE_ARRAY]; 113 } EVENT_EXTENDED_ITEM_STACK_TRACE64, *PEVENT_EXTENDED_ITEM_STACK_TRACE64; 114 #endif /*(_WIN32_WINNT >= 0x0601)*/ 115 116 #define EVENT_ENABLE_PROPERTY_SID 0x00000001 117 #define EVENT_ENABLE_PROPERTY_TS_ID 0x00000002 118 #define EVENT_ENABLE_PROPERTY_STACK_TRACE 0x00000004 119 120 #define PROCESS_TRACE_MODE_REAL_TIME 0x00000100 121 #define PROCESS_TRACE_MODE_RAW_TIMESTAMP 0x00001000 122 #define PROCESS_TRACE_MODE_EVENT_RECORD 0x10000000 123 124 #if (_WIN32_WINNT >= 0x0600) 125 ULONG EVNTAPI EventAccessControl( 126 LPGUID Guid, 127 ULONG Operation, 128 PSID Sid, 129 ULONG Rights, 130 BOOLEAN AllowOrDeny 131 ); 132 133 ULONG EVNTAPI EventAccessQuery( 134 LPGUID Guid, 135 PSECURITY_DESCRIPTOR Buffer, 136 PULONG BufferSize 137 ); 138 139 ULONG EVNTAPI EventAccessRemove( 140 LPGUID Guid 141 ); 142 #endif /*(_WIN32_WINNT >= 0x0600)*/ 143 144 #ifdef __cplusplus 145 } 146 #endif 147 148 #endif /* _EVNTCONS_H_ */ 149 150