1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef _EVNTRACE_ 7 #define _EVNTRACE_ 8 9 #if defined(_WINNT_) || defined(WINNT) 10 11 #ifndef WMIAPI 12 #ifndef MIDL_PASS 13 #ifdef _WMI_SOURCE_ 14 #define WMIAPI __stdcall 15 #else 16 #define WMIAPI DECLSPEC_IMPORT __stdcall 17 #endif 18 #endif /* MIDL_PASS */ 19 #endif /* WMIAPI */ 20 21 #include <guiddef.h> 22 23 DEFINE_GUID (EventTraceGuid,0x68fdd900,0x4a3e,0x11d1,0x84,0xf4,0x00,0x00,0xf8,0x04,0x64,0xe3); 24 DEFINE_GUID (SystemTraceControlGuid,0x9e814aad,0x3204,0x11d2,0x9a,0x82,0x00,0x60,0x08,0xa8,0x69,0x39); 25 DEFINE_GUID (EventTraceConfigGuid,0x01853a65,0x418f,0x4f36,0xae,0xfc,0xdc,0x0f,0x1d,0x2f,0xd2,0x35); 26 DEFINE_GUID (DefaultTraceSecurityGuid,0x0811c1af,0x7a07,0x4a06,0x82,0xed,0x86,0x94,0x55,0xcd,0xf7,0x13); 27 28 #define KERNEL_LOGGER_NAMEW L"NT Kernel Logger" 29 #define GLOBAL_LOGGER_NAMEW L"GlobalLogger" 30 #define EVENT_LOGGER_NAMEW L"Event Log" 31 #define DIAG_LOGGER_NAMEW L"DiagLog" 32 33 #define KERNEL_LOGGER_NAMEA "NT Kernel Logger" 34 #define GLOBAL_LOGGER_NAMEA "GlobalLogger" 35 #define EVENT_LOGGER_NAMEA "Event Log" 36 #define DIAG_LOGGER_NAMEA "DiagLog" 37 38 #define MAX_MOF_FIELDS 16 39 40 #ifndef _TRACEHANDLE_DEFINED 41 #define _TRACEHANDLE_DEFINED 42 typedef ULONG64 TRACEHANDLE,*PTRACEHANDLE; 43 #endif 44 45 #define SYSTEM_EVENT_TYPE 1 46 47 #define EVENT_TRACE_TYPE_INFO 0x00 48 #define EVENT_TRACE_TYPE_START 0x01 49 #define EVENT_TRACE_TYPE_END 0x02 50 #define EVENT_TRACE_TYPE_STOP 0x02 51 #define EVENT_TRACE_TYPE_DC_START 0x03 52 #define EVENT_TRACE_TYPE_DC_END 0x04 53 #define EVENT_TRACE_TYPE_EXTENSION 0x05 54 #define EVENT_TRACE_TYPE_REPLY 0x06 55 #define EVENT_TRACE_TYPE_DEQUEUE 0x07 56 #define EVENT_TRACE_TYPE_RESUME 0x07 57 #define EVENT_TRACE_TYPE_CHECKPOINT 0x08 58 #define EVENT_TRACE_TYPE_SUSPEND 0x08 59 #define EVENT_TRACE_TYPE_WINEVT_SEND 0x09 60 #define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0 61 62 #define TRACE_LEVEL_NONE 0 63 #define TRACE_LEVEL_CRITICAL 1 64 #define TRACE_LEVEL_FATAL 1 65 #define TRACE_LEVEL_ERROR 2 66 #define TRACE_LEVEL_WARNING 3 67 #define TRACE_LEVEL_INFORMATION 4 68 #define TRACE_LEVEL_VERBOSE 5 69 #define TRACE_LEVEL_RESERVED6 6 70 #define TRACE_LEVEL_RESERVED7 7 71 #define TRACE_LEVEL_RESERVED8 8 72 #define TRACE_LEVEL_RESERVED9 9 73 74 #define EVENT_TRACE_TYPE_LOAD 0x0A 75 76 #define EVENT_TRACE_TYPE_IO_READ 0x0A 77 #define EVENT_TRACE_TYPE_IO_WRITE 0x0B 78 #define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C 79 #define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D 80 #define EVENT_TRACE_TYPE_IO_FLUSH 0x0E 81 #define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F 82 83 #define EVENT_TRACE_TYPE_MM_TF 0x0A 84 #define EVENT_TRACE_TYPE_MM_DZF 0x0B 85 #define EVENT_TRACE_TYPE_MM_COW 0x0C 86 #define EVENT_TRACE_TYPE_MM_GPF 0x0D 87 #define EVENT_TRACE_TYPE_MM_HPF 0x0E 88 #define EVENT_TRACE_TYPE_MM_AV 0x0F 89 90 #define EVENT_TRACE_TYPE_SEND 0x0A 91 #define EVENT_TRACE_TYPE_RECEIVE 0x0B 92 #define EVENT_TRACE_TYPE_CONNECT 0x0C 93 #define EVENT_TRACE_TYPE_DISCONNECT 0x0D 94 #define EVENT_TRACE_TYPE_RETRANSMIT 0x0E 95 #define EVENT_TRACE_TYPE_ACCEPT 0x0F 96 #define EVENT_TRACE_TYPE_RECONNECT 0x10 97 #define EVENT_TRACE_TYPE_CONNFAIL 0x11 98 #define EVENT_TRACE_TYPE_COPY_TCP 0x12 99 #define EVENT_TRACE_TYPE_COPY_ARP 0x13 100 #define EVENT_TRACE_TYPE_ACKFULL 0x14 101 #define EVENT_TRACE_TYPE_ACKPART 0x15 102 #define EVENT_TRACE_TYPE_ACKDUP 0x16 103 104 #define EVENT_TRACE_TYPE_GUIDMAP 0x0A 105 #define EVENT_TRACE_TYPE_CONFIG 0x0B 106 #define EVENT_TRACE_TYPE_SIDINFO 0x0C 107 #define EVENT_TRACE_TYPE_SECURITY 0x0D 108 109 #define EVENT_TRACE_TYPE_REGCREATE 0x0A 110 #define EVENT_TRACE_TYPE_REGOPEN 0x0B 111 #define EVENT_TRACE_TYPE_REGDELETE 0x0C 112 #define EVENT_TRACE_TYPE_REGQUERY 0x0D 113 #define EVENT_TRACE_TYPE_REGSETVALUE 0x0E 114 #define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F 115 #define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10 116 #define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11 117 #define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12 118 #define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13 119 #define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14 120 #define EVENT_TRACE_TYPE_REGFLUSH 0x15 121 #define EVENT_TRACE_TYPE_REGKCBCREATE 0x16 122 #define EVENT_TRACE_TYPE_REGKCBDELETE 0x17 123 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18 124 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19 125 #define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A 126 #define EVENT_TRACE_TYPE_REGCLOSE 0x1B 127 #define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C 128 #define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D 129 #define EVENT_TRACE_TYPE_REGCOMMIT 0x1E 130 #define EVENT_TRACE_TYPE_REGPREPARE 0x1F 131 #define EVENT_TRACE_TYPE_REGROLLBACK 0x20 132 #define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21 133 134 #define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A 135 #define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B 136 #define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C 137 #define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D 138 #define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E 139 #define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F 140 #define EVENT_TRACE_TYPE_CONFIG_POWER 0x10 141 #define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11 142 143 #define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15 144 #define EVENT_TRACE_TYPE_CONFIG_PNP 0x16 145 #define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17 146 #define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19 147 148 #define EVENT_TRACE_FLAG_PROCESS 0x00000001 149 #define EVENT_TRACE_FLAG_THREAD 0x00000002 150 #define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004 151 152 #define EVENT_TRACE_FLAG_DISK_IO 0x00000100 153 #define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200 154 155 #define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000 156 #define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000 157 158 #define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000 159 160 #define EVENT_TRACE_FLAG_REGISTRY 0x00020000 161 #define EVENT_TRACE_FLAG_DBGPRINT 0x00040000 162 163 #define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008 164 #define EVENT_TRACE_FLAG_CSWITCH 0x00000010 165 #define EVENT_TRACE_FLAG_DPC 0x00000020 166 #define EVENT_TRACE_FLAG_INTERRUPT 0x00000040 167 #define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080 168 169 #define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400 170 171 #define EVENT_TRACE_FLAG_ALPC 0x00100000 172 #define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000 173 174 #define EVENT_TRACE_FLAG_DRIVER 0x00800000 175 #define EVENT_TRACE_FLAG_PROFILE 0x01000000 176 #define EVENT_TRACE_FLAG_FILE_IO 0x02000000 177 #define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000 178 179 #define EVENT_TRACE_FLAG_DISPATCHER 0x00000800 180 #define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000 181 182 #define EVENT_TRACE_FLAG_EXTENSION 0x80000000 183 #define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000 184 #define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000 185 186 #define EVENT_TRACE_FILE_MODE_NONE 0x00000000 187 #define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001 188 #define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002 189 #define EVENT_TRACE_FILE_MODE_APPEND 0x00000004 190 #define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008 191 #define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020 192 193 #define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040 194 #define EVENT_TRACE_SECURE_MODE 0x00000080 195 #define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000 196 #define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000 197 #define EVENT_TRACE_MODE_RESERVED 0x00100000 198 199 #define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000 200 201 #define EVENT_TRACE_REAL_TIME_MODE 0x00000100 202 #define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200 203 #define EVENT_TRACE_BUFFERING_MODE 0x00000400 204 #define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800 205 #define EVENT_TRACE_ADD_HEADER_MODE 0x00001000 206 207 #define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000 208 #define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000 209 210 #define EVENT_TRACE_RELOG_MODE 0x00010000 211 212 #define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000 213 214 #define EVENT_TRACE_CONTROL_QUERY 0 215 #define EVENT_TRACE_CONTROL_STOP 1 216 #define EVENT_TRACE_CONTROL_UPDATE 2 217 #define EVENT_TRACE_CONTROL_FLUSH 3 218 219 #define TRACE_MESSAGE_SEQUENCE 1 220 #define TRACE_MESSAGE_GUID 2 221 #define TRACE_MESSAGE_COMPONENTID 4 222 #define TRACE_MESSAGE_TIMESTAMP 8 223 #define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16 224 #define TRACE_MESSAGE_SYSTEMINFO 32 225 226 #define TRACE_MESSAGE_POINTER32 0x0040 227 #define TRACE_MESSAGE_POINTER64 0x0080 228 229 #define TRACE_MESSAGE_FLAG_MASK 0xFFFF 230 231 #define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200 232 #define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000 233 #define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000 234 #define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000 235 #define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000 236 237 #define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024 238 239 #define ETW_NULL_TYPE_VALUE 0 240 #define ETW_OBJECT_TYPE_VALUE 1 241 #define ETW_STRING_TYPE_VALUE 2 242 #define ETW_SBYTE_TYPE_VALUE 3 243 #define ETW_BYTE_TYPE_VALUE 4 244 #define ETW_INT16_TYPE_VALUE 5 245 #define ETW_UINT16_TYPE_VALUE 6 246 #define ETW_INT32_TYPE_VALUE 7 247 #define ETW_UINT32_TYPE_VALUE 8 248 #define ETW_INT64_TYPE_VALUE 9 249 #define ETW_UINT64_TYPE_VALUE 10 250 #define ETW_CHAR_TYPE_VALUE 11 251 #define ETW_SINGLE_TYPE_VALUE 12 252 #define ETW_DOUBLE_TYPE_VALUE 13 253 #define ETW_BOOLEAN_TYPE_VALUE 14 254 #define ETW_DECIMAL_TYPE_VALUE 15 255 256 #define ETW_GUID_TYPE_VALUE 101 257 #define ETW_ASCIICHAR_TYPE_VALUE 102 258 #define ETW_ASCIISTRING_TYPE_VALUE 103 259 #define ETW_COUNTED_STRING_TYPE_VALUE 104 260 #define ETW_POINTER_TYPE_VALUE 105 261 #define ETW_SIZET_TYPE_VALUE 106 262 #define ETW_HIDDEN_TYPE_VALUE 107 263 #define ETW_BOOL_TYPE_VALUE 108 264 #define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109 265 #define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110 266 #define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111 267 #define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112 268 #define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113 269 #define ETW_REDUCED_STRING_TYPE_VALUE 114 270 #define ETW_SID_TYPE_VALUE 115 271 #define ETW_VARIANT_TYPE_VALUE 116 272 #define ETW_PTVECTOR_TYPE_VALUE 117 273 #define ETW_WMITIME_TYPE_VALUE 118 274 #define ETW_DATETIME_TYPE_VALUE 119 275 #define ETW_REFRENCE_TYPE_VALUE 120 276 277 #define TRACE_PROVIDER_FLAG_LEGACY 0x00000001 278 #define TRACE_PROVIDER_FLAG_PRE_ENABLE 0x00000002 279 280 #define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0 281 #define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1 282 #define EVENT_CONTROL_CODE_CAPTURE_STATE 2 283 284 #define EVENT_TRACE_USE_PROCTIME 0x0001 285 #define EVENT_TRACE_USE_NOCPUTIME 0x0002 286 287 typedef struct _EVENT_TRACE_HEADER { 288 USHORT Size; 289 __C89_NAMELESS union { 290 USHORT FieldTypeFlags; 291 __C89_NAMELESS struct { 292 UCHAR HeaderType; 293 UCHAR MarkerFlags; 294 } DUMMYSTRUCTNAME; 295 } DUMMYUNIONNAME; 296 __C89_NAMELESS union { 297 ULONG Version; 298 struct { 299 UCHAR Type; 300 UCHAR Level; 301 USHORT Version; 302 } Class; 303 } DUMMYUNIONNAME2; 304 ULONG ThreadId; 305 ULONG ProcessId; 306 LARGE_INTEGER TimeStamp; 307 __C89_NAMELESS union { 308 GUID Guid; 309 ULONGLONG GuidPtr; 310 } DUMMYUNIONNAME3; 311 __C89_NAMELESS union { 312 __C89_NAMELESS struct { 313 ULONG KernelTime; 314 ULONG UserTime; 315 } DUMMYSTRUCTNAME; 316 ULONG64 ProcessorTime; 317 __C89_NAMELESS struct { 318 ULONG ClientContext; 319 ULONG Flags; 320 } DUMMYSTRUCTNAME2; 321 } DUMMYUNIONNAME4; 322 } EVENT_TRACE_HEADER,*PEVENT_TRACE_HEADER; 323 324 typedef struct _EVENT_INSTANCE_HEADER { 325 USHORT Size; 326 __C89_NAMELESS union { 327 USHORT FieldTypeFlags; 328 __C89_NAMELESS struct { 329 UCHAR HeaderType; 330 UCHAR MarkerFlags; 331 } DUMMYSTRUCTNAME; 332 } DUMMYUNIONNAME; 333 __C89_NAMELESS union { 334 ULONG Version; 335 struct { 336 UCHAR Type; 337 UCHAR Level; 338 USHORT Version; 339 } Class; 340 } DUMMYUNIONNAME2; 341 ULONG ThreadId; 342 ULONG ProcessId; 343 LARGE_INTEGER TimeStamp; 344 ULONGLONG RegHandle; 345 ULONG InstanceId; 346 ULONG ParentInstanceId; 347 __C89_NAMELESS union { 348 __C89_NAMELESS struct { 349 ULONG KernelTime; 350 ULONG UserTime; 351 } DUMMYSTRUCTNAME; 352 ULONG64 ProcessorTime; 353 __C89_NAMELESS struct { 354 ULONG EventId; 355 ULONG Flags; 356 } DUMMYSTRUCTNAME2; 357 } DUMMYUNIONNAME3; 358 ULONGLONG ParentRegHandle; 359 } EVENT_INSTANCE_HEADER,*PEVENT_INSTANCE_HEADER; 360 361 #define DEFINE_TRACE_MOF_FIELD(MOF,ptr,length,type) \ 362 (MOF)->DataPtr = (ULONG64) (ULONG_PTR) ptr; \ 363 (MOF)->Length = (ULONG) length; \ 364 (MOF)->DataType = (ULONG) type; 365 366 typedef struct _MOF_FIELD { 367 ULONG64 DataPtr; 368 ULONG Length; 369 ULONG DataType; 370 } MOF_FIELD,*PMOF_FIELD; 371 372 #if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_) 373 374 typedef struct _TRACE_LOGFILE_HEADER { 375 ULONG BufferSize; 376 __C89_NAMELESS union { 377 ULONG Version; 378 struct { 379 UCHAR MajorVersion; 380 UCHAR MinorVersion; 381 UCHAR SubVersion; 382 UCHAR SubMinorVersion; 383 } VersionDetail; 384 } DUMMYUNIONNAME; 385 ULONG ProviderVersion; 386 ULONG NumberOfProcessors; 387 LARGE_INTEGER EndTime; 388 ULONG TimerResolution; 389 ULONG MaximumFileSize; 390 ULONG LogFileMode; 391 ULONG BuffersWritten; 392 __C89_NAMELESS union { 393 GUID LogInstanceGuid; 394 __C89_NAMELESS struct { 395 ULONG StartBuffers; 396 ULONG PointerSize; 397 ULONG EventsLost; 398 ULONG CpuSpeedInMHz; 399 } DUMMYSTRUCTNAME; 400 } DUMMYUNIONNAME2; 401 #if defined(_WMIKM_) 402 PWCHAR LoggerName; 403 PWCHAR LogFileName; 404 RTL_TIME_ZONE_INFORMATION TimeZone; 405 #else 406 LPWSTR LoggerName; 407 LPWSTR LogFileName; 408 TIME_ZONE_INFORMATION TimeZone; 409 #endif 410 LARGE_INTEGER BootTime; 411 LARGE_INTEGER PerfFreq; 412 LARGE_INTEGER StartTime; 413 ULONG ReservedFlags; 414 ULONG BuffersLost; 415 } TRACE_LOGFILE_HEADER,*PTRACE_LOGFILE_HEADER; 416 417 typedef struct _TRACE_LOGFILE_HEADER32 { 418 ULONG BufferSize; 419 __C89_NAMELESS union { 420 ULONG Version; 421 struct { 422 UCHAR MajorVersion; 423 UCHAR MinorVersion; 424 UCHAR SubVersion; 425 UCHAR SubMinorVersion; 426 } VersionDetail; 427 }; 428 ULONG ProviderVersion; 429 ULONG NumberOfProcessors; 430 LARGE_INTEGER EndTime; 431 ULONG TimerResolution; 432 ULONG MaximumFileSize; 433 ULONG LogFileMode; 434 ULONG BuffersWritten; 435 __C89_NAMELESS union { 436 GUID LogInstanceGuid; 437 __C89_NAMELESS struct { 438 ULONG StartBuffers; 439 ULONG PointerSize; 440 ULONG EventsLost; 441 ULONG CpuSpeedInMHz; 442 }; 443 }; 444 #if defined(_WMIKM_) 445 ULONG32 LoggerName; 446 ULONG32 LogFileName; 447 RTL_TIME_ZONE_INFORMATION TimeZone; 448 #else 449 ULONG32 LoggerName; 450 ULONG32 LogFileName; 451 TIME_ZONE_INFORMATION TimeZone; 452 #endif 453 LARGE_INTEGER BootTime; 454 LARGE_INTEGER PerfFreq; 455 LARGE_INTEGER StartTime; 456 ULONG ReservedFlags; 457 ULONG BuffersLost; 458 } TRACE_LOGFILE_HEADER32, *PTRACE_LOGFILE_HEADER32; 459 460 typedef struct _TRACE_LOGFILE_HEADER64 { 461 ULONG BufferSize; 462 __C89_NAMELESS union { 463 ULONG Version; 464 struct { 465 UCHAR MajorVersion; 466 UCHAR MinorVersion; 467 UCHAR SubVersion; 468 UCHAR SubMinorVersion; 469 } VersionDetail; 470 }; 471 ULONG ProviderVersion; 472 ULONG NumberOfProcessors; 473 LARGE_INTEGER EndTime; 474 ULONG TimerResolution; 475 ULONG MaximumFileSize; 476 ULONG LogFileMode; 477 ULONG BuffersWritten; 478 __C89_NAMELESS union { 479 GUID LogInstanceGuid; 480 __C89_NAMELESS struct { 481 ULONG StartBuffers; 482 ULONG PointerSize; 483 ULONG EventsLost; 484 ULONG CpuSpeedInMHz; 485 }; 486 }; 487 #if defined(_WMIKM_) 488 ULONG64 LoggerName; 489 ULONG64 LogFileName; 490 RTL_TIME_ZONE_INFORMATION TimeZone; 491 #else 492 ULONG64 LoggerName; 493 ULONG64 LogFileName; 494 TIME_ZONE_INFORMATION TimeZone; 495 #endif 496 LARGE_INTEGER BootTime; 497 LARGE_INTEGER PerfFreq; 498 LARGE_INTEGER StartTime; 499 ULONG ReservedFlags; 500 ULONG BuffersLost; 501 } TRACE_LOGFILE_HEADER64, *PTRACE_LOGFILE_HEADER64; 502 503 #endif /* !_NTDDK_ || _WMIKM_ */ 504 505 typedef struct _EVENT_INSTANCE_INFO { 506 HANDLE RegHandle; 507 ULONG InstanceId; 508 } EVENT_INSTANCE_INFO,*PEVENT_INSTANCE_INFO; 509 510 #if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) 511 512 typedef struct _EVENT_TRACE_PROPERTIES { 513 WNODE_HEADER Wnode; 514 ULONG BufferSize; 515 ULONG MinimumBuffers; 516 ULONG MaximumBuffers; 517 ULONG MaximumFileSize; 518 ULONG LogFileMode; 519 ULONG FlushTimer; 520 ULONG EnableFlags; 521 LONG AgeLimit; 522 523 ULONG NumberOfBuffers; 524 ULONG FreeBuffers; 525 ULONG EventsLost; 526 ULONG BuffersWritten; 527 ULONG LogBuffersLost; 528 ULONG RealTimeBuffersLost; 529 HANDLE LoggerThreadId; 530 ULONG LogFileNameOffset; 531 ULONG LoggerNameOffset; 532 } EVENT_TRACE_PROPERTIES,*PEVENT_TRACE_PROPERTIES; 533 534 typedef struct _TRACE_GUID_REGISTRATION { 535 LPCGUID Guid; 536 HANDLE RegHandle; 537 } TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION; 538 539 #endif /* !_NTDDK_ || _WMIKM_ */ 540 541 typedef struct _TRACE_GUID_PROPERTIES { 542 GUID Guid; 543 ULONG GuidType; 544 ULONG LoggerId; 545 ULONG EnableLevel; 546 ULONG EnableFlags; 547 BOOLEAN IsEnable; 548 } TRACE_GUID_PROPERTIES,*PTRACE_GUID_PROPERTIES; 549 550 typedef struct _ETW_BUFFER_CONTEXT { 551 UCHAR ProcessorNumber; 552 UCHAR Alignment; 553 USHORT LoggerId; 554 } ETW_BUFFER_CONTEXT, *PETW_BUFFER_CONTEXT; 555 556 typedef struct _TRACE_ENABLE_INFO { 557 ULONG IsEnabled; 558 UCHAR Level; 559 UCHAR Reserved1; 560 USHORT LoggerId; 561 ULONG EnableProperty; 562 ULONG Reserved2; 563 ULONGLONG MatchAnyKeyword; 564 ULONGLONG MatchAllKeyword; 565 } TRACE_ENABLE_INFO, *PTRACE_ENABLE_INFO; 566 567 typedef struct _TRACE_PROVIDER_INSTANCE_INFO { 568 ULONG NextOffset; 569 ULONG EnableCount; 570 ULONG Pid; 571 ULONG Flags; 572 } TRACE_PROVIDER_INSTANCE_INFO, *PTRACE_PROVIDER_INSTANCE_INFO; 573 574 typedef struct _TRACE_GUID_INFO { 575 ULONG InstanceCount; 576 ULONG Reserved; 577 } TRACE_GUID_INFO, *PTRACE_GUID_INFO; 578 579 typedef struct _EVENT_TRACE { 580 EVENT_TRACE_HEADER Header; 581 ULONG InstanceId; 582 ULONG ParentInstanceId; 583 GUID ParentGuid; 584 PVOID MofData; 585 ULONG MofLength; 586 __C89_NAMELESS union { 587 ULONG ClientContext; 588 ETW_BUFFER_CONTEXT BufferContext; /* MSDN says ULONG, for XP and older? */ 589 } DUMMYUNIONNAME; 590 } EVENT_TRACE,*PEVENT_TRACE; 591 592 #if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) 593 594 #ifndef DEFINED_PEVENT_RECORD 595 typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD; 596 #define DEFINED_PEVENT_RECORD 1 597 #endif /* for evntcons.h */ 598 #ifndef DEFINED_PEVENT_FILTER_DESC 599 typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR; 600 #define DEFINED_PEVENT_FILTER_DESC 1 601 #endif /* for evntprov.h */ 602 typedef struct _EVENT_TRACE_LOGFILEW EVENT_TRACE_LOGFILEW,*PEVENT_TRACE_LOGFILEW; 603 typedef struct _EVENT_TRACE_LOGFILEA EVENT_TRACE_LOGFILEA,*PEVENT_TRACE_LOGFILEA; 604 typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW)(PEVENT_TRACE_LOGFILEW Logfile); 605 typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA)(PEVENT_TRACE_LOGFILEA Logfile); 606 typedef VOID (WINAPI *PEVENT_CALLBACK)(PEVENT_TRACE pEvent); 607 typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK)(PEVENT_RECORD EventRecord); 608 typedef ULONG (WINAPI *WMIDPREQUEST)(WMIDPREQUESTCODE RequestCode,PVOID RequestContext,ULONG *BufferSize,PVOID Buffer); 609 610 struct _EVENT_TRACE_LOGFILEW { 611 LPWSTR LogFileName; 612 LPWSTR LoggerName; 613 LONGLONG CurrentTime; 614 ULONG BuffersRead; 615 __C89_NAMELESS union { 616 ULONG LogFileMode; 617 ULONG ProcessTraceMode; 618 } DUMMYUNIONNAME; 619 EVENT_TRACE CurrentEvent; 620 TRACE_LOGFILE_HEADER LogfileHeader; 621 PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback; 622 ULONG BufferSize; 623 ULONG Filled; 624 ULONG EventsLost; 625 __C89_NAMELESS union { 626 PEVENT_CALLBACK EventCallback; 627 PEVENT_RECORD_CALLBACK EventRecordCallback; 628 } DUMMYUNIONNAME2; 629 ULONG IsKernelTrace; 630 PVOID Context; 631 }; 632 633 struct _EVENT_TRACE_LOGFILEA { 634 LPSTR LogFileName; 635 LPSTR LoggerName; 636 LONGLONG CurrentTime; 637 ULONG BuffersRead; 638 __C89_NAMELESS union { 639 ULONG LogFileMode; 640 ULONG ProcessTraceMode; 641 } DUMMYUNIONNAME; 642 EVENT_TRACE CurrentEvent; 643 TRACE_LOGFILE_HEADER LogfileHeader; 644 PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback; 645 ULONG BufferSize; 646 ULONG Filled; 647 ULONG EventsLost; 648 __C89_NAMELESS union { 649 PEVENT_CALLBACK EventCallback; 650 PEVENT_RECORD_CALLBACK EventRecordCallback; 651 } DUMMYUNIONNAME2; 652 ULONG IsKernelTrace; 653 PVOID Context; 654 }; 655 656 #if defined(_UNICODE) || defined(UNICODE) 657 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW 658 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW 659 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW 660 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW 661 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW 662 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW 663 #else 664 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA 665 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA 666 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA 667 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA 668 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA 669 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA 670 #endif /* defined(_UNICODE) || defined(UNICODE) */ 671 672 #ifdef __cplusplus 673 extern "C" { 674 #endif 675 676 EXTERN_C ULONG WMIAPI StartTraceW(PTRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 677 EXTERN_C ULONG WMIAPI StartTraceA(PTRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 678 EXTERN_C ULONG WMIAPI StopTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 679 EXTERN_C ULONG WMIAPI StopTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 680 EXTERN_C ULONG WMIAPI QueryTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 681 EXTERN_C ULONG WMIAPI QueryTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 682 EXTERN_C ULONG WMIAPI UpdateTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 683 EXTERN_C ULONG WMIAPI UpdateTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 684 EXTERN_C ULONG WMIAPI FlushTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 685 EXTERN_C ULONG WMIAPI FlushTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); 686 EXTERN_C ULONG WMIAPI ControlTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode); 687 EXTERN_C ULONG WMIAPI ControlTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode); 688 EXTERN_C ULONG WMIAPI QueryAllTracesW(PEVENT_TRACE_PROPERTIES *PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount); 689 EXTERN_C ULONG WMIAPI QueryAllTracesA(PEVENT_TRACE_PROPERTIES *PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount); 690 EXTERN_C ULONG WMIAPI EnableTrace(ULONG Enable,ULONG EnableFlag,ULONG EnableLevel,LPCGUID ControlGuid,TRACEHANDLE TraceHandle); 691 692 #if (_WIN32_WINNT >= 0x0600) 693 EXTERN_C ULONG WMIAPI EnableTraceEx( 694 LPCGUID ProviderId, 695 LPCGUID SourceId, 696 TRACEHANDLE TraceHandle, 697 ULONG IsEnabled, 698 UCHAR Level, 699 ULONGLONG MatchAnyKeyword, 700 ULONGLONG MatchAllKeyword, 701 ULONG EnableProperty, 702 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc 703 ); 704 #endif /* _WIN32_WINNT >= 0x0600 */ 705 706 #define ENABLE_TRACE_PARAMETERS_VERSION 1 707 708 typedef struct _ENABLE_TRACE_PARAMETERS { 709 ULONG Version; 710 ULONG EnableProperty; 711 ULONG ControlFlags; 712 GUID SourceId; 713 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc; 714 } ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS; 715 716 #if (_WIN32_WINNT >= 0x0601) 717 EXTERN_C ULONG WMIAPI EnableTraceEx2( 718 TRACEHANDLE TraceHandle, 719 LPCGUID ProviderId, 720 ULONG ControlCode, 721 UCHAR Level, 722 ULONGLONG MatchAnyKeyword, 723 ULONGLONG MatchAllKeyword, 724 ULONG Timeout, 725 PENABLE_TRACE_PARAMETERS EnableParameters 726 ); 727 #endif /* _WIN32_WINNT >= 0x0601 */ 728 729 typedef enum _TRACE_QUERY_INFO_CLASS { 730 TraceGuidQueryList, 731 TraceGuidQueryInfo, 732 TraceGuidQueryProcess, 733 TraceStackTracingInfo, 734 MaxTraceSetInfoClass 735 } TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS; 736 737 #if (_WIN32_WINNT >= 0x0600) 738 EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx( 739 TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, 740 PVOID InBuffer, 741 ULONG InBufferSize, 742 PVOID OutBuffer, 743 ULONG OutBufferSize, 744 PULONG ReturnLength 745 ); 746 #endif /* _WIN32_WINNT >= 0x0600 */ 747 748 /*To enable the read event type for disk IO events, set GUID to 3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c and Type to 10.*/ 749 typedef struct _CLASSIC_EVENT_ID { 750 GUID EventGuid; 751 UCHAR Type; 752 UCHAR Reserved[7]; 753 } CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID; 754 755 #if (_WIN32_WINNT >= 0x0601) 756 EXTERN_C ULONG WMIAPI TraceSetInformation( 757 TRACEHANDLE SessionHandle, 758 TRACE_INFO_CLASS InformationClass, 759 PVOID TraceInformation, 760 ULONG InformationLength 761 ); 762 #endif /* _WIN32_WINNT >= 0x0601 */ 763 764 EXTERN_C ULONG WMIAPI CreateTraceInstanceId(HANDLE RegHandle,PEVENT_INSTANCE_INFO pInstInfo); 765 EXTERN_C ULONG WMIAPI TraceEvent(TRACEHANDLE TraceHandle,PEVENT_TRACE_HEADER EventTrace); 766 EXTERN_C ULONG WMIAPI TraceEventInstance(TRACEHANDLE TraceHandle,PEVENT_INSTANCE_HEADER EventTrace,PEVENT_INSTANCE_INFO pInstInfo,PEVENT_INSTANCE_INFO pParentInstInfo); 767 EXTERN_C ULONG WMIAPI RegisterTraceGuidsW(WMIDPREQUEST RequestAddress,PVOID RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION TraceGuidReg,LPCWSTR MofImagePath,LPCWSTR MofResourceName,PTRACEHANDLE RegistrationHandle); 768 EXTERN_C ULONG WMIAPI RegisterTraceGuidsA(WMIDPREQUEST RequestAddress,PVOID RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION TraceGuidReg,LPCSTR MofImagePath,LPCSTR MofResourceName,PTRACEHANDLE RegistrationHandle); 769 EXTERN_C ULONG WMIAPI EnumerateTraceGuids(PTRACE_GUID_PROPERTIES *GuidPropertiesArray,ULONG PropertyArrayCount,PULONG GuidCount); 770 EXTERN_C ULONG WMIAPI UnregisterTraceGuids(TRACEHANDLE RegistrationHandle); 771 EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle(PVOID Buffer); 772 EXTERN_C UCHAR WMIAPI GetTraceEnableLevel(TRACEHANDLE TraceHandle); 773 EXTERN_C ULONG WMIAPI GetTraceEnableFlags(TRACEHANDLE TraceHandle); 774 EXTERN_C TRACEHANDLE WMIAPI OpenTraceA(PEVENT_TRACE_LOGFILEA Logfile); 775 EXTERN_C TRACEHANDLE WMIAPI OpenTraceW(PEVENT_TRACE_LOGFILEW Logfile); 776 EXTERN_C ULONG WMIAPI ProcessTrace(PTRACEHANDLE HandleArray,ULONG HandleCount,LPFILETIME StartTime,LPFILETIME EndTime); 777 EXTERN_C ULONG WMIAPI CloseTrace(TRACEHANDLE TraceHandle); 778 EXTERN_C ULONG WMIAPI SetTraceCallback(LPCGUID pGuid,PEVENT_CALLBACK EventCallback); 779 EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid); 780 EXTERN_C ULONG __cdecl TraceMessage(TRACEHANDLE LoggerHandle,ULONG MessageFlags,LPCGUID MessageGuid,USHORT MessageNumber,...); 781 EXTERN_C ULONG WMIAPI TraceMessageVa(TRACEHANDLE LoggerHandle,ULONG MessageFlags,LPCGUID MessageGuid,USHORT MessageNumber,va_list MessageArgList); 782 783 #ifdef __cplusplus 784 } 785 #endif 786 787 #define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE) 788 789 #if defined(UNICODE) || defined(_UNICODE) 790 #define RegisterTraceGuids RegisterTraceGuidsW 791 #define StartTrace StartTraceW 792 #define ControlTrace ControlTraceW 793 794 #if defined(__TRACE_W2K_COMPATIBLE) 795 #define StopTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_STOP) 796 #define QueryTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_QUERY) 797 #define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE) 798 #else 799 #define StopTrace StopTraceW 800 #define QueryTrace QueryTraceW 801 #define UpdateTrace UpdateTraceW 802 #endif /* defined(__TRACE_W2K_COMPATIBLE) */ 803 804 #define FlushTrace FlushTraceW 805 #define QueryAllTraces QueryAllTracesW 806 #define OpenTrace OpenTraceW 807 808 #else /* defined(UNICODE) || defined(_UNICODE) */ 809 810 #define RegisterTraceGuids RegisterTraceGuidsA 811 #define StartTrace StartTraceA 812 #define ControlTrace ControlTraceA 813 814 #if defined(__TRACE_W2K_COMPATIBLE) 815 #define StopTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_STOP) 816 #define QueryTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_QUERY) 817 #define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE) 818 #else 819 #define StopTrace StopTraceA 820 #define QueryTrace QueryTraceA 821 #define UpdateTrace UpdateTraceA 822 #endif /* defined(__TRACE_W2K_COMPATIBLE) */ 823 824 #define FlushTrace FlushTraceA 825 #define QueryAllTraces QueryAllTracesA 826 #define OpenTrace OpenTraceA 827 #endif /* defined(UNICODE) || defined(_UNICODE) */ 828 829 #endif /* !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) */ 830 831 #endif /* defined(_WINNT_) || defined(WINNT) */ 832 833 #endif /* _EVNTRACE_ */ 834 835
