1 /** 2 * This file has no copyright assigned and is placed in the Public Domain. 3 * This file is part of the mingw-w64 runtime package. 4 * No warranty is given; refer to the file DISCLAIMER.PD within this package. 5 */ 6 #ifndef _INC_WINEVT 7 #define _INC_WINEVT 8 #if (_WIN32_WINNT >= 0x0600) 9 10 #ifdef __cplusplus 11 extern "C" { 12 #endif 13 14 typedef enum _EVT_CHANNEL_CLOCK_TYPE { 15 EvtChannelClockTypeSystemTime = 0, 16 EvtChannelClockTypeQPC = 1 17 } EVT_CHANNEL_CLOCK_TYPE; 18 19 typedef enum _EVT_CHANNEL_CONFIG_PROPERTY_ID { 20 EvtChannelConfigEnabled = 0, 21 EvtChannelConfigIsolation = 1, 22 EvtChannelConfigType = 2, 23 EvtChannelConfigOwningPublisher = 3, 24 EvtChannelConfigClassicEventlog = 4, 25 EvtChannelConfigAccess = 5, 26 EvtChannelLoggingConfigRetention = 6, 27 EvtChannelLoggingConfigAutoBackup = 7, 28 EvtChannelLoggingConfigMaxSize = 8, 29 EvtChannelLoggingConfigLogFilePath = 9, 30 EvtChannelPublishingConfigLevel = 10, 31 EvtChannelPublishingConfigKeywords = 11, 32 EvtChannelPublishingConfigControlGuid = 12, 33 EvtChannelPublishingConfigBufferSize = 13, 34 EvtChannelPublishingConfigMinBuffers = 14, 35 EvtChannelPublishingConfigMaxBuffers = 15, 36 EvtChannelPublishingConfigLatency = 16, 37 EvtChannelPublishingConfigClockType = 17, 38 EvtChannelPublishingConfigSidType = 18, 39 EvtChannelPublisherList = 19, 40 EvtChannelPublishingConfigFileMax = 20, 41 EvtChannelConfigPropertyIdEND = 21 42 } EVT_CHANNEL_CONFIG_PROPERTY_ID; 43 44 typedef enum _EVT_CHANNEL_ISOLATION_TYPE { 45 EvtChannelIsolationTypeApplication = 0, 46 EvtChannelIsolationTypeSystem = 1, 47 EvtChannelIsolationTypeCustom = 2 48 } EVT_CHANNEL_ISOLATION_TYPE; 49 50 typedef enum _EVT_CHANNEL_REFERENCE_FLAGS { 51 EvtChannelReferenceImported = 0x1 52 } EVT_CHANNEL_REFERENCE_FLAGS; 53 54 typedef enum _EVT_CHANNEL_SID_TYPE { 55 EvtChannelSidTypeNone = 0, 56 EvtChannelSidTypePublishing = 1 57 } EVT_CHANNEL_SID_TYPE; 58 59 typedef enum _EVT_CHANNEL_TYPE { 60 EvtChannelTypeAdmin = 0, 61 EvtChannelTypeOperational = 1, 62 EvtChannelTypeAnalytic = 2, 63 EvtChannelTypeDebug = 3 64 } EVT_CHANNEL_TYPE; 65 66 typedef enum _EVT_EVENT_METADATA_PROPERTY_ID { 67 EventMetadataEventID = 0, 68 EventMetadataEventVersion = 1, 69 EventMetadataEventChannel = 2, 70 EventMetadataEventLevel = 3, 71 EventMetadataEventOpcode = 4, 72 EventMetadataEventTask = 5, 73 EventMetadataEventKeyword = 6, 74 EventMetadataEventMessageID = 7, 75 EventMetadataEventTemplate = 8, 76 EvtEventMetadataPropertyIdEND = 9 77 } EVT_EVENT_METADATA_PROPERTY_ID; 78 79 typedef enum _EVT_EVENT_PROPERTY_ID { 80 EvtEventQueryIDs = 0, 81 EvtEventPath = 1, 82 EvtEventPropertyIdEND = 2 83 } EVT_EVENT_PROPERTY_ID; 84 85 typedef enum _EVT_EXPORTLOG_FLAGS { 86 EvtExportLogChannelPath = 0x1, 87 EvtExportLogFilePath = 0x2, 88 EvtExportLogTolerateQueryErrors = 0x1000 89 } EVT_EXPORTLOG_FLAGS; 90 91 typedef enum _EVT_FORMAT_MESSAGE_FLAGS { 92 EvtFormatMessageEvent = 1, 93 EvtFormatMessageLevel = 2, 94 EvtFormatMessageTask = 3, 95 EvtFormatMessageOpcode = 4, 96 EvtFormatMessageKeyword = 5, 97 EvtFormatMessageChannel = 6, 98 EvtFormatMessageProvider = 7, 99 EvtFormatMessageId = 8, 100 EvtFormatMessageXml = 9 101 } EVT_FORMAT_MESSAGE_FLAGS; 102 103 typedef enum _EVT_LOG_PROPERTY_ID { 104 EvtLogCreationTime = 0, 105 EvtLogLastAccessTime = 1, 106 EvtLogLastWriteTime = 2, 107 EvtLogFileSize = 3, 108 EvtLogAttributes = 4, 109 EvtLogNumberOfLogRecords = 5, 110 EvtLogOldestRecordNumber = 6, 111 EvtLogFull = 7 112 } EVT_LOG_PROPERTY_ID; 113 114 typedef enum _EVT_LOGIN_CLASS { 115 EvtRpcLogin = 1 116 } EVT_LOGIN_CLASS; 117 118 typedef enum _EVT_OPEN_LOG_FLAGS { 119 EvtOpenChannelPath = 0x1, 120 EvtOpenFilePath = 0x2 121 } EVT_OPEN_LOG_FLAGS; 122 123 typedef enum _EVT_PUBLISHER_METADATA_PROPERTY_ID { 124 EvtPublisherMetadataPublisherGuid = 0, 125 EvtPublisherMetadataResourceFilePath, 126 EvtPublisherMetadataParameterFilePath, 127 EvtPublisherMetadataMessageFilePath, 128 EvtPublisherMetadataHelpLink, 129 EvtPublisherMetadataPublisherMessageID, 130 EvtPublisherMetadataChannelReferences, 131 EvtPublisherMetadataChannelReferencePath, 132 EvtPublisherMetadataChannelReferenceIndex, 133 EvtPublisherMetadataChannelReferenceID, 134 EvtPublisherMetadataChannelReferenceFlags, 135 EvtPublisherMetadataChannelReferenceMessageID, 136 EvtPublisherMetadataLevels, 137 EvtPublisherMetadataLevelName, 138 EvtPublisherMetadataLevelValue, 139 EvtPublisherMetadataLevelMessageID, 140 EvtPublisherMetadataTasks, 141 EvtPublisherMetadataTaskName, 142 EvtPublisherMetadataTaskEventGuid, 143 EvtPublisherMetadataTaskValue, 144 EvtPublisherMetadataTaskMessageID, 145 EvtPublisherMetadataOpcodes, 146 EvtPublisherMetadataOpcodeName, 147 EvtPublisherMetadataOpcodeValue, 148 EvtPublisherMetadataOpcodeMessageID, 149 EvtPublisherMetadataKeywords, 150 EvtPublisherMetadataKeywordName, 151 EvtPublisherMetadataKeywordValue, 152 EvtPublisherMetadataKeywordMessageID, 153 EvtPublisherMetadataPropertyIdEND 154 } EVT_PUBLISHER_METADATA_PROPERTY_ID; 155 156 typedef enum _EVT_QUERY_FLAGS { 157 EvtQueryChannelPath = 0x1, 158 EvtQueryFilePath = 0x2, 159 EvtQueryForwardDirection = 0x100, 160 EvtQueryReverseDirection = 0x200, 161 EvtQueryTolerateQueryErrors = 0x1000 162 } EVT_QUERY_FLAGS; 163 164 typedef enum _EVT_QUERY_PROPERTY_ID { 165 EvtQueryNames = 0, 166 EvtQueryStatuses = 1, 167 EvtQueryPropertyIdEND = 2 168 } EVT_QUERY_PROPERTY_ID; 169 170 typedef enum _EVT_RENDER_CONTEXT_FLAGS { 171 EvtRenderContextValues = 0, 172 EvtRenderContextSystem = 1, 173 EvtRenderContextUser = 2 174 } EVT_RENDER_CONTEXT_FLAGS; 175 176 typedef enum _EVT_RENDER_FLAGS { 177 EvtRenderEventValues = 0, 178 EvtRenderEventXml = 1, 179 EvtRenderBookmark = 2 180 } EVT_RENDER_FLAGS; 181 182 typedef struct _EVT_RPC_LOGIN { 183 LPWSTR Server; 184 LPWSTR User; 185 LPWSTR Domain; 186 LPWSTR Password; 187 DWORD Flags; 188 } EVT_RPC_LOGIN; 189 190 typedef enum _EVT_RPC_LOGIN_FLAGS { 191 EvtRpcLoginAuthDefault = 0, 192 EvtRpcLoginAuthNegotiate = 1, 193 EvtRpcLoginAuthKerberos = 2, 194 EvtRpcLoginAuthNTLM = 3 195 } EVT_RPC_LOGIN_FLAGS; 196 197 typedef enum _EVT_SEEK_FLAGS { 198 EvtSeekRelativeToFirst = 1, 199 EvtSeekRelativeToLast = 2, 200 EvtSeekRelativeToCurrent = 3, 201 EvtSeekRelativeToBookmark = 4, 202 EvtSeekOriginMask = 7, 203 EvtSeekStrict = 0x10000 204 } EVT_SEEK_FLAGS; 205 206 typedef enum _EVT_SUBSCRIBE_FLAGS { 207 EvtSubscribeToFutureEvents = 1, 208 EvtSubscribeStartAtOldestRecord = 2, 209 EvtSubscribeStartAfterBookmark = 3, 210 EvtSubscribeOriginMask = 0x3, 211 EvtSubscribeTolerateQueryErrors = 0x1000, 212 EvtSubscribeStrict = 0x10000 213 } EVT_SUBSCRIBE_FLAGS; 214 215 typedef enum _EVT_SUBSCRIBE_NOTIFY_ACTION { 216 EvtSubscribeActionError = 0, 217 EvtSubscribeActionDeliver = 1 218 } EVT_SUBSCRIBE_NOTIFY_ACTION; 219 220 typedef enum _EVT_SYSTEM_PROPERTY_ID { 221 EvtSystemProviderName = 0, 222 EvtSystemProviderGuid, 223 EvtSystemEventID, 224 EvtSystemQualifiers, 225 EvtSystemLevel, 226 EvtSystemTask, 227 EvtSystemOpcode, 228 EvtSystemKeywords, 229 EvtSystemTimeCreated, 230 EvtSystemEventRecordId, 231 EvtSystemActivityID, 232 EvtSystemRelatedActivityID, 233 EvtSystemProcessID, 234 EvtSystemThreadID, 235 EvtSystemChannel, 236 EvtSystemComputer, 237 EvtSystemUserID, 238 EvtSystemVersion, 239 EvtSystemPropertyIdEND 240 } EVT_SYSTEM_PROPERTY_ID; 241 242 typedef enum _EVT_VARIANT_TYPE { 243 EvtVarTypeNull = 0, 244 EvtVarTypeString = 1, 245 EvtVarTypeAnsiString = 2, 246 EvtVarTypeSByte = 3, 247 EvtVarTypeByte = 4, 248 EvtVarTypeInt16 = 5, 249 EvtVarTypeUInt16 = 6, 250 EvtVarTypeInt32 = 7, 251 EvtVarTypeUInt32 = 8, 252 EvtVarTypeInt64 = 9, 253 EvtVarTypeUInt64 = 10, 254 EvtVarTypeSingle = 11, 255 EvtVarTypeDouble = 12, 256 EvtVarTypeBoolean = 13, 257 EvtVarTypeBinary = 14, 258 EvtVarTypeGuid = 15, 259 EvtVarTypeSizeT = 16, 260 EvtVarTypeFileTime = 17, 261 EvtVarTypeSysTime = 18, 262 EvtVarTypeSid = 19, 263 EvtVarTypeHexInt32 = 20, 264 EvtVarTypeHexInt64 = 21, 265 EvtVarTypeEvtHandle = 32, 266 EvtVarTypeEvtXml = 35 267 } EVT_VARIANT_TYPE; 268 269 typedef HANDLE EVT_HANDLE; 270 typedef HANDLE EVT_OBJECT_ARRAY_PROPERTY_HANDLE; 271 272 typedef struct _EVT_VARIANT { 273 __C89_NAMELESS union { 274 WINBOOL BooleanVal; 275 INT8 SByteVal; 276 INT16 Int16Val; 277 INT32 Int32Val; 278 INT64 Int64Val; 279 UINT8 ByteVal; 280 UINT16 UInt16Val; 281 UINT32 UInt32Val; 282 UINT64 UInt64Val; 283 float SingleVal; 284 double DoubleVal; 285 ULONGLONG FileTimeVal; 286 SYSTEMTIME *SysTimeVal; 287 GUID *GuidVal; 288 LPCWSTR StringVal; 289 LPCSTR AnsiStringVal; 290 PBYTE BinaryVal; 291 PSID SidVal; 292 size_t SizeTVal; 293 EVT_HANDLE EvtHandleVal; 294 BOOL *BooleanArr; 295 INT8 *SByteArr; 296 INT16 *Int16Arr; 297 INT32 *Int32Arr; 298 INT64 *Int64Arr; 299 UINT8 *ByteArr; 300 UINT16 *UInt16Arr; 301 UINT32 *UInt32Arr; 302 UINT64 *UInt64Arr; 303 float *SingleArr; 304 double *DoubleArr; 305 FILETIME *FileTimeArr; 306 SYSTEMTIME *SysTimeArr; 307 GUID *GuidArr; 308 LPWSTR *StringArr; 309 LPSTR *AnsiStringArr; 310 PSID *SidArr; 311 size_t *SizeTArr; 312 LPCWSTR XmlVal; 313 LPCWSTR* XmlValArr; 314 }; 315 DWORD Count; 316 DWORD Type; 317 } EVT_VARIANT, *PEVT_VARIANT; 318 319 typedef DWORD ( WINAPI *EVT_SUBSCRIBE_CALLBACK )( 320 EVT_SUBSCRIBE_NOTIFY_ACTION Action, 321 PVOID UserContext, 322 EVT_HANDLE Event 323 ); 324 325 WINBOOL WINAPI EvtArchiveExportedLog( 326 EVT_HANDLE Session, 327 LPCWSTR LogFilePath, 328 LCID Locale, 329 DWORD Flags 330 ); 331 332 WINBOOL WINAPI EvtCancel( 333 EVT_HANDLE Object 334 ); 335 336 WINBOOL WINAPI EvtClearLog( 337 EVT_HANDLE Session, 338 LPCWSTR ChannelPath, 339 LPCWSTR TargetFilePath, 340 DWORD Flags 341 ); 342 343 WINBOOL WINAPI EvtClose( 344 EVT_HANDLE Object 345 ); 346 347 EVT_HANDLE WINAPI EvtCreateBookmark( 348 LPCWSTR BookmarkXml 349 ); 350 351 EVT_HANDLE WINAPI EvtCreateRenderContext( 352 DWORD ValuePathsCount, 353 LPCWSTR *ValuePaths, 354 DWORD Flags 355 ); 356 357 WINBOOL WINAPI EvtExportLog( 358 EVT_HANDLE Session, 359 LPCWSTR Path, 360 LPCWSTR Query, 361 LPCWSTR TargetFilePath, 362 DWORD Flags 363 ); 364 365 WINBOOL WINAPI EvtFormatMessage( 366 EVT_HANDLE PublisherMetadata, 367 EVT_HANDLE Event, 368 DWORD MessageId, 369 DWORD ValueCount, 370 PEVT_VARIANT Values, 371 DWORD Flags, 372 DWORD BufferSize, 373 LPWSTR Buffer, 374 PDWORD BufferUsed 375 ); 376 377 WINBOOL WINAPI EvtGetChannelConfigProperty( 378 EVT_HANDLE ChannelConfig, 379 EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId, 380 DWORD Flags, 381 DWORD PropertyValueBufferSize, 382 PEVT_VARIANT PropertyValueBuffer, 383 PDWORD PropertyValueBufferUsed 384 ); 385 386 WINBOOL WINAPI EvtGetEventInfo( 387 EVT_HANDLE Event, 388 EVT_EVENT_PROPERTY_ID PropertyId, 389 DWORD PropertyValueBufferSize, 390 PEVT_VARIANT PropertyValueBuffer, 391 PDWORD PropertyValueBufferUsed 392 ); 393 394 WINBOOL WINAPI EvtGetEventMetadataProperty( 395 EVT_HANDLE EventMetadata, 396 EVT_EVENT_METADATA_PROPERTY_ID PropertyId, 397 DWORD Flags, 398 DWORD EventMetadataPropertyBufferSize, 399 PEVT_VARIANT EventMetadataPropertyBuffer, 400 PDWORD EventMetadataPropertyBufferUsed 401 ); 402 403 DWORD WINAPI EvtGetExtendedStatus( 404 DWORD BufferSize, 405 LPWSTR Buffer, 406 PDWORD BufferUsed 407 ); 408 409 WINBOOL WINAPI EvtGetLogInfo( 410 EVT_HANDLE Log, 411 EVT_LOG_PROPERTY_ID PropertyId, 412 DWORD PropertyValueBufferSize, 413 PEVT_VARIANT PropertyValueBuffer, 414 PDWORD PropertyValueBufferUsed 415 ); 416 417 WINBOOL WINAPI EvtGetObjectArrayProperty( 418 EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray, 419 DWORD PropertyId, 420 DWORD ArrayIndex, 421 DWORD Flags, 422 DWORD PropertyValueBufferSize, 423 PEVT_VARIANT PropertyValueBuffer, 424 PDWORD PropertyValueBufferUsed 425 ); 426 427 WINBOOL WINAPI EvtGetObjectArraySize( 428 EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray, 429 PDWORD ObjectArraySize 430 ); 431 432 WINBOOL WINAPI EvtGetPublisherMetadataProperty( 433 EVT_HANDLE PublisherMetadata, 434 EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId, 435 DWORD Flags, 436 DWORD PublisherMetadataPropertyBufferSize, 437 PEVT_VARIANT PublisherMetadataPropertyBuffer, 438 PDWORD PublisherMetadataPropertyBufferUsed 439 ); 440 441 WINBOOL WINAPI EvtGetQueryInfo( 442 EVT_HANDLE QueryOrSubscription, 443 EVT_QUERY_PROPERTY_ID PropertyId, 444 DWORD PropertyValueBufferSize, 445 PEVT_VARIANT PropertyValueBuffer, 446 PDWORD PropertyValueBufferUsed 447 ); 448 449 WINBOOL WINAPI EvtNext( 450 EVT_HANDLE ResultSet, 451 DWORD EventArraySize, 452 EVT_HANDLE* EventArray, 453 DWORD Timeout, 454 DWORD Flags, 455 PDWORD Returned 456 ); 457 458 WINBOOL WINAPI EvtNextChannelPath( 459 EVT_HANDLE ChannelEnum, 460 DWORD ChannelPathBufferSize, 461 LPWSTR ChannelPathBuffer, 462 PDWORD ChannelPathBufferUsed 463 ); 464 465 EVT_HANDLE WINAPI EvtNextEventMetadata( 466 EVT_HANDLE EventMetadataEnum, 467 DWORD Flags 468 ); 469 470 WINBOOL WINAPI EvtNextPublisherId( 471 EVT_HANDLE PublisherEnum, 472 DWORD PublisherIdBufferSize, 473 LPWSTR PublisherIdBuffer, 474 PDWORD PublisherIdBufferUsed 475 ); 476 477 EVT_HANDLE WINAPI EvtOpenChannelConfig( 478 EVT_HANDLE Session, 479 LPCWSTR ChannelPath, 480 DWORD Flags 481 ); 482 483 EVT_HANDLE WINAPI EvtOpenChannelEnum( 484 EVT_HANDLE Session, 485 DWORD Flags 486 ); 487 488 EVT_HANDLE WINAPI EvtOpenEventMetadataEnum( 489 EVT_HANDLE PublisherMetadata, 490 DWORD Flags 491 ); 492 493 EVT_HANDLE WINAPI EvtOpenLog( 494 EVT_HANDLE Session, 495 LPCWSTR Path, 496 DWORD Flags 497 ); 498 499 EVT_HANDLE WINAPI EvtOpenPublisherEnum( 500 EVT_HANDLE Session, 501 DWORD Flags 502 ); 503 504 EVT_HANDLE WINAPI EvtOpenPublisherMetadata( 505 EVT_HANDLE Session, 506 LPCWSTR PublisherIdentity, 507 LPCWSTR LogFilePath, 508 LCID Locale, 509 DWORD Flags 510 ); 511 512 EVT_HANDLE WINAPI EvtOpenSession( 513 EVT_LOGIN_CLASS LoginClass, 514 PVOID Login, 515 DWORD Timeout, 516 DWORD Flags 517 ); 518 519 EVT_HANDLE WINAPI EvtQuery( 520 EVT_HANDLE Session, 521 LPCWSTR Path, 522 LPCWSTR Query, 523 DWORD Flags 524 ); 525 526 WINBOOL WINAPI EvtRender( 527 EVT_HANDLE Context, 528 EVT_HANDLE Fragment, 529 DWORD Flags, 530 DWORD BufferSize, 531 PVOID Buffer, 532 PDWORD BufferUsed, 533 PDWORD PropertyCount 534 ); 535 536 WINBOOL WINAPI EvtSaveChannelConfig( 537 EVT_HANDLE ChannelConfig, 538 DWORD Flags 539 ); 540 541 WINBOOL WINAPI EvtSeek( 542 EVT_HANDLE ResultSet, 543 LONGLONG Position, 544 EVT_HANDLE Bookmark, 545 DWORD Timeout, 546 DWORD Flags 547 ); 548 549 WINBOOL WINAPI EvtSetChannelConfigProperty( 550 EVT_HANDLE ChannelConfig, 551 EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId, 552 DWORD Flags, 553 PEVT_VARIANT PropertyValue 554 ); 555 556 EVT_HANDLE WINAPI EvtSubscribe( 557 EVT_HANDLE Session, 558 HANDLE SignalEvent, 559 LPCWSTR ChannelPath, 560 LPCWSTR Query, 561 EVT_HANDLE Bookmark, 562 PVOID context, 563 EVT_SUBSCRIBE_CALLBACK Callback, 564 DWORD Flags 565 ); 566 567 WINBOOL WINAPI EvtUpdateBookmark( 568 EVT_HANDLE Bookmark, 569 EVT_HANDLE Event 570 ); 571 572 #ifdef __cplusplus 573 } 574 #endif 575 #endif /*(_WIN32_WINNT >= 0x0600)*/ 576 #endif /*_INC_TDH*/ 577