UMSKT
/
xpmgr
mirror of https://github.com/UMSKT/xpmgr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xpmgr/BuildTools/Include/winevt.h

775 lines
21 KiB
C
Raw Blame History

/*++
Copyright (C) Microsoft Corporation. All rights reserved.
Module Name:
winevt.h
Abstract:
Windows Events API
--*/
#ifndef __WINEVT_H__
#define __WINEVT_H__
#ifdef __cplusplus
extern "C"
{
#endif
#if (WINVER >= _WIN32_WINNT_LONGHORN)
typedef HANDLE EVT_HANDLE, *PEVT_HANDLE;
typedef enum _EVT_VARIANT_TYPE
{
EvtVarTypeNull = 0,
EvtVarTypeString = 1,
EvtVarTypeAnsiString = 2,
EvtVarTypeSByte = 3,
EvtVarTypeByte = 4,
EvtVarTypeInt16 = 5,
EvtVarTypeUInt16 = 6,
EvtVarTypeInt32 = 7,
EvtVarTypeUInt32 = 8,
EvtVarTypeInt64 = 9,
EvtVarTypeUInt64 = 10,
EvtVarTypeSingle = 11,
EvtVarTypeDouble = 12,
EvtVarTypeBoolean = 13,
EvtVarTypeBinary = 14,
EvtVarTypeGuid = 15,
EvtVarTypeSizeT = 16,
EvtVarTypeFileTime = 17,
EvtVarTypeSysTime = 18,
EvtVarTypeSid = 19,
EvtVarTypeHexInt32 = 20,
EvtVarTypeHexInt64 = 21,
// these types used internally
EvtVarTypeEvtHandle = 32,
EvtVarTypeEvtXml = 35
} EVT_VARIANT_TYPE;
#define EVT_VARIANT_TYPE_MASK 0x7f
#define EVT_VARIANT_TYPE_ARRAY 128
typedef struct _EVT_VARIANT
{
union
{
BOOL BooleanVal;
INT8 SByteVal;
INT16 Int16Val;
INT32 Int32Val;
INT64 Int64Val;
UINT8 ByteVal;
UINT16 UInt16Val;
UINT32 UInt32Val;
UINT64 UInt64Val;
float SingleVal;
double DoubleVal;
ULONGLONG FileTimeVal;
SYSTEMTIME* SysTimeVal;
GUID* GuidVal;
LPCWSTR StringVal;
LPCSTR AnsiStringVal;
PBYTE BinaryVal;
PSID SidVal;
size_t SizeTVal;
// array fields
BOOL* BooleanArr;
INT8* SByteArr;
INT16* Int16Arr;
INT32* Int32Arr;
INT64* Int64Arr;
UINT8* ByteArr;
UINT16* UInt16Arr;
UINT32* UInt32Arr;
UINT64* UInt64Arr;
float* SingleArr;
double* DoubleArr;
FILETIME* FileTimeArr;
SYSTEMTIME* SysTimeArr;
GUID* GuidArr;
LPWSTR* StringArr;
LPSTR* AnsiStringArr;
PSID* SidArr;
size_t* SizeTArr;
// internal fields
EVT_HANDLE EvtHandleVal;
LPCWSTR XmlVal;
LPCWSTR* XmlValArr;
};
DWORD Count; // number of elements (not length) in bytes.
DWORD Type;
} EVT_VARIANT, *PEVT_VARIANT;
////////////////////////////////////////////////////////////////////////////////
//
// Sessions
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_LOGIN_CLASS
{
EvtRpcLogin = 1
} EVT_LOGIN_CLASS;
typedef enum _EVT_RPC_LOGIN_FLAGS
{
EvtRpcLoginAuthDefault = 0,
EvtRpcLoginAuthNegotiate,
EvtRpcLoginAuthKerberos,
EvtRpcLoginAuthNTLM
} EVT_RPC_LOGIN_FLAGS;
typedef struct _EVT_RPC_LOGIN
{
// all str params are optional
LPWSTR Server;
LPWSTR User;
LPWSTR Domain;
LPWSTR Password;
DWORD Flags; // EVT_RPC_LOGIN_FLAGS
} EVT_RPC_LOGIN;
EVT_HANDLE WINAPI EvtOpenSession(
EVT_LOGIN_CLASS LoginClass,
PVOID Login,
__reserved DWORD Timeout, // currently must be 0
__reserved DWORD Flags // currently must be 0
);
////////////////////////////////////////////////////////////////////////////////
//
// General Purpose Functions
//
////////////////////////////////////////////////////////////////////////////////
BOOL WINAPI EvtClose(
EVT_HANDLE Object
);
BOOL WINAPI EvtCancel(
EVT_HANDLE Object
);
DWORD WINAPI EvtGetExtendedStatus(
DWORD BufferSize,
__out_ecount_part_opt(BufferSize, *BufferUsed) LPWSTR Buffer,
__out PDWORD BufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Queries
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_QUERY_FLAGS
{
EvtQueryChannelPath = 0x1,
EvtQueryFilePath = 0x2,
EvtQueryForwardDirection = 0x100,
EvtQueryReverseDirection = 0x200,
EvtQueryTolerateQueryErrors = 0x1000
} EVT_QUERY_FLAGS;
typedef enum _EVT_SEEK_FLAGS
{
EvtSeekRelativeToFirst = 1,
EvtSeekRelativeToLast = 2,
EvtSeekRelativeToCurrent = 3,
EvtSeekRelativeToBookmark = 4,
EvtSeekOriginMask = 7,
EvtSeekStrict = 0x10000,
} EVT_SEEK_FLAGS;
EVT_HANDLE WINAPI EvtQuery(
EVT_HANDLE Session,
LPCWSTR Path,
LPCWSTR Query,
DWORD Flags
);
BOOL WINAPI EvtNext(
EVT_HANDLE ResultSet,
DWORD EventsSize,
PEVT_HANDLE Events,
DWORD Timeout,
DWORD Flags,
__out PDWORD Returned
);
BOOL WINAPI EvtSeek(
EVT_HANDLE ResultSet,
LONGLONG Position,
EVT_HANDLE Bookmark,
__reserved DWORD Timeout, // currently must be 0
DWORD Flags
);
////////////////////////////////////////////////////////////////////////////////
//
// Subscriptions
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_SUBSCRIBE_FLAGS
{
EvtSubscribeToFutureEvents = 1,
EvtSubscribeStartAtOldestRecord = 2,
EvtSubscribeStartAfterBookmark = 3,
EvtSubscribeOriginMask = 3,
EvtSubscribeTolerateQueryErrors = 0x1000,
EvtSubscribeStrict = 0x10000,
} EVT_SUBSCRIBE_FLAGS;
typedef enum _EVT_SUBSCRIBE_NOTIFY_ACTION
{
EvtSubscribeActionError = 0,
EvtSubscribeActionDeliver
} EVT_SUBSCRIBE_NOTIFY_ACTION;
typedef DWORD (WINAPI *EVT_SUBSCRIBE_CALLBACK)(
EVT_SUBSCRIBE_NOTIFY_ACTION Action,
PVOID UserContext,
EVT_HANDLE Event );
EVT_HANDLE WINAPI EvtSubscribe(
EVT_HANDLE Session,
HANDLE SignalEvent,
LPCWSTR ChannelPath,
LPCWSTR Query,
EVT_HANDLE Bookmark,
PVOID context,
EVT_SUBSCRIBE_CALLBACK Callback,
DWORD Flags
);
////////////////////////////////////////////////////////////////////////////////
//
// Rendering
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_SYSTEM_PROPERTY_ID
{
EvtSystemProviderName = 0, // EvtVarTypeString
EvtSystemProviderGuid, // EvtVarTypeGuid
EvtSystemEventID, // EvtVarTypeUInt16
EvtSystemQualifiers, // EvtVarTypeUInt16
EvtSystemLevel, // EvtVarTypeUInt8
EvtSystemTask, // EvtVarTypeUInt16
EvtSystemOpcode, // EvtVarTypeUInt8
EvtSystemKeywords, // EvtVarTypeHexInt64
EvtSystemTimeCreated, // EvtVarTypeFileTime
EvtSystemEventRecordId, // EvtVarTypeUInt64
EvtSystemActivityID, // EvtVarTypeGuid
EvtSystemRelatedActivityID, // EvtVarTypeGuid
EvtSystemProcessID, // EvtVarTypeUInt32
EvtSystemThreadID, // EvtVarTypeUInt32
EvtSystemChannel, // EvtVarTypeString
EvtSystemComputer, // EvtVarTypeString
EvtSystemUserID, // EvtVarTypeSid
EvtSystemVersion, // EvtVarTypeUInt8
EvtSystemPropertyIdEND
} EVT_SYSTEM_PROPERTY_ID;
typedef enum _EVT_RENDER_CONTEXT_FLAGS
{
EvtRenderContextValues = 0, // Render specific properties
EvtRenderContextSystem, // Render all system properties (System)
EvtRenderContextUser // Render all user properties (User/EventData)
} EVT_RENDER_CONTEXT_FLAGS;
typedef enum _EVT_RENDER_FLAGS
{
EvtRenderEventValues = 0, // Variants
EvtRenderEventXml, // XML
EvtRenderBookmark // Bookmark
} EVT_RENDER_FLAGS;
EVT_HANDLE WINAPI EvtCreateRenderContext(
DWORD ValuePathsCount,
LPCWSTR* ValuePaths,
DWORD Flags // EVT_RENDER_CONTEXT_FLAGS
);
BOOL WINAPI EvtRender(
EVT_HANDLE Context,
EVT_HANDLE Fragment,
DWORD Flags, // EVT_RENDER_FLAGS
DWORD BufferSize,
__out_bcount_part_opt(BufferSize, *BufferUsed) PVOID Buffer,
__out PDWORD BufferUsed,
__out PDWORD PropertyCount
);
typedef enum _EVT_FORMAT_MESSAGE_FLAGS
{
EvtFormatMessageEvent = 1,
EvtFormatMessageLevel,
EvtFormatMessageTask,
EvtFormatMessageOpcode,
EvtFormatMessageKeyword,
EvtFormatMessageChannel,
EvtFormatMessageProvider,
EvtFormatMessageId,
EvtFormatMessageXml,
} EVT_FORMAT_MESSAGE_FLAGS;
BOOL WINAPI EvtFormatMessage(
EVT_HANDLE PublisherMetadata, // Except for forwarded events
EVT_HANDLE Event,
DWORD MessageId,
DWORD ValueCount,
PEVT_VARIANT Values,
DWORD Flags,
DWORD BufferSize,
__out_ecount_part_opt(BufferSize, *BufferUsed) LPWSTR Buffer,
__out PDWORD BufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Log Maintenace and Information
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_OPEN_LOG_FLAGS
{
EvtOpenChannelPath = 0x1,
EvtOpenFilePath = 0x2
} EVT_OPEN_LOG_FLAGS;
typedef enum _EVT_LOG_PROPERTY_ID
{
EvtLogCreationTime = 0, // EvtVarTypeFileTime
EvtLogLastAccessTime, // EvtVarTypeFileTime
EvtLogLastWriteTime, // EvtVarTypeFileTime
EvtLogFileSize, // EvtVarTypeUInt64
EvtLogAttributes, // EvtVarTypeUInt32
EvtLogNumberOfLogRecords, // EvtVarTypeUInt64
EvtLogOldestRecordNumber, // EvtVarTypeUInt64
EvtLogFull, // EvtVarTypeBoolean
} EVT_LOG_PROPERTY_ID;
EVT_HANDLE WINAPI EvtOpenLog(
EVT_HANDLE Session,
LPCWSTR Path,
DWORD Flags
);
BOOL WINAPI EvtGetLogInfo(
EVT_HANDLE Log,
EVT_LOG_PROPERTY_ID PropertyId,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
BOOL WINAPI EvtClearLog(
EVT_HANDLE Session,
LPCWSTR ChannelPath,
LPCWSTR TargetFilePath,
DWORD Flags
);
typedef enum _EVT_EXPORTLOG_FLAGS
{
EvtExportLogChannelPath = 0x1,
EvtExportLogFilePath = 0x2,
EvtExportLogTolerateQueryErrors = 0x1000,
EvtExportLogOverwrite = 0x2000
} EVT_EXPORTLOG_FLAGS;
BOOL WINAPI EvtExportLog(
EVT_HANDLE Session,
LPCWSTR Path,
LPCWSTR Query,
LPCWSTR TargetFilePath,
DWORD Flags
);
BOOL WINAPI EvtArchiveExportedLog(
EVT_HANDLE Session,
LPCWSTR LogFilePath,
LCID Locale,
DWORD Flags
);
////////////////////////////////////////////////////////////////////////////////
//
// Channel Configuration
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_CHANNEL_CONFIG_PROPERTY_ID
{
EvtChannelConfigEnabled = 0, // EvtVarTypeBoolean
EvtChannelConfigIsolation, // EvtVarTypeUInt32, EVT_CHANNEL_ISOLATION_TYPE
EvtChannelConfigType, // EvtVarTypeUInt32, EVT_CHANNEL_TYPE
EvtChannelConfigOwningPublisher, // EvtVarTypeString
EvtChannelConfigClassicEventlog, // EvtVarTypeBoolean
EvtChannelConfigAccess, // EvtVarTypeString
EvtChannelLoggingConfigRetention, // EvtVarTypeBoolean
EvtChannelLoggingConfigAutoBackup, // EvtVarTypeBoolean
EvtChannelLoggingConfigMaxSize, // EvtVarTypeUInt64
EvtChannelLoggingConfigLogFilePath, // EvtVarTypeString
EvtChannelPublishingConfigLevel, // EvtVarTypeUInt32
EvtChannelPublishingConfigKeywords, // EvtVarTypeUInt64
EvtChannelPublishingConfigControlGuid, // EvtVarTypeGuid
EvtChannelPublishingConfigBufferSize, // EvtVarTypeUInt32
EvtChannelPublishingConfigMinBuffers, // EvtVarTypeUInt32
EvtChannelPublishingConfigMaxBuffers, // EvtVarTypeUInt32
EvtChannelPublishingConfigLatency, // EvtVarTypeUInt32
EvtChannelPublishingConfigClockType, // EvtVarTypeUInt32, EVT_CHANNEL_CLOCK_TYPE
EvtChannelPublishingConfigSidType, // EvtVarTypeUInt32, EVT_CHANNEL_SID_TYPE
EvtChannelPublisherList, // EvtVarTypeString | EVT_VARIANT_TYPE_ARRAY
EvtChannelPublishingConfigFileMax, // EvtVarTypeUint32
EvtChannelConfigPropertyIdEND
} EVT_CHANNEL_CONFIG_PROPERTY_ID;
typedef enum _EVT_CHANNEL_TYPE
{
EvtChannelTypeAdmin = 0,
EvtChannelTypeOperational,
EvtChannelTypeAnalytic,
EvtChannelTypeDebug
} EVT_CHANNEL_TYPE;
typedef enum _EVT_CHANNEL_ISOLATION_TYPE
{
EvtChannelIsolationTypeApplication = 0,
EvtChannelIsolationTypeSystem,
EvtChannelIsolationTypeCustom
} EVT_CHANNEL_ISOLATION_TYPE;
typedef enum _EVT_CHANNEL_CLOCK_TYPE
{
EvtChannelClockTypeSystemTime = 0, // System time
EvtChannelClockTypeQPC // Query performance counter
} EVT_CHANNEL_CLOCK_TYPE;
typedef enum _EVT_CHANNEL_SID_TYPE
{
EvtChannelSidTypeNone = 0,
EvtChannelSidTypePublishing
} EVT_CHANNEL_SID_TYPE;
EVT_HANDLE WINAPI EvtOpenChannelEnum(
EVT_HANDLE Session,
DWORD Flags
);
BOOL WINAPI EvtNextChannelPath(
EVT_HANDLE ChannelEnum,
DWORD ChannelPathBufferSize,
__out_ecount_part_opt(ChannelPathBufferSize, *ChannelPathBufferUsed)
LPWSTR ChannelPathBuffer,
__out PDWORD ChannelPathBufferUsed
);
EVT_HANDLE WINAPI EvtOpenChannelConfig(
EVT_HANDLE Session,
LPCWSTR ChannelPath,
DWORD Flags
);
BOOL WINAPI EvtSaveChannelConfig(
EVT_HANDLE ChannelConfig,
DWORD Flags
);
BOOL WINAPI EvtSetChannelConfigProperty(
EVT_HANDLE ChannelConfig,
EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId,
DWORD Flags,
PEVT_VARIANT PropertyValue
);
BOOL WINAPI EvtGetChannelConfigProperty(
EVT_HANDLE ChannelConfig,
EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId,
DWORD Flags,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Publisher Metadata
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_CHANNEL_REFERENCE_FLAGS
{
EvtChannelReferenceImported = 0x1,
} EVT_CHANNEL_REFERENCE_FLAGS;
typedef enum _EVT_PUBLISHER_METADATA_PROPERTY_ID
{
EvtPublisherMetadataPublisherGuid = 0, // EvtVarTypeGuid
EvtPublisherMetadataResourceFilePath, // EvtVarTypeString
EvtPublisherMetadataParameterFilePath, // EvtVarTypeString
EvtPublisherMetadataMessageFilePath, // EvtVarTypeString
EvtPublisherMetadataHelpLink, // EvtVarTypeString
EvtPublisherMetadataPublisherMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferences, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataChannelReferencePath, // EvtVarTypeString
EvtPublisherMetadataChannelReferenceIndex, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferenceID, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferenceFlags, // EvtVarTypeUInt32
EvtPublisherMetadataChannelReferenceMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataLevels, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataLevelName, // EvtVarTypeString
EvtPublisherMetadataLevelValue, // EvtVarTypeUInt32
EvtPublisherMetadataLevelMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataTasks, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataTaskName, // EvtVarTypeString
EvtPublisherMetadataTaskEventGuid, // EvtVarTypeGuid
EvtPublisherMetadataTaskValue, // EvtVarTypeUInt32
EvtPublisherMetadataTaskMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataOpcodes, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataOpcodeName, // EvtVarTypeString
EvtPublisherMetadataOpcodeValue, // EvtVarTypeUInt32
EvtPublisherMetadataOpcodeMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataKeywords, // EvtVarTypeEvtHandle, ObjectArray
EvtPublisherMetadataKeywordName, // EvtVarTypeString
EvtPublisherMetadataKeywordValue, // EvtVarTypeUInt64
EvtPublisherMetadataKeywordMessageID, // EvtVarTypeUInt32
EvtPublisherMetadataPropertyIdEND
} EVT_PUBLISHER_METADATA_PROPERTY_ID;
EVT_HANDLE WINAPI EvtOpenPublisherEnum(
EVT_HANDLE Session,
DWORD Flags
);
BOOL WINAPI EvtNextPublisherId(
EVT_HANDLE PublisherEnum,
DWORD PublisherIdBufferSize,
__out_ecount_part_opt(PublisherIdBufferSize, *PublisherIdBufferUsed)
LPWSTR PublisherIdBuffer,
__out PDWORD PublisherIdBufferUsed
);
EVT_HANDLE WINAPI EvtOpenPublisherMetadata(
EVT_HANDLE Session,
LPCWSTR PublisherId,
LPCWSTR LogFilePath,
LCID Locale,
DWORD Flags
);
BOOL WINAPI EvtGetPublisherMetadataProperty(
EVT_HANDLE PublisherMetadata,
EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId,
DWORD Flags,
DWORD PublisherMetadataPropertyBufferSize,
PEVT_VARIANT PublisherMetadataPropertyBuffer,
__out PDWORD PublisherMetadataPropertyBufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Event Metadata Configuratin
//
////////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_EVENT_METADATA_PROPERTY_ID
{
EventMetadataEventID, // EvtVarTypeUInt32
EventMetadataEventVersion, // EvtVarTypeUInt32
EventMetadataEventChannel, // EvtVarTypeUInt32
EventMetadataEventLevel, // EvtVarTypeUInt32
EventMetadataEventOpcode, // EvtVarTypeUInt32
EventMetadataEventTask, // EvtVarTypeUInt32
EventMetadataEventKeyword, // EvtVarTypeUInt64
EventMetadataEventMessageID,// EvtVarTypeUInt32
EventMetadataEventTemplate, // EvtVarTypeString
EvtEventMetadataPropertyIdEND
} EVT_EVENT_METADATA_PROPERTY_ID;
EVT_HANDLE WINAPI EvtOpenEventMetadataEnum(
EVT_HANDLE PublisherMetadata,
DWORD Flags
);
EVT_HANDLE WINAPI EvtNextEventMetadata(
EVT_HANDLE EventMetadataEnum,
DWORD Flags
);
BOOL WINAPI EvtGetEventMetadataProperty(
EVT_HANDLE EventMetadata,
EVT_EVENT_METADATA_PROPERTY_ID PropertyId,
DWORD Flags,
DWORD EventMetadataPropertyBufferSize,
PEVT_VARIANT EventMetadataPropertyBuffer,
__out PDWORD EventMetadataPropertyBufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Array Access
//
////////////////////////////////////////////////////////////////////////////////
typedef HANDLE EVT_OBJECT_ARRAY_PROPERTY_HANDLE;
BOOL WINAPI EvtGetObjectArraySize(
EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray,
__out PDWORD ObjectArraySize
);
BOOL WINAPI EvtGetObjectArrayProperty(
EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray,
DWORD PropertyId,
DWORD ArrayIndex,
DWORD Flags,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
/////////////////////////////////////////////////////////////////////////////
//
// Misc Event Consumer Functions
//
////////////////////////////////////////////////////////////////////////////
typedef enum _EVT_QUERY_PROPERTY_ID
{
//
// list of channels or logfiles indentified in the query. Variant will be
// array of EvtVarTypeString.
//
EvtQueryNames,
//
// Array of EvtVarTypeUInt32, indicating creation status ( Win32 error
// code ) for the list of names returned by the EvtQueryNames
// property.
//
EvtQueryStatuses,
EvtQueryPropertyIdEND
} EVT_QUERY_PROPERTY_ID;
typedef enum _EVT_EVENT_PROPERTY_ID
{
EvtEventQueryIDs = 0,
EvtEventPath,
EvtEventPropertyIdEND
} EVT_EVENT_PROPERTY_ID;
BOOL WINAPI EvtGetQueryInfo(
EVT_HANDLE QueryOrSubscription,
EVT_QUERY_PROPERTY_ID PropertyId,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
EVT_HANDLE WINAPI EvtCreateBookmark(
__in_opt LPCWSTR BookmarkXml
);
BOOL WINAPI EvtUpdateBookmark(
EVT_HANDLE Bookmark,
EVT_HANDLE Event
);
BOOL WINAPI EvtGetEventInfo(
EVT_HANDLE Event,
EVT_EVENT_PROPERTY_ID PropertyId,
DWORD PropertyValueBufferSize,
PEVT_VARIANT PropertyValueBuffer,
__out PDWORD PropertyValueBufferUsed
);
////////////////////////////////////////////////////////////////////////////////
//
// Access Control Permissions
//
////////////////////////////////////////////////////////////////////////////////
#define EVT_READ_ACCESS 0x1
#define EVT_WRITE_ACCESS 0x2
#define EVT_CLEAR_ACCESS 0x4
#define EVT_ALL_ACCESS 0x7
#endif // WINVER >= _WIN32_WINNT_LONGHORN
#ifdef __cplusplus
}
#endif
#endif // __WINEVT_H__
Reference in New Issue View Git Blame Copy Permalink