1 /** 2 * This file is part of the mingw-w64 runtime package. 3 * No warranty is given; refer to the file DISCLAIMER within this package. 4 */ 5 6 #include <winapifamily.h> 7 8 #ifndef _EVNTRACE_ 9 #define _EVNTRACE_ 10 11 #if defined (_WINNT_) || defined (WINNT) 12 13 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP) 14 15 #if !defined (WMIAPI) && !defined (__WIDL__) && !defined (MIDL_PASS) 16 #ifdef _WMI_SOURCE_ 17 #ifdef _ARM_ 18 #define WMIAPI 19 #else 20 #define WMIAPI __stdcall 21 #endif 22 #else 23 #ifdef _ARM_ 24 #define WMIAPI DECLSPEC_IMPORT 25 #else 26 #define WMIAPI DECLSPEC_IMPORT __stdcall 27 #endif 28 #endif 29 #endif 30 31 #include <guiddef.h> 32 33 #if defined (_NTDDK_) || defined (_NTIFS_) || defined (_WMIKM_) 34 #define _EVNTRACE_KERNEL_MODE 35 #endif 36 37 #ifndef _EVNTRACE_KERNEL_MODE 38 #include <wmistr.h> 39 #endif 40 41 DEFINE_GUID (EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3); 42 DEFINE_GUID (SystemTraceControlGuid, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39); 43 DEFINE_GUID (EventTraceConfigGuid, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35); 44 DEFINE_GUID (DefaultTraceSecurityGuid, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13); 45 46 #define KERNEL_LOGGER_NAMEW L"NT Kernel Logger" 47 #define GLOBAL_LOGGER_NAMEW L"GlobalLogger" 48 #define EVENT_LOGGER_NAMEW L"EventLog" 49 #define DIAG_LOGGER_NAMEW L"DiagLog" 50 51 #define KERNEL_LOGGER_NAMEA "NT Kernel Logger" 52 #define GLOBAL_LOGGER_NAMEA "GlobalLogger" 53 #define EVENT_LOGGER_NAMEA "EventLog" 54 #define DIAG_LOGGER_NAMEA "DiagLog" 55 56 #define MAX_MOF_FIELDS 16 57 58 #ifndef _TRACEHANDLE_DEFINED 59 #define _TRACEHANDLE_DEFINED 60 typedef ULONG64 TRACEHANDLE,*PTRACEHANDLE; 61 #endif 62 63 #define SYSTEM_EVENT_TYPE 1 64 65 #define EVENT_TRACE_TYPE_INFO 0x00 66 #define EVENT_TRACE_TYPE_START 0x01 67 #define EVENT_TRACE_TYPE_END 0x02 68 #define EVENT_TRACE_TYPE_STOP 0x02 69 #define EVENT_TRACE_TYPE_DC_START 0x03 70 #define EVENT_TRACE_TYPE_DC_END 0x04 71 #define EVENT_TRACE_TYPE_EXTENSION 0x05 72 #define EVENT_TRACE_TYPE_REPLY 0x06 73 #define EVENT_TRACE_TYPE_DEQUEUE 0x07 74 #define EVENT_TRACE_TYPE_RESUME 0x07 75 #define EVENT_TRACE_TYPE_CHECKPOINT 0x08 76 #define EVENT_TRACE_TYPE_SUSPEND 0x08 77 #define EVENT_TRACE_TYPE_WINEVT_SEND 0x09 78 #define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0xf0 79 80 #define TRACE_LEVEL_NONE 0 81 #define TRACE_LEVEL_CRITICAL 1 82 #define TRACE_LEVEL_FATAL 1 83 #define TRACE_LEVEL_ERROR 2 84 #define TRACE_LEVEL_WARNING 3 85 #define TRACE_LEVEL_INFORMATION 4 86 #define TRACE_LEVEL_VERBOSE 5 87 #define TRACE_LEVEL_RESERVED6 6 88 #define TRACE_LEVEL_RESERVED7 7 89 #define TRACE_LEVEL_RESERVED8 8 90 #define TRACE_LEVEL_RESERVED9 9 91 92 #define EVENT_TRACE_TYPE_LOAD 0x0a 93 #define EVENT_TRACE_TYPE_TERMINATE 0x0b 94 95 #define EVENT_TRACE_TYPE_IO_READ 0x0a 96 #define EVENT_TRACE_TYPE_IO_WRITE 0x0b 97 #define EVENT_TRACE_TYPE_IO_READ_INIT 0x0c 98 #define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0d 99 #define EVENT_TRACE_TYPE_IO_FLUSH 0x0e 100 #define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0f 101 102 #define EVENT_TRACE_TYPE_MM_TF 0x0a 103 #define EVENT_TRACE_TYPE_MM_DZF 0x0b 104 #define EVENT_TRACE_TYPE_MM_COW 0x0c 105 #define EVENT_TRACE_TYPE_MM_GPF 0x0d 106 #define EVENT_TRACE_TYPE_MM_HPF 0x0e 107 #define EVENT_TRACE_TYPE_MM_AV 0x0f 108 109 #define EVENT_TRACE_TYPE_SEND 0x0a 110 #define EVENT_TRACE_TYPE_RECEIVE 0x0b 111 #define EVENT_TRACE_TYPE_CONNECT 0x0c 112 #define EVENT_TRACE_TYPE_DISCONNECT 0x0d 113 #define EVENT_TRACE_TYPE_RETRANSMIT 0x0e 114 #define EVENT_TRACE_TYPE_ACCEPT 0x0f 115 #define EVENT_TRACE_TYPE_RECONNECT 0x10 116 #define EVENT_TRACE_TYPE_CONNFAIL 0x11 117 #define EVENT_TRACE_TYPE_COPY_TCP 0x12 118 #define EVENT_TRACE_TYPE_COPY_ARP 0x13 119 #define EVENT_TRACE_TYPE_ACKFULL 0x14 120 #define EVENT_TRACE_TYPE_ACKPART 0x15 121 #define EVENT_TRACE_TYPE_ACKDUP 0x16 122 123 #define EVENT_TRACE_TYPE_GUIDMAP 0x0a 124 #define EVENT_TRACE_TYPE_CONFIG 0x0b 125 #define EVENT_TRACE_TYPE_SIDINFO 0x0c 126 #define EVENT_TRACE_TYPE_SECURITY 0x0d 127 #define EVENT_TRACE_TYPE_DBGID_RSDS 0x40 128 129 #define EVENT_TRACE_TYPE_REGCREATE 0x0a 130 #define EVENT_TRACE_TYPE_REGOPEN 0x0b 131 #define EVENT_TRACE_TYPE_REGDELETE 0x0c 132 #define EVENT_TRACE_TYPE_REGQUERY 0x0d 133 #define EVENT_TRACE_TYPE_REGSETVALUE 0x0e 134 #define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0f 135 #define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10 136 #define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11 137 #define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12 138 #define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13 139 #define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14 140 #define EVENT_TRACE_TYPE_REGFLUSH 0x15 141 #define EVENT_TRACE_TYPE_REGKCBCREATE 0x16 142 #define EVENT_TRACE_TYPE_REGKCBDELETE 0x17 143 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18 144 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19 145 #define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1a 146 #define EVENT_TRACE_TYPE_REGCLOSE 0x1b 147 #define EVENT_TRACE_TYPE_REGSETSECURITY 0x1c 148 #define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1d 149 #define EVENT_TRACE_TYPE_REGCOMMIT 0x1e 150 #define EVENT_TRACE_TYPE_REGPREPARE 0x1f 151 #define EVENT_TRACE_TYPE_REGROLLBACK 0x20 152 #define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21 153 154 #define EVENT_TRACE_TYPE_CONFIG_CPU 0x0a 155 #define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0b 156 #define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0c 157 #define EVENT_TRACE_TYPE_CONFIG_NIC 0x0d 158 #define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0e 159 #define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0f 160 #define EVENT_TRACE_TYPE_CONFIG_POWER 0x10 161 #define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11 162 #define EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA 0x12 163 164 #define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15 165 #define EVENT_TRACE_TYPE_CONFIG_PNP 0x16 166 #define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17 167 #define EVENT_TRACE_TYPE_CONFIG_NUMANODE 0x18 168 #define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19 169 #define EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP 0x1a 170 #define EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER 0x1b 171 #define EVENT_TRACE_TYPE_CONFIG_DPI 0x1c 172 #define EVENT_TRACE_TYPE_CONFIG_CI_INFO 0x1d 173 #define EVENT_TRACE_TYPE_CONFIG_MACHINEID 0x1e 174 #define EVENT_TRACE_TYPE_CONFIG_DEFRAG 0x1f 175 #define EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM 0x20 176 #define EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY 0x21 177 #define EVENT_TRACE_TYPE_CONFIG_FLIGHTID 0x22 178 #define EVENT_TRACE_TYPE_CONFIG_PROCESSOR 0x23 179 180 #define EVENT_TRACE_TYPE_OPTICAL_IO_READ 0x37 181 #define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE 0x38 182 #define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH 0x39 183 #define EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT 0x3a 184 #define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT 0x3b 185 #define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT 0x3c 186 187 #define EVENT_TRACE_TYPE_FLT_PREOP_INIT 0x60 188 #define EVENT_TRACE_TYPE_FLT_POSTOP_INIT 0x61 189 #define EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION 0x62 190 #define EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION 0x63 191 #define EVENT_TRACE_TYPE_FLT_PREOP_FAILURE 0x64 192 #define EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE 0x65 193 194 #define EVENT_TRACE_FLAG_PROCESS 0x00000001 195 #define EVENT_TRACE_FLAG_THREAD 0x00000002 196 #define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004 197 198 #define EVENT_TRACE_FLAG_DISK_IO 0x00000100 199 #define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200 200 201 #define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000 202 #define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000 203 204 #define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000 205 206 #define EVENT_TRACE_FLAG_REGISTRY 0x00020000 207 #define EVENT_TRACE_FLAG_DBGPRINT 0x00040000 208 209 #define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008 210 #define EVENT_TRACE_FLAG_CSWITCH 0x00000010 211 #define EVENT_TRACE_FLAG_DPC 0x00000020 212 #define EVENT_TRACE_FLAG_INTERRUPT 0x00000040 213 #define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080 214 215 #define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400 216 #define EVENT_TRACE_FLAG_ALPC 0x00100000 217 #define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000 218 219 #define EVENT_TRACE_FLAG_DRIVER 0x00800000 220 #define EVENT_TRACE_FLAG_PROFILE 0x01000000 221 #define EVENT_TRACE_FLAG_FILE_IO 0x02000000 222 #define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000 223 224 #define EVENT_TRACE_FLAG_DISPATCHER 0x00000800 225 #define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000 226 227 #define EVENT_TRACE_FLAG_VAMAP 0x00008000 228 #define EVENT_TRACE_FLAG_NO_SYSCONFIG 0x10000000 229 230 #define EVENT_TRACE_FLAG_JOB 0x00080000 231 #define EVENT_TRACE_FLAG_DEBUG_EVENTS 0x00400000 232 233 #define EVENT_TRACE_FLAG_EXTENSION 0x80000000 234 #define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000 235 #define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000 236 237 #define EVENT_TRACE_FILE_MODE_NONE 0x00000000 238 #define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001 239 #define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002 240 #define EVENT_TRACE_FILE_MODE_APPEND 0x00000004 241 242 #define EVENT_TRACE_REAL_TIME_MODE 0x00000100 243 #define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200 244 #define EVENT_TRACE_BUFFERING_MODE 0x00000400 245 #define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800 246 #define EVENT_TRACE_ADD_HEADER_MODE 0x00001000 247 248 #define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000 249 #define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000 250 251 #define EVENT_TRACE_RELOG_MODE 0x00010000 252 253 #define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000 254 255 #define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008 256 #define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020 257 258 #define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040 259 #define EVENT_TRACE_SECURE_MODE 0x00000080 260 #define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000 261 #define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000 262 #define EVENT_TRACE_MODE_RESERVED 0x00100000 263 264 #define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000 265 266 #define EVENT_TRACE_SYSTEM_LOGGER_MODE 0x02000000 267 #define EVENT_TRACE_ADDTO_TRIAGE_DUMP 0x80000000 268 #define EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN 0x00400000 269 #define EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN 0x00800000 270 271 #define EVENT_TRACE_INDEPENDENT_SESSION_MODE 0x08000000 272 #define EVENT_TRACE_COMPRESSED_MODE 0x04000000 273 274 #define EVENT_TRACE_CONTROL_QUERY 0 275 #define EVENT_TRACE_CONTROL_STOP 1 276 #define EVENT_TRACE_CONTROL_UPDATE 2 277 #define EVENT_TRACE_CONTROL_FLUSH 3 278 #define EVENT_TRACE_CONTROL_INCREMENT_FILE 4 279 280 #define TRACE_MESSAGE_SEQUENCE 1 281 #define TRACE_MESSAGE_GUID 2 282 #define TRACE_MESSAGE_COMPONENTID 4 283 #define TRACE_MESSAGE_TIMESTAMP 8 284 #define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16 285 #define TRACE_MESSAGE_SYSTEMINFO 32 286 287 #define TRACE_MESSAGE_POINTER32 0x0040 288 #define TRACE_MESSAGE_POINTER64 0x0080 289 290 #define TRACE_MESSAGE_FLAG_MASK 0xffff 291 292 #define TRACE_MESSAGE_MAXIMUM_SIZE (64 * 1024) 293 294 #define EVENT_TRACE_USE_PROCTIME 0x0001 295 #define EVENT_TRACE_USE_NOCPUTIME 0x0002 296 297 #define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200 298 #define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000 299 #define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000 300 #define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000 301 #define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000 302 303 typedef enum { 304 EtwCompressionModeRestart = 0, 305 EtwCompressionModeNoDisable = 1, 306 EtwCompressionModeNoRestart = 2 307 } ETW_COMPRESSION_RESUMPTION_MODE; 308 309 typedef struct _EVENT_TRACE_HEADER { 310 USHORT Size; 311 __C89_NAMELESS union { 312 USHORT FieldTypeFlags; 313 __C89_NAMELESS struct { 314 UCHAR HeaderType; 315 UCHAR MarkerFlags; 316 } DUMMYSTRUCTNAME; 317 } DUMMYUNIONNAME; 318 __C89_NAMELESS union { 319 ULONG Version; 320 struct { 321 UCHAR Type; 322 UCHAR Level; 323 USHORT Version; 324 } Class; 325 } DUMMYUNIONNAME2; 326 ULONG ThreadId; 327 ULONG ProcessId; 328 LARGE_INTEGER TimeStamp; 329 __C89_NAMELESS union { 330 GUID Guid; 331 ULONGLONG GuidPtr; 332 } DUMMYUNIONNAME3; 333 __C89_NAMELESS union { 334 __C89_NAMELESS struct { 335 ULONG KernelTime; 336 ULONG UserTime; 337 } DUMMYSTRUCTNAME; 338 ULONG64 ProcessorTime; 339 __C89_NAMELESS struct { 340 ULONG ClientContext; 341 ULONG Flags; 342 } DUMMYSTRUCTNAME2; 343 } DUMMYUNIONNAME4; 344 } EVENT_TRACE_HEADER,*PEVENT_TRACE_HEADER; 345 346 typedef struct _EVENT_INSTANCE_HEADER { 347 USHORT Size; 348 __C89_NAMELESS union { 349 USHORT FieldTypeFlags; 350 __C89_NAMELESS struct { 351 UCHAR HeaderType; 352 UCHAR MarkerFlags; 353 } DUMMYSTRUCTNAME; 354 } DUMMYUNIONNAME; 355 __C89_NAMELESS union { 356 ULONG Version; 357 struct { 358 UCHAR Type; 359 UCHAR Level; 360 USHORT Version; 361 } Class; 362 } DUMMYUNIONNAME2; 363 ULONG ThreadId; 364 ULONG ProcessId; 365 LARGE_INTEGER TimeStamp; 366 ULONGLONG RegHandle; 367 ULONG InstanceId; 368 ULONG ParentInstanceId; 369 __C89_NAMELESS union { 370 __C89_NAMELESS struct { 371 ULONG KernelTime; 372 ULONG UserTime; 373 } DUMMYSTRUCTNAME; 374 ULONG64 ProcessorTime; 375 __C89_NAMELESS struct { 376 ULONG EventId; 377 ULONG Flags; 378 } DUMMYSTRUCTNAME2; 379 } DUMMYUNIONNAME3; 380 ULONGLONG ParentRegHandle; 381 } EVENT_INSTANCE_HEADER,*PEVENT_INSTANCE_HEADER; 382 383 #define ETW_NULL_TYPE_VALUE 0 384 #define ETW_OBJECT_TYPE_VALUE 1 385 #define ETW_STRING_TYPE_VALUE 2 386 #define ETW_SBYTE_TYPE_VALUE 3 387 #define ETW_BYTE_TYPE_VALUE 4 388 #define ETW_INT16_TYPE_VALUE 5 389 #define ETW_UINT16_TYPE_VALUE 6 390 #define ETW_INT32_TYPE_VALUE 7 391 #define ETW_UINT32_TYPE_VALUE 8 392 #define ETW_INT64_TYPE_VALUE 9 393 #define ETW_UINT64_TYPE_VALUE 10 394 #define ETW_CHAR_TYPE_VALUE 11 395 #define ETW_SINGLE_TYPE_VALUE 12 396 #define ETW_DOUBLE_TYPE_VALUE 13 397 #define ETW_BOOLEAN_TYPE_VALUE 14 398 #define ETW_DECIMAL_TYPE_VALUE 15 399 400 #define ETW_GUID_TYPE_VALUE 101 401 #define ETW_ASCIICHAR_TYPE_VALUE 102 402 #define ETW_ASCIISTRING_TYPE_VALUE 103 403 #define ETW_COUNTED_STRING_TYPE_VALUE 104 404 #define ETW_POINTER_TYPE_VALUE 105 405 #define ETW_SIZET_TYPE_VALUE 106 406 #define ETW_HIDDEN_TYPE_VALUE 107 407 #define ETW_BOOL_TYPE_VALUE 108 408 #define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109 409 #define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110 410 #define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111 411 #define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112 412 #define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113 413 #define ETW_REDUCED_STRING_TYPE_VALUE 114 414 #define ETW_SID_TYPE_VALUE 115 415 #define ETW_VARIANT_TYPE_VALUE 116 416 #define ETW_PTVECTOR_TYPE_VALUE 117 417 #define ETW_WMITIME_TYPE_VALUE 118 418 #define ETW_DATETIME_TYPE_VALUE 119 419 #define ETW_REFRENCE_TYPE_VALUE 120 420 421 #define DEFINE_TRACE_MOF_FIELD(M, P, LEN, TYP) (M)->DataPtr = (ULONG64) (ULONG_PTR) P; (M)->Length = (ULONG) LEN; (M)->DataType = (ULONG) TYP; 422 423 typedef struct _MOF_FIELD { 424 ULONG64 DataPtr; 425 ULONG Length; 426 ULONG DataType; 427 } MOF_FIELD,*PMOF_FIELD; 428 429 #if !defined (_EVNTRACE_KERNEL_MODE) || defined (_WMIKM_) 430 typedef struct _TRACE_LOGFILE_HEADER { 431 ULONG BufferSize; 432 __C89_NAMELESS union { 433 ULONG Version; 434 struct { 435 UCHAR MajorVersion; 436 UCHAR MinorVersion; 437 UCHAR SubVersion; 438 UCHAR SubMinorVersion; 439 } VersionDetail; 440 } DUMMYUNIONNAME; 441 ULONG ProviderVersion; 442 ULONG NumberOfProcessors; 443 LARGE_INTEGER EndTime; 444 ULONG TimerResolution; 445 ULONG MaximumFileSize; 446 ULONG LogFileMode; 447 ULONG BuffersWritten; 448 __C89_NAMELESS union { 449 GUID LogInstanceGuid; 450 __C89_NAMELESS struct { 451 ULONG StartBuffers; 452 ULONG PointerSize; 453 ULONG EventsLost; 454 ULONG CpuSpeedInMHz; 455 } DUMMYSTRUCTNAME; 456 } DUMMYUNIONNAME2; 457 #if defined (_WMIKM_) 458 PWCHAR LoggerName; 459 PWCHAR LogFileName; 460 RTL_TIME_ZONE_INFORMATION TimeZone; 461 #else 462 LPWSTR LoggerName; 463 LPWSTR LogFileName; 464 TIME_ZONE_INFORMATION TimeZone; 465 #endif 466 LARGE_INTEGER BootTime; 467 LARGE_INTEGER PerfFreq; 468 LARGE_INTEGER StartTime; 469 ULONG ReservedFlags; 470 ULONG BuffersLost; 471 } TRACE_LOGFILE_HEADER,*PTRACE_LOGFILE_HEADER; 472 473 typedef struct _TRACE_LOGFILE_HEADER32 { 474 ULONG BufferSize; 475 __C89_NAMELESS union { 476 ULONG Version; 477 struct { 478 UCHAR MajorVersion; 479 UCHAR MinorVersion; 480 UCHAR SubVersion; 481 UCHAR SubMinorVersion; 482 } VersionDetail; 483 }; 484 ULONG ProviderVersion; 485 ULONG NumberOfProcessors; 486 LARGE_INTEGER EndTime; 487 ULONG TimerResolution; 488 ULONG MaximumFileSize; 489 ULONG LogFileMode; 490 ULONG BuffersWritten; 491 __C89_NAMELESS union { 492 GUID LogInstanceGuid; 493 __C89_NAMELESS struct { 494 ULONG StartBuffers; 495 ULONG PointerSize; 496 ULONG EventsLost; 497 ULONG CpuSpeedInMHz; 498 }; 499 }; 500 ULONG32 LoggerName; 501 ULONG32 LogFileName; 502 #if defined (_WMIKM_) 503 RTL_TIME_ZONE_INFORMATION TimeZone; 504 #else 505 TIME_ZONE_INFORMATION TimeZone; 506 #endif 507 LARGE_INTEGER BootTime; 508 LARGE_INTEGER PerfFreq; 509 LARGE_INTEGER StartTime; 510 ULONG ReservedFlags; 511 ULONG BuffersLost; 512 } TRACE_LOGFILE_HEADER32,*PTRACE_LOGFILE_HEADER32; 513 514 typedef struct _TRACE_LOGFILE_HEADER64 { 515 ULONG BufferSize; 516 __C89_NAMELESS union { 517 ULONG Version; 518 __C89_NAMELESS struct { 519 UCHAR MajorVersion; 520 UCHAR MinorVersion; 521 UCHAR SubVersion; 522 UCHAR SubMinorVersion; 523 } VersionDetail; 524 }; 525 ULONG ProviderVersion; 526 ULONG NumberOfProcessors; 527 LARGE_INTEGER EndTime; 528 ULONG TimerResolution; 529 ULONG MaximumFileSize; 530 ULONG LogFileMode; 531 ULONG BuffersWritten; 532 __C89_NAMELESS union { 533 GUID LogInstanceGuid; 534 __C89_NAMELESS struct { 535 ULONG StartBuffers; 536 ULONG PointerSize; 537 ULONG EventsLost; 538 ULONG CpuSpeedInMHz; 539 }; 540 }; 541 ULONG64 LoggerName; 542 ULONG64 LogFileName; 543 #if defined (_WMIKM_) 544 RTL_TIME_ZONE_INFORMATION TimeZone; 545 #else 546 TIME_ZONE_INFORMATION TimeZone; 547 #endif 548 LARGE_INTEGER BootTime; 549 LARGE_INTEGER PerfFreq; 550 LARGE_INTEGER StartTime; 551 ULONG ReservedFlags; 552 ULONG BuffersLost; 553 } TRACE_LOGFILE_HEADER64,*PTRACE_LOGFILE_HEADER64; 554 #endif 555 556 typedef struct EVENT_INSTANCE_INFO { 557 HANDLE RegHandle; 558 ULONG InstanceId; 559 } EVENT_INSTANCE_INFO,*PEVENT_INSTANCE_INFO; 560 561 #ifndef _EVNTRACE_KERNEL_MODE 562 563 typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR; 564 565 typedef struct _EVENT_TRACE_PROPERTIES { 566 WNODE_HEADER Wnode; 567 ULONG BufferSize; 568 ULONG MinimumBuffers; 569 ULONG MaximumBuffers; 570 ULONG MaximumFileSize; 571 ULONG LogFileMode; 572 ULONG FlushTimer; 573 ULONG EnableFlags; 574 LONG AgeLimit; 575 ULONG NumberOfBuffers; 576 ULONG FreeBuffers; 577 ULONG EventsLost; 578 ULONG BuffersWritten; 579 ULONG LogBuffersLost; 580 ULONG RealTimeBuffersLost; 581 HANDLE LoggerThreadId; 582 ULONG LogFileNameOffset; 583 ULONG LoggerNameOffset; 584 } EVENT_TRACE_PROPERTIES,*PEVENT_TRACE_PROPERTIES; 585 586 typedef struct _EVENT_TRACE_PROPERTIES_V2 { 587 WNODE_HEADER Wnode; 588 ULONG BufferSize; 589 ULONG MinimumBuffers; 590 ULONG MaximumBuffers; 591 ULONG MaximumFileSize; 592 ULONG LogFileMode; 593 ULONG FlushTimer; 594 ULONG EnableFlags; 595 __C89_NAMELESS union { 596 LONG AgeLimit; 597 LONG FlushThreshold; 598 }; 599 ULONG NumberOfBuffers; 600 ULONG FreeBuffers; 601 ULONG EventsLost; 602 ULONG BuffersWritten; 603 ULONG LogBuffersLost; 604 ULONG RealTimeBuffersLost; 605 HANDLE LoggerThreadId; 606 ULONG LogFileNameOffset; 607 ULONG LoggerNameOffset; 608 __C89_NAMELESS union { 609 __C89_NAMELESS struct { 610 ULONG VersionNumber : 8; 611 }; 612 ULONG V2Control; 613 }; 614 ULONG FilterDescCount; 615 PEVENT_FILTER_DESCRIPTOR FilterDesc; 616 __C89_NAMELESS union { 617 __C89_NAMELESS struct { 618 ULONG Wow : 1; 619 ULONG QpcDeltaTracking : 1; 620 }; 621 ULONG64 V2Options; 622 }; 623 } EVENT_TRACE_PROPERTIES_V2, *PEVENT_TRACE_PROPERTIES_V2; 624 625 typedef struct _TRACE_GUID_REGISTRATION { 626 LPCGUID Guid; 627 HANDLE RegHandle; 628 } TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION; 629 #endif 630 631 typedef struct _TRACE_GUID_PROPERTIES { 632 GUID Guid; 633 ULONG GuidType; 634 ULONG LoggerId; 635 ULONG EnableLevel; 636 ULONG EnableFlags; 637 BOOLEAN IsEnable; 638 } TRACE_GUID_PROPERTIES,*PTRACE_GUID_PROPERTIES; 639 640 #ifndef ETW_BUFFER_CONTEXT_DEF 641 #define ETW_BUFFER_CONTEXT_DEF 642 643 typedef struct _ETW_BUFFER_CONTEXT { 644 __C89_NAMELESS union { 645 __C89_NAMELESS struct { 646 UCHAR ProcessorNumber; 647 UCHAR Alignment; 648 } DUMMYSTRUCTNAME; 649 USHORT ProcessorIndex; 650 } DUMMYUNIONNAME; 651 USHORT LoggerId; 652 } ETW_BUFFER_CONTEXT,*PETW_BUFFER_CONTEXT; 653 #endif 654 655 #define TRACE_PROVIDER_FLAG_LEGACY (0x00000001) 656 #define TRACE_PROVIDER_FLAG_PRE_ENABLE (0x00000002) 657 658 typedef struct _TRACE_ENABLE_INFO { 659 ULONG IsEnabled; 660 UCHAR Level; 661 UCHAR Reserved1; 662 USHORT LoggerId; 663 ULONG EnableProperty; 664 ULONG Reserved2; 665 ULONGLONG MatchAnyKeyword; 666 ULONGLONG MatchAllKeyword; 667 } TRACE_ENABLE_INFO,*PTRACE_ENABLE_INFO; 668 669 typedef struct _TRACE_PROVIDER_INSTANCE_INFO { 670 ULONG NextOffset; 671 ULONG EnableCount; 672 ULONG Pid; 673 ULONG Flags; 674 } TRACE_PROVIDER_INSTANCE_INFO,*PTRACE_PROVIDER_INSTANCE_INFO; 675 676 typedef struct _TRACE_GUID_INFO { 677 ULONG InstanceCount; 678 ULONG Reserved; 679 } TRACE_GUID_INFO,*PTRACE_GUID_INFO; 680 681 typedef struct _PROFILE_SOURCE_INFO { 682 ULONG NextEntryOffset; 683 ULONG Source; 684 ULONG MinInterval; 685 ULONG MaxInterval; 686 ULONG64 Reserved; 687 WCHAR Description[ANYSIZE_ARRAY]; 688 } PROFILE_SOURCE_INFO,*PPROFILE_SOURCE_INFO; 689 690 typedef struct _EVENT_TRACE { 691 EVENT_TRACE_HEADER Header; 692 ULONG InstanceId; 693 ULONG ParentInstanceId; 694 GUID ParentGuid; 695 PVOID MofData; 696 ULONG MofLength; 697 __C89_NAMELESS union { 698 ULONG ClientContext; 699 ETW_BUFFER_CONTEXT BufferContext; 700 } DUMMYUNIONNAME; 701 } EVENT_TRACE,*PEVENT_TRACE; 702 703 #define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0 704 #define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1 705 #define EVENT_CONTROL_CODE_CAPTURE_STATE 2 706 #endif 707 708 #ifndef _EVNTRACE_KERNEL_MODE 709 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP) 710 typedef struct _EVENT_RECORD EVENT_RECORD,*PEVENT_RECORD; 711 typedef struct _EVENT_TRACE_LOGFILEW EVENT_TRACE_LOGFILEW,*PEVENT_TRACE_LOGFILEW; 712 typedef struct _EVENT_TRACE_LOGFILEA EVENT_TRACE_LOGFILEA,*PEVENT_TRACE_LOGFILEA; 713 typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW) (PEVENT_TRACE_LOGFILEW Logfile); 714 typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA) (PEVENT_TRACE_LOGFILEA Logfile); 715 typedef VOID (WINAPI *PEVENT_CALLBACK) (PEVENT_TRACE pEvent); 716 typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK) (PEVENT_RECORD EventRecord); 717 typedef ULONG (WINAPI *WMIDPREQUEST) (WMIDPREQUESTCODE RequestCode, PVOID RequestContext, ULONG *BufferSize, PVOID Buffer); 718 719 struct _EVENT_TRACE_LOGFILEW { 720 LPWSTR LogFileName; 721 LPWSTR LoggerName; 722 LONGLONG CurrentTime; 723 ULONG BuffersRead; 724 __C89_NAMELESS union { 725 ULONG LogFileMode; 726 ULONG ProcessTraceMode; 727 } DUMMYUNIONNAME; 728 EVENT_TRACE CurrentEvent; 729 TRACE_LOGFILE_HEADER LogfileHeader; 730 PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback; 731 ULONG BufferSize; 732 ULONG Filled; 733 ULONG EventsLost; 734 __C89_NAMELESS union { 735 PEVENT_CALLBACK EventCallback; 736 PEVENT_RECORD_CALLBACK EventRecordCallback; 737 } DUMMYUNIONNAME2; 738 ULONG IsKernelTrace; 739 PVOID Context; 740 }; 741 742 struct _EVENT_TRACE_LOGFILEA { 743 LPSTR LogFileName; 744 LPSTR LoggerName; 745 LONGLONG CurrentTime; 746 ULONG BuffersRead; 747 __C89_NAMELESS union { 748 ULONG LogFileMode; 749 ULONG ProcessTraceMode; 750 } DUMMYUNIONNAME; 751 EVENT_TRACE CurrentEvent; 752 TRACE_LOGFILE_HEADER LogfileHeader; 753 PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback; 754 ULONG BufferSize; 755 ULONG Filled; 756 ULONG EventsLost; 757 __C89_NAMELESS union { 758 PEVENT_CALLBACK EventCallback; 759 PEVENT_RECORD_CALLBACK EventRecordCallback; 760 } DUMMYUNIONNAME2; 761 ULONG IsKernelTrace; 762 PVOID Context; 763 }; 764 765 #if defined (_UNICODE) || defined (UNICODE) 766 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW 767 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW 768 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW 769 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW 770 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW 771 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW 772 #else 773 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA 774 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA 775 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA 776 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA 777 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA 778 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA 779 #endif 780 #endif 781 782 #ifdef __cplusplus 783 extern "C" { 784 #endif 785 786 #define ENABLE_TRACE_PARAMETERS_VERSION 1 787 #define ENABLE_TRACE_PARAMETERS_VERSION_2 2 788 789 typedef enum _TRACE_QUERY_INFO_CLASS { 790 TraceGuidQueryList, 791 TraceGuidQueryInfo, 792 TraceGuidQueryProcess, 793 TraceStackTracingInfo, 794 TraceSystemTraceEnableFlagsInfo, 795 TraceSampledProfileIntervalInfo, 796 TraceProfileSourceConfigInfo, 797 TraceProfileSourceListInfo, 798 TracePmcEventListInfo, 799 TracePmcCounterListInfo, 800 TraceSetDisallowList, 801 TraceVersionInfo, 802 TraceGroupQueryList, 803 TraceGroupQueryInfo, 804 TraceDisallowListQuery, 805 TraceCompressionInfo, 806 TracePeriodicCaptureStateListInfo, 807 TracePeriodicCaptureStateInfo, 808 TraceProviderBinaryTracking, 809 TraceMaxLoggersQuery, 810 MaxTraceSetInfoClass 811 } TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS; 812 813 typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR,*PEVENT_FILTER_DESCRIPTOR; 814 815 typedef struct _ENABLE_TRACE_PARAMETERS_V1 { 816 ULONG Version; 817 ULONG EnableProperty; 818 ULONG ControlFlags; 819 GUID SourceId; 820 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc; 821 } ENABLE_TRACE_PARAMETERS_V1, *PENABLE_TRACE_PARAMETERS_V1; 822 823 typedef struct _ENABLE_TRACE_PARAMETERS { 824 ULONG Version; 825 ULONG EnableProperty; 826 ULONG ControlFlags; 827 GUID SourceId; 828 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc; 829 ULONG FilterDescCount; 830 } ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS; 831 832 /*To enable the read event type for disk IO events, set GUID to 3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c and Type to 10.*/ 833 typedef struct _CLASSIC_EVENT_ID { 834 GUID EventGuid; 835 UCHAR Type; 836 UCHAR Reserved[7]; 837 } CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID; 838 839 typedef struct _TRACE_PROFILE_INTERVAL { 840 ULONG Source; 841 ULONG Interval; 842 } TRACE_PROFILE_INTERVAL, *PTRACE_PROFILE_INTERVAL; 843 844 typedef struct _TRACE_VERSION_INFO { 845 UINT EtwTraceProcessingVersion; 846 UINT Reserved; 847 } TRACE_VERSION_INFO, *PTRACE_VERSION_INFO; 848 849 typedef struct _TRACE_PERIODIC_CAPTURE_STATE_INFO { 850 ULONG CaptureStateFrequencyInSeconds; 851 USHORT ProviderCount; 852 USHORT Reserved; 853 } TRACE_PERIODIC_CAPTURE_STATE_INFO, *PTRACE_PERIODIC_CAPTURE_STATE_INFO; 854 855 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP) 856 EXTERN_C ULONG WMIAPI StartTraceA (PTRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 857 EXTERN_C ULONG WMIAPI StopTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 858 EXTERN_C ULONG WMIAPI QueryTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 859 EXTERN_C ULONG WMIAPI UpdateTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 860 EXTERN_C ULONG WMIAPI UpdateTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 861 EXTERN_C ULONG WMIAPI FlushTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 862 EXTERN_C ULONG WMIAPI ControlTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode); 863 EXTERN_C ULONG WMIAPI QueryAllTracesW (PEVENT_TRACE_PROPERTIES *PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount); 864 EXTERN_C ULONG WMIAPI QueryAllTracesA (PEVENT_TRACE_PROPERTIES *PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount); 865 EXTERN_C ULONG WMIAPI CreateTraceInstanceId (HANDLE RegHandle, PEVENT_INSTANCE_INFO InstInfo); 866 EXTERN_C ULONG WMIAPI TraceEvent (TRACEHANDLE TraceHandle, PEVENT_TRACE_HEADER EventTrace); 867 EXTERN_C ULONG WMIAPI TraceEventInstance (TRACEHANDLE TraceHandle, PEVENT_INSTANCE_HEADER EventTrace, PEVENT_INSTANCE_INFO InstInfo, PEVENT_INSTANCE_INFO ParentInstInfo); 868 EXTERN_C ULONG WMIAPI RegisterTraceGuidsA (WMIDPREQUEST RequestAddress, PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount, PTRACE_GUID_REGISTRATION TraceGuidReg, LPCSTR MofImagePath, LPCSTR MofResourceName, PTRACEHANDLE RegistrationHandle); 869 EXTERN_C ULONG WMIAPI EnumerateTraceGuids (PTRACE_GUID_PROPERTIES *GuidPropertiesArray, ULONG PropertyArrayCount, PULONG GuidCount); 870 EXTERN_C TRACEHANDLE WMIAPI OpenTraceA (PEVENT_TRACE_LOGFILEA Logfile); 871 EXTERN_C TRACEHANDLE WMIAPI OpenTraceW (PEVENT_TRACE_LOGFILEW Logfile); 872 EXTERN_C ULONG WMIAPI ProcessTrace (PTRACEHANDLE HandleArray, ULONG HandleCount, LPFILETIME StartTime, LPFILETIME EndTime); 873 EXTERN_C ULONG WMIAPI CloseTrace (TRACEHANDLE TraceHandle); 874 EXTERN_C ULONG WMIAPI SetTraceCallback (LPCGUID pGuid, PEVENT_CALLBACK EventCallback); 875 EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid); 876 EXTERN_C ULONG TraceMessageVa (TRACEHANDLE LoggerHandle, ULONG MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber, va_list MessageArgList); 877 #if WINVER >= 0x0600 878 EXTERN_C ULONG WMIAPI EnableTraceEx (LPCGUID ProviderId, LPCGUID SourceId, TRACEHANDLE TraceHandle, ULONG IsEnabled, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG EnableProperty, PEVENT_FILTER_DESCRIPTOR EnableFilterDesc); 879 EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx (TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG OutBufferSize, PULONG ReturnLength); 880 #endif 881 #if WINVER >= 0x0601 882 EXTERN_C ULONG WMIAPI EnableTraceEx2 (TRACEHANDLE TraceHandle, LPCGUID ProviderId, ULONG ControlCode, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG Timeout, PENABLE_TRACE_PARAMETERS EnableParameters); 883 EXTERN_C ULONG WMIAPI TraceSetInformation (TRACEHANDLE SessionHandle, TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG InformationLength); 884 #endif 885 #if WINVER >= 0x0602 886 EXTERN_C ULONG WMIAPI TraceQueryInformation (TRACEHANDLE SessionHandle, TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG InformationLength, PULONG ReturnLength); 887 #endif 888 #endif /* WINAPI_PARTITION_DESKTOP */ 889 890 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP) 891 892 typedef enum _ETW_PROCESS_HANDLE_INFO_TYPE { 893 EtwQueryPartitionInformation = 1, 894 EtwQueryProcessHandleInfoMax 895 } ETW_PROCESS_HANDLE_INFO_TYPE; 896 897 typedef struct _ETW_TRACE_PARTITION_INFORMATION { 898 GUID PartitionId; 899 GUID ParentId; 900 LONG64 QpcOffsetFromRoot; 901 ULONG PartitionType; 902 } ETW_TRACE_PARTITION_INFORMATION, *PETW_TRACE_PARTITION_INFORMATION; 903 904 EXTERN_C ULONG WMIAPI StartTraceW (PTRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 905 EXTERN_C ULONG WMIAPI StopTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 906 EXTERN_C ULONG WMIAPI QueryTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 907 EXTERN_C ULONG WMIAPI FlushTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); 908 EXTERN_C ULONG WMIAPI ControlTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode); 909 EXTERN_C ULONG WMIAPI EnableTrace (ULONG Enable, ULONG EnableFlag, ULONG EnableLevel, LPCGUID ControlGuid, TRACEHANDLE TraceHandle); 910 EXTERN_C ULONG WMIAPI RegisterTraceGuidsW (WMIDPREQUEST RequestAddress, PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount, PTRACE_GUID_REGISTRATION TraceGuidReg, LPCWSTR MofImagePath, LPCWSTR MofResourceName, PTRACEHANDLE RegistrationHandle); 911 EXTERN_C ULONG WMIAPI UnregisterTraceGuids (TRACEHANDLE RegistrationHandle); 912 EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle (PVOID Buffer); 913 EXTERN_C UCHAR WMIAPI GetTraceEnableLevel (TRACEHANDLE TraceHandle); 914 EXTERN_C ULONG WMIAPI GetTraceEnableFlags (TRACEHANDLE TraceHandle); 915 EXTERN_C ULONG __cdecl TraceMessage (TRACEHANDLE LoggerHandle, ULONG MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber,...); 916 EXTERN_C ULONG WMIAPI QueryTraceProcessingHandle (TRACEHANDLE ProcessingHandle, ETW_PROCESS_HANDLE_INFO_TYPE InformationClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG OutBufferSize, PULONG ReturnLength); 917 #endif /* WINAPI_PARTITION_APP */ 918 919 #ifdef __cplusplus 920 } 921 #endif 922 923 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP) 924 #define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE) 925 #endif 926 927 #if defined (UNICODE) || defined (_UNICODE) 928 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP) 929 #define RegisterTraceGuids RegisterTraceGuidsW 930 #define StartTrace StartTraceW 931 #define ControlTrace ControlTraceW 932 933 #ifdef __TRACE_W2K_COMPATIBLE 934 #define StopTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_STOP) 935 #define QueryTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_QUERY) 936 #define UpdateTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE) 937 #else 938 #define StopTrace StopTraceW 939 #define QueryTrace QueryTraceW 940 #define UpdateTrace UpdateTraceW 941 #endif 942 943 #define FlushTrace FlushTraceW 944 #define QueryAllTraces QueryAllTracesW 945 #define OpenTrace OpenTraceW 946 #endif 947 #else 948 949 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP) 950 #define RegisterTraceGuids RegisterTraceGuidsA 951 #define StartTrace StartTraceA 952 #define ControlTrace ControlTraceA 953 954 #ifdef __TRACE_W2K_COMPATIBLE 955 #define StopTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_STOP) 956 #define QueryTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_QUERY) 957 #define UpdateTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE) 958 #else 959 #define StopTrace StopTraceA 960 #define QueryTrace QueryTraceA 961 #define UpdateTrace UpdateTraceA 962 #endif 963 964 #define FlushTrace FlushTraceA 965 #define QueryAllTraces QueryAllTracesA 966 #define OpenTrace OpenTraceA 967 #endif 968 #endif 969 #endif 970 #endif 971 #endif 972