UMSKT
/
xpmgr
mirror of https://github.com/UMSKT/xpmgr.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
xpmgr/BuildTools/Include/Evntrace.h

1556 lines
48 KiB
C
Raw Blame History

/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
EvnTrace.h
Abstract:
Public headers for event tracing control applications,
consumers and providers
--*/
#ifndef _EVNTRACE_
#define _EVNTRACE_
#pragma once
#if defined(_WINNT_) || defined(WINNT)
#ifndef WMIAPI
#ifndef MIDL_PASS
#ifdef _WMI_SOURCE_
#define WMIAPI __stdcall
#else
#define WMIAPI DECLSPEC_IMPORT __stdcall
#endif // _WMI_SOURCE
#endif // MIDL_PASS
#endif // WMIAPI
#include <guiddef.h>
//
// EventTraceGuid is used to identify a event tracing session
//
DEFINE_GUID ( /* 68fdd900-4a3e-11d1-84f4-0000f80464e3 */
EventTraceGuid,
0x68fdd900,
0x4a3e,
0x11d1,
0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3
);
//
// SystemTraceControlGuid. Used to specify event tracing for kernel
//
DEFINE_GUID ( /* 9e814aad-3204-11d2-9a82-006008a86939 */
SystemTraceControlGuid,
0x9e814aad,
0x3204,
0x11d2,
0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39
);
//
// EventTraceConfigGuid. Used to report system configuration records
//
DEFINE_GUID ( /* 01853a65-418f-4f36-aefc-dc0f1d2fd235 */
EventTraceConfigGuid,
0x01853a65,
0x418f,
0x4f36,
0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35
);
//
// DefaultTraceSecurityGuid. Specifies the default event tracing security
//
DEFINE_GUID ( /* 0811c1af-7a07-4a06-82ed-869455cdf713 */
DefaultTraceSecurityGuid,
0x0811c1af,
0x7a07,
0x4a06,
0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13
);
#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
#define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
#define EVENT_LOGGER_NAMEW L"EventLog"
#define DIAG_LOGGER_NAMEW L"DiagLog"
#define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
#define GLOBAL_LOGGER_NAMEA "GlobalLogger"
#define EVENT_LOGGER_NAMEA "EventLog"
#define DIAG_LOGGER_NAMEA "DiagLog"
#define MAX_MOF_FIELDS 16 // Limit of USE_MOF_PTR fields
#ifndef _TRACEHANDLE_DEFINED
#define _TRACEHANDLE_DEFINED
typedef ULONG64 TRACEHANDLE, *PTRACEHANDLE;
#endif
//types for event data going to System Event Logger
#define SYSTEM_EVENT_TYPE 1
//
// predefined generic event types (0x00 to 0x09 reserved).
//
#define EVENT_TRACE_TYPE_INFO 0x00 // Info or point event
#define EVENT_TRACE_TYPE_START 0x01 // Start event
#define EVENT_TRACE_TYPE_END 0x02 // End event
#define EVENT_TRACE_TYPE_STOP 0x02 // Stop event (WinEvent compatible)
#define EVENT_TRACE_TYPE_DC_START 0x03 // Collection start marker
#define EVENT_TRACE_TYPE_DC_END 0x04 // Collection end marker
#define EVENT_TRACE_TYPE_EXTENSION 0x05 // Extension/continuation
#define EVENT_TRACE_TYPE_REPLY 0x06 // Reply event
#define EVENT_TRACE_TYPE_DEQUEUE 0x07 // De-queue event
#define EVENT_TRACE_TYPE_RESUME 0x07 // Resume event (WinEvent compatible)
#define EVENT_TRACE_TYPE_CHECKPOINT 0x08 // Generic checkpoint event
#define EVENT_TRACE_TYPE_SUSPEND 0x08 // Suspend event (WinEvent compatible)
#define EVENT_TRACE_TYPE_WINEVT_SEND 0x09 // Send Event (WinEvent compatible)
#define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0 // Receive Event (WinEvent compatible)
//
// Predefined Event Tracing Levels for Software/Debug Tracing
//
//
// Trace Level is UCHAR and passed in through the EnableLevel parameter
// in EnableTrace API. It is retrieved by the provider using the
// GetTraceEnableLevel macro.It should be interpreted as an integer value
// to mean everything at or below that level will be traced.
//
// Here are the possible Levels.
//
#define TRACE_LEVEL_NONE 0 // Tracing is not on
#define TRACE_LEVEL_CRITICAL 1 // Abnormal exit or termination
#define TRACE_LEVEL_FATAL 1 // Deprecated name for Abnormal exit or termination
#define TRACE_LEVEL_ERROR 2 // Severe errors that need logging
#define TRACE_LEVEL_WARNING 3 // Warnings such as allocation failure
#define TRACE_LEVEL_INFORMATION 4 // Includes non-error cases(e.g.,Entry-Exit)
#define TRACE_LEVEL_VERBOSE 5 // Detailed traces from intermediate steps
#define TRACE_LEVEL_RESERVED6 6
#define TRACE_LEVEL_RESERVED7 7
#define TRACE_LEVEL_RESERVED8 8
#define TRACE_LEVEL_RESERVED9 9
//
// Event types for Process & Threads
//
#define EVENT_TRACE_TYPE_LOAD 0x0A // Load image
//
// Event types for IO subsystem
//
#define EVENT_TRACE_TYPE_IO_READ 0x0A
#define EVENT_TRACE_TYPE_IO_WRITE 0x0B
#define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C
#define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D
#define EVENT_TRACE_TYPE_IO_FLUSH 0x0E
#define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F
//
// Event types for Memory subsystem
//
#define EVENT_TRACE_TYPE_MM_TF 0x0A // Transition fault
#define EVENT_TRACE_TYPE_MM_DZF 0x0B // Demand Zero fault
#define EVENT_TRACE_TYPE_MM_COW 0x0C // Copy on Write
#define EVENT_TRACE_TYPE_MM_GPF 0x0D // Guard Page fault
#define EVENT_TRACE_TYPE_MM_HPF 0x0E // Hard page fault
#define EVENT_TRACE_TYPE_MM_AV 0x0F // Access violation
//
// Event types for Network subsystem, all protocols
//
#define EVENT_TRACE_TYPE_SEND 0x0A // Send
#define EVENT_TRACE_TYPE_RECEIVE 0x0B // Receive
#define EVENT_TRACE_TYPE_CONNECT 0x0C // Connect
#define EVENT_TRACE_TYPE_DISCONNECT 0x0D // Disconnect
#define EVENT_TRACE_TYPE_RETRANSMIT 0x0E // ReTransmit
#define EVENT_TRACE_TYPE_ACCEPT 0x0F // Accept
#define EVENT_TRACE_TYPE_RECONNECT 0x10 // ReConnect
#define EVENT_TRACE_TYPE_CONNFAIL 0x11 // Fail
#define EVENT_TRACE_TYPE_COPY_TCP 0x12 // Copy in PendData
#define EVENT_TRACE_TYPE_COPY_ARP 0x13 // NDIS_STATUS_RESOURCES Copy
#define EVENT_TRACE_TYPE_ACKFULL 0x14 // A full data ACK
#define EVENT_TRACE_TYPE_ACKPART 0x15 // A Partial data ACK
#define EVENT_TRACE_TYPE_ACKDUP 0x16 // A Duplicate data ACK
//
// Event Types for the Header (to handle internal event headers)
//
#define EVENT_TRACE_TYPE_GUIDMAP 0x0A
#define EVENT_TRACE_TYPE_CONFIG 0x0B
#define EVENT_TRACE_TYPE_SIDINFO 0x0C
#define EVENT_TRACE_TYPE_SECURITY 0x0D
//
// Event Types for Registry subsystem
//
#define EVENT_TRACE_TYPE_REGCREATE 0x0A // NtCreateKey
#define EVENT_TRACE_TYPE_REGOPEN 0x0B // NtOpenKey
#define EVENT_TRACE_TYPE_REGDELETE 0x0C // NtDeleteKey
#define EVENT_TRACE_TYPE_REGQUERY 0x0D // NtQueryKey
#define EVENT_TRACE_TYPE_REGSETVALUE 0x0E // NtSetValueKey
#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F // NtDeleteValueKey
#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10 // NtQueryValueKey
#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11 // NtEnumerateKey
#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12 // NtEnumerateValueKey
#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13 // NtQueryMultipleValueKey
#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14 // NtSetInformationKey
#define EVENT_TRACE_TYPE_REGFLUSH 0x15 // NtFlushKey
#define EVENT_TRACE_TYPE_REGKCBCREATE 0x16 // KcbCreate
#define EVENT_TRACE_TYPE_REGKCBDELETE 0x17 // KcbDelete
#define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18 // KcbRundownBegin
#define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19 // KcbRundownEnd
#define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A // VirtualizeKey
#define EVENT_TRACE_TYPE_REGCLOSE 0x1B // NtClose (KeyObject)
#define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C // SetSecurityDescriptor (KeyObject)
#define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D // QuerySecurityDescriptor (KeyObject)
#define EVENT_TRACE_TYPE_REGCOMMIT 0x1E // CmKtmNotification (TRANSACTION_NOTIFY_COMMIT)
#define EVENT_TRACE_TYPE_REGPREPARE 0x1F // CmKtmNotification (TRANSACTION_NOTIFY_PREPARE)
#define EVENT_TRACE_TYPE_REGROLLBACK 0x20 // CmKtmNotification (TRANSACTION_NOTIFY_ROLLBACK)
#define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21 // NtLoadKey variations + system hives
//
// Event types for system configuration records
//
#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A // CPU Configuration
#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B // Physical Disk Configuration
#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C // Logical Disk Configuration
#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D // NIC Configuration
#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E // Video Adapter Configuration
#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F // Active Services
#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10 // ACPI Configuration
#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11 // Networking Configuration
#define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15 // IRQ assigned to devices
#define EVENT_TRACE_TYPE_CONFIG_PNP 0x16 // PnP device info
#define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17 // Primary/Secondary IDE channel Configuration
#define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19 // Platform Configuration
//
// Enable flags for Kernel Events
//
#define EVENT_TRACE_FLAG_PROCESS 0x00000001 // process start & end
#define EVENT_TRACE_FLAG_THREAD 0x00000002 // thread start & end
#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004 // image load
#define EVENT_TRACE_FLAG_DISK_IO 0x00000100 // physical disk IO
#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200 // requires disk IO
#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000 // all page faults
#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000 // hard faults only
#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000 // tcpip send & receive
#define EVENT_TRACE_FLAG_REGISTRY 0x00020000 // registry calls
#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000 // DbgPrint(ex) Calls
//
// Enable flags for Kernel Events on Vista and above
//
#define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008 // process perf counters
#define EVENT_TRACE_FLAG_CSWITCH 0x00000010 // context switches
#define EVENT_TRACE_FLAG_DPC 0x00000020 // deffered procedure calls
#define EVENT_TRACE_FLAG_INTERRUPT 0x00000040 // interrupts
#define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080 // system calls
#define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400 // physical disk IO initiation
#define EVENT_TRACE_FLAG_ALPC 0x00100000 // ALPC traces
#define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000 // split io traces (VolumeManager)
#define EVENT_TRACE_FLAG_DRIVER 0x00800000 // driver delays
#define EVENT_TRACE_FLAG_PROFILE 0x01000000 // sample based profiling
#define EVENT_TRACE_FLAG_FILE_IO 0x02000000 // file IO
#define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000 // file IO initiation
//
// Enable flags for Kernel Events on Win7 and above
//
#define EVENT_TRACE_FLAG_DISPATCHER 0x00000800 // scheduler (ReadyThread)
#define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000 // VM operations
//
// Pre-defined Enable flags for everybody else
//
#define EVENT_TRACE_FLAG_EXTENSION 0x80000000 // Indicates more flags
#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000 // Can forward to WMI
#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000 // Reserved
//
// Logger Mode flags
//
#define EVENT_TRACE_FILE_MODE_NONE 0x00000000 // Logfile is off
#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001 // Log sequentially
#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002 // Log in circular manner
#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004 // Append sequential log
#define EVENT_TRACE_REAL_TIME_MODE 0x00000100 // Real time mode on
#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200 // Delay opening file
#define EVENT_TRACE_BUFFERING_MODE 0x00000400 // Buffering mode only
#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800 // Process Private Logger
#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000 // Add a logfile header
#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000 // Use global sequence no.
#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000 // Use local sequence no.
#define EVENT_TRACE_RELOG_MODE 0x00010000 // Relogger
#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000 // Use pageable buffers
//
// Logger Mode flags on XP and above
//
#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008 // Auto-switch log file
#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020 // Pre-allocate mode
//
// Logger Mode flags on Vista and above
//
#define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040 // Session cannot be stopped (Autologger only)
#define EVENT_TRACE_SECURE_MODE 0x00000080 // Secure session
#define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000 // Use KBytes as file size unit
#define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000 // In process private logger
#define EVENT_TRACE_MODE_RESERVED 0x00100000 // Reserved bit, used to signal Heap/Critsec tracing
//
// Logger Mode flags on Win7 and above
//
#define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000 // Use this for low frequency sessions.
//
// ControlTrace Codes
//
#define EVENT_TRACE_CONTROL_QUERY 0
#define EVENT_TRACE_CONTROL_STOP 1
#define EVENT_TRACE_CONTROL_UPDATE 2
//
// Flush ControlTrace Codes for XP and above
//
#define EVENT_TRACE_CONTROL_FLUSH 3 // Flushes all the buffers
//
// Flags used by WMI Trace Message
// Note that the order or value of these flags should NOT be changed as they are processed
// in this order.
//
#define TRACE_MESSAGE_SEQUENCE 1 // Message should include a sequence number
#define TRACE_MESSAGE_GUID 2 // Message includes a GUID
#define TRACE_MESSAGE_COMPONENTID 4 // Message has no GUID, Component ID instead
#define TRACE_MESSAGE_TIMESTAMP 8 // Message includes a timestamp
#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16 // *Obsolete* Clock type is controlled by the logger
#define TRACE_MESSAGE_SYSTEMINFO 32 // Message includes system information TID,PID
//
// Vista flags set by system to indicate provider pointer size.
//
#define TRACE_MESSAGE_POINTER32 0x0040 // Message logged by 32 bit provider
#define TRACE_MESSAGE_POINTER64 0x0080 // Message logged by 64 bit provider
#define TRACE_MESSAGE_FLAG_MASK 0xFFFF // Only the lower 16 bits of flags are placed in the message
// those above 16 bits are reserved for local processing
#define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024 // the maximum size allowed for a single trace message
// longer messages will return ERROR_BUFFER_OVERFLOW
//
// Flags to indicate to consumer which fields
// in the EVENT_TRACE_HEADER are valid
//
#define EVENT_TRACE_USE_PROCTIME 0x0001 // ProcessorTime field is valid
#define EVENT_TRACE_USE_NOCPUTIME 0x0002 // No Kernel/User/Processor Times
//
// TRACE_HEADER_FLAG values are used in the Flags field of EVENT_TRACE_HEADER
// structure while calling into TraceEvent API
//
#define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
#define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000 // denotes a trace
#define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000 // request to log Wnode
#define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000 // Guid is actually a pointer
#define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000 // MOF data are dereferenced
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning (disable:4201) /* nonstandard extension used : nameless struct/union */
//
// Trace header for all legacy events.
//
typedef struct _EVENT_TRACE_HEADER { // overlays WNODE_HEADER
USHORT Size; // Size of entire record
union {
USHORT FieldTypeFlags; // Indicates valid fields
struct {
UCHAR HeaderType; // Header type - internal use only
UCHAR MarkerFlags; // Marker - internal use only
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
union {
ULONG Version;
struct {
UCHAR Type; // event type
UCHAR Level; // trace instrumentation level
USHORT Version; // version of trace record
} Class;
} DUMMYUNIONNAME2;
ULONG ThreadId; // Thread Id
ULONG ProcessId; // Process Id
LARGE_INTEGER TimeStamp; // time when event happens
union {
GUID Guid; // Guid that identifies event
ULONGLONG GuidPtr; // use with WNODE_FLAG_USE_GUID_PTR
} DUMMYUNIONNAME3;
union {
struct {
ULONG KernelTime; // Kernel Mode CPU ticks
ULONG UserTime; // User mode CPU ticks
} DUMMYSTRUCTNAME;
ULONG64 ProcessorTime; // Processor Clock
struct {
ULONG ClientContext; // Reserved
ULONG Flags; // Event Flags
} DUMMYSTRUCTNAME2;
} DUMMYUNIONNAME4;
} EVENT_TRACE_HEADER, *PEVENT_TRACE_HEADER;
//
// This header is used to trace and track transaction co-relations
//
typedef struct _EVENT_INSTANCE_HEADER {
USHORT Size;
union {
USHORT FieldTypeFlags; // Indicates valid fields
struct {
UCHAR HeaderType; // Header type - internal use only
UCHAR MarkerFlags; // Marker - internal use only
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
union {
ULONG Version;
struct {
UCHAR Type;
UCHAR Level;
USHORT Version;
} Class;
} DUMMYUNIONNAME2;
ULONG ThreadId;
ULONG ProcessId;
LARGE_INTEGER TimeStamp;
ULONGLONG RegHandle;
ULONG InstanceId;
ULONG ParentInstanceId;
union {
struct {
ULONG KernelTime; // Kernel Mode CPU ticks
ULONG UserTime; // User mode CPU ticks
} DUMMYSTRUCTNAME;
ULONG64 ProcessorTime; // Processor Clock
struct {
ULONG EventId; // Event ID
ULONG Flags; // Trace header Flags
} DUMMYSTRUCTNAME2;
} DUMMYUNIONNAME3;
ULONGLONG ParentRegHandle;
} EVENT_INSTANCE_HEADER, *PEVENT_INSTANCE_HEADER;
#if _MSC_VER >= 1200
#pragma warning(pop)
#endif
//
// Following are structures and macros for use with USE_MOF_PTR
//
// Trace data types
#define ETW_NULL_TYPE_VALUE 0
#define ETW_OBJECT_TYPE_VALUE 1
#define ETW_STRING_TYPE_VALUE 2
#define ETW_SBYTE_TYPE_VALUE 3
#define ETW_BYTE_TYPE_VALUE 4
#define ETW_INT16_TYPE_VALUE 5
#define ETW_UINT16_TYPE_VALUE 6
#define ETW_INT32_TYPE_VALUE 7
#define ETW_UINT32_TYPE_VALUE 8
#define ETW_INT64_TYPE_VALUE 9
#define ETW_UINT64_TYPE_VALUE 10
#define ETW_CHAR_TYPE_VALUE 11
#define ETW_SINGLE_TYPE_VALUE 12
#define ETW_DOUBLE_TYPE_VALUE 13
#define ETW_BOOLEAN_TYPE_VALUE 14
#define ETW_DECIMAL_TYPE_VALUE 15
// Extended types
#define ETW_GUID_TYPE_VALUE 101
#define ETW_ASCIICHAR_TYPE_VALUE 102
#define ETW_ASCIISTRING_TYPE_VALUE 103
#define ETW_COUNTED_STRING_TYPE_VALUE 104
#define ETW_POINTER_TYPE_VALUE 105
#define ETW_SIZET_TYPE_VALUE 106
#define ETW_HIDDEN_TYPE_VALUE 107
#define ETW_BOOL_TYPE_VALUE 108
#define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
#define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
#define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
#define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
#define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
#define ETW_REDUCED_STRING_TYPE_VALUE 114
#define ETW_SID_TYPE_VALUE 115
#define ETW_VARIANT_TYPE_VALUE 116
#define ETW_PTVECTOR_TYPE_VALUE 117
#define ETW_WMITIME_TYPE_VALUE 118
#define ETW_DATETIME_TYPE_VALUE 119
#define ETW_REFRENCE_TYPE_VALUE 120
#define DEFINE_TRACE_MOF_FIELD(MOF, ptr, length, type) \
(MOF)->DataPtr = (ULONG64)(ULONG_PTR) ptr; \
(MOF)->Length = (ULONG) length; \
(MOF)->DataType = (ULONG) type;
typedef struct _MOF_FIELD {
ULONG64 DataPtr; // Pointer to the field. Up to 64-bits only
ULONG Length; // Length of the MOF field
ULONG DataType; // Type of data
} MOF_FIELD, *PMOF_FIELD;
#if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_)
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning (disable:4201) /* nonstandard extension used : nameless struct/union */
//
// This is the header for every logfile. The memory for LoggerName
// and LogFileName must be contiguous adjacent to this structure
// Allows both user-mode and kernel-mode to understand the header.
//
// TRACE_LOGFILE_HEADER32 and TRACE_LOGFILE_HEADER64 structures
// are also provided to simplify cross platform decoding of the
// header event.
//
typedef struct _TRACE_LOGFILE_HEADER {
ULONG BufferSize; // Logger buffer size in Kbytes
union {
ULONG Version; // Logger version
struct {
UCHAR MajorVersion;
UCHAR MinorVersion;
UCHAR SubVersion;
UCHAR SubMinorVersion;
} VersionDetail;
} DUMMYUNIONNAME;
ULONG ProviderVersion; // defaults to NT version
ULONG NumberOfProcessors; // Number of Processors
LARGE_INTEGER EndTime; // Time when logger stops
ULONG TimerResolution; // assumes timer is constant!!!
ULONG MaximumFileSize; // Maximum in Mbytes
ULONG LogFileMode; // specify logfile mode
ULONG BuffersWritten; // used to file start of Circular File
union {
GUID LogInstanceGuid; // For RealTime Buffer Delivery
struct {
ULONG StartBuffers; // Count of buffers written at start.
ULONG PointerSize; // Size of pointer type in bits
ULONG EventsLost; // Events losts during log session
ULONG CpuSpeedInMHz; // Cpu Speed in MHz
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME2;
#if defined(_WMIKM_)
PWCHAR LoggerName;
PWCHAR LogFileName;
RTL_TIME_ZONE_INFORMATION TimeZone;
#else
LPWSTR LoggerName;
LPWSTR LogFileName;
TIME_ZONE_INFORMATION TimeZone;
#endif
LARGE_INTEGER BootTime;
LARGE_INTEGER PerfFreq; // Reserved
LARGE_INTEGER StartTime; // Reserved
ULONG ReservedFlags; // ClockType
ULONG BuffersLost;
} TRACE_LOGFILE_HEADER, *PTRACE_LOGFILE_HEADER;
typedef struct _TRACE_LOGFILE_HEADER32 {
ULONG BufferSize; // Logger buffer size in Kbytes
union {
ULONG Version; // Logger version
struct {
UCHAR MajorVersion;
UCHAR MinorVersion;
UCHAR SubVersion;
UCHAR SubMinorVersion;
} VersionDetail;
};
ULONG ProviderVersion; // defaults to NT version
ULONG NumberOfProcessors; // Number of Processors
LARGE_INTEGER EndTime; // Time when logger stops
ULONG TimerResolution; // assumes timer is constant!!!
ULONG MaximumFileSize; // Maximum in Mbytes
ULONG LogFileMode; // specify logfile mode
ULONG BuffersWritten; // used to file start of Circular File
union {
GUID LogInstanceGuid; // For RealTime Buffer Delivery
struct {
ULONG StartBuffers; // Count of buffers written at start.
ULONG PointerSize; // Size of pointer type in bits
ULONG EventsLost; // Events losts during log session
ULONG CpuSpeedInMHz; // Cpu Speed in MHz
};
};
#if defined(_WMIKM_)
ULONG32 LoggerName;
ULONG32 LogFileName;
RTL_TIME_ZONE_INFORMATION TimeZone;
#else
ULONG32 LoggerName;
ULONG32 LogFileName;
TIME_ZONE_INFORMATION TimeZone;
#endif
LARGE_INTEGER BootTime;
LARGE_INTEGER PerfFreq; // Reserved
LARGE_INTEGER StartTime; // Reserved
ULONG ReservedFlags; // ClockType
ULONG BuffersLost;
} TRACE_LOGFILE_HEADER32, *PTRACE_LOGFILE_HEADER32;
typedef struct _TRACE_LOGFILE_HEADER64 {
ULONG BufferSize; // Logger buffer size in Kbytes
union {
ULONG Version; // Logger version
struct {
UCHAR MajorVersion;
UCHAR MinorVersion;
UCHAR SubVersion;
UCHAR SubMinorVersion;
} VersionDetail;
};
ULONG ProviderVersion; // defaults to NT version
ULONG NumberOfProcessors; // Number of Processors
LARGE_INTEGER EndTime; // Time when logger stops
ULONG TimerResolution; // assumes timer is constant!!!
ULONG MaximumFileSize; // Maximum in Mbytes
ULONG LogFileMode; // specify logfile mode
ULONG BuffersWritten; // used to file start of Circular File
union {
GUID LogInstanceGuid; // For RealTime Buffer Delivery
struct {
ULONG StartBuffers; // Count of buffers written at start.
ULONG PointerSize; // Size of pointer type in bits
ULONG EventsLost; // Events losts during log session
ULONG CpuSpeedInMHz; // Cpu Speed in MHz
};
};
#if defined(_WMIKM_)
ULONG64 LoggerName;
ULONG64 LogFileName;
RTL_TIME_ZONE_INFORMATION TimeZone;
#else
ULONG64 LoggerName;
ULONG64 LogFileName;
TIME_ZONE_INFORMATION TimeZone;
#endif
LARGE_INTEGER BootTime;
LARGE_INTEGER PerfFreq; // Reserved
LARGE_INTEGER StartTime; // Reserved
ULONG ReservedFlags; // ClockType
ULONG BuffersLost;
} TRACE_LOGFILE_HEADER64, *PTRACE_LOGFILE_HEADER64;
#if _MSC_VER >= 1200
#pragma warning(pop)
#endif
#endif // !_NTDDK_ || _WMIKM_
//
// Instance Information to track parent child relationship of Instances.
//
typedef struct EVENT_INSTANCE_INFO {
HANDLE RegHandle;
ULONG InstanceId;
} EVENT_INSTANCE_INFO, *PEVENT_INSTANCE_INFO;
#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_)
//
// Structures that have UNICODE and ANSI versions are defined here
//
//
// Logger configuration and running statistics. This structure is used
// by user-mode callers, such as PDH library
//
typedef struct _EVENT_TRACE_PROPERTIES {
WNODE_HEADER Wnode;
//
// data provided by caller
ULONG BufferSize; // buffer size for logging (kbytes)
ULONG MinimumBuffers; // minimum to preallocate
ULONG MaximumBuffers; // maximum buffers allowed
ULONG MaximumFileSize; // maximum logfile size (in MBytes)
ULONG LogFileMode; // sequential, circular
ULONG FlushTimer; // buffer flush timer, in seconds
ULONG EnableFlags; // trace enable flags
LONG AgeLimit; // unused
// data returned to caller
ULONG NumberOfBuffers; // no of buffers in use
ULONG FreeBuffers; // no of buffers free
ULONG EventsLost; // event records lost
ULONG BuffersWritten; // no of buffers written to file
ULONG LogBuffersLost; // no of logfile write failures
ULONG RealTimeBuffersLost; // no of rt delivery failures
HANDLE LoggerThreadId; // thread id of Logger
ULONG LogFileNameOffset; // Offset to LogFileName
ULONG LoggerNameOffset; // Offset to LoggerName
} EVENT_TRACE_PROPERTIES, *PEVENT_TRACE_PROPERTIES;
//
// Data Provider structures
//
// Used by RegisterTraceGuids()
//
typedef struct _TRACE_GUID_REGISTRATION {
LPCGUID Guid; // Guid of data block being registered or updated.
HANDLE RegHandle; // Guid Registration Handle is returned.
} TRACE_GUID_REGISTRATION, *PTRACE_GUID_REGISTRATION;
//
// Data consumer structures
//
#endif // !_NTDDK_ || _WMIKM_
typedef struct _TRACE_GUID_PROPERTIES {
GUID Guid;
ULONG GuidType;
ULONG LoggerId;
ULONG EnableLevel;
ULONG EnableFlags;
BOOLEAN IsEnable;
} TRACE_GUID_PROPERTIES, *PTRACE_GUID_PROPERTIES;
typedef struct _ETW_BUFFER_CONTEXT {
UCHAR ProcessorNumber;
UCHAR Alignment;
USHORT LoggerId;
} ETW_BUFFER_CONTEXT, *PETW_BUFFER_CONTEXT;
//
// Provider Information Flags used on Vista and above.
//
#define TRACE_PROVIDER_FLAG_LEGACY (0x00000001)
#define TRACE_PROVIDER_FLAG_PRE_ENABLE (0x00000002)
//
// Enable Information for Provider Instance
// Used on Vista and above
//
typedef struct _TRACE_ENABLE_INFO {
ULONG IsEnabled;
UCHAR Level;
UCHAR Reserved1;
USHORT LoggerId;
ULONG EnableProperty;
ULONG Reserved2;
ULONGLONG MatchAnyKeyword;
ULONGLONG MatchAllKeyword;
} TRACE_ENABLE_INFO, *PTRACE_ENABLE_INFO;
//
// Instance Information for Provider
// Used on Vista and above
//
typedef struct _TRACE_PROVIDER_INSTANCE_INFO {
ULONG NextOffset;
ULONG EnableCount;
ULONG Pid;
ULONG Flags;
} TRACE_PROVIDER_INSTANCE_INFO, *PTRACE_PROVIDER_INSTANCE_INFO;
//
// GUID Information Used on Vista and above
//
typedef struct _TRACE_GUID_INFO {
ULONG InstanceCount;
ULONG Reserved;
} TRACE_GUID_INFO, *PTRACE_GUID_INFO;
//
// An EVENT_TRACE consists of a fixed header (EVENT_TRACE_HEADER) and
// optionally a variable portion pointed to by MofData. The datablock
// layout of the variable portion is unknown to the Logger and must
// be obtained from WBEM CIMOM database.
//
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning (disable:4201) /* nonstandard extension used : nameless struct/union */
typedef struct _EVENT_TRACE {
EVENT_TRACE_HEADER Header; // Event trace header
ULONG InstanceId; // Instance Id of this event
ULONG ParentInstanceId; // Parent Instance Id.
GUID ParentGuid; // Parent Guid;
PVOID MofData; // Pointer to Variable Data
ULONG MofLength; // Variable Datablock Length
union {
ULONG ClientContext;
ETW_BUFFER_CONTEXT BufferContext;
} DUMMYUNIONNAME;
} EVENT_TRACE, *PEVENT_TRACE;
#if _MSC_VER >= 1200
#pragma warning(pop)
#endif
#define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
#define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
#define EVENT_CONTROL_CODE_CAPTURE_STATE 2
#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_)
typedef struct _EVENT_RECORD
EVENT_RECORD, *PEVENT_RECORD;
typedef struct _EVENT_TRACE_LOGFILEW
EVENT_TRACE_LOGFILEW, *PEVENT_TRACE_LOGFILEW;
typedef struct _EVENT_TRACE_LOGFILEA
EVENT_TRACE_LOGFILEA, *PEVENT_TRACE_LOGFILEA;
typedef ULONG (WINAPI * PEVENT_TRACE_BUFFER_CALLBACKW)
(PEVENT_TRACE_LOGFILEW Logfile);
typedef ULONG (WINAPI * PEVENT_TRACE_BUFFER_CALLBACKA)
(PEVENT_TRACE_LOGFILEA Logfile);
typedef VOID (WINAPI *PEVENT_CALLBACK)( PEVENT_TRACE pEvent );
typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK) (PEVENT_RECORD EventRecord);
//
// Prototype for service request callback. Data providers register with WMI
// by passing a service request callback function that is called for all
// wmi requests.
typedef ULONG (
#ifndef MIDL_PASS
WINAPI
#endif
*WMIDPREQUEST)(
__in WMIDPREQUESTCODE RequestCode,
__in PVOID RequestContext,
__inout ULONG *BufferSize,
__inout PVOID Buffer
);
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning (disable:4201) /* nonstandard extension used : nameless struct/union */
struct _EVENT_TRACE_LOGFILEW {
LPWSTR LogFileName; // Logfile Name
LPWSTR LoggerName; // LoggerName
LONGLONG CurrentTime; // timestamp of last event
ULONG BuffersRead; // buffers read to date
union {
// Mode of the logfile
ULONG LogFileMode;
// Processing flags used on Vista and above
ULONG ProcessTraceMode;
} DUMMYUNIONNAME;
EVENT_TRACE CurrentEvent; // Current Event from this stream.
TRACE_LOGFILE_HEADER LogfileHeader; // logfile header structure
PEVENT_TRACE_BUFFER_CALLBACKW // callback before each buffer
BufferCallback; // is read
//
// following variables are filled for BufferCallback.
//
ULONG BufferSize;
ULONG Filled;
ULONG EventsLost;
//
// following needs to be propaged to each buffer
//
union {
// Callback with EVENT_TRACE
PEVENT_CALLBACK EventCallback;
// Callback with EVENT_RECORD on Vista and above
PEVENT_RECORD_CALLBACK EventRecordCallback;
} DUMMYUNIONNAME2;
ULONG IsKernelTrace; // TRUE for kernel logfile
PVOID Context; // reserved for internal use
};
struct _EVENT_TRACE_LOGFILEA {
LPSTR LogFileName; // Logfile Name
LPSTR LoggerName; // LoggerName
LONGLONG CurrentTime; // timestamp of last event
ULONG BuffersRead; // buffers read to date
union {
ULONG LogFileMode; // Mode of the logfile
ULONG ProcessTraceMode; // Processing flags
} DUMMYUNIONNAME;
EVENT_TRACE CurrentEvent; // Current Event from this stream
TRACE_LOGFILE_HEADER LogfileHeader; // logfile header structure
PEVENT_TRACE_BUFFER_CALLBACKA // callback before each buffer
BufferCallback; // is read
//
// following variables are filled for BufferCallback.
//
ULONG BufferSize;
ULONG Filled;
ULONG EventsLost;
//
// following needs to be propaged to each buffer
//
union {
PEVENT_CALLBACK EventCallback; // callback for every event
PEVENT_RECORD_CALLBACK EventRecordCallback;
} DUMMYUNIONNAME2;
ULONG IsKernelTrace; // TRUE for kernel logfile
PVOID Context; // reserved for internal use
};
#if _MSC_VER >= 1200
#pragma warning(pop)
#endif
//
// Define generic structures
//
#if defined(_UNICODE) || defined(UNICODE)
#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
#else
#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
#endif
#ifdef __cplusplus
extern "C" {
#endif
//
// Logger control APIs
//
//
// Use the routine below to start an event trace session
//
// ULONG
// StartTrace(
// __out PTRACEHANDLE TraceHandle,
// __in LPTSTR InstanceName,
// __inout PEVENT_TRACE_PROPERTIES Properties
// );
EXTERN_C
ULONG
WMIAPI
StartTraceW(
__out PTRACEHANDLE TraceHandle,
__in LPCWSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
EXTERN_C
ULONG
WMIAPI
StartTraceA(
__out PTRACEHANDLE TraceHandle,
__in LPCSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
//
// Use the routine below to stop an event trace session
//
//
// ULONG
// StopTrace(
// __in TRACEHANDLE TraceHandle,
// __in_opt LPTSTR InstanceName,
// __inout PEVENT_TRACE_PROPERTIES Properties
// );
EXTERN_C
ULONG
WMIAPI
StopTraceW(
__in TRACEHANDLE TraceHandle,
__in_opt LPCWSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
EXTERN_C
ULONG
WMIAPI
StopTraceA(
__in TRACEHANDLE TraceHandle,
__in_opt LPCSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
//
// Use the routine below to query the properties of an event trace session
//
// ULONG
// QueryTrace(
// __in TRACEHANDLE TraceHandle,
// __in_opt LPTSTR InstanceName,
// __inout PEVENT_TRACE_PROPERTIES Properties
// );
EXTERN_C
ULONG
WMIAPI
QueryTraceW(
__in TRACEHANDLE TraceHandle,
__in_opt LPCWSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
EXTERN_C
ULONG
WMIAPI
QueryTraceA(
__in TRACEHANDLE TraceHandle,
__in_opt LPCSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
//
// Use the routine below to update certain properties of an event trace session
//
// ULONG
// UpdateTrace(
// __in PTRACEHANDLE TraceHandle,
// __in_opt LPTSTR InstanceName,
// __inout PEVENT_TRACE_PROPERTIES Properties
// );
EXTERN_C
ULONG
WMIAPI
UpdateTraceW(
__in TRACEHANDLE TraceHandle,
__in_opt LPCWSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
EXTERN_C
ULONG
WMIAPI
UpdateTraceA(
__in TRACEHANDLE TraceHandle,
__in_opt LPCSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
//
// Use the routine below to request that all active buffers an event trace
// session be "flushed", or written out.
//
// ULONG
// FlushTrace(
// __in TRACEHANDLE TraceHandle,
// __in_opt LPTSTR InstanceName,
// __inout PEVENT_TRACE_PROPERTIES Properties
// );
#if (WINVER >= _WIN32_WINNT_WINXP)
EXTERN_C
ULONG
WMIAPI
FlushTraceW(
__in TRACEHANDLE TraceHandle,
__in_opt LPCWSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
#endif
#if (WINVER >= _WIN32_WINNT_WINXP)
EXTERN_C
ULONG
WMIAPI
FlushTraceA(
__in TRACEHANDLE TraceHandle,
__in_opt LPCSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties
);
#endif
//
// Generic trace control routine
//
EXTERN_C
ULONG
WMIAPI
ControlTraceW(
__in TRACEHANDLE TraceHandle,
__in_opt LPCWSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties,
__in ULONG ControlCode
);
EXTERN_C
ULONG
WMIAPI
ControlTraceA(
__in TRACEHANDLE TraceHandle,
__in_opt LPCSTR InstanceName,
__inout PEVENT_TRACE_PROPERTIES Properties,
__in ULONG ControlCode
);
//
// ULONG
// QueryAllTraces(
// __out_ecount(PropertyArrayCount) PEVENT_TRACE_PROPERTIES *PropertyArray,
// __in ULONG PropertyArrayCount,
// __out PULONG LoggerCount
// );
//
EXTERN_C
ULONG
WMIAPI
QueryAllTracesW(
__out_ecount(PropertyArrayCount) PEVENT_TRACE_PROPERTIES *PropertyArray,
__in ULONG PropertyArrayCount,
__out PULONG LoggerCount
);
EXTERN_C
ULONG
WMIAPI
QueryAllTracesA(
__out_ecount(PropertyArrayCount) PEVENT_TRACE_PROPERTIES *PropertyArray,
__in ULONG PropertyArrayCount,
__out PULONG LoggerCount
);
//
// Data Provider Enable APIs
//
EXTERN_C
ULONG
WMIAPI
EnableTrace(
__in ULONG Enable,
__in ULONG EnableFlag,
__in ULONG EnableLevel,
__in LPCGUID ControlGuid,
__in TRACEHANDLE TraceHandle
);
typedef struct _EVENT_FILTER_DESCRIPTOR
EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR;
#if (WINVER >= _WIN32_WINNT_VISTA)
EXTERN_C
ULONG
WMIAPI
EnableTraceEx(
__in LPCGUID ProviderId,
__in_opt LPCGUID SourceId,
__in TRACEHANDLE TraceHandle,
__in ULONG IsEnabled,
__in UCHAR Level,
__in ULONGLONG MatchAnyKeyword,
__in ULONGLONG MatchAllKeyword,
__in ULONG EnableProperty,
__in_opt PEVENT_FILTER_DESCRIPTOR EnableFilterDesc
);
#endif
#define ENABLE_TRACE_PARAMETERS_VERSION 1
typedef struct _ENABLE_TRACE_PARAMETERS {
ULONG Version;
ULONG EnableProperty;
ULONG ControlFlags;
GUID SourceId;
PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
} ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS;
#if (WINVER >= _WIN32_WINNT_WIN7)
EXTERN_C
ULONG
WMIAPI
EnableTraceEx2(
__in TRACEHANDLE TraceHandle,
__in LPCGUID ProviderId,
__in ULONG ControlCode,
__in UCHAR Level,
__in ULONGLONG MatchAnyKeyword,
__in ULONGLONG MatchAllKeyword,
__in ULONG Timeout,
__in_opt PENABLE_TRACE_PARAMETERS EnableParameters
);
#endif
typedef enum _TRACE_QUERY_INFO_CLASS {
TraceGuidQueryList,
TraceGuidQueryInfo,
TraceGuidQueryProcess,
TraceStackTracingInfo, // Win7
MaxTraceSetInfoClass
} TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS;
#if (WINVER >= _WIN32_WINNT_VISTA)
EXTERN_C
ULONG
WMIAPI
EnumerateTraceGuidsEx(
__in TRACE_QUERY_INFO_CLASS TraceQueryInfoClass,
__in_bcount_opt(InBufferSize) PVOID InBuffer,
__in ULONG InBufferSize,
__out_bcount_opt(OutBufferSize) PVOID OutBuffer,
__in ULONG OutBufferSize,
__out PULONG ReturnLength
);
#endif
typedef struct _CLASSIC_EVENT_ID {
GUID EventGuid;
UCHAR Type;
UCHAR Reserved[7];
} CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID;
#if (WINVER >= _WIN32_WINNT_WIN7)
EXTERN_C
ULONG
WMIAPI
TraceSetInformation(
__in TRACEHANDLE SessionHandle,
__in TRACE_INFO_CLASS InformationClass,
__in_bcount(InformationLength) PVOID TraceInformation,
__in ULONG InformationLength
);
#endif
//
// Data Provider APIs
//
EXTERN_C
ULONG
WMIAPI
CreateTraceInstanceId(
__in HANDLE RegHandle,
__inout PEVENT_INSTANCE_INFO InstInfo
);
//
// Use the routine below to generate and record an event trace
//
EXTERN_C
ULONG
WMIAPI
TraceEvent(
__in TRACEHANDLE TraceHandle,
__in PEVENT_TRACE_HEADER EventTrace
);
EXTERN_C
ULONG
WMIAPI
TraceEventInstance(
__in TRACEHANDLE TraceHandle,
__in PEVENT_INSTANCE_HEADER EventTrace,
__in PEVENT_INSTANCE_INFO InstInfo,
__in_opt PEVENT_INSTANCE_INFO ParentInstInfo
);
//
// Use the routine below to register a guid for tracing.
//
//
// ULONG
// RegisterTraceGuids(
// __in WMIDPREQUEST RequestAddress,
// __in_opt PVOID RequestContext,
// __in LPCGUID ControlGuid,
// __in ULONG GuidCount,
// __in_ecount_opt(GuidCount) PTRACE_GUID_REGISTRATION TraceGuidReg,
// __in_opt LPCTSTR MofImagePath,
// __in_opt LPCTSTR MofResourceName,
// __out PTRACEHANDLE RegistrationHandle
// );
//
EXTERN_C
ULONG
WMIAPI
RegisterTraceGuidsW(
__in WMIDPREQUEST RequestAddress,
__in_opt PVOID RequestContext,
__in LPCGUID ControlGuid,
__in ULONG GuidCount,
__in_ecount_opt(GuidCount) PTRACE_GUID_REGISTRATION TraceGuidReg,
__in_opt LPCWSTR MofImagePath,
__in_opt LPCWSTR MofResourceName,
__out PTRACEHANDLE RegistrationHandle
);
EXTERN_C
ULONG
WMIAPI
RegisterTraceGuidsA(
__in WMIDPREQUEST RequestAddress,
__in_opt PVOID RequestContext,
__in LPCGUID ControlGuid,
__in ULONG GuidCount,
__in_ecount_opt(GuidCount) PTRACE_GUID_REGISTRATION TraceGuidReg,
__in_opt LPCSTR MofImagePath,
__in_opt LPCSTR MofResourceName,
__out PTRACEHANDLE RegistrationHandle
);
#if (WINVER >= _WIN32_WINNT_WINXP)
EXTERN_C
ULONG
WMIAPI
EnumerateTraceGuids(
__inout_ecount(PropertyArrayCount) PTRACE_GUID_PROPERTIES *GuidPropertiesArray,
__in ULONG PropertyArrayCount,
__out PULONG GuidCount
);
#endif
EXTERN_C
ULONG
WMIAPI
UnregisterTraceGuids(
__in TRACEHANDLE RegistrationHandle
);
EXTERN_C
TRACEHANDLE
WMIAPI
GetTraceLoggerHandle(
__in PVOID Buffer
);
EXTERN_C
UCHAR
WMIAPI
GetTraceEnableLevel(
__in TRACEHANDLE TraceHandle
);
EXTERN_C
ULONG
WMIAPI
GetTraceEnableFlags(
__in TRACEHANDLE TraceHandle
);
//
// Data Consumer APIs and structures start here
//
//
// TRACEHANDLE
// OpenTrace(
// __inout PEVENT_TRACE_LOGFILE Logfile
// );
//
EXTERN_C
TRACEHANDLE
WMIAPI
OpenTraceA(
__inout PEVENT_TRACE_LOGFILEA Logfile
);
EXTERN_C
TRACEHANDLE
WMIAPI
OpenTraceW(
__inout PEVENT_TRACE_LOGFILEW Logfile
);
EXTERN_C
ULONG
WMIAPI
ProcessTrace(
__in_ecount(HandleCount) PTRACEHANDLE HandleArray,
__in ULONG HandleCount,
__in_opt LPFILETIME StartTime,
__in_opt LPFILETIME EndTime
);
EXTERN_C
ULONG
WMIAPI
CloseTrace(
__in TRACEHANDLE TraceHandle
);
EXTERN_C
ULONG
WMIAPI
SetTraceCallback(
__in LPCGUID pGuid,
__in PEVENT_CALLBACK EventCallback
);
EXTERN_C
ULONG
WMIAPI
RemoveTraceCallback (
__in LPCGUID pGuid
);
//
// The routines for tracing Messages follow
//
EXTERN_C
ULONG
__cdecl
TraceMessage(
__in TRACEHANDLE LoggerHandle,
__in ULONG MessageFlags,
__in LPCGUID MessageGuid,
__in USHORT MessageNumber,
...
);
EXTERN_C
ULONG
TraceMessageVa(
__in TRACEHANDLE LoggerHandle,
__in ULONG MessageFlags,
__in LPCGUID MessageGuid,
__in USHORT MessageNumber,
__in va_list MessageArgList
);
#ifdef __cplusplus
} // extern "C"
#endif
#define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE)
//
//
// Define the encoding independent routines
//
#if defined(UNICODE) || defined(_UNICODE)
#define RegisterTraceGuids RegisterTraceGuidsW
#define StartTrace StartTraceW
#define ControlTrace ControlTraceW
#if defined(__TRACE_W2K_COMPATIBLE)
#define StopTrace(a,b,c) ControlTraceW((a),(b),(c), \
EVENT_TRACE_CONTROL_STOP)
#define QueryTrace(a,b,c) ControlTraceW((a),(b),(c), \
EVENT_TRACE_CONTROL_QUERY)
#define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c), \
EVENT_TRACE_CONTROL_UPDATE)
#else
#define StopTrace StopTraceW
#define QueryTrace QueryTraceW
#define UpdateTrace UpdateTraceW
#endif
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define FlushTrace FlushTraceW
#endif // NTDDI_VERSION >= NTDDI_WINXP
#define QueryAllTraces QueryAllTracesW
#define OpenTrace OpenTraceW
#else
#define RegisterTraceGuids RegisterTraceGuidsA
#define StartTrace StartTraceA
#define ControlTrace ControlTraceA
#if defined(__TRACE_W2K_COMPATIBLE)
#define StopTrace(a,b,c) ControlTraceA((a),(b),(c), \
EVENT_TRACE_CONTROL_STOP)
#define QueryTrace(a,b,c) ControlTraceA((a),(b),(c), \
EVENT_TRACE_CONTROL_QUERY)
#define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c), \
EVENT_TRACE_CONTROL_UPDATE)
#else
#define StopTrace StopTraceA
#define QueryTrace QueryTraceA
#define UpdateTrace UpdateTraceA
#endif
#if (NTDDI_VERSION >= NTDDI_WINXP)
#define FlushTrace FlushTraceA
#endif // NTDDI_VERSION >= NTDDI_WINXP
#define QueryAllTraces QueryAllTracesA
#define OpenTrace OpenTraceA
#endif // UNICODE
#endif /* _WMIKM_ && _NTDDK_ */
#endif // WINNT
#endif /* _EVNTRACE_ */
Reference in New Issue View Git Blame Copy Permalink