6 #define WMIAPI __stdcall
8 #define WMIAPI DECLSPEC_IMPORT __stdcall
10 #endif /* MIDL_PASS */
19 DEFINE_GUID (EventTraceGuid
, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3);
20 DEFINE_GUID (SystemTraceControlGuid
, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39);
21 DEFINE_GUID (EventTraceConfigGuid
, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35);
22 DEFINE_GUID (DefaultTraceSecurityGuid
, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13);
24 #define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
25 #define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
26 #define EVENT_LOGGER_NAMEW L"EventLog"
27 #define DIAG_LOGGER_NAMEW L"DiagLog"
29 #define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
30 #define GLOBAL_LOGGER_NAMEA "GlobalLogger"
31 #define EVENT_LOGGER_NAMEA "EventLog"
32 #define DIAG_LOGGER_NAMEA "DiagLog"
34 #define MAX_MOF_FIELDS 16
36 #ifndef _TRACEHANDLE_DEFINED
37 #define _TRACEHANDLE_DEFINED
38 typedef ULONG64 TRACEHANDLE
, *PTRACEHANDLE
;
41 #define SYSTEM_EVENT_TYPE 1
43 #define EVENT_TRACE_TYPE_INFO 0x00
44 #define EVENT_TRACE_TYPE_START 0x01
45 #define EVENT_TRACE_TYPE_END 0x02
46 #define EVENT_TRACE_TYPE_STOP 0x02
47 #define EVENT_TRACE_TYPE_DC_START 0x03
48 #define EVENT_TRACE_TYPE_DC_END 0x04
49 #define EVENT_TRACE_TYPE_EXTENSION 0x05
50 #define EVENT_TRACE_TYPE_REPLY 0x06
51 #define EVENT_TRACE_TYPE_DEQUEUE 0x07
52 #define EVENT_TRACE_TYPE_RESUME 0x07
53 #define EVENT_TRACE_TYPE_CHECKPOINT 0x08
54 #define EVENT_TRACE_TYPE_SUSPEND 0x08
55 #define EVENT_TRACE_TYPE_WINEVT_SEND 0x09
56 #define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0
58 #define TRACE_LEVEL_NONE 0
59 #define TRACE_LEVEL_CRITICAL 1
60 #define TRACE_LEVEL_FATAL 1
61 #define TRACE_LEVEL_ERROR 2
62 #define TRACE_LEVEL_WARNING 3
63 #define TRACE_LEVEL_INFORMATION 4
64 #define TRACE_LEVEL_VERBOSE 5
65 #define TRACE_LEVEL_RESERVED6 6
66 #define TRACE_LEVEL_RESERVED7 7
67 #define TRACE_LEVEL_RESERVED8 8
68 #define TRACE_LEVEL_RESERVED9 9
70 #define EVENT_TRACE_TYPE_LOAD 0x0A
72 #define EVENT_TRACE_TYPE_IO_READ 0x0A
73 #define EVENT_TRACE_TYPE_IO_WRITE 0x0B
74 #define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C
75 #define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D
76 #define EVENT_TRACE_TYPE_IO_FLUSH 0x0E
77 #define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F
79 #define EVENT_TRACE_TYPE_MM_TF 0x0A
80 #define EVENT_TRACE_TYPE_MM_DZF 0x0B
81 #define EVENT_TRACE_TYPE_MM_COW 0x0C
82 #define EVENT_TRACE_TYPE_MM_GPF 0x0D
83 #define EVENT_TRACE_TYPE_MM_HPF 0x0E
84 #define EVENT_TRACE_TYPE_MM_AV 0x0F
86 #define EVENT_TRACE_TYPE_SEND 0x0A
87 #define EVENT_TRACE_TYPE_RECEIVE 0x0B
88 #define EVENT_TRACE_TYPE_CONNECT 0x0C
89 #define EVENT_TRACE_TYPE_DISCONNECT 0x0D
90 #define EVENT_TRACE_TYPE_RETRANSMIT 0x0E
91 #define EVENT_TRACE_TYPE_ACCEPT 0x0F
92 #define EVENT_TRACE_TYPE_RECONNECT 0x10
93 #define EVENT_TRACE_TYPE_CONNFAIL 0x11
94 #define EVENT_TRACE_TYPE_COPY_TCP 0x12
95 #define EVENT_TRACE_TYPE_COPY_ARP 0x13
96 #define EVENT_TRACE_TYPE_ACKFULL 0x14
97 #define EVENT_TRACE_TYPE_ACKPART 0x15
98 #define EVENT_TRACE_TYPE_ACKDUP 0x16
100 #define EVENT_TRACE_TYPE_GUIDMAP 0x0A
101 #define EVENT_TRACE_TYPE_CONFIG 0x0B
102 #define EVENT_TRACE_TYPE_SIDINFO 0x0C
103 #define EVENT_TRACE_TYPE_SECURITY 0x0D
105 #define EVENT_TRACE_TYPE_REGCREATE 0x0A
106 #define EVENT_TRACE_TYPE_REGOPEN 0x0B
107 #define EVENT_TRACE_TYPE_REGDELETE 0x0C
108 #define EVENT_TRACE_TYPE_REGQUERY 0x0D
109 #define EVENT_TRACE_TYPE_REGSETVALUE 0x0E
110 #define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F
111 #define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10
112 #define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11
113 #define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12
114 #define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13
115 #define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14
116 #define EVENT_TRACE_TYPE_REGFLUSH 0x15
117 #define EVENT_TRACE_TYPE_REGKCBCREATE 0x16
118 #define EVENT_TRACE_TYPE_REGKCBDELETE 0x17
119 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18
120 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19
121 #define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A
122 #define EVENT_TRACE_TYPE_REGCLOSE 0x1B
123 #define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C
124 #define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D
125 #define EVENT_TRACE_TYPE_REGCOMMIT 0x1E
126 #define EVENT_TRACE_TYPE_REGPREPARE 0x1F
127 #define EVENT_TRACE_TYPE_REGROLLBACK 0x20
128 #define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21
130 #define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A
131 #define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B
132 #define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C
133 #define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D
134 #define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E
135 #define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F
136 #define EVENT_TRACE_TYPE_CONFIG_POWER 0x10
137 #define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11
139 #define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15
140 #define EVENT_TRACE_TYPE_CONFIG_PNP 0x16
141 #define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17
142 #define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19
144 #define EVENT_TRACE_FLAG_PROCESS 0x00000001
145 #define EVENT_TRACE_FLAG_THREAD 0x00000002
146 #define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004
148 #define EVENT_TRACE_FLAG_DISK_IO 0x00000100
149 #define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200
151 #define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000
152 #define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000
154 #define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000
156 #define EVENT_TRACE_FLAG_REGISTRY 0x00020000
157 #define EVENT_TRACE_FLAG_DBGPRINT 0x00040000
159 #define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008
160 #define EVENT_TRACE_FLAG_CSWITCH 0x00000010
161 #define EVENT_TRACE_FLAG_DPC 0x00000020
162 #define EVENT_TRACE_FLAG_INTERRUPT 0x00000040
163 #define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080
165 #define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400
167 #define EVENT_TRACE_FLAG_ALPC 0x00100000
168 #define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000
170 #define EVENT_TRACE_FLAG_DRIVER 0x00800000
171 #define EVENT_TRACE_FLAG_PROFILE 0x01000000
172 #define EVENT_TRACE_FLAG_FILE_IO 0x02000000
173 #define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000
175 #define EVENT_TRACE_FLAG_DISPATCHER 0x00000800
176 #define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000
178 #define EVENT_TRACE_FLAG_EXTENSION 0x80000000
179 #define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000
180 #define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000
182 #define EVENT_TRACE_FILE_MODE_NONE 0x00000000
183 #define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001
184 #define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002
185 #define EVENT_TRACE_FILE_MODE_APPEND 0x00000004
187 #define EVENT_TRACE_REAL_TIME_MODE 0x00000100
188 #define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200
189 #define EVENT_TRACE_BUFFERING_MODE 0x00000400
190 #define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800
191 #define EVENT_TRACE_ADD_HEADER_MODE 0x00001000
193 #define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000
194 #define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000
196 #define EVENT_TRACE_RELOG_MODE 0x00010000
198 #define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000
200 #define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008
201 #define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020
203 #define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040
204 #define EVENT_TRACE_SECURE_MODE 0x00000080
205 #define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000
206 #define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000
207 #define EVENT_TRACE_MODE_RESERVED 0x00100000
209 #define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000
211 #define EVENT_TRACE_CONTROL_QUERY 0
212 #define EVENT_TRACE_CONTROL_STOP 1
213 #define EVENT_TRACE_CONTROL_UPDATE 2
215 #define EVENT_TRACE_CONTROL_FLUSH 3
217 #define TRACE_MESSAGE_SEQUENCE 1
218 #define TRACE_MESSAGE_GUID 2
219 #define TRACE_MESSAGE_COMPONENTID 4
220 #define TRACE_MESSAGE_TIMESTAMP 8
221 #define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16
222 #define TRACE_MESSAGE_SYSTEMINFO 32
224 #define TRACE_MESSAGE_POINTER32 0x0040
225 #define TRACE_MESSAGE_POINTER64 0x0080
227 #define TRACE_MESSAGE_FLAG_MASK 0xFFFF
229 #define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024
231 #define EVENT_TRACE_USE_PROCTIME 0x0001
232 #define EVENT_TRACE_USE_NOCPUTIME 0x0002
234 #define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
235 #define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000
236 #define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000
237 #define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000
238 #define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000
240 #define ETW_NULL_TYPE_VALUE 0
241 #define ETW_OBJECT_TYPE_VALUE 1
242 #define ETW_STRING_TYPE_VALUE 2
243 #define ETW_SBYTE_TYPE_VALUE 3
244 #define ETW_BYTE_TYPE_VALUE 4
245 #define ETW_INT16_TYPE_VALUE 5
246 #define ETW_UINT16_TYPE_VALUE 6
247 #define ETW_INT32_TYPE_VALUE 7
248 #define ETW_UINT32_TYPE_VALUE 8
249 #define ETW_INT64_TYPE_VALUE 9
250 #define ETW_UINT64_TYPE_VALUE 10
251 #define ETW_CHAR_TYPE_VALUE 11
252 #define ETW_SINGLE_TYPE_VALUE 12
253 #define ETW_DOUBLE_TYPE_VALUE 13
254 #define ETW_BOOLEAN_TYPE_VALUE 14
255 #define ETW_DECIMAL_TYPE_VALUE 15
257 #define ETW_GUID_TYPE_VALUE 101
258 #define ETW_ASCIICHAR_TYPE_VALUE 102
259 #define ETW_ASCIISTRING_TYPE_VALUE 103
260 #define ETW_COUNTED_STRING_TYPE_VALUE 104
261 #define ETW_POINTER_TYPE_VALUE 105
262 #define ETW_SIZET_TYPE_VALUE 106
263 #define ETW_HIDDEN_TYPE_VALUE 107
264 #define ETW_BOOL_TYPE_VALUE 108
265 #define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
266 #define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
267 #define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
268 #define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
269 #define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
270 #define ETW_REDUCED_STRING_TYPE_VALUE 114
271 #define ETW_SID_TYPE_VALUE 115
272 #define ETW_VARIANT_TYPE_VALUE 116
273 #define ETW_PTVECTOR_TYPE_VALUE 117
274 #define ETW_WMITIME_TYPE_VALUE 118
275 #define ETW_DATETIME_TYPE_VALUE 119
276 #define ETW_REFRENCE_TYPE_VALUE 120
278 #define TRACE_PROVIDER_FLAG_LEGACY 0x00000001
279 #define TRACE_PROVIDER_FLAG_PRE_ENABLE 0x00000002
281 #define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
282 #define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
283 #define EVENT_CONTROL_CODE_CAPTURE_STATE 2
285 #define DEFINE_TRACE_MOF_FIELD(MOF, ptr, length, type) \
286 (MOF)->DataPtr = (ULONG64)(ULONG_PTR) ptr; \
287 (MOF)->Length = (ULONG) length; \
288 (MOF)->DataType = (ULONG) type;
290 typedef struct _EVENT_TRACE_HEADER
{
292 _ANONYMOUS_UNION
union {
293 USHORT FieldTypeFlags
;
294 _ANONYMOUS_STRUCT
struct {
299 _ANONYMOUS_UNION
union {
309 LARGE_INTEGER TimeStamp
;
310 _ANONYMOUS_UNION
union {
314 _ANONYMOUS_UNION
union {
315 _ANONYMOUS_STRUCT
struct {
319 ULONG64 ProcessorTime
;
320 _ANONYMOUS_STRUCT
struct {
325 } EVENT_TRACE_HEADER
;
327 #ifndef PEVENT_TRACE_HEADER_DEFINED
328 #define PEVENT_TRACE_HEADER_DEFINED
329 typedef struct _EVENT_TRACE_HEADER
*PEVENT_TRACE_HEADER
;
332 typedef struct _EVENT_INSTANCE_HEADER
{
334 _ANONYMOUS_UNION
union {
335 USHORT FieldTypeFlags
;
336 _ANONYMOUS_STRUCT
struct {
341 _ANONYMOUS_UNION
union {
351 LARGE_INTEGER TimeStamp
;
354 ULONG ParentInstanceId
;
355 _ANONYMOUS_UNION
union {
356 _ANONYMOUS_STRUCT
struct {
360 ULONG64 ProcessorTime
;
361 _ANONYMOUS_STRUCT
struct {
366 ULONGLONG ParentRegHandle
;
367 } EVENT_INSTANCE_HEADER
, *PEVENT_INSTANCE_HEADER
;
369 typedef struct _MOF_FIELD
{
373 } MOF_FIELD
, *PMOF_FIELD
;
375 typedef struct _EVENT_INSTANCE_INFO
{
378 } EVENT_INSTANCE_INFO
, *PEVENT_INSTANCE_INFO
;
380 typedef struct _TRACE_GUID_PROPERTIES
{
387 } TRACE_GUID_PROPERTIES
, *PTRACE_GUID_PROPERTIES
;
389 typedef struct _ETW_BUFFER_CONTEXT
{
390 UCHAR ProcessorNumber
;
393 } ETW_BUFFER_CONTEXT
, *PETW_BUFFER_CONTEXT
;
395 typedef struct _TRACE_ENABLE_INFO
{
400 ULONG EnableProperty
;
402 ULONGLONG MatchAnyKeyword
;
403 ULONGLONG MatchAllKeyword
;
404 } TRACE_ENABLE_INFO
, *PTRACE_ENABLE_INFO
;
406 typedef struct _TRACE_PROVIDER_INSTANCE_INFO
{
411 } TRACE_PROVIDER_INSTANCE_INFO
, *PTRACE_PROVIDER_INSTANCE_INFO
;
413 typedef struct _TRACE_GUID_INFO
{
416 } TRACE_GUID_INFO
, *PTRACE_GUID_INFO
;
418 typedef struct _EVENT_TRACE
{
419 EVENT_TRACE_HEADER Header
;
421 ULONG ParentInstanceId
;
425 _ANONYMOUS_UNION
union {
427 ETW_BUFFER_CONTEXT BufferContext
;
429 } EVENT_TRACE
, *PEVENT_TRACE
;
431 #if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_)
433 typedef struct _TRACE_LOGFILE_HEADER
{
435 _ANONYMOUS_UNION
union {
441 UCHAR SubMinorVersion
;
444 ULONG ProviderVersion
;
445 ULONG NumberOfProcessors
;
446 LARGE_INTEGER EndTime
;
447 ULONG TimerResolution
;
448 ULONG MaximumFileSize
;
450 ULONG BuffersWritten
;
451 _ANONYMOUS_UNION
union {
452 GUID LogInstanceGuid
;
453 _ANONYMOUS_STRUCT
struct {
463 RTL_TIME_ZONE_INFORMATION TimeZone
;
467 TIME_ZONE_INFORMATION TimeZone
;
469 LARGE_INTEGER BootTime
;
470 LARGE_INTEGER PerfFreq
;
471 LARGE_INTEGER StartTime
;
474 } TRACE_LOGFILE_HEADER
, *PTRACE_LOGFILE_HEADER
;
476 typedef struct _TRACE_LOGFILE_HEADER32
{
478 _ANONYMOUS_UNION
union {
484 UCHAR SubMinorVersion
;
487 ULONG ProviderVersion
;
488 ULONG NumberOfProcessors
;
489 LARGE_INTEGER EndTime
;
490 ULONG TimerResolution
;
491 ULONG MaximumFileSize
;
493 ULONG BuffersWritten
;
494 _ANONYMOUS_UNION
union {
495 GUID LogInstanceGuid
;
496 _ANONYMOUS_STRUCT
struct {
506 RTL_TIME_ZONE_INFORMATION TimeZone
;
510 TIME_ZONE_INFORMATION TimeZone
;
512 LARGE_INTEGER BootTime
;
513 LARGE_INTEGER PerfFreq
;
514 LARGE_INTEGER StartTime
;
517 } TRACE_LOGFILE_HEADER32
, *PTRACE_LOGFILE_HEADER32
;
519 typedef struct _TRACE_LOGFILE_HEADER64
{
521 _ANONYMOUS_UNION
union {
527 UCHAR SubMinorVersion
;
530 ULONG ProviderVersion
;
531 ULONG NumberOfProcessors
;
532 LARGE_INTEGER EndTime
;
533 ULONG TimerResolution
;
534 ULONG MaximumFileSize
;
536 ULONG BuffersWritten
;
537 _ANONYMOUS_UNION
union {
538 GUID LogInstanceGuid
;
539 _ANONYMOUS_STRUCT
struct {
549 RTL_TIME_ZONE_INFORMATION TimeZone
;
553 TIME_ZONE_INFORMATION TimeZone
;
555 LARGE_INTEGER BootTime
;
556 LARGE_INTEGER PerfFreq
;
557 LARGE_INTEGER StartTime
;
560 } TRACE_LOGFILE_HEADER64
, *PTRACE_LOGFILE_HEADER64
;
562 #endif /* !_NTDDK_ || _WMIKM_ */
564 #if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_)
566 #define ENABLE_TRACE_PARAMETERS_VERSION 1
568 typedef struct _EVENT_TRACE_PROPERTIES
{
571 ULONG MinimumBuffers
;
572 ULONG MaximumBuffers
;
573 ULONG MaximumFileSize
;
578 ULONG NumberOfBuffers
;
581 ULONG BuffersWritten
;
582 ULONG LogBuffersLost
;
583 ULONG RealTimeBuffersLost
;
584 HANDLE LoggerThreadId
;
585 ULONG LogFileNameOffset
;
586 ULONG LoggerNameOffset
;
587 } EVENT_TRACE_PROPERTIES
, *PEVENT_TRACE_PROPERTIES
;
589 typedef struct _TRACE_GUID_REGISTRATION
{
592 } TRACE_GUID_REGISTRATION
, *PTRACE_GUID_REGISTRATION
;
594 typedef struct _EVENT_RECORD EVENT_RECORD
, *PEVENT_RECORD
;
595 typedef struct _EVENT_TRACE_LOGFILEW EVENT_TRACE_LOGFILEW
, *PEVENT_TRACE_LOGFILEW
;
596 typedef struct _EVENT_TRACE_LOGFILEA EVENT_TRACE_LOGFILEA
, *PEVENT_TRACE_LOGFILEA
;
597 typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR
, *PEVENT_FILTER_DESCRIPTOR
;
600 (WINAPI
*PEVENT_TRACE_BUFFER_CALLBACKW
)(
601 PEVENT_TRACE_LOGFILEW Logfile
);
604 (WINAPI
*PEVENT_TRACE_BUFFER_CALLBACKA
)(
605 PEVENT_TRACE_LOGFILEA Logfile
);
608 (WINAPI
*PEVENT_CALLBACK
)(
609 PEVENT_TRACE pEvent
);
612 (WINAPI
*PEVENT_RECORD_CALLBACK
)(
613 PEVENT_RECORD EventRecord
);
616 (WINAPI
*WMIDPREQUEST
)(
617 IN WMIDPREQUESTCODE RequestCode
,
618 IN PVOID RequestContext
,
619 IN OUT ULONG
*BufferSize
,
620 IN OUT PVOID Buffer
);
622 struct _EVENT_TRACE_LOGFILEW
{
625 LONGLONG CurrentTime
;
627 _ANONYMOUS_UNION
union {
629 ULONG ProcessTraceMode
;
631 EVENT_TRACE CurrentEvent
;
632 TRACE_LOGFILE_HEADER LogfileHeader
;
633 PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback
;
637 _ANONYMOUS_UNION
union {
638 PEVENT_CALLBACK EventCallback
;
639 PEVENT_RECORD_CALLBACK EventRecordCallback
;
645 struct _EVENT_TRACE_LOGFILEA
{
648 LONGLONG CurrentTime
;
650 _ANONYMOUS_UNION
union {
652 ULONG ProcessTraceMode
;
654 EVENT_TRACE CurrentEvent
;
655 TRACE_LOGFILE_HEADER LogfileHeader
;
656 PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback
;
660 _ANONYMOUS_UNION
union {
661 PEVENT_CALLBACK EventCallback
;
662 PEVENT_RECORD_CALLBACK EventRecordCallback
;
668 #if defined(_UNICODE) || defined(UNICODE)
670 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
671 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
672 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
673 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
674 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
675 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
679 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
680 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
681 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
682 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
683 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
684 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
686 #endif /* defined(_UNICODE) || defined(UNICODE) */
688 typedef enum _TRACE_QUERY_INFO_CLASS
{
691 TraceGuidQueryProcess
,
692 TraceStackTracingInfo
,
694 } TRACE_QUERY_INFO_CLASS
, TRACE_INFO_CLASS
;
696 typedef struct _CLASSIC_EVENT_ID
{
700 } CLASSIC_EVENT_ID
, *PCLASSIC_EVENT_ID
;
702 typedef struct _ENABLE_TRACE_PARAMETERS
{
704 ULONG EnableProperty
;
707 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc
;
708 } ENABLE_TRACE_PARAMETERS
, *PENABLE_TRACE_PARAMETERS
;
710 #define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE)
712 #if defined(UNICODE) || defined(_UNICODE)
714 #define RegisterTraceGuids RegisterTraceGuidsW
715 #define StartTrace StartTraceW
716 #define ControlTrace ControlTraceW
718 #if defined(__TRACE_W2K_COMPATIBLE)
720 #define StopTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
721 #define QueryTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
722 #define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
726 #define StopTrace StopTraceW
727 #define QueryTrace QueryTraceW
728 #define UpdateTrace UpdateTraceW
730 #endif /* defined(__TRACE_W2K_COMPATIBLE) */
732 #if (NTDDI_VERSION >= NTDDI_WINXP)
733 #define FlushTrace FlushTraceW
736 #define QueryAllTraces QueryAllTracesW
737 #define OpenTrace OpenTraceW
739 #else /* defined(UNICODE) || defined(_UNICODE) */
741 #define RegisterTraceGuids RegisterTraceGuidsA
742 #define StartTrace StartTraceA
743 #define ControlTrace ControlTraceA
745 #if defined(__TRACE_W2K_COMPATIBLE)
747 #define StopTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
748 #define QueryTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
749 #define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
753 #define StopTrace StopTraceA
754 #define QueryTrace QueryTraceA
755 #define UpdateTrace UpdateTraceA
757 #endif /* defined(__TRACE_W2K_COMPATIBLE) */
759 #if (NTDDI_VERSION >= NTDDI_WINXP)
760 #define FlushTrace FlushTraceA
763 #define QueryAllTraces QueryAllTracesA
764 #define OpenTrace OpenTraceA
766 #endif /* defined(UNICODE) || defined(_UNICODE) */
772 OUT PTRACEHANDLE TraceHandle
,
773 IN LPCWSTR InstanceName
,
774 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
780 OUT PTRACEHANDLE TraceHandle
,
781 IN LPCSTR InstanceName
,
782 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
788 IN TRACEHANDLE TraceHandle
,
789 IN LPCWSTR InstanceName OPTIONAL
,
790 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
796 IN TRACEHANDLE TraceHandle
,
797 IN LPCSTR InstanceName OPTIONAL
,
798 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
804 IN TRACEHANDLE TraceHandle
,
805 IN LPCWSTR InstanceName OPTIONAL
,
806 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
812 IN TRACEHANDLE TraceHandle
,
813 IN LPCSTR InstanceName OPTIONAL
,
814 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
820 IN TRACEHANDLE TraceHandle
,
821 IN LPCWSTR InstanceName OPTIONAL
,
822 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
828 IN TRACEHANDLE TraceHandle
,
829 IN LPCSTR InstanceName OPTIONAL
,
830 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
836 IN TRACEHANDLE TraceHandle
,
837 IN LPCWSTR InstanceName OPTIONAL
,
838 IN OUT PEVENT_TRACE_PROPERTIES Properties
,
839 IN ULONG ControlCode
);
845 IN TRACEHANDLE TraceHandle
,
846 IN LPCSTR InstanceName OPTIONAL
,
847 IN OUT PEVENT_TRACE_PROPERTIES Properties
,
848 IN ULONG ControlCode
);
854 OUT PEVENT_TRACE_PROPERTIES
*PropertyArray
,
855 IN ULONG PropertyArrayCount
,
856 OUT PULONG LoggerCount
);
862 OUT PEVENT_TRACE_PROPERTIES
*PropertyArray
,
863 IN ULONG PropertyArrayCount
,
864 OUT PULONG LoggerCount
);
872 IN ULONG EnableLevel
,
873 IN LPCGUID ControlGuid
,
874 IN TRACEHANDLE TraceHandle
);
879 CreateTraceInstanceId(
881 IN OUT PEVENT_INSTANCE_INFO InstInfo
);
887 IN TRACEHANDLE TraceHandle
,
888 IN PEVENT_TRACE_HEADER EventTrace
);
894 IN TRACEHANDLE TraceHandle
,
895 IN PEVENT_INSTANCE_HEADER EventTrace
,
896 IN PEVENT_INSTANCE_INFO InstInfo
,
897 IN PEVENT_INSTANCE_INFO ParentInstInfo OPTIONAL
);
903 IN WMIDPREQUEST RequestAddress
,
904 IN PVOID RequestContext OPTIONAL
,
905 IN LPCGUID ControlGuid
,
907 IN PTRACE_GUID_REGISTRATION TraceGuidReg OPTIONAL
,
908 IN LPCWSTR MofImagePath OPTIONAL
,
909 IN LPCWSTR MofResourceName OPTIONAL
,
910 OUT PTRACEHANDLE RegistrationHandle
);
916 IN WMIDPREQUEST RequestAddress
,
917 IN PVOID RequestContext OPTIONAL
,
918 IN LPCGUID ControlGuid
,
920 IN PTRACE_GUID_REGISTRATION TraceGuidReg OPTIONAL
,
921 IN LPCSTR MofImagePath OPTIONAL
,
922 IN LPCSTR MofResourceName OPTIONAL
,
923 OUT PTRACEHANDLE RegistrationHandle
);
928 UnregisterTraceGuids(
929 IN TRACEHANDLE RegistrationHandle
);
934 GetTraceLoggerHandle(
941 IN TRACEHANDLE TraceHandle
);
947 IN TRACEHANDLE TraceHandle
);
953 IN OUT PEVENT_TRACE_LOGFILEA Logfile
);
959 IN OUT PEVENT_TRACE_LOGFILEW Logfile
);
965 IN PTRACEHANDLE HandleArray
,
966 IN ULONG HandleCount
,
967 IN LPFILETIME StartTime OPTIONAL
,
968 IN LPFILETIME EndTime OPTIONAL
);
974 IN TRACEHANDLE TraceHandle
);
981 IN PEVENT_CALLBACK EventCallback
);
993 IN TRACEHANDLE LoggerHandle
,
994 IN ULONG MessageFlags
,
995 IN LPCGUID MessageGuid
,
996 IN USHORT MessageNumber
,
1002 IN TRACEHANDLE LoggerHandle
,
1003 IN ULONG MessageFlags
,
1004 IN LPCGUID MessageGuid
,
1005 IN USHORT MessageNumber
,
1006 IN
va_list MessageArgList
);
1008 #if (WINVER >= _WIN32_WINNT_WINXP)
1013 EnumerateTraceGuids(
1014 IN OUT PTRACE_GUID_PROPERTIES
*GuidPropertiesArray
,
1015 IN ULONG PropertyArrayCount
,
1016 OUT PULONG GuidCount
);
1022 IN TRACEHANDLE TraceHandle
,
1023 IN LPCWSTR InstanceName OPTIONAL
,
1024 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
1030 IN TRACEHANDLE TraceHandle
,
1031 IN LPCSTR InstanceName OPTIONAL
,
1032 IN OUT PEVENT_TRACE_PROPERTIES Properties
);
1034 #endif /* (WINVER >= _WIN32_WINNT_WINXP) */
1036 #if (WINVER >= _WIN32_WINNT_VISTA)
1042 IN LPCGUID ProviderId
,
1043 IN LPCGUID SourceId OPTIONAL
,
1044 IN TRACEHANDLE TraceHandle
,
1047 IN ULONGLONG MatchAnyKeyword
,
1048 IN ULONGLONG MatchAllKeyword
,
1049 IN ULONG EnableProperty
,
1050 IN PEVENT_FILTER_DESCRIPTOR EnableFilterDesc OPTIONAL
);
1055 EnumerateTraceGuidsEx(
1056 IN TRACE_QUERY_INFO_CLASS TraceQueryInfoClass
,
1057 IN PVOID InBuffer OPTIONAL
,
1058 IN ULONG InBufferSize
,
1059 OUT PVOID OutBuffer OPTIONAL
,
1060 IN ULONG OutBufferSize
,
1061 OUT PULONG ReturnLength
);
1063 #endif /* (WINVER >= _WIN32_WINNT_VISTA) */
1065 #if (WINVER >= _WIN32_WINNT_WIN7)
1071 IN TRACEHANDLE TraceHandle
,
1072 IN LPCGUID ProviderId
,
1073 IN ULONG ControlCode
,
1075 IN ULONGLONG MatchAnyKeyword
,
1076 IN ULONGLONG MatchAllKeyword
,
1078 IN PENABLE_TRACE_PARAMETERS EnableParameters OPTIONAL
);
1083 TraceSetInformation(
1084 IN TRACEHANDLE SessionHandle
,
1085 IN TRACE_INFO_CLASS InformationClass
,
1086 IN PVOID TraceInformation
,
1087 IN ULONG InformationLength
);
1089 #endif /* (WINVER >= _WIN32_WINNT_WIN7) */
1091 #endif /* !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) */