2010-07-06 Ozkan Sezer <sezeroz@gmail.com> * evntcons.h: New. Merge from experimental/vista_7_headers. * evntprov.h: New. Merge from experimental/vista_7_headers. * evntrace.h: Merge from experimental/vista_7_headers. git-svn-id: svn+ssh://svn.code.sf.net/p/mingw-w64/code/trunk@2817 4407c894-4637-0410-b4f5-ada5f102cad1
diff --git a/mingw-w64-headers/include/ChangeLog b/mingw-w64-headers/include/ChangeLog index cd995b6..35b5212 100644 --- a/mingw-w64-headers/include/ChangeLog +++ b/mingw-w64-headers/include/ChangeLog
@@ -1,3 +1,9 @@ +2010-07-06 Ozkan Sezer <sezeroz@gmail.com> + + * evntcons.h: New. Merge from experimental/vista_7_headers. + * evntprov.h: New. Merge from experimental/vista_7_headers. + * evntrace.h: Merge from experimental/vista_7_headers. + 2010-07-08 Ozkan Sezer <sezeroz@gmail.com> Merge some obvious parts from experimental/vista_7_headers:
diff --git a/mingw-w64-headers/include/evntcons.h b/mingw-w64-headers/include/evntcons.h new file mode 100644 index 0000000..3f1a2c6 --- /dev/null +++ b/mingw-w64-headers/include/evntcons.h
@@ -0,0 +1,135 @@ +/** + * This file has no copyright assigned and is placed in the Public Domain. + * This file is part of the w64 mingw-runtime package. + * No warranty is given; refer to the file DISCLAIMER.PD within this package. + */ +#ifndef _EVNTCONS_H_ +#define _EVNTCONS_H_ + +#include <wmistr.h> +#include <evntrace.h> +#include <evntprov.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef enum EVENTSECURITYOPERATION { + EventSecuritySetDACL, + EventSecuritySetSACL, + EventSecurityAddDACL, + EventSecurityAddSACL, + EventSecurityMax +} EVENTSECURITYOPERATION; + +typedef struct _EVENT_EXTENDED_ITEM_INSTANCE { + ULONG InstanceId; + ULONG ParentInstanceId; + GUID ParentGuid; +} EVENT_EXTENDED_ITEM_INSTANCE, *PEVENT_EXTENDED_ITEM_INSTANCE; + +typedef struct _EVENT_EXTENDED_ITEM_TS_ID { + ULONG SessionId; +} EVENT_EXTENDED_ITEM_TS_ID, *PEVENT_EXTENDED_ITEM_TS_ID; + +typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID { + GUID RelatedActivityId; +} EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID, *PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID; + +typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM { + USHORT Reserved1; + USHORT ExtType; + __MINGW_EXTENSION struct { + USHORT Linkage : 1; + USHORT Reserved2 :15; + } DUMMYSTRUCTNAME; + USHORT DataSize; + ULONGLONG DataPtr; +} EVENT_HEADER_EXTENDED_DATA_ITEM, *PEVENT_HEADER_EXTENDED_DATA_ITEM; + +typedef struct _EVENT_HEADER { + USHORT Size; + USHORT HeaderType; + USHORT Flags; + USHORT EventProperty; + ULONG ThreadId; + ULONG ProcessId; + LARGE_INTEGER TimeStamp; + GUID ProviderId; + EVENT_DESCRIPTOR EventDescriptor; + __MINGW_EXTENSION union { + __MINGW_EXTENSION struct { + ULONG KernelTime; + ULONG UserTime; + } DUMMYSTRUCTNAME; + ULONG64 ProcessorTime; + } DUMMYUNIONNAME; + GUID ActivityId; +} EVENT_HEADER, *PEVENT_HEADER; + +/* FIXME: + * Need EVENT_HEADER_PROPERTY_* and EVENT_HEADER_FLAG_* macros: + * http://msdn.microsoft.com/en-us/library/aa363759(VS.85).aspx + * Need the EVENT_HEADER_EXT_TYPE_* macros: + * http://msdn.microsoft.com/en-us/library/aa363759(VS.85).aspx + */ + +struct _EVENT_RECORD { + EVENT_HEADER EventHeader; + ETW_BUFFER_CONTEXT BufferContext; + USHORT ExtendedDataCount; + USHORT UserDataLength; + PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData; + PVOID UserData; + PVOID UserContext; +}; +#ifndef DEFINED_PEVENT_RECORD +typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD; +#define DEFINED_PEVENT_RECORD 1 +#endif /* for evntrace.h */ + +#if (_WIN32_WINNT >= 0x0601) +typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 { + ULONG64 MatchId; + ULONG Address[ANYSIZE_ARRAY]; +} EVENT_EXTENDED_ITEM_STACK_TRACE32, *PEVENT_EXTENDED_ITEM_STACK_TRACE32; + +typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 { + ULONG64 MatchId; + ULONG64 Address[ANYSIZE_ARRAY]; +} EVENT_EXTENDED_ITEM_STACK_TRACE64, *PEVENT_EXTENDED_ITEM_STACK_TRACE64; +#endif /*(_WIN32_WINNT >= 0x0601)*/ + +/* FIXME: + * Need EVENT_ENABLE_PROPERTY_* macros: + * http://msdn.microsoft.com/en-us/library/dd392306(VS.85).aspx + * Need PROCESS_TRACE_MODE_* macros: + * http://msdn.microsoft.com/en-us/library/aa363780(VS.85).aspx + */ + +#if (_WIN32_WINNT >= 0x0600) +ULONG EVNTAPI EventAccessControl( + LPGUID Guid, + ULONG Operation, + PSID Sid, + ULONG Rights, + BOOLEAN AllowOrDeny +); + +ULONG EVNTAPI EventAccessQuery( + LPGUID Guid, + PSECURITY_DESCRIPTOR Buffer, + PULONG BufferSize +); + +ULONG EVNTAPI EventAccessRemove( + LPGUID Guid +); +#endif /*(_WIN32_WINNT >= 0x0600)*/ + +#ifdef __cplusplus +} +#endif + +#endif /* _EVNTCONS_H_ */ +
diff --git a/mingw-w64-headers/include/evntprov.h b/mingw-w64-headers/include/evntprov.h new file mode 100644 index 0000000..a80a48c --- /dev/null +++ b/mingw-w64-headers/include/evntprov.h
@@ -0,0 +1,362 @@ +/* + * evntprov.h + * + * This file is part of the ReactOS PSDK package. + * + * Contributors: + * Created by Amine Khaldi. + * + * THIS SOFTWARE IS NOT COPYRIGHTED + * + * This source code is offered for use in the public domain. You may + * use, modify or distribute it freely. + * + * This code is distributed in the hope that it will be useful but + * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY + * DISCLAIMED. This includes but is not limited to warranties of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + */ + +#ifndef _EVNTPROV_H_ +#define _EVNTPROV_H_ + +#ifndef EVNTAPI +#ifndef MIDL_PASS +#ifdef _EVNT_SOURCE_ +#define EVNTAPI __stdcall +#else +#define EVNTAPI DECLSPEC_IMPORT __stdcall +#endif /* _EVNT_SOURCE_ */ +#endif /* MIDL_PASS */ +#endif /* EVNTAPI */ + +#ifndef FORCEINLINE +#ifdef __GNUC__ +#define FORCEINLINE __attribute((always_inline)) +#endif /*__GNUC__*/ +#endif /*FORCEINLINE*/ + +#ifdef __cplusplus +extern "C" { +#endif + +#include <guiddef.h> + +#define EVENT_MIN_LEVEL 0 +#define EVENT_MAX_LEVEL 0xff + +#define EVENT_ACTIVITY_CTRL_GET_ID 1 +#define EVENT_ACTIVITY_CTRL_SET_ID 2 +#define EVENT_ACTIVITY_CTRL_CREATE_ID 3 +#define EVENT_ACTIVITY_CTRL_GET_SET_ID 4 +#define EVENT_ACTIVITY_CTRL_CREATE_SET_ID 5 + +typedef ULONGLONG REGHANDLE, *PREGHANDLE; + +#define MAX_EVENT_DATA_DESCRIPTORS 128 +#define MAX_EVENT_FILTER_DATA_SIZE 1024 + +#define EVENT_FILTER_TYPE_SCHEMATIZED 0x80000000 + +typedef struct _EVENT_DESCRIPTOR { + USHORT Id; + UCHAR Version; + UCHAR Channel; + UCHAR Level; + UCHAR Opcode; + USHORT Task; + ULONGLONG Keyword; +} EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR; +typedef const EVENT_DESCRIPTOR *PCEVENT_DESCRIPTOR; + +typedef struct _EVENT_DATA_DESCRIPTOR { + ULONGLONG Ptr; + ULONG Size; + ULONG Reserved; +} EVENT_DATA_DESCRIPTOR, *PEVENT_DATA_DESCRIPTOR; + +struct _EVENT_FILTER_DESCRIPTOR { + ULONGLONG Ptr; + ULONG Size; + ULONG Type; +}; +#ifndef DEFINED_PEVENT_FILTER_DESC +typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR; +#define DEFINED_PEVENT_FILTER_DESC 1 +#endif /* for evntrace.h */ + +typedef struct _EVENT_FILTER_HEADER { + USHORT Id; + UCHAR Version; + UCHAR Reserved[5]; + ULONGLONG InstanceId; + ULONG Size; + ULONG NextOffset; +} EVENT_FILTER_HEADER, *PEVENT_FILTER_HEADER; + + +#ifndef _ETW_KM_ /* for wdm.h */ + +typedef VOID +(NTAPI *PENABLECALLBACK)( + LPCGUID SourceId, + ULONG IsEnabled, + UCHAR Level, + ULONGLONG MatchAnyKeyword, + ULONGLONG MatchAllKeyword, + PEVENT_FILTER_DESCRIPTOR FilterData, + PVOID CallbackContext); + +#if (_WIN32_WINNT >= 0x0600) +ULONG EVNTAPI EventRegister( + LPCGUID ProviderId, + PENABLECALLBACK EnableCallback, + PVOID CallbackContext, + PREGHANDLE RegHandle +); + +ULONG EVNTAPI EventUnregister( + REGHANDLE RegHandle +); + +BOOLEAN EVNTAPI EventEnabled( + REGHANDLE RegHandle, + PCEVENT_DESCRIPTOR EventDescriptor +); + +BOOLEAN EVNTAPI EventProviderEnabled( + REGHANDLE RegHandle, + UCHAR Level, + ULONGLONG Keyword +); + +ULONG EVNTAPI EventWrite( + REGHANDLE RegHandle, + PCEVENT_DESCRIPTOR EventDescriptor, + ULONG UserDataCount, + PEVENT_DATA_DESCRIPTOR UserData +); + +ULONG EVNTAPI EventWriteTransfer( + REGHANDLE RegHandle, + PCEVENT_DESCRIPTOR EventDescriptor, + LPCGUID ActivityId, + LPCGUID RelatedActivityId, + ULONG UserDataCount, + PEVENT_DATA_DESCRIPTOR UserData +); + +ULONG EVNTAPI EventWriteString( + REGHANDLE RegHandle, + UCHAR Level, + ULONGLONG Keyword, + PCWSTR String +); + +ULONG EVNTAPI EventActivityIdControl( + ULONG ControlCode, + LPGUID ActivityId +); + +#endif /*(_WIN32_WINNT >= 0x0600)*/ + +#if (_WIN32_WINNT >= 0x0601) +ULONG EVNTAPI EventWriteEx( + REGHANDLE RegHandle, + PCEVENT_DESCRIPTOR EventDescriptor, + ULONG64 Filter, + ULONG Flags, + LPCGUID ActivityId, + LPCGUID RelatedActivityId, + ULONG UserDataCount, + PEVENT_DATA_DESCRIPTOR UserData +); +#endif /*(_WIN32_WINNT >= 0x0601)*/ + +#endif /* _ETW_KM_ */ + +FORCEINLINE +VOID +EventDataDescCreate( + PEVENT_DATA_DESCRIPTOR EventDataDescriptor, + const VOID* DataPtr, + ULONG DataSize) +{ + EventDataDescriptor->Ptr = (ULONGLONG)(ULONG_PTR)DataPtr; + EventDataDescriptor->Size = DataSize; + EventDataDescriptor->Reserved = 0; +} + +FORCEINLINE +VOID +EventDescCreate( + PEVENT_DESCRIPTOR EventDescriptor, + USHORT Id, + UCHAR Version, + UCHAR Channel, + UCHAR Level, + USHORT Task, + UCHAR Opcode, + ULONGLONG Keyword) +{ + EventDescriptor->Id = Id; + EventDescriptor->Version = Version; + EventDescriptor->Channel = Channel; + EventDescriptor->Level = Level; + EventDescriptor->Task = Task; + EventDescriptor->Opcode = Opcode; + EventDescriptor->Keyword = Keyword; +} + +FORCEINLINE +VOID +EventDescZero( + PEVENT_DESCRIPTOR EventDescriptor) +{ + memset(EventDescriptor, 0, sizeof(EVENT_DESCRIPTOR)); +} + +FORCEINLINE +USHORT +EventDescGetId( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Id); +} + +FORCEINLINE +UCHAR +EventDescGetVersion( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Version); +} + +FORCEINLINE +USHORT +EventDescGetTask( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Task); +} + +FORCEINLINE +UCHAR +EventDescGetOpcode( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Opcode); +} + +FORCEINLINE +UCHAR +EventDescGetChannel( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Channel); +} + +FORCEINLINE +UCHAR +EventDescGetLevel( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Level); +} + +FORCEINLINE +ULONGLONG +EventDescGetKeyword( + PCEVENT_DESCRIPTOR EventDescriptor) +{ + return (EventDescriptor->Keyword); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetId( + PEVENT_DESCRIPTOR EventDescriptor, + USHORT Id) +{ + EventDescriptor->Id = Id; + return (EventDescriptor); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetVersion( + PEVENT_DESCRIPTOR EventDescriptor, + UCHAR Version) +{ + EventDescriptor->Version = Version; + return (EventDescriptor); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetTask( + PEVENT_DESCRIPTOR EventDescriptor, + USHORT Task) +{ + EventDescriptor->Task = Task; + return (EventDescriptor); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetOpcode( + PEVENT_DESCRIPTOR EventDescriptor, + UCHAR Opcode) +{ + EventDescriptor->Opcode = Opcode; + return (EventDescriptor); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetLevel( + PEVENT_DESCRIPTOR EventDescriptor, + UCHAR Level) +{ + EventDescriptor->Level = Level; + return (EventDescriptor); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetChannel( + PEVENT_DESCRIPTOR EventDescriptor, + UCHAR Channel) +{ + EventDescriptor->Channel = Channel; + return (EventDescriptor); +} + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescSetKeyword( + PEVENT_DESCRIPTOR EventDescriptor, + ULONGLONG Keyword) +{ + EventDescriptor->Keyword = Keyword; + return (EventDescriptor); +} + + +FORCEINLINE +PEVENT_DESCRIPTOR +EventDescOrKeyword( + PEVENT_DESCRIPTOR EventDescriptor, + ULONGLONG Keyword) +{ + EventDescriptor->Keyword |= Keyword; + return (EventDescriptor); +} + +#ifdef __cplusplus +} +#endif + +#endif /* _EVNTPROV_H_ */ +
diff --git a/mingw-w64-headers/include/evntrace.h b/mingw-w64-headers/include/evntrace.h index 0943536..4a7f467 100644 --- a/mingw-w64-headers/include/evntrace.h +++ b/mingw-w64-headers/include/evntrace.h
@@ -7,9 +7,16 @@ #define _EVNTRACE_ #if defined(_WINNT_) || defined(WINNT) + #ifndef WMIAPI -#define WMIAPI DECLSPEC_IMPORT WINAPI +#ifndef MIDL_PASS +#ifdef _WMI_SOURCE_ +#define WMIAPI __stdcall +#else +#define WMIAPI DECLSPEC_IMPORT __stdcall #endif +#endif /* MIDL_PASS */ +#endif /* WMIAPI */ #include <guiddef.h> @@ -18,149 +25,264 @@ DEFINE_GUID (EventTraceConfigGuid,0x01853a65,0x418f,0x4f36,0xae,0xfc,0xdc,0x0f,0x1d,0x2f,0xd2,0x35); DEFINE_GUID (DefaultTraceSecurityGuid,0x0811c1af,0x7a07,0x4a06,0x82,0xed,0x86,0x94,0x55,0xcd,0xf7,0x13); -#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger" -#define GLOBAL_LOGGER_NAMEW L"GlobalLogger" -#define EVENT_LOGGER_NAMEW L"Event Log" +#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger" +#define GLOBAL_LOGGER_NAMEW L"GlobalLogger" +#define EVENT_LOGGER_NAMEW L"Event Log" +#define DIAG_LOGGER_NAMEW L"DiagLog" -#define KERNEL_LOGGER_NAMEA "NT Kernel Logger" -#define GLOBAL_LOGGER_NAMEA "GlobalLogger" -#define EVENT_LOGGER_NAMEA "Event Log" +#define KERNEL_LOGGER_NAMEA "NT Kernel Logger" +#define GLOBAL_LOGGER_NAMEA "GlobalLogger" +#define EVENT_LOGGER_NAMEA "Event Log" +#define DIAG_LOGGER_NAMEA "DiagLog" -#define MAX_MOF_FIELDS 16 +#define MAX_MOF_FIELDS 16 + +#ifndef _TRACEHANDLE_DEFINED +#define _TRACEHANDLE_DEFINED typedef ULONG64 TRACEHANDLE,*PTRACEHANDLE; +#endif -#define EVENT_TRACE_TYPE_INFO 0x00 -#define EVENT_TRACE_TYPE_START 0x01 -#define EVENT_TRACE_TYPE_END 0x02 -#define EVENT_TRACE_TYPE_DC_START 0x03 -#define EVENT_TRACE_TYPE_DC_END 0x04 -#define EVENT_TRACE_TYPE_EXTENSION 0x05 -#define EVENT_TRACE_TYPE_REPLY 0x06 -#define EVENT_TRACE_TYPE_DEQUEUE 0x07 -#define EVENT_TRACE_TYPE_CHECKPOINT 0x08 -#define EVENT_TRACE_TYPE_RESERVED9 0x09 +#define SYSTEM_EVENT_TYPE 1 -#define TRACE_LEVEL_NONE 0 -#define TRACE_LEVEL_FATAL 1 -#define TRACE_LEVEL_ERROR 2 -#define TRACE_LEVEL_WARNING 3 -#define TRACE_LEVEL_INFORMATION 4 -#define TRACE_LEVEL_VERBOSE 5 -#define TRACE_LEVEL_RESERVED6 6 -#define TRACE_LEVEL_RESERVED7 7 -#define TRACE_LEVEL_RESERVED8 8 -#define TRACE_LEVEL_RESERVED9 9 +#define EVENT_TRACE_TYPE_INFO 0x00 +#define EVENT_TRACE_TYPE_START 0x01 +#define EVENT_TRACE_TYPE_END 0x02 +#define EVENT_TRACE_TYPE_STOP 0x02 +#define EVENT_TRACE_TYPE_DC_START 0x03 +#define EVENT_TRACE_TYPE_DC_END 0x04 +#define EVENT_TRACE_TYPE_EXTENSION 0x05 +#define EVENT_TRACE_TYPE_REPLY 0x06 +#define EVENT_TRACE_TYPE_DEQUEUE 0x07 +#define EVENT_TRACE_TYPE_RESUME 0x07 +#define EVENT_TRACE_TYPE_CHECKPOINT 0x08 +#define EVENT_TRACE_TYPE_SUSPEND 0x08 +#define EVENT_TRACE_TYPE_WINEVT_SEND 0x09 +#define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0 -#define EVENT_TRACE_TYPE_LOAD 0x0A -#define EVENT_TRACE_TYPE_IO_READ 0x0A -#define EVENT_TRACE_TYPE_IO_WRITE 0x0B +#define TRACE_LEVEL_NONE 0 +#define TRACE_LEVEL_CRITICAL 1 +#define TRACE_LEVEL_FATAL 1 +#define TRACE_LEVEL_ERROR 2 +#define TRACE_LEVEL_WARNING 3 +#define TRACE_LEVEL_INFORMATION 4 +#define TRACE_LEVEL_VERBOSE 5 +#define TRACE_LEVEL_RESERVED6 6 +#define TRACE_LEVEL_RESERVED7 7 +#define TRACE_LEVEL_RESERVED8 8 +#define TRACE_LEVEL_RESERVED9 9 -#define EVENT_TRACE_TYPE_MM_TF 0x0A -#define EVENT_TRACE_TYPE_MM_DZF 0x0B -#define EVENT_TRACE_TYPE_MM_COW 0x0C -#define EVENT_TRACE_TYPE_MM_GPF 0x0D -#define EVENT_TRACE_TYPE_MM_HPF 0x0E +#define EVENT_TRACE_TYPE_LOAD 0x0A -#define EVENT_TRACE_TYPE_SEND 0x0A -#define EVENT_TRACE_TYPE_RECEIVE 0x0B -#define EVENT_TRACE_TYPE_CONNECT 0x0C -#define EVENT_TRACE_TYPE_DISCONNECT 0x0D -#define EVENT_TRACE_TYPE_RETRANSMIT 0x0E -#define EVENT_TRACE_TYPE_ACCEPT 0x0F -#define EVENT_TRACE_TYPE_RECONNECT 0x10 -#define EVENT_TRACE_TYPE_CONNFAIL 0x11 -#define EVENT_TRACE_TYPE_COPY_TCP 0x12 -#define EVENT_TRACE_TYPE_COPY_ARP 0x13 -#define EVENT_TRACE_TYPE_ACKFULL 0x14 -#define EVENT_TRACE_TYPE_ACKPART 0x15 -#define EVENT_TRACE_TYPE_ACKDUP 0x16 +#define EVENT_TRACE_TYPE_IO_READ 0x0A +#define EVENT_TRACE_TYPE_IO_WRITE 0x0B +#define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C +#define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D +#define EVENT_TRACE_TYPE_IO_FLUSH 0x0E +#define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F -#define EVENT_TRACE_TYPE_GUIDMAP 0x0A -#define EVENT_TRACE_TYPE_CONFIG 0x0B -#define EVENT_TRACE_TYPE_SIDINFO 0x0C -#define EVENT_TRACE_TYPE_SECURITY 0x0D +#define EVENT_TRACE_TYPE_MM_TF 0x0A +#define EVENT_TRACE_TYPE_MM_DZF 0x0B +#define EVENT_TRACE_TYPE_MM_COW 0x0C +#define EVENT_TRACE_TYPE_MM_GPF 0x0D +#define EVENT_TRACE_TYPE_MM_HPF 0x0E +#define EVENT_TRACE_TYPE_MM_AV 0x0F -#define EVENT_TRACE_TYPE_REGCREATE 0x0A -#define EVENT_TRACE_TYPE_REGOPEN 0x0B -#define EVENT_TRACE_TYPE_REGDELETE 0x0C -#define EVENT_TRACE_TYPE_REGQUERY 0x0D -#define EVENT_TRACE_TYPE_REGSETVALUE 0x0E -#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F -#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10 -#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11 -#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12 -#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13 -#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14 -#define EVENT_TRACE_TYPE_REGFLUSH 0x15 -#define EVENT_TRACE_TYPE_REGKCBDMP 0x16 +#define EVENT_TRACE_TYPE_SEND 0x0A +#define EVENT_TRACE_TYPE_RECEIVE 0x0B +#define EVENT_TRACE_TYPE_CONNECT 0x0C +#define EVENT_TRACE_TYPE_DISCONNECT 0x0D +#define EVENT_TRACE_TYPE_RETRANSMIT 0x0E +#define EVENT_TRACE_TYPE_ACCEPT 0x0F +#define EVENT_TRACE_TYPE_RECONNECT 0x10 +#define EVENT_TRACE_TYPE_CONNFAIL 0x11 +#define EVENT_TRACE_TYPE_COPY_TCP 0x12 +#define EVENT_TRACE_TYPE_COPY_ARP 0x13 +#define EVENT_TRACE_TYPE_ACKFULL 0x14 +#define EVENT_TRACE_TYPE_ACKPART 0x15 +#define EVENT_TRACE_TYPE_ACKDUP 0x16 -#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A -#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B -#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C -#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D -#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E -#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F -#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10 -#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11 +#define EVENT_TRACE_TYPE_GUIDMAP 0x0A +#define EVENT_TRACE_TYPE_CONFIG 0x0B +#define EVENT_TRACE_TYPE_SIDINFO 0x0C +#define EVENT_TRACE_TYPE_SECURITY 0x0D -#define EVENT_TRACE_FLAG_PROCESS 0x00000001 -#define EVENT_TRACE_FLAG_THREAD 0x00000002 -#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004 +#define EVENT_TRACE_TYPE_REGCREATE 0x0A +#define EVENT_TRACE_TYPE_REGOPEN 0x0B +#define EVENT_TRACE_TYPE_REGDELETE 0x0C +#define EVENT_TRACE_TYPE_REGQUERY 0x0D +#define EVENT_TRACE_TYPE_REGSETVALUE 0x0E +#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F +#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10 +#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11 +#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12 +#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13 +#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14 +#define EVENT_TRACE_TYPE_REGFLUSH 0x15 +#define EVENT_TRACE_TYPE_REGKCBCREATE 0x16 +#define EVENT_TRACE_TYPE_REGKCBDELETE 0x17 +#define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18 +#define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19 +#define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A +#define EVENT_TRACE_TYPE_REGCLOSE 0x1B +#define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C +#define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D +#define EVENT_TRACE_TYPE_REGCOMMIT 0x1E +#define EVENT_TRACE_TYPE_REGPREPARE 0x1F +#define EVENT_TRACE_TYPE_REGROLLBACK 0x20 +#define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21 -#define EVENT_TRACE_FLAG_DISK_IO 0x00000100 -#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200 +#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A +#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B +#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C +#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D +#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E +#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F +#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10 +#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11 -#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000 -#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000 +#define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15 +#define EVENT_TRACE_TYPE_CONFIG_PNP 0x16 +#define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17 +#define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19 -#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000 +#define EVENT_TRACE_FLAG_PROCESS 0x00000001 +#define EVENT_TRACE_FLAG_THREAD 0x00000002 +#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004 -#define EVENT_TRACE_FLAG_REGISTRY 0x00020000 -#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000 +#define EVENT_TRACE_FLAG_DISK_IO 0x00000100 +#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200 -#define EVENT_TRACE_FLAG_VOLMGR 0x00200000 +#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000 +#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000 -#define EVENT_TRACE_FLAG_EXTENSION 0x80000000 -#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000 -#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000 +#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000 -#define EVENT_TRACE_FILE_MODE_NONE 0x00000000 -#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001 -#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002 -#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004 -#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008 +#define EVENT_TRACE_FLAG_REGISTRY 0x00020000 +#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000 -#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020 +#define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008 +#define EVENT_TRACE_FLAG_CSWITCH 0x00000010 +#define EVENT_TRACE_FLAG_DPC 0x00000020 +#define EVENT_TRACE_FLAG_INTERRUPT 0x00000040 +#define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080 -#define EVENT_TRACE_REAL_TIME_MODE 0x00000100 -#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200 -#define EVENT_TRACE_BUFFERING_MODE 0x00000400 -#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800 -#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000 -#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000 -#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000 +#define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400 -#define EVENT_TRACE_RELOG_MODE 0x00010000 +#define EVENT_TRACE_FLAG_ALPC 0x00100000 +#define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000 -#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000 +#define EVENT_TRACE_FLAG_DRIVER 0x00800000 +#define EVENT_TRACE_FLAG_PROFILE 0x01000000 +#define EVENT_TRACE_FLAG_FILE_IO 0x02000000 +#define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000 -#define EVENT_TRACE_CONTROL_QUERY 0 -#define EVENT_TRACE_CONTROL_STOP 1 -#define EVENT_TRACE_CONTROL_UPDATE 2 -#define EVENT_TRACE_CONTROL_FLUSH 3 +#define EVENT_TRACE_FLAG_DISPATCHER 0x00000800 +#define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000 -#define TRACE_MESSAGE_SEQUENCE 1 -#define TRACE_MESSAGE_GUID 2 -#define TRACE_MESSAGE_COMPONENTID 4 -#define TRACE_MESSAGE_TIMESTAMP 8 -#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16 -#define TRACE_MESSAGE_SYSTEMINFO 32 -#define TRACE_MESSAGE_FLAG_MASK 0xFFFF +#define EVENT_TRACE_FLAG_EXTENSION 0x80000000 +#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000 +#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000 -#define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024 +#define EVENT_TRACE_FILE_MODE_NONE 0x00000000 +#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001 +#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002 +#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004 +#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008 +#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020 -#define EVENT_TRACE_USE_PROCTIME 0x0001 -#define EVENT_TRACE_USE_NOCPUTIME 0x0002 +#define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040 +#define EVENT_TRACE_SECURE_MODE 0x00000080 +#define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000 +#define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000 +#define EVENT_TRACE_MODE_RESERVED 0x00100000 + +#define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000 + +#define EVENT_TRACE_REAL_TIME_MODE 0x00000100 +#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200 +#define EVENT_TRACE_BUFFERING_MODE 0x00000400 +#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800 +#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000 + +#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000 +#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000 + +#define EVENT_TRACE_RELOG_MODE 0x00010000 + +#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000 + +#define EVENT_TRACE_CONTROL_QUERY 0 +#define EVENT_TRACE_CONTROL_STOP 1 +#define EVENT_TRACE_CONTROL_UPDATE 2 +#define EVENT_TRACE_CONTROL_FLUSH 3 + +#define TRACE_MESSAGE_SEQUENCE 1 +#define TRACE_MESSAGE_GUID 2 +#define TRACE_MESSAGE_COMPONENTID 4 +#define TRACE_MESSAGE_TIMESTAMP 8 +#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16 +#define TRACE_MESSAGE_SYSTEMINFO 32 + +#define TRACE_MESSAGE_POINTER32 0x0040 +#define TRACE_MESSAGE_POINTER64 0x0080 + +#define TRACE_MESSAGE_FLAG_MASK 0xFFFF + +#define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200 +#define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000 +#define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000 +#define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000 +#define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000 + +#define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024 + +#define ETW_NULL_TYPE_VALUE 0 +#define ETW_OBJECT_TYPE_VALUE 1 +#define ETW_STRING_TYPE_VALUE 2 +#define ETW_SBYTE_TYPE_VALUE 3 +#define ETW_BYTE_TYPE_VALUE 4 +#define ETW_INT16_TYPE_VALUE 5 +#define ETW_UINT16_TYPE_VALUE 6 +#define ETW_INT32_TYPE_VALUE 7 +#define ETW_UINT32_TYPE_VALUE 8 +#define ETW_INT64_TYPE_VALUE 9 +#define ETW_UINT64_TYPE_VALUE 10 +#define ETW_CHAR_TYPE_VALUE 11 +#define ETW_SINGLE_TYPE_VALUE 12 +#define ETW_DOUBLE_TYPE_VALUE 13 +#define ETW_BOOLEAN_TYPE_VALUE 14 +#define ETW_DECIMAL_TYPE_VALUE 15 + +#define ETW_GUID_TYPE_VALUE 101 +#define ETW_ASCIICHAR_TYPE_VALUE 102 +#define ETW_ASCIISTRING_TYPE_VALUE 103 +#define ETW_COUNTED_STRING_TYPE_VALUE 104 +#define ETW_POINTER_TYPE_VALUE 105 +#define ETW_SIZET_TYPE_VALUE 106 +#define ETW_HIDDEN_TYPE_VALUE 107 +#define ETW_BOOL_TYPE_VALUE 108 +#define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109 +#define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110 +#define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111 +#define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112 +#define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113 +#define ETW_REDUCED_STRING_TYPE_VALUE 114 +#define ETW_SID_TYPE_VALUE 115 +#define ETW_VARIANT_TYPE_VALUE 116 +#define ETW_PTVECTOR_TYPE_VALUE 117 +#define ETW_WMITIME_TYPE_VALUE 118 +#define ETW_DATETIME_TYPE_VALUE 119 +#define ETW_REFRENCE_TYPE_VALUE 120 + +#define TRACE_PROVIDER_FLAG_LEGACY 0x00000001 +#define TRACE_PROVIDER_FLAG_PRE_ENABLE 0x00000002 + +#define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0 +#define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1 +#define EVENT_CONTROL_CODE_CAPTURE_STATE 2 + +#define EVENT_TRACE_USE_PROCTIME 0x0001 +#define EVENT_TRACE_USE_NOCPUTIME 0x0002 typedef struct _EVENT_TRACE_HEADER { USHORT Size; @@ -169,8 +291,8 @@ __MINGW_EXTENSION struct { UCHAR HeaderType; UCHAR MarkerFlags; - }; - }; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; __MINGW_EXTENSION union { ULONG Version; struct { @@ -178,25 +300,25 @@ UCHAR Level; USHORT Version; } Class; - }; + } DUMMYUNIONNAME2; ULONG ThreadId; ULONG ProcessId; LARGE_INTEGER TimeStamp; __MINGW_EXTENSION union { GUID Guid; ULONGLONG GuidPtr; - }; + } DUMMYUNIONNAME3; __MINGW_EXTENSION union { __MINGW_EXTENSION struct { - ULONG ClientContext; - ULONG Flags; - }; - __MINGW_EXTENSION struct { ULONG KernelTime; ULONG UserTime; - }; + } DUMMYSTRUCTNAME; ULONG64 ProcessorTime; - }; + __MINGW_EXTENSION struct { + ULONG ClientContext; + ULONG Flags; + } DUMMYSTRUCTNAME2; + } DUMMYUNIONNAME4; } EVENT_TRACE_HEADER,*PEVENT_TRACE_HEADER; typedef struct _EVENT_INSTANCE_HEADER { @@ -206,8 +328,8 @@ __MINGW_EXTENSION struct { UCHAR HeaderType; UCHAR MarkerFlags; - }; - }; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME; __MINGW_EXTENSION union { ULONG Version; struct { @@ -215,7 +337,7 @@ UCHAR Level; USHORT Version; } Class; - }; + } DUMMYUNIONNAME2; ULONG ThreadId; ULONG ProcessId; LARGE_INTEGER TimeStamp; @@ -224,19 +346,22 @@ ULONG ParentInstanceId; __MINGW_EXTENSION union { __MINGW_EXTENSION struct { - ULONG ClientContext; - ULONG Flags; - }; - __MINGW_EXTENSION struct { ULONG KernelTime; ULONG UserTime; - }; + } DUMMYSTRUCTNAME; ULONG64 ProcessorTime; - }; + __MINGW_EXTENSION struct { + ULONG EventId; + ULONG Flags; + } DUMMYSTRUCTNAME2; + } DUMMYUNIONNAME3; ULONGLONG ParentRegHandle; } EVENT_INSTANCE_HEADER,*PEVENT_INSTANCE_HEADER; -#define DEFINE_TRACE_MOF_FIELD(MOF,ptr,length,type) (MOF)->DataPtr = (ULONG64) ptr; (MOF)->Length = (ULONG) length; (MOF)->DataType = (ULONG) type; +#define DEFINE_TRACE_MOF_FIELD(MOF,ptr,length,type) \ + (MOF)->DataPtr = (ULONG64) (ULONG_PTR) ptr; \ + (MOF)->Length = (ULONG) length; \ + (MOF)->DataType = (ULONG) type; typedef struct _MOF_FIELD { ULONG64 DataPtr; @@ -244,7 +369,7 @@ ULONG DataType; } MOF_FIELD,*PMOF_FIELD; -#ifndef _NTIFS_ +#if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_) typedef struct _TRACE_LOGFILE_HEADER { ULONG BufferSize; @@ -256,7 +381,7 @@ UCHAR SubVersion; UCHAR SubMinorVersion; } VersionDetail; - }; + } DUMMYUNIONNAME; ULONG ProviderVersion; ULONG NumberOfProcessors; LARGE_INTEGER EndTime; @@ -271,25 +396,118 @@ ULONG PointerSize; ULONG EventsLost; ULONG CpuSpeedInMHz; - }; - }; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME2; +#if defined(_WMIKM_) + PWCHAR LoggerName; + PWCHAR LogFileName; + RTL_TIME_ZONE_INFORMATION TimeZone; +#else LPWSTR LoggerName; LPWSTR LogFileName; TIME_ZONE_INFORMATION TimeZone; +#endif LARGE_INTEGER BootTime; LARGE_INTEGER PerfFreq; LARGE_INTEGER StartTime; ULONG ReservedFlags; ULONG BuffersLost; } TRACE_LOGFILE_HEADER,*PTRACE_LOGFILE_HEADER; -#endif -typedef struct EVENT_INSTANCE_INFO { +typedef struct _TRACE_LOGFILE_HEADER32 { + ULONG BufferSize; + __MINGW_EXTENSION union { + ULONG Version; + struct { + UCHAR MajorVersion; + UCHAR MinorVersion; + UCHAR SubVersion; + UCHAR SubMinorVersion; + } VersionDetail; + } DUMMYUNIONNAME; + ULONG ProviderVersion; + ULONG NumberOfProcessors; + LARGE_INTEGER EndTime; + ULONG TimerResolution; + ULONG MaximumFileSize; + ULONG LogFileMode; + ULONG BuffersWritten; + __MINGW_EXTENSION union { + GUID LogInstanceGuid; + __MINGW_EXTENSION struct { + ULONG StartBuffers; + ULONG PointerSize; + ULONG EventsLost; + ULONG CpuSpeedInMHz; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME2; +#if defined(_WMIKM_) + ULONG32 LoggerName; + ULONG32 LogFileName; + RTL_TIME_ZONE_INFORMATION TimeZone; +#else + ULONG32 LoggerName; + ULONG32 LogFileName; + TIME_ZONE_INFORMATION TimeZone; +#endif + LARGE_INTEGER BootTime; + LARGE_INTEGER PerfFreq; + LARGE_INTEGER StartTime; + ULONG ReservedFlags; + ULONG BuffersLost; +} TRACE_LOGFILE_HEADER32, *PTRACE_LOGFILE_HEADER32; + +typedef struct _TRACE_LOGFILE_HEADER64 { + ULONG BufferSize; + __MINGW_EXTENSION union { + ULONG Version; + struct { + UCHAR MajorVersion; + UCHAR MinorVersion; + UCHAR SubVersion; + UCHAR SubMinorVersion; + } VersionDetail; + } DUMMYUNIONNAME; + ULONG ProviderVersion; + ULONG NumberOfProcessors; + LARGE_INTEGER EndTime; + ULONG TimerResolution; + ULONG MaximumFileSize; + ULONG LogFileMode; + ULONG BuffersWritten; + __MINGW_EXTENSION union { + GUID LogInstanceGuid; + __MINGW_EXTENSION struct { + ULONG StartBuffers; + ULONG PointerSize; + ULONG EventsLost; + ULONG CpuSpeedInMHz; + } DUMMYSTRUCTNAME; + } DUMMYUNIONNAME2; +#if defined(_WMIKM_) + ULONG64 LoggerName; + ULONG64 LogFileName; + RTL_TIME_ZONE_INFORMATION TimeZone; +#else + ULONG64 LoggerName; + ULONG64 LogFileName; + TIME_ZONE_INFORMATION TimeZone; +#endif + LARGE_INTEGER BootTime; + LARGE_INTEGER PerfFreq; + LARGE_INTEGER StartTime; + ULONG ReservedFlags; + ULONG BuffersLost; +} TRACE_LOGFILE_HEADER64, *PTRACE_LOGFILE_HEADER64; + +#endif /* !_NTDDK_ || _WMIKM_ */ + +typedef struct _EVENT_INSTANCE_INFO { HANDLE RegHandle; ULONG InstanceId; } EVENT_INSTANCE_INFO,*PEVENT_INSTANCE_INFO; -#ifndef _NTIFS_ +#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) typedef struct _EVENT_TRACE_PROPERTIES { WNODE_HEADER Wnode; @@ -301,6 +519,7 @@ ULONG FlushTimer; ULONG EnableFlags; LONG AgeLimit; + ULONG NumberOfBuffers; ULONG FreeBuffers; ULONG EventsLost; @@ -312,6 +531,13 @@ ULONG LoggerNameOffset; } EVENT_TRACE_PROPERTIES,*PEVENT_TRACE_PROPERTIES; +typedef struct _TRACE_GUID_REGISTRATION { + LPCGUID Guid; + HANDLE RegHandle; +} TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION; + +#endif /* !_NTDDK_ || _WMIKM_ */ + typedef struct _TRACE_GUID_PROPERTIES { GUID Guid; ULONG GuidType; @@ -321,10 +547,34 @@ BOOLEAN IsEnable; } TRACE_GUID_PROPERTIES,*PTRACE_GUID_PROPERTIES; -typedef struct _TRACE_GUID_REGISTRATION { - LPCGUID Guid; - HANDLE RegHandle; -} TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION; +typedef struct _ETW_BUFFER_CONTEXT { + UCHAR ProcessorNumber; + UCHAR Alignment; + USHORT LoggerId; +} ETW_BUFFER_CONTEXT, *PETW_BUFFER_CONTEXT; + +typedef struct _TRACE_ENABLE_INFO { + ULONG IsEnabled; + UCHAR Level; + UCHAR Reserved1; + USHORT LoggerId; + ULONG EnableProperty; + ULONG Reserved2; + ULONGLONG MatchAnyKeyword; + ULONGLONG MatchAllKeyword; +} TRACE_ENABLE_INFO, *PTRACE_ENABLE_INFO; + +typedef struct _TRACE_PROVIDER_INSTANCE_INFO { + ULONG NextOffset; + ULONG EnableCount; + ULONG Pid; + ULONG Flags; +} TRACE_PROVIDER_INSTANCE_INFO, *PTRACE_PROVIDER_INSTANCE_INFO; + +typedef struct _TRACE_GUID_INFO { + ULONG InstanceCount; + ULONG Reserved; +} TRACE_GUID_INFO, *PTRACE_GUID_INFO; typedef struct _EVENT_TRACE { EVENT_TRACE_HEADER Header; @@ -333,30 +583,90 @@ GUID ParentGuid; PVOID MofData; ULONG MofLength; - ULONG ClientContext; + __MINGW_EXTENSION union { + ULONG ClientContext; + ETW_BUFFER_CONTEXT BufferContext; + } DUMMYUNIONNAME; } EVENT_TRACE,*PEVENT_TRACE; +/* MSDN Says: http://msdn.microsoft.com/en-us/library/aa363773%28VS.85%29.aspx +typedef struct _EVENT_TRACE { + EVENT_TRACE_HEADER Header; + ULONG InstanceId; + ULONG ParentInstanceId; + GUID ParentGuid; + PVOID MofData; + ULONG MofLength; + union { + ULONG ClientContext; + ULONG BufferContext; + } ; +} EVENT_TRACE, *PEVENT_TRACE; +*/ + +#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) + +#ifndef DEFINED_PEVENT_RECORD +typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD; +#define DEFINED_PEVENT_RECORD 1 +#endif /* for evntcons.h */ +#ifndef DEFINED_PEVENT_FILTER_DESC +typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR; +#define DEFINED_PEVENT_FILTER_DESC 1 +#endif /* for evntprov.h */ typedef struct _EVENT_TRACE_LOGFILEW EVENT_TRACE_LOGFILEW,*PEVENT_TRACE_LOGFILEW; typedef struct _EVENT_TRACE_LOGFILEA EVENT_TRACE_LOGFILEA,*PEVENT_TRACE_LOGFILEA; typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW)(PEVENT_TRACE_LOGFILEW Logfile); typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA)(PEVENT_TRACE_LOGFILEA Logfile); typedef VOID (WINAPI *PEVENT_CALLBACK)(PEVENT_TRACE pEvent); +typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK)(PEVENT_RECORD EventRecord); typedef ULONG (WINAPI *WMIDPREQUEST)(WMIDPREQUESTCODE RequestCode,PVOID RequestContext,ULONG *BufferSize,PVOID Buffer); +/* MSDN says http://msdn.microsoft.com/en-us/library/aa363780%28VS.85%29.aspx + +typedef struct _EVENT_TRACE_LOGFILE { + LPTSTR LogFileName; + LPTSTR LoggerName; + LONGLONG CurrentTime; + ULONG BuffersRead; + union { + ULONG LogFileMode; + ULONG ProcessTraceMode; + } ; + EVENT_TRACE CurrentEvent; + TRACE_LOGFILE_HEADER LogfileHeader; + PEVENT_TRACE_BUFFER_CALLBACK BufferCallback; + ULONG BufferSize; + ULONG Filled; + ULONG EventsLost; + union { + PEVENT_CALLBACK EventCallback; + PEVENT_RECORD_CALLBACK EventRecordCallback; + } ; + ULONG IsKernelTrace; + PVOID Context; +} EVENT_TRACE_LOGFILE, *PEVENT_TRACE_LOGFILE; +*/ + struct _EVENT_TRACE_LOGFILEW { LPWSTR LogFileName; LPWSTR LoggerName; LONGLONG CurrentTime; ULONG BuffersRead; - ULONG LogFileMode; - + __MINGW_EXTENSION union { + ULONG LogFileMode; + ULONG ProcessTraceMode; + } DUMMYUNIONNAME; EVENT_TRACE CurrentEvent; TRACE_LOGFILE_HEADER LogfileHeader; PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback; ULONG BufferSize; ULONG Filled; ULONG EventsLost; - PEVENT_CALLBACK EventCallback; + __MINGW_EXTENSION union { + PEVENT_CALLBACK EventCallback; + PEVENT_RECORD_CALLBACK EventRecordCallback; + } DUMMYUNIONNAME2; ULONG IsKernelTrace; PVOID Context; }; @@ -366,110 +676,199 @@ LPSTR LoggerName; LONGLONG CurrentTime; ULONG BuffersRead; - ULONG LogFileMode; + __MINGW_EXTENSION union { + ULONG LogFileMode; + ULONG ProcessTraceMode; + } DUMMYUNIONNAME; EVENT_TRACE CurrentEvent; TRACE_LOGFILE_HEADER LogfileHeader; PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback; ULONG BufferSize; ULONG Filled; ULONG EventsLost; - PEVENT_CALLBACK EventCallback; + __MINGW_EXTENSION union { + PEVENT_CALLBACK EventCallback; + PEVENT_RECORD_CALLBACK EventRecordCallback; + } DUMMYUNIONNAME2; ULONG IsKernelTrace; PVOID Context; }; #if defined(_UNICODE) || defined(UNICODE) -#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW -#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW -#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW -#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW -#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW -#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW +#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW +#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW +#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW +#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW +#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW +#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW #else - -#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA -#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA -#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA -#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA -#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA -#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA -#endif +#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA +#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA +#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA +#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA +#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA +#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA +#endif /* defined(_UNICODE) || defined(UNICODE) */ #ifdef __cplusplus extern "C" { #endif - EXTERN_C ULONG WMIAPI StartTraceW(PTRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI StartTraceA(PTRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI StopTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI StopTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI QueryTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI QueryTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI UpdateTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI UpdateTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI FlushTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI FlushTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); - EXTERN_C ULONG WMIAPI ControlTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode); - EXTERN_C ULONG WMIAPI ControlTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode); - EXTERN_C ULONG WMIAPI QueryAllTracesW(PEVENT_TRACE_PROPERTIES *PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount); - EXTERN_C ULONG WMIAPI QueryAllTracesA(PEVENT_TRACE_PROPERTIES *PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount); - EXTERN_C ULONG WMIAPI CreateTraceInstanceId(HANDLE RegHandle,PEVENT_INSTANCE_INFO pInstInfo); - EXTERN_C ULONG WMIAPI EnableTrace(ULONG Enable,ULONG EnableFlag,ULONG EnableLevel,LPCGUID ControlGuid,TRACEHANDLE TraceHandle); - EXTERN_C ULONG WMIAPI TraceEvent(TRACEHANDLE TraceHandle,PEVENT_TRACE_HEADER EventTrace); - EXTERN_C ULONG WMIAPI TraceEventInstance(TRACEHANDLE TraceHandle,PEVENT_INSTANCE_HEADER EventTrace,PEVENT_INSTANCE_INFO pInstInfo,PEVENT_INSTANCE_INFO pParentInstInfo); - EXTERN_C ULONG WMIAPI RegisterTraceGuidsW(WMIDPREQUEST RequestAddress,PVOID RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION TraceGuidReg,LPCWSTR MofImagePath,LPCWSTR MofResourceName,PTRACEHANDLE RegistrationHandle); - EXTERN_C ULONG WMIAPI RegisterTraceGuidsA(WMIDPREQUEST RequestAddress,PVOID RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION TraceGuidReg,LPCSTR MofImagePath,LPCSTR MofResourceName,PTRACEHANDLE RegistrationHandle); - EXTERN_C ULONG WMIAPI EnumerateTraceGuids(PTRACE_GUID_PROPERTIES *GuidPropertiesArray,ULONG PropertyArrayCount,PULONG GuidCount); - EXTERN_C ULONG WMIAPI UnregisterTraceGuids(TRACEHANDLE RegistrationHandle); - EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle(PVOID Buffer); - EXTERN_C UCHAR WMIAPI GetTraceEnableLevel(TRACEHANDLE TraceHandle); - EXTERN_C ULONG WMIAPI GetTraceEnableFlags(TRACEHANDLE TraceHandle); - EXTERN_C TRACEHANDLE WMIAPI OpenTraceA(PEVENT_TRACE_LOGFILEA Logfile); - EXTERN_C TRACEHANDLE WMIAPI OpenTraceW(PEVENT_TRACE_LOGFILEW Logfile); - EXTERN_C ULONG WMIAPI ProcessTrace(PTRACEHANDLE HandleArray,ULONG HandleCount,LPFILETIME StartTime,LPFILETIME EndTime); - EXTERN_C ULONG WMIAPI CloseTrace(TRACEHANDLE TraceHandle); - EXTERN_C ULONG WMIAPI SetTraceCallback(LPCGUID pGuid,PEVENT_CALLBACK EventCallback); - EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid); - EXTERN_C ULONG __cdecl TraceMessage(TRACEHANDLE LoggerHandle,ULONG MessageFlags,LPGUID MessageGuid,USHORT MessageNumber,...); - EXTERN_C ULONG TraceMessageVa(TRACEHANDLE LoggerHandle,ULONG MessageFlags,LPGUID MessageGuid,USHORT MessageNumber,va_list MessageArgList); +EXTERN_C ULONG WMIAPI StartTraceW(PTRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI StartTraceA(PTRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI StopTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI StopTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI QueryTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI QueryTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI UpdateTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI UpdateTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI FlushTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI FlushTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties); +EXTERN_C ULONG WMIAPI ControlTraceW(TRACEHANDLE TraceHandle,LPCWSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode); +EXTERN_C ULONG WMIAPI ControlTraceA(TRACEHANDLE TraceHandle,LPCSTR InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode); +EXTERN_C ULONG WMIAPI QueryAllTracesW(PEVENT_TRACE_PROPERTIES *PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount); +EXTERN_C ULONG WMIAPI QueryAllTracesA(PEVENT_TRACE_PROPERTIES *PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount); +EXTERN_C ULONG WMIAPI EnableTrace(ULONG Enable,ULONG EnableFlag,ULONG EnableLevel,LPCGUID ControlGuid,TRACEHANDLE TraceHandle); + +#if (_WIN32_WINNT >= 0x0600) +EXTERN_C ULONG WMIAPI EnableTraceEx( + LPCGUID ProviderId, + LPCGUID SourceId, + TRACEHANDLE TraceHandle, + ULONG IsEnabled, + UCHAR Level, + ULONGLONG MatchAnyKeyword, + ULONGLONG MatchAllKeyword, + ULONG EnableProperty, + PEVENT_FILTER_DESCRIPTOR EnableFilterDesc +); +#endif /* _WIN32_WINNT >= 0x0600 */ + +#define ENABLE_TRACE_PARAMETERS_VERSION 1 + +typedef struct _ENABLE_TRACE_PARAMETERS { + ULONG Version; + ULONG EnableProperty; + ULONG ControlFlags; + GUID SourceId; + PEVENT_FILTER_DESCRIPTOR EnableFilterDesc; +} ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS; + +#if (_WIN32_WINNT >= 0x0601) +EXTERN_C ULONG WMIAPI EnableTraceEx2( + TRACEHANDLE TraceHandle, + LPCGUID ProviderId, + ULONG ControlCode, + UCHAR Level, + ULONGLONG MatchAnyKeyword, + ULONGLONG MatchAllKeyword, + ULONG Timeout, + PENABLE_TRACE_PARAMETERS EnableParameters +); +#endif /* _WIN32_WINNT >= 0x0601 */ + +typedef enum _TRACE_QUERY_INFO_CLASS { + TraceGuidQueryList, + TraceGuidQueryInfo, + TraceGuidQueryProcess, + TraceStackTracingInfo, + MaxTraceSetInfoClass +} TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS; + +#if (_WIN32_WINNT >= 0x0600) +EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx( + TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, + PVOID InBuffer, + ULONG InBufferSize, + PVOID OutBuffer, + ULONG OutBufferSize, + PULONG ReturnLength +); +#endif /* _WIN32_WINNT >= 0x0600 */ + +typedef struct _CLASSIC_EVENT_ID { + GUID EventGuid; + UCHAR Type; + UCHAR Reserved[7]; +} CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID; + +#if (_WIN32_WINNT >= 0x0601) +EXTERN_C ULONG WMIAPI TraceSetInformation( + TRACEHANDLE SessionHandle, + TRACE_INFO_CLASS InformationClass, + PVOID TraceInformation, + ULONG InformationLength +); +#endif /* _WIN32_WINNT >= 0x0601 */ + +EXTERN_C ULONG WMIAPI CreateTraceInstanceId(HANDLE RegHandle,PEVENT_INSTANCE_INFO pInstInfo); +EXTERN_C ULONG WMIAPI TraceEvent(TRACEHANDLE TraceHandle,PEVENT_TRACE_HEADER EventTrace); +EXTERN_C ULONG WMIAPI TraceEventInstance(TRACEHANDLE TraceHandle,PEVENT_INSTANCE_HEADER EventTrace,PEVENT_INSTANCE_INFO pInstInfo,PEVENT_INSTANCE_INFO pParentInstInfo); +EXTERN_C ULONG WMIAPI RegisterTraceGuidsW(WMIDPREQUEST RequestAddress,PVOID RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION TraceGuidReg,LPCWSTR MofImagePath,LPCWSTR MofResourceName,PTRACEHANDLE RegistrationHandle); +EXTERN_C ULONG WMIAPI RegisterTraceGuidsA(WMIDPREQUEST RequestAddress,PVOID RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION TraceGuidReg,LPCSTR MofImagePath,LPCSTR MofResourceName,PTRACEHANDLE RegistrationHandle); +EXTERN_C ULONG WMIAPI EnumerateTraceGuids(PTRACE_GUID_PROPERTIES *GuidPropertiesArray,ULONG PropertyArrayCount,PULONG GuidCount); +EXTERN_C ULONG WMIAPI UnregisterTraceGuids(TRACEHANDLE RegistrationHandle); +EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle(PVOID Buffer); +EXTERN_C UCHAR WMIAPI GetTraceEnableLevel(TRACEHANDLE TraceHandle); +EXTERN_C ULONG WMIAPI GetTraceEnableFlags(TRACEHANDLE TraceHandle); +EXTERN_C TRACEHANDLE WMIAPI OpenTraceA(PEVENT_TRACE_LOGFILEA Logfile); +EXTERN_C TRACEHANDLE WMIAPI OpenTraceW(PEVENT_TRACE_LOGFILEW Logfile); +EXTERN_C ULONG WMIAPI ProcessTrace(PTRACEHANDLE HandleArray,ULONG HandleCount,LPFILETIME StartTime,LPFILETIME EndTime); +EXTERN_C ULONG WMIAPI CloseTrace(TRACEHANDLE TraceHandle); +EXTERN_C ULONG WMIAPI SetTraceCallback(LPCGUID pGuid,PEVENT_CALLBACK EventCallback); +EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid); +EXTERN_C ULONG __cdecl TraceMessage(TRACEHANDLE LoggerHandle,ULONG MessageFlags,LPCGUID MessageGuid,USHORT MessageNumber,...); +EXTERN_C ULONG TraceMessageVa(TRACEHANDLE LoggerHandle,ULONG MessageFlags,LPCGUID MessageGuid,USHORT MessageNumber,va_list MessageArgList); #ifdef __cplusplus } #endif +#define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE) + #if defined(UNICODE) || defined(_UNICODE) -#define RegisterTraceGuids RegisterTraceGuidsW -#define StartTrace StartTraceW -#define ControlTrace ControlTraceW -#ifdef __TRACE_W2K_COMPATIBLE -#define StopTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_STOP) -#define QueryTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_QUERY) -#define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE) +#define RegisterTraceGuids RegisterTraceGuidsW +#define StartTrace StartTraceW +#define ControlTrace ControlTraceW + +#if defined(__TRACE_W2K_COMPATIBLE) +#define StopTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_STOP) +#define QueryTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_QUERY) +#define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE) #else -#define StopTrace StopTraceW -#define QueryTrace QueryTraceW -#define UpdateTrace UpdateTraceW -#endif -#define FlushTrace FlushTraceW -#define QueryAllTraces QueryAllTracesW -#define OpenTrace OpenTraceW +#define StopTrace StopTraceW +#define QueryTrace QueryTraceW +#define UpdateTrace UpdateTraceW +#endif /* defined(__TRACE_W2K_COMPATIBLE) */ + +#define FlushTrace FlushTraceW +#define QueryAllTraces QueryAllTracesW +#define OpenTrace OpenTraceW + +#else /* defined(UNICODE) || defined(_UNICODE) */ + +#define RegisterTraceGuids RegisterTraceGuidsA +#define StartTrace StartTraceA +#define ControlTrace ControlTraceA + +#if defined(__TRACE_W2K_COMPATIBLE) +#define StopTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_STOP) +#define QueryTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_QUERY) +#define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE) #else -#define RegisterTraceGuids RegisterTraceGuidsA -#define StartTrace StartTraceA -#define ControlTrace ControlTraceA -#ifdef __TRACE_W2K_COMPATIBLE -#define StopTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_STOP) -#define QueryTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_QUERY) -#define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE) -#else -#define StopTrace StopTraceA -#define QueryTrace QueryTraceA -#define UpdateTrace UpdateTraceA -#endif -#define FlushTrace FlushTraceA -#define QueryAllTraces QueryAllTracesA -#define OpenTrace OpenTraceA -#endif -#endif -#endif -#endif +#define StopTrace StopTraceA +#define QueryTrace QueryTraceA +#define UpdateTrace UpdateTraceA +#endif /* defined(__TRACE_W2K_COMPATIBLE) */ + +#define FlushTrace FlushTraceA +#define QueryAllTraces QueryAllTracesA +#define OpenTrace OpenTraceA +#endif /* defined(UNICODE) || defined(_UNICODE) */ + +#endif /* !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) */ + +#endif /* defined(_WINNT_) || defined(WINNT) */ + +#endif /* _EVNTRACE_ */ +