/* * Event Log RPC interface definition */ #include cpp_quote("#if !defined(__EVENTLOG_H__) && !defined(__ADVAPI32_H)") typedef long NTSTATUS; cpp_quote("#endif") #define MAX_BATCH_BUFF 0x0007FFFF typedef [range(0, MAX_BATCH_BUFF)] unsigned long RULONG; typedef struct _RPC_STRING { USHORT Length; USHORT MaximumLength; [size_is(MaximumLength), length_is(Length)] LPSTR Buffer; } RPC_STRING, *PRPC_STRING; typedef /*[context_handle]*/ unsigned long IELF_HANDLE; typedef IELF_HANDLE *PIELF_HANDLE; typedef /*[handle, unique]*/ LPWSTR EVENTLOG_HANDLE_W; typedef /*[handle, unique]*/ LPSTR EVENTLOG_HANDLE_A; typedef struct _RPC_CLIENT_ID { DWORD UniqueProcess; DWORD UniqueThread; } RPC_CLIENT_ID, *PRPC_CLIENT_ID; [ uuid(82273FDC-E32A-18C3-3F78-827929DC23EA), version(0.0), pointer_default(unique) #ifndef __midl ,explicit_handle #endif ] interface eventlog { /* Function 0 */ NTSTATUS ElfrClearELFW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in, unique] PRPC_UNICODE_STRING BackupFileName); /* Function 1 */ NTSTATUS ElfrBackupELFW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in, unique] PRPC_UNICODE_STRING BackupFileName); /* Function 2 */ NTSTATUS ElfrCloseEL( #ifndef __midl [in] handle_t BindingHandle, #endif [in, out] IELF_HANDLE *LogHandle); /* Function 3 */ NTSTATUS ElfrDeregisterEventSource( #ifndef __midl [in] handle_t BindingHandle, #endif [in, out] IELF_HANDLE *LogHandle); /* Function 4 */ NTSTATUS ElfrNumberOfRecords( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [out] DWORD *NumberOfRecords); /* Function 5 */ NTSTATUS ElfrOldestRecord( #ifndef __midl handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [out] DWORD *OldestRecordNumber); /* Function 6 */ NTSTATUS ElfrChangeNotify( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE *LogHandle, [in] RPC_CLIENT_ID ClientId, [in] DWORD Event); /* Function 7 */ NTSTATUS ElfrOpenELW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] EVENTLOG_HANDLE_W UNCServerName, [in] PRPC_UNICODE_STRING ModuleName, [in] PRPC_UNICODE_STRING RegModuleName, [in] DWORD MajorVersion, [in] DWORD MinorVersion, [out] IELF_HANDLE* LogHandle); /* Function 8 */ NTSTATUS ElfrRegisterEventSourceW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] EVENTLOG_HANDLE_W UNCServerName, [in] PRPC_UNICODE_STRING ModuleName, [in] PRPC_UNICODE_STRING RegModuleName, [in] DWORD MajorVersion, [in] DWORD MinorVersion, [out] IELF_HANDLE* LogHandle); /* Function 9 */ NTSTATUS ElfrOpenBELW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] EVENTLOG_HANDLE_W UNCServerName, [in] PRPC_UNICODE_STRING BackupFileName, [in] DWORD MajorVersion, [in] DWORD MinorVersion, [out] IELF_HANDLE* LogHandle); /* Function 10 */ NTSTATUS ElfrReadELW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in] DWORD ReadFlags, [in] DWORD RecordOffset, [in] RULONG NumberOfBytesToRead, [out, size_is(NumberOfBytesToRead)] BYTE *Buffer, [out] DWORD *NumberOfBytesRead, [out] DWORD *MinNumberOfBytesNeeded); /* Function 11 */ NTSTATUS ElfrReportEventW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in] DWORD Time, [in] USHORT EventType, [in] USHORT EventCategory, [in] DWORD EventID, [in, range(0, 256)] USHORT NumStrings, [in, range(0, 61440)] DWORD DataSize, [in] PRPC_UNICODE_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], [in, size_is(DataSize), unique] BYTE *Data, [in] USHORT Flags, [in, out, unique] DWORD *RecordNumber, [in, out, unique] DWORD *TimeWritten); /* Function 12 */ NTSTATUS ElfrClearELFA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in, unique] PRPC_STRING BackupFileName); /* Function 13 */ NTSTATUS ElfrBackupELFA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in, unique] PRPC_STRING BackupFileName); /* Function 14 */ NTSTATUS ElfrOpenELA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] EVENTLOG_HANDLE_A UNCServerName, [in] PRPC_STRING ModuleName, [in] PRPC_STRING RegModuleName, [in] DWORD MajorVersion, [in] DWORD MinorVersion, [out] IELF_HANDLE* LogHandle); /* Function 15 */ NTSTATUS ElfrRegisterEventSourceA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] EVENTLOG_HANDLE_A UNCServerName, [in] PRPC_STRING ModuleName, [in] PRPC_STRING RegModuleName, [in] DWORD MajorVersion, [in] DWORD MinorVersion, [out] IELF_HANDLE* LogHandle); /* Function 16 */ NTSTATUS ElfrOpenBELA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] EVENTLOG_HANDLE_A UNCServerName, [in] PRPC_STRING BackupFileName, [in] DWORD MajorVersion, [in] DWORD MinorVersion, [out] IELF_HANDLE* LogHandle); /* Function 17 */ NTSTATUS ElfrReadELA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in] DWORD ReadFlags, [in] DWORD RecordOffset, [in] RULONG NumberOfBytesToRead, [out, size_is(NumberOfBytesToRead)] BYTE *Buffer, [out] DWORD *NumberOfBytesRead, [out] DWORD *MinNumberOfBytesNeeded); /* Function 18 */ NTSTATUS ElfrReportEventA( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in] DWORD Time, [in] USHORT EventType, [in] USHORT EventCategory, [in] DWORD EventID, [in, range(0, 256)] USHORT NumStrings, [in, range(0, 61440)] DWORD DataSize, [in] PRPC_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_STRING Strings[*], [in, size_is(DataSize), unique] BYTE *Data, [in] USHORT Flags, [in, out, unique] DWORD *RecordNumber, [in, out, unique] DWORD *TimeWritten); /* Function 19 */ NTSTATUS ElfrRegisterClusterSvc( #ifndef __midl [in] handle_t BindingHandle #endif ); /* FIXME */ /* Function 20 */ NTSTATUS ElfrDeregisterClusterSvc( #ifndef __midl [in] handle_t BindingHandle #endif ); /* FIXME */ /* Function 21 */ NTSTATUS ElfrWriteClusterEvents( #ifndef __midl [in] handle_t BindingHandle #endif ); /* FIXME */ /* Function 22 */ NTSTATUS ElfrGetLogInformation( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in] DWORD InfoLevel, [out, size_is(cbBufSize)] BYTE *Buffer, [in, range(0, 1024)] DWORD cbBufSize, [out] DWORD *pcbBytesNeeded); /* Function 23 */ NTSTATUS ElfrFlushEL( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle); /* Function 24 */ NTSTATUS ElfrReportEventAndSourceW( #ifndef __midl [in] handle_t BindingHandle, #endif [in] IELF_HANDLE LogHandle, [in] DWORD Time, [in] USHORT EventType, [in] USHORT EventCategory, [in] ULONG EventID, [in] PRPC_UNICODE_STRING SourceName, [in, range(0, 256)] USHORT NumStrings, [in, range(0, 61440)] DWORD DataSize, [in] PRPC_UNICODE_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], [in, size_is(DataSize), unique] BYTE *Data, [in] USHORT Flags, [in, out, unique] DWORD *RecordNumber, [in, out, unique] DWORD *TimeWritten); }