0001-Add-missing-defines-for-Win7-8.txt
wmistr.h: Extensions for Windows 7 & 8
0002-Add-winapi-family-check-add-widl-enumation-size-specif.txt
wlantypes.h: Add widl-handling, winapi-family-check, and add missing
DOT11_AUTH_ALGORITHM... defines
0003-Add-winapi-family-checks-add-Win-7-8-missing-APIs-reor.txt
evntcons.h, evntprov.h, evntrace.h: Add winapi-family check, add
Win7&8 additions, reorg headers,
Ok for apply?
Regards,
Kai
From b7cc3dcbc0f38aec6a60670b61f114e917cfdd89 Mon Sep 17 00:00:00 2001
From: Kai Tietz <[email protected]>
Date: Wed, 27 Aug 2014 13:14:25 +0200
Subject: Add missing defines for Win7/8
---
mingw-w64-headers/include/wmistr.h | 10 +++++++---
1 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/mingw-w64-headers/include/wmistr.h
b/mingw-w64-headers/include/wmistr.h
index 6a3e174..9ae567a 100644
--- a/mingw-w64-headers/include/wmistr.h
+++ b/mingw-w64-headers/include/wmistr.h
@@ -1,7 +1,6 @@
/**
- * This file has no copyright assigned and is placed in the Public Domain.
* This file is part of the mingw-w64 runtime package.
- * No warranty is given; refer to the file DISCLAIMER.PD within this package.
+ * No warranty is given; refer to the file DISCLAIMER within this package.
*/
#ifndef _WMISTR_
#define _WMISTR_
@@ -46,6 +45,9 @@ typedef struct _WNODE_HEADER {
#define WNODE_FLAG_USE_GUID_PTR 0x00080000
#define WNODE_FLAG_USE_MOF_PTR 0x00100000
#define WNODE_FLAG_NO_HEADER 0x00200000
+#if NTDDI_VERSION >= 0x06000000
+#define WNODE_FLAG_SEND_DATA_BLOCK 0x00400000
+#endif
#define WNODE_FLAG_SEVERITY_MASK 0xff000000
typedef struct {
@@ -152,7 +154,8 @@ typedef PWMIREGINFOW PWMIREGINFO;
typedef enum {
WMI_GET_ALL_DATA = 0,WMI_GET_SINGLE_INSTANCE = 1,WMI_SET_SINGLE_INSTANCE =
2,WMI_SET_SINGLE_ITEM = 3,WMI_ENABLE_EVENTS = 4,WMI_DISABLE_EVENTS = 5,
- WMI_ENABLE_COLLECTION = 6,WMI_DISABLE_COLLECTION = 7,WMI_REGINFO =
8,WMI_EXECUTE_METHOD = 9
+ WMI_ENABLE_COLLECTION = 6,WMI_DISABLE_COLLECTION = 7,WMI_REGINFO =
8,WMI_EXECUTE_METHOD = 9,
+ WMI_CAPTURE_STATE = 10
} WMIDPREQUESTCODE;
#if defined(_WINNT_) || defined(WINNT)
@@ -172,6 +175,7 @@ typedef enum {
#define TRACELOG_GUID_ENABLE 0x0080
#define TRACELOG_ACCESS_KERNEL_LOGGER 0x0100
#define TRACELOG_CREATE_INPROC 0x0200
+#define TRACELOG_LOG_EVENT 0x0200
#define TRACELOG_ACCESS_REALTIME 0x0400
#define TRACELOG_REGISTER_GUIDS 0x0800
--
1.7.9
From 326deda7391f03c36f64591f0bc1b8f9ea150eac Mon Sep 17 00:00:00 2001
From: Kai Tietz <[email protected]>
Date: Wed, 27 Aug 2014 15:28:55 +0200
Subject: =?UTF-8?q?Add=20winapi-family=20check,=20add=20widl=20enumation-siz?=
=?UTF-8?q?e=20specification,=0Aand=20define=20DOT11=5FAUTH=5FALOGORITHM=5F.?=
=?UTF-8?q?..=20additions?=
---
mingw-w64-headers/include/wlantypes.h | 25 +++++++++++++++++++++++--
1 files changed, 23 insertions(+), 2 deletions(-)
diff --git a/mingw-w64-headers/include/wlantypes.h
b/mingw-w64-headers/include/wlantypes.h
index 47ed6f1..437a77e 100644
--- a/mingw-w64-headers/include/wlantypes.h
+++ b/mingw-w64-headers/include/wlantypes.h
@@ -1,18 +1,34 @@
/**
- * This file has no copyright assigned and is placed in the Public Domain.
* This file is part of the mingw-w64 runtime package.
- * No warranty is given; refer to the file DISCLAIMER.PD within this package.
+ * No warranty is given; refer to the file DISCLAIMER within this package.
*/
+
#ifndef _INC_WLANTYPES
#define _INC_WLANTYPES
+#include <winapifamily.h>
+
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+
#ifdef __cplusplus
extern "C" {
#endif
#define DOT11_SSID_MAX_LENGTH 32
+#define DOT11_AUTH_ALGORITHM_OPEN_SYSTEM DOT11_AUTH_ALGO_80211_OPEN
+#define DOT11_AUTH_ALGORITHM_SHARED_KEY DOT11_AUTH_ALGO_80211_SHARED_KEY
+#define DOT11_AUTH_ALGORITHM_WPA DOT11_AUTH_ALGO_WPA
+#define DOT11_AUTH_ALGORITHM_WPA_PSK DOT11_AUTH_ALGO_WPA_PSK
+#define DOT11_AUTH_ALGORITHM_WPA_NONE DOT11_AUTH_ALGO_WPA_NONE
+#define DOT11_AUTH_ALGORITHM_RSNA DOT11_AUTH_ALGO_RSNA
+#define DOT11_AUTH_ALGORITHM_RSNA_PSK DOT11_AUTH_ALGO_RSNA_PSK
+
+#ifdef __WIDL__
+typedef [v1_enum] enum _DOT11_AUTH_ALGORITHM {
+#else
typedef enum _DOT11_AUTH_ALGORITHM {
+#endif
DOT11_AUTH_ALGO_80211_OPEN = 1,
DOT11_AUTH_ALGO_80211_SHARED_KEY = 2,
DOT11_AUTH_ALGO_WPA = 3,
@@ -24,7 +40,11 @@ typedef enum _DOT11_AUTH_ALGORITHM {
DOT11_AUTH_ALGO_IHV_END = 0xffffffff
} DOT11_AUTH_ALGORITHM, *PDOT11_AUTH_ALGORITHM;
+#ifdef __WIDL__
+ typedef [v1_enum] enum _DOT11_CIPHER_ALGORITHM {
+#else
typedef enum _DOT11_CIPHER_ALGORITHM {
+#endif
DOT11_CIPHER_ALGO_NONE = 0x00,
DOT11_CIPHER_ALGO_WEP40 = 0x01,
DOT11_CIPHER_ALGO_TKIP = 0x02,
@@ -57,4 +77,5 @@ typedef struct _DOT11_SSID {
}
#endif
+#endif
#endif /*_INC_WLANTYPES*/
--
1.7.9
From dbfe1c927d79a328082e75a3e2100e3e1d85540e Mon Sep 17 00:00:00 2001
From: Kai Tietz <[email protected]>
Date: Thu, 28 Aug 2014 12:11:31 +0200
Subject: Add winapi-family checks, add Win 7&8 missing APIs, reorg headers
---
mingw-w64-headers/include/evntcons.h | 267 +++++-----
mingw-w64-headers/include/evntprov.h | 501 +++++++-----------
mingw-w64-headers/include/evntrace.h | 957 +++++++++++++++++-----------------
3 files changed, 817 insertions(+), 908 deletions(-)
diff --git a/mingw-w64-headers/include/evntcons.h
b/mingw-w64-headers/include/evntcons.h
index 918744f..d9662d0 100644
--- a/mingw-w64-headers/include/evntcons.h
+++ b/mingw-w64-headers/include/evntcons.h
@@ -1,11 +1,15 @@
/**
- * This file has no copyright assigned and is placed in the Public Domain.
* This file is part of the mingw-w64 runtime package.
- * No warranty is given; refer to the file DISCLAIMER.PD within this package.
+ * No warranty is given; refer to the file DISCLAIMER within this package.
*/
+
#ifndef _EVNTCONS_H_
#define _EVNTCONS_H_
+#include <winapifamily.h>
+
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+
#include <wmistr.h>
#include <evntrace.h>
#include <evntprov.h>
@@ -14,136 +18,143 @@
extern "C" {
#endif
-typedef enum EVENTSECURITYOPERATION {
- EventSecuritySetDACL,
- EventSecuritySetSACL,
- EventSecurityAddDACL,
- EventSecurityAddSACL,
- EventSecurityMax
-} EVENTSECURITYOPERATION;
-
-typedef struct _EVENT_EXTENDED_ITEM_INSTANCE {
- ULONG InstanceId;
- ULONG ParentInstanceId;
- GUID ParentGuid;
-} EVENT_EXTENDED_ITEM_INSTANCE, *PEVENT_EXTENDED_ITEM_INSTANCE;
-
-typedef struct _EVENT_EXTENDED_ITEM_TS_ID {
- ULONG SessionId;
-} EVENT_EXTENDED_ITEM_TS_ID, *PEVENT_EXTENDED_ITEM_TS_ID;
-
-typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID {
- GUID RelatedActivityId;
-} EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID,
*PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID;
-
-typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM {
- USHORT Reserved1;
- USHORT ExtType;
- __C89_NAMELESS struct {
- USHORT Linkage : 1;
- USHORT Reserved2 :15;
- } DUMMYSTRUCTNAME;
- USHORT DataSize;
- ULONGLONG DataPtr;
-} EVENT_HEADER_EXTENDED_DATA_ITEM, *PEVENT_HEADER_EXTENDED_DATA_ITEM;
-
-typedef struct _EVENT_HEADER {
- USHORT Size;
- USHORT HeaderType;
- USHORT Flags;
- USHORT EventProperty;
- ULONG ThreadId;
- ULONG ProcessId;
- LARGE_INTEGER TimeStamp;
- GUID ProviderId;
- EVENT_DESCRIPTOR EventDescriptor;
- __C89_NAMELESS union {
+#define EVENT_HEADER_EXT_TYPE_RELATED_ACTIVITYID 0x0001
+#define EVENT_HEADER_EXT_TYPE_SID 0x0002
+#define EVENT_HEADER_EXT_TYPE_TS_ID 0x0003
+#define EVENT_HEADER_EXT_TYPE_INSTANCE_INFO 0x0004
+#define EVENT_HEADER_EXT_TYPE_STACK_TRACE32 0x0005
+#define EVENT_HEADER_EXT_TYPE_STACK_TRACE64 0x0006
+#define EVENT_HEADER_EXT_TYPE_PEBS_INDEX 0x0007
+#define EVENT_HEADER_EXT_TYPE_PMC_COUNTERS 0x0008
+#define EVENT_HEADER_EXT_TYPE_MAX 0x0009
+
+#define EVENT_HEADER_PROPERTY_XML 0x0001
+#define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002
+#define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004
+
+#define EVENT_HEADER_FLAG_EXTENDED_INFO 0x0001
+#define EVENT_HEADER_FLAG_PRIVATE_SESSION 0x0002
+#define EVENT_HEADER_FLAG_STRING_ONLY 0x0004
+#define EVENT_HEADER_FLAG_TRACE_MESSAGE 0x0008
+#define EVENT_HEADER_FLAG_NO_CPUTIME 0x0010
+#define EVENT_HEADER_FLAG_32_BIT_HEADER 0x0020
+#define EVENT_HEADER_FLAG_64_BIT_HEADER 0x0040
+#define EVENT_HEADER_FLAG_CLASSIC_HEADER 0x0100
+#define EVENT_HEADER_FLAG_PROCESSOR_INDEX 0x0200
+
+#define EVENT_ENABLE_PROPERTY_SID 0x00000001
+#define EVENT_ENABLE_PROPERTY_TS_ID 0x00000002
+#define EVENT_ENABLE_PROPERTY_STACK_TRACE 0x00000004
+
+#define PROCESS_TRACE_MODE_REAL_TIME 0x00000100
+#define PROCESS_TRACE_MODE_RAW_TIMESTAMP 0x00001000
+#define PROCESS_TRACE_MODE_EVENT_RECORD 0x10000000
+
+ typedef enum {
+ EventSecuritySetDACL,
+ EventSecuritySetSACL,
+ EventSecurityAddDACL,
+ EventSecurityAddSACL,
+ EventSecurityMax
+ } EVENTSECURITYOPERATION;
+
+#ifndef EVENT_HEADER_EXTENDED_DATA_ITEM_DEF
+#define EVENT_HEADER_EXTENDED_DATA_ITEM_DEF
+ typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM {
+ USHORT Reserved1;
+ USHORT ExtType;
__C89_NAMELESS struct {
- ULONG KernelTime;
- ULONG UserTime;
- } DUMMYSTRUCTNAME;
- ULONG64 ProcessorTime;
- } DUMMYUNIONNAME;
- GUID ActivityId;
-} EVENT_HEADER, *PEVENT_HEADER;
-
-#define EVENT_HEADER_PROPERTY_XML 0x0001
-#define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002
-#define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004
-
-#define EVENT_HEADER_FLAG_EXTENDED_INFO 0x0001
-#define EVENT_HEADER_FLAG_PRIVATE_SESSION 0x0002
-#define EVENT_HEADER_FLAG_STRING_ONLY 0x0004
-#define EVENT_HEADER_FLAG_TRACE_MESSAGE 0x0008
-#define EVENT_HEADER_FLAG_NO_CPUTIME 0x0010
-#define EVENT_HEADER_FLAG_32_BIT_HEADER 0x0020
-#define EVENT_HEADER_FLAG_64_BIT_HEADER 0x0040
-#define EVENT_HEADER_FLAG_CLASSIC_HEADER 0x0100
+ USHORT Linkage : 1;
+ USHORT Reserved2 : 15;
+ };
+ USHORT DataSize;
+ ULONGLONG DataPtr;
+ } EVENT_HEADER_EXTENDED_DATA_ITEM,*PEVENT_HEADER_EXTENDED_DATA_ITEM;
+#endif
-#define EVENT_HEADER_EXT_TYPE_RELATED_ACTIVITYID 0x0001
-#define EVENT_HEADER_EXT_TYPE_SID 0x0002
-#define EVENT_HEADER_EXT_TYPE_TS_ID 0x0003
-#define EVENT_HEADER_EXT_TYPE_INSTANCE_INFO 0x0004
-#define EVENT_HEADER_EXT_TYPE_STACK_TRACE32 0x0005
-#define EVENT_HEADER_EXT_TYPE_STACK_TRACE64 0x0006
-
-struct _EVENT_RECORD {
- EVENT_HEADER EventHeader;
- ETW_BUFFER_CONTEXT BufferContext;
- USHORT ExtendedDataCount;
- USHORT UserDataLength;
- PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData;
- PVOID UserData;
- PVOID UserContext;
-};
-#ifndef DEFINED_PEVENT_RECORD
-typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD;
-#define DEFINED_PEVENT_RECORD 1
-#endif /* for evntrace.h */
-
-#if (_WIN32_WINNT >= 0x0601)
-typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 {
- ULONG64 MatchId;
- ULONG Address[ANYSIZE_ARRAY];
-} EVENT_EXTENDED_ITEM_STACK_TRACE32, *PEVENT_EXTENDED_ITEM_STACK_TRACE32;
-
-typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 {
- ULONG64 MatchId;
- ULONG64 Address[ANYSIZE_ARRAY];
-} EVENT_EXTENDED_ITEM_STACK_TRACE64, *PEVENT_EXTENDED_ITEM_STACK_TRACE64;
-#endif /*(_WIN32_WINNT >= 0x0601)*/
-
-#define EVENT_ENABLE_PROPERTY_SID 0x00000001
-#define EVENT_ENABLE_PROPERTY_TS_ID 0x00000002
-#define EVENT_ENABLE_PROPERTY_STACK_TRACE 0x00000004
-
-#define PROCESS_TRACE_MODE_REAL_TIME 0x00000100
-#define PROCESS_TRACE_MODE_RAW_TIMESTAMP 0x00001000
-#define PROCESS_TRACE_MODE_EVENT_RECORD 0x10000000
-
-#if (_WIN32_WINNT >= 0x0600)
-ULONG EVNTAPI EventAccessControl(
- LPGUID Guid,
- ULONG Operation,
- PSID Sid,
- ULONG Rights,
- BOOLEAN AllowOrDeny
-);
-
-ULONG EVNTAPI EventAccessQuery(
- LPGUID Guid,
- PSECURITY_DESCRIPTOR Buffer,
- PULONG BufferSize
-);
-
-ULONG EVNTAPI EventAccessRemove(
- LPGUID Guid
-);
-#endif /*(_WIN32_WINNT >= 0x0600)*/
+ typedef struct _EVENT_EXTENDED_ITEM_INSTANCE {
+ ULONG InstanceId;
+ ULONG ParentInstanceId;
+ GUID ParentGuid;
+ } EVENT_EXTENDED_ITEM_INSTANCE,*PEVENT_EXTENDED_ITEM_INSTANCE;
+
+ typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID {
+ GUID RelatedActivityId;
+ }
EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID,*PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID;
+
+ typedef struct _EVENT_EXTENDED_ITEM_TS_ID {
+ ULONG SessionId;
+ } EVENT_EXTENDED_ITEM_TS_ID,*PEVENT_EXTENDED_ITEM_TS_ID;
+
+ typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 {
+ ULONG64 MatchId;
+ ULONG Address[ANYSIZE_ARRAY];
+ } EVENT_EXTENDED_ITEM_STACK_TRACE32,*PEVENT_EXTENDED_ITEM_STACK_TRACE32;
+
+ typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 {
+ ULONG64 MatchId;
+ ULONG64 Address[ANYSIZE_ARRAY];
+ } EVENT_EXTENDED_ITEM_STACK_TRACE64,*PEVENT_EXTENDED_ITEM_STACK_TRACE64;
+
+ typedef struct _EVENT_EXTENDED_ITEM_PEBS_INDEX {
+ ULONG64 PebsIndex;
+ } EVENT_EXTENDED_ITEM_PEBS_INDEX,*PEVENT_EXTENDED_ITEM_PEBS_INDEX;
+
+ typedef struct _EVENT_EXTENDED_ITEM_PMC_COUNTERS {
+ ULONG64 Counter[ANYSIZE_ARRAY];
+ } EVENT_EXTENDED_ITEM_PMC_COUNTERS,*PEVENT_EXTENDED_ITEM_PMC_COUNTERS;
+
+#ifndef EVENT_HEADER_DEF
+#define EVENT_HEADER_DEF
+ typedef struct _EVENT_HEADER {
+ USHORT Size;
+ USHORT HeaderType;
+ USHORT Flags;
+ USHORT EventProperty;
+ ULONG ThreadId;
+ ULONG ProcessId;
+ LARGE_INTEGER TimeStamp;
+ GUID ProviderId;
+ EVENT_DESCRIPTOR EventDescriptor;
+ __C89_NAMELESS union {
+ __C89_NAMELESS struct {
+ ULONG KernelTime;
+ ULONG UserTime;
+ } DUMMYSTRUCTNAME;
+ ULONG64 ProcessorTime;
+ } DUMMYUNIONNAME;
+ GUID ActivityId;
+ } EVENT_HEADER,*PEVENT_HEADER;
+#endif
+
+#ifndef EVENT_RECORD_DEF
+#define EVENT_RECORD_DEF
+ typedef struct _EVENT_RECORD {
+ EVENT_HEADER EventHeader;
+ ETW_BUFFER_CONTEXT BufferContext;
+ USHORT ExtendedDataCount;
+ USHORT UserDataLength;
+ PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData;
+ PVOID UserData;
+ PVOID UserContext;
+ } EVENT_RECORD,*PEVENT_RECORD;
+
+ typedef const EVENT_RECORD *PCEVENT_RECORD;
+#endif
+
+#if WINVER >= 0x0600
+ ULONG EVNTAPI EventAccessControl (LPGUID Guid, ULONG Operation, PSID Sid,
ULONG Rights, BOOLEAN AllowOrDeny);
+ ULONG EVNTAPI EventAccessQuery (LPGUID Guid, PSECURITY_DESCRIPTOR Buffer,
PULONG BufferSize);
+ ULONG EVNTAPI EventAccessRemove (LPGUID Guid);
+#endif
+
+ FORCEINLINE ULONG GetEventProcessorIndex (PCEVENT_RECORD er) {
+ return ((er->EventHeader.Flags & EVENT_HEADER_FLAG_PROCESSOR_INDEX) != 0 ?
er->BufferContext.ProcessorIndex : er->BufferContext.ProcessorNumber);
+ }
#ifdef __cplusplus
}
#endif
-#endif /* _EVNTCONS_H_ */
-
+#endif
+#endif
diff --git a/mingw-w64-headers/include/evntprov.h
b/mingw-w64-headers/include/evntprov.h
index 5170112..6c2c573 100644
--- a/mingw-w64-headers/include/evntprov.h
+++ b/mingw-w64-headers/include/evntprov.h
@@ -1,3 +1,7 @@
+/**
+ * This file is part of the mingw-w64 runtime package.
+ * No warranty is given; refer to the file DISCLAIMER within this package.
+ */
/*
* evntprov.h
*
@@ -5,6 +9,7 @@
*
* Contributors:
* Created by Amine Khaldi.
+ * Extended by Kai Tietz for mingw-w64
*
* THIS SOFTWARE IS NOT COPYRIGHTED
*
@@ -21,344 +26,216 @@
#ifndef _EVNTPROV_H_
#define _EVNTPROV_H_
-#ifndef EVNTAPI
-#ifndef MIDL_PASS
+#include <winapifamily.h>
+
+#if !defined (EVNTAPI) && !defined (__WIDL__) && !defined (MIDL_PASS)
#ifdef _EVNT_SOURCE_
-#if defined(_ARM_)
+#ifdef _ARM_
#define EVNTAPI
#else
#define EVNTAPI __stdcall
#endif
#else
-#if defined(_ARM_)
+#ifdef _ARM_
#define EVNTAPI DECLSPEC_IMPORT
#else
#define EVNTAPI DECLSPEC_IMPORT __stdcall
#endif
-#endif /* _EVNT_SOURCE_ */
-#endif /* MIDL_PASS */
-#endif /* EVNTAPI */
-
-#ifdef __cplusplus
-extern "C" {
+#endif
#endif
-#include <guiddef.h>
-
-#define EVENT_MIN_LEVEL 0
-#define EVENT_MAX_LEVEL 0xff
-
-#define EVENT_ACTIVITY_CTRL_GET_ID 1
-#define EVENT_ACTIVITY_CTRL_SET_ID 2
-#define EVENT_ACTIVITY_CTRL_CREATE_ID 3
-#define EVENT_ACTIVITY_CTRL_GET_SET_ID 4
-#define EVENT_ACTIVITY_CTRL_CREATE_SET_ID 5
-
-typedef ULONGLONG REGHANDLE, *PREGHANDLE;
-
-#define MAX_EVENT_DATA_DESCRIPTORS 128
-#define MAX_EVENT_FILTER_DATA_SIZE 1024
-
-#define EVENT_FILTER_TYPE_SCHEMATIZED 0x80000000
-
-typedef struct _EVENT_DESCRIPTOR {
- USHORT Id;
- UCHAR Version;
- UCHAR Channel;
- UCHAR Level;
- UCHAR Opcode;
- USHORT Task;
- ULONGLONG Keyword;
-} EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR;
-typedef const EVENT_DESCRIPTOR *PCEVENT_DESCRIPTOR;
-
-typedef struct _EVENT_DATA_DESCRIPTOR {
- ULONGLONG Ptr;
- ULONG Size;
- ULONG Reserved;
-} EVENT_DATA_DESCRIPTOR, *PEVENT_DATA_DESCRIPTOR;
-
-struct _EVENT_FILTER_DESCRIPTOR {
- ULONGLONG Ptr;
- ULONG Size;
- ULONG Type;
-};
-#ifndef DEFINED_PEVENT_FILTER_DESC
-typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR,
*PEVENT_FILTER_DESCRIPTOR;
-#define DEFINED_PEVENT_FILTER_DESC 1
-#endif /* for evntrace.h */
-
-typedef struct _EVENT_FILTER_HEADER {
- USHORT Id;
- UCHAR Version;
- UCHAR Reserved[5];
- ULONGLONG InstanceId;
- ULONG Size;
- ULONG NextOffset;
-} EVENT_FILTER_HEADER, *PEVENT_FILTER_HEADER;
-
-
-#ifndef _ETW_KM_ /* for wdm.h */
-
-typedef VOID
-(NTAPI *PENABLECALLBACK)(
- LPCGUID SourceId,
- ULONG IsEnabled,
- UCHAR Level,
- ULONGLONG MatchAnyKeyword,
- ULONGLONG MatchAllKeyword,
- PEVENT_FILTER_DESCRIPTOR FilterData,
- PVOID CallbackContext);
-
-#if (WINVER >= 0x0600)
-ULONG EVNTAPI EventRegister(
- LPCGUID ProviderId,
- PENABLECALLBACK EnableCallback,
- PVOID CallbackContext,
- PREGHANDLE RegHandle
-);
-
-ULONG EVNTAPI EventUnregister(
- REGHANDLE RegHandle
-);
-
-BOOLEAN EVNTAPI EventEnabled(
- REGHANDLE RegHandle,
- PCEVENT_DESCRIPTOR EventDescriptor
-);
-
-BOOLEAN EVNTAPI EventProviderEnabled(
- REGHANDLE RegHandle,
- UCHAR Level,
- ULONGLONG Keyword
-);
-
-ULONG EVNTAPI EventWrite(
- REGHANDLE RegHandle,
- PCEVENT_DESCRIPTOR EventDescriptor,
- ULONG UserDataCount,
- PEVENT_DATA_DESCRIPTOR UserData
-);
-
-ULONG EVNTAPI EventWriteTransfer(
- REGHANDLE RegHandle,
- PCEVENT_DESCRIPTOR EventDescriptor,
- LPCGUID ActivityId,
- LPCGUID RelatedActivityId,
- ULONG UserDataCount,
- PEVENT_DATA_DESCRIPTOR UserData
-);
-
-ULONG EVNTAPI EventWriteString(
- REGHANDLE RegHandle,
- UCHAR Level,
- ULONGLONG Keyword,
- PCWSTR String
-);
-
-ULONG EVNTAPI EventActivityIdControl(
- ULONG ControlCode,
- LPGUID ActivityId
-);
-
-#endif /*(WINVER >= 0x0600)*/
-
-#if (_WIN32_WINNT >= 0x0601)
-ULONG EVNTAPI EventWriteEx(
- REGHANDLE RegHandle,
- PCEVENT_DESCRIPTOR EventDescriptor,
- ULONG64 Filter,
- ULONG Flags,
- LPCGUID ActivityId,
- LPCGUID RelatedActivityId,
- ULONG UserDataCount,
- PEVENT_DATA_DESCRIPTOR UserData
-);
-#endif /*(_WIN32_WINNT >= 0x0601)*/
-
-#endif /* _ETW_KM_ */
-
-FORCEINLINE
-VOID
-EventDataDescCreate(
- PEVENT_DATA_DESCRIPTOR EventDataDescriptor,
- const VOID* DataPtr,
- ULONG DataSize)
-{
- EventDataDescriptor->Ptr = (ULONGLONG)(ULONG_PTR)DataPtr;
- EventDataDescriptor->Size = DataSize;
- EventDataDescriptor->Reserved = 0;
-}
-
-FORCEINLINE
-VOID
-EventDescCreate(
- PEVENT_DESCRIPTOR EventDescriptor,
- USHORT Id,
- UCHAR Version,
- UCHAR Channel,
- UCHAR Level,
- USHORT Task,
- UCHAR Opcode,
- ULONGLONG Keyword)
-{
- EventDescriptor->Id = Id;
- EventDescriptor->Version = Version;
- EventDescriptor->Channel = Channel;
- EventDescriptor->Level = Level;
- EventDescriptor->Task = Task;
- EventDescriptor->Opcode = Opcode;
- EventDescriptor->Keyword = Keyword;
-}
-
-FORCEINLINE
-VOID
-EventDescZero(
- PEVENT_DESCRIPTOR EventDescriptor)
-{
- memset(EventDescriptor, 0, sizeof(EVENT_DESCRIPTOR));
-}
-
-FORCEINLINE
-USHORT
-EventDescGetId(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Id);
-}
-
-FORCEINLINE
-UCHAR
-EventDescGetVersion(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Version);
-}
-
-FORCEINLINE
-USHORT
-EventDescGetTask(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Task);
-}
-
-FORCEINLINE
-UCHAR
-EventDescGetOpcode(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Opcode);
-}
+#define EVENT_MIN_LEVEL (0)
+#define EVENT_MAX_LEVEL (0xff)
-FORCEINLINE
-UCHAR
-EventDescGetChannel(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Channel);
-}
+#define EVENT_ACTIVITY_CTRL_GET_ID (1)
+#define EVENT_ACTIVITY_CTRL_SET_ID (2)
+#define EVENT_ACTIVITY_CTRL_CREATE_ID (3)
+#define EVENT_ACTIVITY_CTRL_GET_SET_ID (4)
+#define EVENT_ACTIVITY_CTRL_CREATE_SET_ID (5)
-FORCEINLINE
-UCHAR
-EventDescGetLevel(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Level);
-}
+#define EVENT_FILTER_TYPE_SCHEMATIZED (0x80000000)
+#define EVENT_FILTER_TYPE_SYSTEM_FLAGS (0x80000001)
+#define EVENT_FILTER_TYPE_TRACEHANDLE (0x80000002)
-FORCEINLINE
-ULONGLONG
-EventDescGetKeyword(
- PCEVENT_DESCRIPTOR EventDescriptor)
-{
- return (EventDescriptor->Keyword);
-}
+#define MAX_EVENT_DATA_DESCRIPTORS (128)
+#define MAX_EVENT_FILTER_DATA_SIZE (1024)
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetId(
- PEVENT_DESCRIPTOR EventDescriptor,
- USHORT Id)
-{
- EventDescriptor->Id = Id;
- return (EventDescriptor);
-}
+#ifdef __cplusplus
+extern "C" {
+#endif
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetVersion(
- PEVENT_DESCRIPTOR EventDescriptor,
- UCHAR Version)
-{
- EventDescriptor->Version = Version;
- return (EventDescriptor);
-}
+#include <guiddef.h>
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetTask(
- PEVENT_DESCRIPTOR EventDescriptor,
- USHORT Task)
-{
- EventDescriptor->Task = Task;
- return (EventDescriptor);
-}
+ typedef ULONGLONG REGHANDLE,*PREGHANDLE;
+
+ typedef struct _EVENT_DATA_DESCRIPTOR {
+ ULONGLONG Ptr;
+ ULONG Size;
+ ULONG Reserved;
+ } EVENT_DATA_DESCRIPTOR,*PEVENT_DATA_DESCRIPTOR;
+
+#ifndef EVENT_DESCRIPTOR_DEF
+#define EVENT_DESCRIPTOR_DEF
+ typedef struct _EVENT_DESCRIPTOR {
+ USHORT Id;
+ UCHAR Version;
+ UCHAR Channel;
+ UCHAR Level;
+ UCHAR Opcode;
+ USHORT Task;
+ ULONGLONG Keyword;
+ } EVENT_DESCRIPTOR,*PEVENT_DESCRIPTOR;
+ typedef const EVENT_DESCRIPTOR *PCEVENT_DESCRIPTOR;
+#endif
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetOpcode(
- PEVENT_DESCRIPTOR EventDescriptor,
- UCHAR Opcode)
-{
- EventDescriptor->Opcode = Opcode;
- return (EventDescriptor);
-}
+ typedef struct _EVENT_FILTER_DESCRIPTOR {
+ ULONGLONG Ptr;
+ ULONG Size;
+ ULONG Type;
+ };
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetLevel(
- PEVENT_DESCRIPTOR EventDescriptor,
- UCHAR Level)
-{
- EventDescriptor->Level = Level;
- return (EventDescriptor);
-}
+#ifndef DEFINED_PEVENT_FILTER_DESC
+#define DEFINED_PEVENT_FILTER_DESC
+ typedef struct _EVENT_FILTER_DESCRIPTOR
EVENT_FILTER_DESCRIPTOR,*PEVENT_FILTER_DESCRIPTOR;
+#endif /* for evntrace.h */
+
+ typedef struct _EVENT_FILTER_HEADER {
+ USHORT Id;
+ UCHAR Version;
+ UCHAR Reserved[5];
+ ULONGLONG InstanceId;
+ ULONG Size;
+ ULONG NextOffset;
+ } EVENT_FILTER_HEADER,*PEVENT_FILTER_HEADER;
+
+#if !defined (_ETW_KM_) && !defined (__WIDL__) /* for wdm.h & widl */
+ typedef enum _EVENT_INFO_CLASS {
+ EventProviderBinaryTrackInfo,
+ MaxEventInfo
+ } EVENT_INFO_CLASS;
+
+ typedef VOID (NTAPI *PENABLECALLBACK) (LPCGUID SourceId, ULONG IsEnabled,
UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword,
PEVENT_FILTER_DESCRIPTOR FilterData, PVOID CallbackContext);
+
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+#if WINVER >= 0x0600
+ BOOLEAN EVNTAPI EventEnabled (REGHANDLE RegHandle, PCEVENT_DESCRIPTOR
EventDescriptor);
+ BOOLEAN EVNTAPI EventProviderEnabled (REGHANDLE RegHandle, UCHAR Level,
ULONGLONG Keyword);
+ ULONG EVNTAPI EventWriteTransfer (REGHANDLE RegHandle, PCEVENT_DESCRIPTOR
EventDescriptor, LPCGUID ActivityId, LPCGUID RelatedActivityId, ULONG
UserDataCount, PEVENT_DATA_DESCRIPTOR UserData);
+ ULONG EVNTAPI EventWriteString (REGHANDLE RegHandle, UCHAR Level, ULONGLONG
Keyword, PCWSTR String);
+ ULONG EVNTAPI EventActivityIdControl (ULONG ControlCode, LPGUID ActivityId);
+#endif
+#if WINVER >= 0x0601
+ ULONG EVNTAPI EventWriteEx (REGHANDLE RegHandle, PCEVENT_DESCRIPTOR
EventDescriptor, ULONG64 Filter, ULONG Flags, LPCGUID ActivityId, LPCGUID
RelatedActivityId, ULONG UserDataCount, PEVENT_DATA_DESCRIPTOR UserData);
+#endif
+#endif
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetChannel(
- PEVENT_DESCRIPTOR EventDescriptor,
- UCHAR Channel)
-{
- EventDescriptor->Channel = Channel;
- return (EventDescriptor);
-}
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+#if WINVER >= 0x0600
+ ULONG EVNTAPI EventRegister (LPCGUID ProviderId, PENABLECALLBACK
EnableCallback, PVOID CallbackContext, PREGHANDLE RegHandle);
+ ULONG EVNTAPI EventUnregister (REGHANDLE RegHandle);
+ ULONG EVNTAPI EventWrite (REGHANDLE RegHandle, PCEVENT_DESCRIPTOR
EventDescriptor, ULONG UserDataCount, PEVENT_DATA_DESCRIPTOR UserData);
+#endif
+#if WINVER >= 0x0602
+ ULONG EVNTAPI EventSetInformation (REGHANDLE RegHandle, EVENT_INFO_CLASS
InformationClass, PVOID EventInformation, ULONG InformationLength);
+#endif
+#endif
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescSetKeyword(
- PEVENT_DESCRIPTOR EventDescriptor,
- ULONGLONG Keyword)
-{
- EventDescriptor->Keyword = Keyword;
- return (EventDescriptor);
-}
+#endif
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+ FORCEINLINE VOID EventDataDescCreate (PEVENT_DATA_DESCRIPTOR evp, const VOID
*d, ULONG sz) {
+ evp->Ptr = (ULONGLONG) (ULONG_PTR) d;
+ evp->Size = sz;
+ evp->Reserved = 0;
+ }
+#endif
-FORCEINLINE
-PEVENT_DESCRIPTOR
-EventDescOrKeyword(
- PEVENT_DESCRIPTOR EventDescriptor,
- ULONGLONG Keyword)
-{
- EventDescriptor->Keyword |= Keyword;
- return (EventDescriptor);
-}
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+ FORCEINLINE VOID EventDescCreate (PEVENT_DESCRIPTOR ev, USHORT Id, UCHAR
ver, UCHAR ch, UCHAR lvl, USHORT t, UCHAR opc, ULONGLONG keyw) {
+ ev->Id = Id;
+ ev->Version = ver;
+ ev->Channel = ch;
+ ev->Level = lvl;
+ ev->Task = t;
+ ev->Opcode = opc;
+ ev->Keyword = keyw;
+ }
+
+ FORCEINLINE UCHAR EventDescGetChannel (PCEVENT_DESCRIPTOR ev) {
+ return ev->Channel;
+ }
+
+ FORCEINLINE USHORT EventDescGetId (PCEVENT_DESCRIPTOR ev) {
+ return ev->Id;
+ }
+
+ FORCEINLINE ULONGLONG EventDescGetKeyword (PCEVENT_DESCRIPTOR ev) {
+ return ev->Keyword;
+ }
+
+ FORCEINLINE UCHAR EventDescGetLevel (PCEVENT_DESCRIPTOR ev) {
+ return ev->Level;
+ }
+
+ FORCEINLINE UCHAR EventDescGetOpcode (PCEVENT_DESCRIPTOR ev) {
+ return ev->Opcode;
+ }
+
+ FORCEINLINE USHORT EventDescGetTask (PCEVENT_DESCRIPTOR ev) {
+ return ev->Task;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescOrKeyword (PEVENT_DESCRIPTOR ev,
ULONGLONG keyw) {
+ ev->Keyword |= keyw;
+ return ev;
+ }
+
+ FORCEINLINE UCHAR EventDescGetVersion (PCEVENT_DESCRIPTOR ev) {
+ return ev->Version;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetChannel (PEVENT_DESCRIPTOR ev,
UCHAR ch) {
+ ev->Channel = ch;
+ return ev;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetId (PEVENT_DESCRIPTOR ev, USHORT
Id) {
+ ev->Id = Id;
+ return ev;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetKeyword (PEVENT_DESCRIPTOR ev,
ULONGLONG keyw) {
+ ev->Keyword = keyw;
+ return ev;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetLevel (PEVENT_DESCRIPTOR ev, UCHAR
lvl) {
+ ev->Level = Lvl;
+ return ev;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetOpcode (PEVENT_DESCRIPTOR ev,
UCHAR opc) {
+ ev->Opcode = opc;
+ return ev;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetTask (PEVENT_DESCRIPTOR ev, USHORT
t) {
+ ev->Task = t;
+ return ev;
+ }
+
+ FORCEINLINE PEVENT_DESCRIPTOR EventDescSetVersion (PEVENT_DESCRIPTOR ev,
UCHAR ver) {
+ ev->Version = ver;
+ return ev;
+ }
+
+ FORCEINLINE VOID EventDescZero (PEVENT_DESCRIPTOR ev) {
+ memset (ev, 0, sizeof (EVENT_DESCRIPTOR));
+ }
+#endif
#ifdef __cplusplus
}
#endif
-#endif /* _EVNTPROV_H_ */
-
+#endif
diff --git a/mingw-w64-headers/include/evntrace.h
b/mingw-w64-headers/include/evntrace.h
index 5c50975..c7b9260 100644
--- a/mingw-w64-headers/include/evntrace.h
+++ b/mingw-w64-headers/include/evntrace.h
@@ -1,296 +1,289 @@
/**
- * This file has no copyright assigned and is placed in the Public Domain.
* This file is part of the mingw-w64 runtime package.
- * No warranty is given; refer to the file DISCLAIMER.PD within this package.
+ * No warranty is given; refer to the file DISCLAIMER within this package.
*/
+
+#include <winapifamily.h>
+
#ifndef _EVNTRACE_
#define _EVNTRACE_
-#if defined(_WINNT_) || defined(WINNT)
+#if defined (_WINNT_) || defined (WINNT)
-#ifndef WMIAPI
-#ifndef MIDL_PASS
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+
+#if !defined (WMIAPI) && !defined (__WIDL__) && !defined (MIDL_PASS)
#ifdef _WMI_SOURCE_
-#if defined(_ARM_)
+#ifdef _ARM_
#define WMIAPI
#else
#define WMIAPI __stdcall
#endif
#else
-#if defined(_ARM_)
+#ifdef _ARM_
#define WMIAPI DECLSPEC_IMPORT
#else
#define WMIAPI DECLSPEC_IMPORT __stdcall
#endif
#endif
-#endif /* MIDL_PASS */
-#endif /* WMIAPI */
+#endif
#include <guiddef.h>
-DEFINE_GUID
(EventTraceGuid,0x68fdd900,0x4a3e,0x11d1,0x84,0xf4,0x00,0x00,0xf8,0x04,0x64,0xe3);
-DEFINE_GUID
(SystemTraceControlGuid,0x9e814aad,0x3204,0x11d2,0x9a,0x82,0x00,0x60,0x08,0xa8,0x69,0x39);
-DEFINE_GUID
(EventTraceConfigGuid,0x01853a65,0x418f,0x4f36,0xae,0xfc,0xdc,0x0f,0x1d,0x2f,0xd2,0x35);
-DEFINE_GUID
(DefaultTraceSecurityGuid,0x0811c1af,0x7a07,0x4a06,0x82,0xed,0x86,0x94,0x55,0xcd,0xf7,0x13);
+#if defined (_NTDDK_) || defined (_NTIFS_) || defined (_WMIKM_)
+#define _EVNTRACE_KERNEL_MODE
+#endif
+
+#ifndef _EVNTRACE_KERNEL_MODE
+#include <wmistr.h>
+#endif
+
+DEFINE_GUID (EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00,
0x00, 0xf8, 0x04, 0x64, 0xe3);
+DEFINE_GUID (SystemTraceControlGuid, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82,
0x00, 0x60, 0x08, 0xa8, 0x69, 0x39);
+DEFINE_GUID (EventTraceConfigGuid, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc,
0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35);
+DEFINE_GUID (DefaultTraceSecurityGuid, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed,
0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13);
-#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
-#define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
-#define EVENT_LOGGER_NAMEW L"Event Log"
-#define DIAG_LOGGER_NAMEW L"DiagLog"
+#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
+#define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
+#define EVENT_LOGGER_NAMEW L"EventLog"
+#define DIAG_LOGGER_NAMEW L"DiagLog"
-#define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
-#define GLOBAL_LOGGER_NAMEA "GlobalLogger"
-#define EVENT_LOGGER_NAMEA "Event Log"
-#define DIAG_LOGGER_NAMEA "DiagLog"
+#define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
+#define GLOBAL_LOGGER_NAMEA "GlobalLogger"
+#define EVENT_LOGGER_NAMEA "EventLog"
+#define DIAG_LOGGER_NAMEA "DiagLog"
-#define MAX_MOF_FIELDS 16
+#define MAX_MOF_FIELDS 16
#ifndef _TRACEHANDLE_DEFINED
#define _TRACEHANDLE_DEFINED
typedef ULONG64 TRACEHANDLE,*PTRACEHANDLE;
#endif
-#define SYSTEM_EVENT_TYPE 1
-
-#define EVENT_TRACE_TYPE_INFO 0x00
-#define EVENT_TRACE_TYPE_START 0x01
-#define EVENT_TRACE_TYPE_END 0x02
-#define EVENT_TRACE_TYPE_STOP 0x02
-#define EVENT_TRACE_TYPE_DC_START 0x03
-#define EVENT_TRACE_TYPE_DC_END 0x04
-#define EVENT_TRACE_TYPE_EXTENSION 0x05
-#define EVENT_TRACE_TYPE_REPLY 0x06
-#define EVENT_TRACE_TYPE_DEQUEUE 0x07
-#define EVENT_TRACE_TYPE_RESUME 0x07
-#define EVENT_TRACE_TYPE_CHECKPOINT 0x08
-#define EVENT_TRACE_TYPE_SUSPEND 0x08
-#define EVENT_TRACE_TYPE_WINEVT_SEND 0x09
-#define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0
-
-#define TRACE_LEVEL_NONE 0
-#define TRACE_LEVEL_CRITICAL 1
-#define TRACE_LEVEL_FATAL 1
-#define TRACE_LEVEL_ERROR 2
-#define TRACE_LEVEL_WARNING 3
-#define TRACE_LEVEL_INFORMATION 4
-#define TRACE_LEVEL_VERBOSE 5
-#define TRACE_LEVEL_RESERVED6 6
-#define TRACE_LEVEL_RESERVED7 7
-#define TRACE_LEVEL_RESERVED8 8
-#define TRACE_LEVEL_RESERVED9 9
-
-#define EVENT_TRACE_TYPE_LOAD 0x0A
-
-#define EVENT_TRACE_TYPE_IO_READ 0x0A
-#define EVENT_TRACE_TYPE_IO_WRITE 0x0B
-#define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C
-#define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D
-#define EVENT_TRACE_TYPE_IO_FLUSH 0x0E
-#define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F
-
-#define EVENT_TRACE_TYPE_MM_TF 0x0A
-#define EVENT_TRACE_TYPE_MM_DZF 0x0B
-#define EVENT_TRACE_TYPE_MM_COW 0x0C
-#define EVENT_TRACE_TYPE_MM_GPF 0x0D
-#define EVENT_TRACE_TYPE_MM_HPF 0x0E
-#define EVENT_TRACE_TYPE_MM_AV 0x0F
-
-#define EVENT_TRACE_TYPE_SEND 0x0A
-#define EVENT_TRACE_TYPE_RECEIVE 0x0B
-#define EVENT_TRACE_TYPE_CONNECT 0x0C
-#define EVENT_TRACE_TYPE_DISCONNECT 0x0D
-#define EVENT_TRACE_TYPE_RETRANSMIT 0x0E
-#define EVENT_TRACE_TYPE_ACCEPT 0x0F
-#define EVENT_TRACE_TYPE_RECONNECT 0x10
-#define EVENT_TRACE_TYPE_CONNFAIL 0x11
-#define EVENT_TRACE_TYPE_COPY_TCP 0x12
-#define EVENT_TRACE_TYPE_COPY_ARP 0x13
-#define EVENT_TRACE_TYPE_ACKFULL 0x14
-#define EVENT_TRACE_TYPE_ACKPART 0x15
-#define EVENT_TRACE_TYPE_ACKDUP 0x16
-
-#define EVENT_TRACE_TYPE_GUIDMAP 0x0A
-#define EVENT_TRACE_TYPE_CONFIG 0x0B
-#define EVENT_TRACE_TYPE_SIDINFO 0x0C
-#define EVENT_TRACE_TYPE_SECURITY 0x0D
-
-#define EVENT_TRACE_TYPE_REGCREATE 0x0A
-#define EVENT_TRACE_TYPE_REGOPEN 0x0B
-#define EVENT_TRACE_TYPE_REGDELETE 0x0C
-#define EVENT_TRACE_TYPE_REGQUERY 0x0D
-#define EVENT_TRACE_TYPE_REGSETVALUE 0x0E
-#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F
-#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10
-#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11
-#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12
-#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13
-#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14
-#define EVENT_TRACE_TYPE_REGFLUSH 0x15
-#define EVENT_TRACE_TYPE_REGKCBCREATE 0x16
-#define EVENT_TRACE_TYPE_REGKCBDELETE 0x17
-#define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18
-#define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19
-#define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A
-#define EVENT_TRACE_TYPE_REGCLOSE 0x1B
-#define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C
-#define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D
-#define EVENT_TRACE_TYPE_REGCOMMIT 0x1E
-#define EVENT_TRACE_TYPE_REGPREPARE 0x1F
-#define EVENT_TRACE_TYPE_REGROLLBACK 0x20
-#define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21
-
-#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A
-#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B
-#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C
-#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D
-#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E
-#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F
-#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10
-#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11
-
-#define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15
-#define EVENT_TRACE_TYPE_CONFIG_PNP 0x16
-#define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17
-#define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19
-
-#define EVENT_TRACE_FLAG_PROCESS 0x00000001
-#define EVENT_TRACE_FLAG_THREAD 0x00000002
-#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004
-
-#define EVENT_TRACE_FLAG_DISK_IO 0x00000100
-#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200
-
-#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000
-#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000
-
-#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000
-
-#define EVENT_TRACE_FLAG_REGISTRY 0x00020000
-#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000
-
-#define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008
-#define EVENT_TRACE_FLAG_CSWITCH 0x00000010
-#define EVENT_TRACE_FLAG_DPC 0x00000020
-#define EVENT_TRACE_FLAG_INTERRUPT 0x00000040
-#define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080
-
-#define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400
-
-#define EVENT_TRACE_FLAG_ALPC 0x00100000
-#define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000
-
-#define EVENT_TRACE_FLAG_DRIVER 0x00800000
-#define EVENT_TRACE_FLAG_PROFILE 0x01000000
-#define EVENT_TRACE_FLAG_FILE_IO 0x02000000
-#define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000
-
-#define EVENT_TRACE_FLAG_DISPATCHER 0x00000800
-#define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000
-
-#define EVENT_TRACE_FLAG_EXTENSION 0x80000000
-#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000
-#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000
-
-#define EVENT_TRACE_FILE_MODE_NONE 0x00000000
-#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001
-#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002
-#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004
-#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008
-#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020
-
-#define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040
-#define EVENT_TRACE_SECURE_MODE 0x00000080
-#define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000
-#define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000
-#define EVENT_TRACE_MODE_RESERVED 0x00100000
-
-#define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000
-
-#define EVENT_TRACE_REAL_TIME_MODE 0x00000100
-#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200
-#define EVENT_TRACE_BUFFERING_MODE 0x00000400
-#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800
-#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000
-
-#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000
-#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000
-
-#define EVENT_TRACE_RELOG_MODE 0x00010000
-
-#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000
-
-#define EVENT_TRACE_CONTROL_QUERY 0
-#define EVENT_TRACE_CONTROL_STOP 1
-#define EVENT_TRACE_CONTROL_UPDATE 2
-#define EVENT_TRACE_CONTROL_FLUSH 3
-
-#define TRACE_MESSAGE_SEQUENCE 1
-#define TRACE_MESSAGE_GUID 2
-#define TRACE_MESSAGE_COMPONENTID 4
-#define TRACE_MESSAGE_TIMESTAMP 8
-#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16
-#define TRACE_MESSAGE_SYSTEMINFO 32
-
-#define TRACE_MESSAGE_POINTER32 0x0040
-#define TRACE_MESSAGE_POINTER64 0x0080
-
-#define TRACE_MESSAGE_FLAG_MASK 0xFFFF
-
-#define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
-#define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000
-#define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000
-#define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000
-#define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000
-
-#define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024
-
-#define ETW_NULL_TYPE_VALUE 0
-#define ETW_OBJECT_TYPE_VALUE 1
-#define ETW_STRING_TYPE_VALUE 2
-#define ETW_SBYTE_TYPE_VALUE 3
-#define ETW_BYTE_TYPE_VALUE 4
-#define ETW_INT16_TYPE_VALUE 5
-#define ETW_UINT16_TYPE_VALUE 6
-#define ETW_INT32_TYPE_VALUE 7
-#define ETW_UINT32_TYPE_VALUE 8
-#define ETW_INT64_TYPE_VALUE 9
-#define ETW_UINT64_TYPE_VALUE 10
-#define ETW_CHAR_TYPE_VALUE 11
-#define ETW_SINGLE_TYPE_VALUE 12
-#define ETW_DOUBLE_TYPE_VALUE 13
-#define ETW_BOOLEAN_TYPE_VALUE 14
-#define ETW_DECIMAL_TYPE_VALUE 15
-
-#define ETW_GUID_TYPE_VALUE 101
-#define ETW_ASCIICHAR_TYPE_VALUE 102
-#define ETW_ASCIISTRING_TYPE_VALUE 103
-#define ETW_COUNTED_STRING_TYPE_VALUE 104
-#define ETW_POINTER_TYPE_VALUE 105
-#define ETW_SIZET_TYPE_VALUE 106
-#define ETW_HIDDEN_TYPE_VALUE 107
-#define ETW_BOOL_TYPE_VALUE 108
-#define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
-#define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
-#define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
-#define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
-#define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
-#define ETW_REDUCED_STRING_TYPE_VALUE 114
-#define ETW_SID_TYPE_VALUE 115
-#define ETW_VARIANT_TYPE_VALUE 116
-#define ETW_PTVECTOR_TYPE_VALUE 117
-#define ETW_WMITIME_TYPE_VALUE 118
-#define ETW_DATETIME_TYPE_VALUE 119
-#define ETW_REFRENCE_TYPE_VALUE 120
-
-#define TRACE_PROVIDER_FLAG_LEGACY 0x00000001
-#define TRACE_PROVIDER_FLAG_PRE_ENABLE 0x00000002
-
-#define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
-#define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
-#define EVENT_CONTROL_CODE_CAPTURE_STATE 2
-
-#define EVENT_TRACE_USE_PROCTIME 0x0001
-#define EVENT_TRACE_USE_NOCPUTIME 0x0002
+#define SYSTEM_EVENT_TYPE 1
+
+#define EVENT_TRACE_TYPE_INFO 0x00
+#define EVENT_TRACE_TYPE_START 0x01
+#define EVENT_TRACE_TYPE_END 0x02
+#define EVENT_TRACE_TYPE_STOP 0x02
+#define EVENT_TRACE_TYPE_DC_START 0x03
+#define EVENT_TRACE_TYPE_DC_END 0x04
+#define EVENT_TRACE_TYPE_EXTENSION 0x05
+#define EVENT_TRACE_TYPE_REPLY 0x06
+#define EVENT_TRACE_TYPE_DEQUEUE 0x07
+#define EVENT_TRACE_TYPE_RESUME 0x07
+#define EVENT_TRACE_TYPE_CHECKPOINT 0x08
+#define EVENT_TRACE_TYPE_SUSPEND 0x08
+#define EVENT_TRACE_TYPE_WINEVT_SEND 0x09
+#define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0xf0
+
+#define TRACE_LEVEL_NONE 0
+#define TRACE_LEVEL_CRITICAL 1
+#define TRACE_LEVEL_FATAL 1
+#define TRACE_LEVEL_ERROR 2
+#define TRACE_LEVEL_WARNING 3
+#define TRACE_LEVEL_INFORMATION 4
+#define TRACE_LEVEL_VERBOSE 5
+#define TRACE_LEVEL_RESERVED6 6
+#define TRACE_LEVEL_RESERVED7 7
+#define TRACE_LEVEL_RESERVED8 8
+#define TRACE_LEVEL_RESERVED9 9
+
+#define EVENT_TRACE_TYPE_LOAD 0x0a
+
+#define EVENT_TRACE_TYPE_IO_READ 0x0a
+#define EVENT_TRACE_TYPE_IO_WRITE 0x0b
+#define EVENT_TRACE_TYPE_IO_READ_INIT 0x0c
+#define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0d
+#define EVENT_TRACE_TYPE_IO_FLUSH 0x0e
+#define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0f
+
+#define EVENT_TRACE_TYPE_MM_TF 0x0a
+#define EVENT_TRACE_TYPE_MM_DZF 0x0b
+#define EVENT_TRACE_TYPE_MM_COW 0x0c
+#define EVENT_TRACE_TYPE_MM_GPF 0x0d
+#define EVENT_TRACE_TYPE_MM_HPF 0x0e
+#define EVENT_TRACE_TYPE_MM_AV 0x0f
+
+#define EVENT_TRACE_TYPE_SEND 0x0a
+#define EVENT_TRACE_TYPE_RECEIVE 0x0b
+#define EVENT_TRACE_TYPE_CONNECT 0x0c
+#define EVENT_TRACE_TYPE_DISCONNECT 0x0d
+#define EVENT_TRACE_TYPE_RETRANSMIT 0x0e
+#define EVENT_TRACE_TYPE_ACCEPT 0x0f
+#define EVENT_TRACE_TYPE_RECONNECT 0x10
+#define EVENT_TRACE_TYPE_CONNFAIL 0x11
+#define EVENT_TRACE_TYPE_COPY_TCP 0x12
+#define EVENT_TRACE_TYPE_COPY_ARP 0x13
+#define EVENT_TRACE_TYPE_ACKFULL 0x14
+#define EVENT_TRACE_TYPE_ACKPART 0x15
+#define EVENT_TRACE_TYPE_ACKDUP 0x16
+
+#define EVENT_TRACE_TYPE_GUIDMAP 0x0a
+#define EVENT_TRACE_TYPE_CONFIG 0x0b
+#define EVENT_TRACE_TYPE_SIDINFO 0x0c
+#define EVENT_TRACE_TYPE_SECURITY 0x0d
+#define EVENT_TRACE_TYPE_DBGID_RSDS 0x40
+
+#define EVENT_TRACE_TYPE_REGCREATE 0x0a
+#define EVENT_TRACE_TYPE_REGOPEN 0x0b
+#define EVENT_TRACE_TYPE_REGDELETE 0x0c
+#define EVENT_TRACE_TYPE_REGQUERY 0x0d
+#define EVENT_TRACE_TYPE_REGSETVALUE 0x0e
+#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0f
+#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10
+#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11
+#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12
+#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13
+#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14
+#define EVENT_TRACE_TYPE_REGFLUSH 0x15
+#define EVENT_TRACE_TYPE_REGKCBCREATE 0x16
+#define EVENT_TRACE_TYPE_REGKCBDELETE 0x17
+#define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18
+#define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19
+#define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1a
+#define EVENT_TRACE_TYPE_REGCLOSE 0x1b
+#define EVENT_TRACE_TYPE_REGSETSECURITY 0x1c
+#define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1d
+#define EVENT_TRACE_TYPE_REGCOMMIT 0x1e
+#define EVENT_TRACE_TYPE_REGPREPARE 0x1f
+#define EVENT_TRACE_TYPE_REGROLLBACK 0x20
+#define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21
+
+#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0a
+#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0b
+#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0c
+#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0d
+#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0e
+#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0f
+#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10
+#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11
+#define EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA 0x12
+
+#define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15
+#define EVENT_TRACE_TYPE_CONFIG_PNP 0x16
+#define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17
+#define EVENT_TRACE_TYPE_CONFIG_NUMANODE 0x18
+#define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19
+#define EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP 0x1a
+#define EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER 0x1b
+#define EVENT_TRACE_TYPE_CONFIG_DPI 0x1c
+
+#define EVENT_TRACE_TYPE_OPTICAL_IO_READ 0x37
+#define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE 0x38
+#define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH 0x39
+#define EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT 0x3a
+#define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT 0x3b
+#define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT 0x3c
+
+#define EVENT_TRACE_TYPE_FLT_PREOP_INIT 0x60
+#define EVENT_TRACE_TYPE_FLT_POSTOP_INIT 0x61
+#define EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION 0x62
+#define EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION 0x63
+#define EVENT_TRACE_TYPE_FLT_PREOP_FAILURE 0x64
+#define EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE 0x65
+
+#define EVENT_TRACE_FLAG_PROCESS 0x00000001
+#define EVENT_TRACE_FLAG_THREAD 0x00000002
+#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004
+
+#define EVENT_TRACE_FLAG_DISK_IO 0x00000100
+#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200
+
+#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000
+#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000
+
+#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000
+
+#define EVENT_TRACE_FLAG_REGISTRY 0x00020000
+#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000
+
+#define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008
+#define EVENT_TRACE_FLAG_CSWITCH 0x00000010
+#define EVENT_TRACE_FLAG_DPC 0x00000020
+#define EVENT_TRACE_FLAG_INTERRUPT 0x00000040
+#define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080
+
+#define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400
+#define EVENT_TRACE_FLAG_ALPC 0x00100000
+#define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000
+
+#define EVENT_TRACE_FLAG_DRIVER 0x00800000
+#define EVENT_TRACE_FLAG_PROFILE 0x01000000
+#define EVENT_TRACE_FLAG_FILE_IO 0x02000000
+#define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000
+
+#define EVENT_TRACE_FLAG_DISPATCHER 0x00000800
+#define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000
+
+#define EVENT_TRACE_FLAG_VAMAP 0x00008000
+#define EVENT_TRACE_FLAG_NO_SYSCONFIG 0x10000000
+
+#define EVENT_TRACE_FLAG_EXTENSION 0x80000000
+#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000
+#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000
+
+#define EVENT_TRACE_FILE_MODE_NONE 0x00000000
+#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001
+#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002
+#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004
+
+#define EVENT_TRACE_REAL_TIME_MODE 0x00000100
+#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200
+#define EVENT_TRACE_BUFFERING_MODE 0x00000400
+#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800
+#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000
+
+#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000
+#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000
+
+#define EVENT_TRACE_RELOG_MODE 0x00010000
+
+#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000
+
+#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008
+#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020
+
+#define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040
+#define EVENT_TRACE_SECURE_MODE 0x00000080
+#define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000
+#define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000
+#define EVENT_TRACE_MODE_RESERVED 0x00100000
+
+#define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000
+
+#define EVENT_TRACE_SYSTEM_LOGGER_MODE 0x02000000
+#define EVENT_TRACE_ADDTO_TRIAGE_DUMP 0x80000000
+#define EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN 0x00400000
+#define EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN 0x00800000
+
+#define EVENT_TRACE_CONTROL_QUERY 0
+#define EVENT_TRACE_CONTROL_STOP 1
+#define EVENT_TRACE_CONTROL_UPDATE 2
+#define EVENT_TRACE_CONTROL_FLUSH 3
+
+#define TRACE_MESSAGE_SEQUENCE 1
+#define TRACE_MESSAGE_GUID 2
+#define TRACE_MESSAGE_COMPONENTID 4
+#define TRACE_MESSAGE_TIMESTAMP 8
+#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16
+#define TRACE_MESSAGE_SYSTEMINFO 32
+
+#define TRACE_MESSAGE_POINTER32 0x0040
+#define TRACE_MESSAGE_POINTER64 0x0080
+
+#define TRACE_MESSAGE_FLAG_MASK 0xffff
+
+#define TRACE_MESSAGE_MAXIMUM_SIZE (64 * 1024)
+
+#define EVENT_TRACE_USE_PROCTIME 0x0001
+#define EVENT_TRACE_USE_NOCPUTIME 0x0002
+
+#define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
+#define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000
+#define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000
+#define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000
+#define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000
typedef struct _EVENT_TRACE_HEADER {
USHORT Size;
@@ -366,10 +359,45 @@ typedef struct _EVENT_INSTANCE_HEADER {
ULONGLONG ParentRegHandle;
} EVENT_INSTANCE_HEADER,*PEVENT_INSTANCE_HEADER;
-#define DEFINE_TRACE_MOF_FIELD(MOF,ptr,length,type) \
- (MOF)->DataPtr = (ULONG64) (ULONG_PTR) ptr; \
- (MOF)->Length = (ULONG) length; \
- (MOF)->DataType = (ULONG) type;
+#define ETW_NULL_TYPE_VALUE 0
+#define ETW_OBJECT_TYPE_VALUE 1
+#define ETW_STRING_TYPE_VALUE 2
+#define ETW_SBYTE_TYPE_VALUE 3
+#define ETW_BYTE_TYPE_VALUE 4
+#define ETW_INT16_TYPE_VALUE 5
+#define ETW_UINT16_TYPE_VALUE 6
+#define ETW_INT32_TYPE_VALUE 7
+#define ETW_UINT32_TYPE_VALUE 8
+#define ETW_INT64_TYPE_VALUE 9
+#define ETW_UINT64_TYPE_VALUE 10
+#define ETW_CHAR_TYPE_VALUE 11
+#define ETW_SINGLE_TYPE_VALUE 12
+#define ETW_DOUBLE_TYPE_VALUE 13
+#define ETW_BOOLEAN_TYPE_VALUE 14
+#define ETW_DECIMAL_TYPE_VALUE 15
+
+#define ETW_GUID_TYPE_VALUE 101
+#define ETW_ASCIICHAR_TYPE_VALUE 102
+#define ETW_ASCIISTRING_TYPE_VALUE 103
+#define ETW_COUNTED_STRING_TYPE_VALUE 104
+#define ETW_POINTER_TYPE_VALUE 105
+#define ETW_SIZET_TYPE_VALUE 106
+#define ETW_HIDDEN_TYPE_VALUE 107
+#define ETW_BOOL_TYPE_VALUE 108
+#define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
+#define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
+#define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
+#define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
+#define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
+#define ETW_REDUCED_STRING_TYPE_VALUE 114
+#define ETW_SID_TYPE_VALUE 115
+#define ETW_VARIANT_TYPE_VALUE 116
+#define ETW_PTVECTOR_TYPE_VALUE 117
+#define ETW_WMITIME_TYPE_VALUE 118
+#define ETW_DATETIME_TYPE_VALUE 119
+#define ETW_REFRENCE_TYPE_VALUE 120
+
+#define DEFINE_TRACE_MOF_FIELD(M, P, LEN, TYP) (M)->DataPtr = (ULONG64)
(ULONG_PTR) P; (M)->Length = (ULONG) LEN; (M)->DataType = (ULONG) TYP;
typedef struct _MOF_FIELD {
ULONG64 DataPtr;
@@ -377,8 +405,7 @@ typedef struct _MOF_FIELD {
ULONG DataType;
} MOF_FIELD,*PMOF_FIELD;
-#if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_)
-
+#if !defined (_EVNTRACE_KERNEL_MODE) || defined (_WMIKM_)
typedef struct _TRACE_LOGFILE_HEADER {
ULONG BufferSize;
__C89_NAMELESS union {
@@ -406,7 +433,7 @@ typedef struct _TRACE_LOGFILE_HEADER {
ULONG CpuSpeedInMHz;
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME2;
-#if defined(_WMIKM_)
+#if defined (_WMIKM_)
PWCHAR LoggerName;
PWCHAR LogFileName;
RTL_TIME_ZONE_INFORMATION TimeZone;
@@ -449,13 +476,11 @@ typedef struct _TRACE_LOGFILE_HEADER32 {
ULONG CpuSpeedInMHz;
};
};
-#if defined(_WMIKM_)
ULONG32 LoggerName;
ULONG32 LogFileName;
+#if defined (_WMIKM_)
RTL_TIME_ZONE_INFORMATION TimeZone;
#else
- ULONG32 LoggerName;
- ULONG32 LogFileName;
TIME_ZONE_INFORMATION TimeZone;
#endif
LARGE_INTEGER BootTime;
@@ -463,13 +488,13 @@ typedef struct _TRACE_LOGFILE_HEADER32 {
LARGE_INTEGER StartTime;
ULONG ReservedFlags;
ULONG BuffersLost;
-} TRACE_LOGFILE_HEADER32, *PTRACE_LOGFILE_HEADER32;
+} TRACE_LOGFILE_HEADER32,*PTRACE_LOGFILE_HEADER32;
typedef struct _TRACE_LOGFILE_HEADER64 {
ULONG BufferSize;
__C89_NAMELESS union {
ULONG Version;
- struct {
+ __C89_NAMELESS struct {
UCHAR MajorVersion;
UCHAR MinorVersion;
UCHAR SubVersion;
@@ -492,13 +517,11 @@ typedef struct _TRACE_LOGFILE_HEADER64 {
ULONG CpuSpeedInMHz;
};
};
-#if defined(_WMIKM_)
ULONG64 LoggerName;
ULONG64 LogFileName;
+#if defined (_WMIKM_)
RTL_TIME_ZONE_INFORMATION TimeZone;
#else
- ULONG64 LoggerName;
- ULONG64 LogFileName;
TIME_ZONE_INFORMATION TimeZone;
#endif
LARGE_INTEGER BootTime;
@@ -506,17 +529,15 @@ typedef struct _TRACE_LOGFILE_HEADER64 {
LARGE_INTEGER StartTime;
ULONG ReservedFlags;
ULONG BuffersLost;
-} TRACE_LOGFILE_HEADER64, *PTRACE_LOGFILE_HEADER64;
-
-#endif /* !_NTDDK_ || _WMIKM_ */
+} TRACE_LOGFILE_HEADER64,*PTRACE_LOGFILE_HEADER64;
+#endif
-typedef struct _EVENT_INSTANCE_INFO {
+typedef struct EVENT_INSTANCE_INFO {
HANDLE RegHandle;
ULONG InstanceId;
} EVENT_INSTANCE_INFO,*PEVENT_INSTANCE_INFO;
-#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_)
-
+#ifndef _EVNTRACE_KERNEL_MODE
typedef struct _EVENT_TRACE_PROPERTIES {
WNODE_HEADER Wnode;
ULONG BufferSize;
@@ -527,7 +548,6 @@ typedef struct _EVENT_TRACE_PROPERTIES {
ULONG FlushTimer;
ULONG EnableFlags;
LONG AgeLimit;
-
ULONG NumberOfBuffers;
ULONG FreeBuffers;
ULONG EventsLost;
@@ -543,8 +563,7 @@ typedef struct _TRACE_GUID_REGISTRATION {
LPCGUID Guid;
HANDLE RegHandle;
} TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION;
-
-#endif /* !_NTDDK_ || _WMIKM_ */
+#endif
typedef struct _TRACE_GUID_PROPERTIES {
GUID Guid;
@@ -555,11 +574,23 @@ typedef struct _TRACE_GUID_PROPERTIES {
BOOLEAN IsEnable;
} TRACE_GUID_PROPERTIES,*PTRACE_GUID_PROPERTIES;
+#ifndef ETW_BUFFER_CONTEXT_DEF
+#define ETW_BUFFER_CONTEXT_DEF
+
typedef struct _ETW_BUFFER_CONTEXT {
- UCHAR ProcessorNumber;
- UCHAR Alignment;
+ __C89_NAMELESS union {
+ __C89_NAMELESS struct {
+ UCHAR ProcessorNumber;
+ UCHAR Alignment;
+ } DUMMYSTRUCTNAME;
+ USHORT ProcessorIndex;
+ } DUMMYUNIONNAME;
USHORT LoggerId;
-} ETW_BUFFER_CONTEXT, *PETW_BUFFER_CONTEXT;
+} ETW_BUFFER_CONTEXT,*PETW_BUFFER_CONTEXT;
+#endif
+
+#define TRACE_PROVIDER_FLAG_LEGACY (0x00000001)
+#define TRACE_PROVIDER_FLAG_PRE_ENABLE (0x00000002)
typedef struct _TRACE_ENABLE_INFO {
ULONG IsEnabled;
@@ -570,19 +601,28 @@ typedef struct _TRACE_ENABLE_INFO {
ULONG Reserved2;
ULONGLONG MatchAnyKeyword;
ULONGLONG MatchAllKeyword;
-} TRACE_ENABLE_INFO, *PTRACE_ENABLE_INFO;
+} TRACE_ENABLE_INFO,*PTRACE_ENABLE_INFO;
typedef struct _TRACE_PROVIDER_INSTANCE_INFO {
ULONG NextOffset;
ULONG EnableCount;
ULONG Pid;
ULONG Flags;
-} TRACE_PROVIDER_INSTANCE_INFO, *PTRACE_PROVIDER_INSTANCE_INFO;
+} TRACE_PROVIDER_INSTANCE_INFO,*PTRACE_PROVIDER_INSTANCE_INFO;
typedef struct _TRACE_GUID_INFO {
ULONG InstanceCount;
ULONG Reserved;
-} TRACE_GUID_INFO, *PTRACE_GUID_INFO;
+} TRACE_GUID_INFO,*PTRACE_GUID_INFO;
+
+typedef struct _PROFILE_SOURCE_INFO {
+ ULONG NextEntryOffset;
+ ULONG Source;
+ ULONG MinInterval;
+ ULONG MaxInterval;
+ ULONG64 Reserved;
+ WCHAR Description[ANYSIZE_ARRAY];
+} PROFILE_SOURCE_INFO,*PPROFILE_SOURCE_INFO;
typedef struct _EVENT_TRACE {
EVENT_TRACE_HEADER Header;
@@ -593,27 +633,25 @@ typedef struct _EVENT_TRACE {
ULONG MofLength;
__C89_NAMELESS union {
ULONG ClientContext;
- ETW_BUFFER_CONTEXT BufferContext; /* MSDN says ULONG, for XP and older? */
+ ETW_BUFFER_CONTEXT BufferContext;
} DUMMYUNIONNAME;
} EVENT_TRACE,*PEVENT_TRACE;
-#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_)
+#define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
+#define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
+#define EVENT_CONTROL_CODE_CAPTURE_STATE 2
+#endif
-#ifndef DEFINED_PEVENT_RECORD
-typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD;
-#define DEFINED_PEVENT_RECORD 1
-#endif /* for evntcons.h */
-#ifndef DEFINED_PEVENT_FILTER_DESC
-typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR,
*PEVENT_FILTER_DESCRIPTOR;
-#define DEFINED_PEVENT_FILTER_DESC 1
-#endif /* for evntprov.h */
+#ifndef _EVNTRACE_KERNEL_MODE
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+typedef struct _EVENT_RECORD EVENT_RECORD,*PEVENT_RECORD;
typedef struct _EVENT_TRACE_LOGFILEW
EVENT_TRACE_LOGFILEW,*PEVENT_TRACE_LOGFILEW;
typedef struct _EVENT_TRACE_LOGFILEA
EVENT_TRACE_LOGFILEA,*PEVENT_TRACE_LOGFILEA;
-typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW)(PEVENT_TRACE_LOGFILEW
Logfile);
-typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA)(PEVENT_TRACE_LOGFILEA
Logfile);
-typedef VOID (WINAPI *PEVENT_CALLBACK)(PEVENT_TRACE pEvent);
-typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK)(PEVENT_RECORD EventRecord);
-typedef ULONG (WINAPI *WMIDPREQUEST)(WMIDPREQUESTCODE RequestCode,PVOID
RequestContext,ULONG *BufferSize,PVOID Buffer);
+typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW) (PEVENT_TRACE_LOGFILEW
Logfile);
+typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA) (PEVENT_TRACE_LOGFILEA
Logfile);
+typedef VOID (WINAPI *PEVENT_CALLBACK) (PEVENT_TRACE pEvent);
+typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK) (PEVENT_RECORD EventRecord);
+typedef ULONG (WINAPI *WMIDPREQUEST) (WMIDPREQUESTCODE RequestCode, PVOID
RequestContext, ULONG *BufferSize, PVOID Buffer);
struct _EVENT_TRACE_LOGFILEW {
LPWSTR LogFileName;
@@ -661,182 +699,165 @@ struct _EVENT_TRACE_LOGFILEA {
PVOID Context;
};
-#if defined(_UNICODE) || defined(UNICODE)
-#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
-#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
-#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
-#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
-#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
-#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
+#if defined (_UNICODE) || defined (UNICODE)
+#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
+#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
+#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
+#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
+#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
+#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
#else
-#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
-#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
-#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
-#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
-#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
-#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
-#endif /* defined(_UNICODE) || defined(UNICODE) */
+#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
+#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
+#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
+#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
+#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
+#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
+#endif
+#endif
#ifdef __cplusplus
extern "C" {
#endif
-EXTERN_C ULONG WMIAPI StartTraceW(PTRACEHANDLE TraceHandle,LPCWSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI StartTraceA(PTRACEHANDLE TraceHandle,LPCSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI StopTraceW(TRACEHANDLE TraceHandle,LPCWSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI StopTraceA(TRACEHANDLE TraceHandle,LPCSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI QueryTraceW(TRACEHANDLE TraceHandle,LPCWSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI QueryTraceA(TRACEHANDLE TraceHandle,LPCSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI UpdateTraceW(TRACEHANDLE TraceHandle,LPCWSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI UpdateTraceA(TRACEHANDLE TraceHandle,LPCSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI FlushTraceW(TRACEHANDLE TraceHandle,LPCWSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI FlushTraceA(TRACEHANDLE TraceHandle,LPCSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties);
-EXTERN_C ULONG WMIAPI ControlTraceW(TRACEHANDLE TraceHandle,LPCWSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode);
-EXTERN_C ULONG WMIAPI ControlTraceA(TRACEHANDLE TraceHandle,LPCSTR
InstanceName,PEVENT_TRACE_PROPERTIES Properties,ULONG ControlCode);
-EXTERN_C ULONG WMIAPI QueryAllTracesW(PEVENT_TRACE_PROPERTIES
*PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount);
-EXTERN_C ULONG WMIAPI QueryAllTracesA(PEVENT_TRACE_PROPERTIES
*PropertyArray,ULONG PropertyArrayCount,PULONG LoggerCount);
-EXTERN_C ULONG WMIAPI EnableTrace(ULONG Enable,ULONG EnableFlag,ULONG
EnableLevel,LPCGUID ControlGuid,TRACEHANDLE TraceHandle);
-
-#if (_WIN32_WINNT >= 0x0600)
-EXTERN_C ULONG WMIAPI EnableTraceEx(
- LPCGUID ProviderId,
- LPCGUID SourceId,
- TRACEHANDLE TraceHandle,
- ULONG IsEnabled,
- UCHAR Level,
- ULONGLONG MatchAnyKeyword,
- ULONGLONG MatchAllKeyword,
- ULONG EnableProperty,
- PEVENT_FILTER_DESCRIPTOR EnableFilterDesc
-);
-#endif /* _WIN32_WINNT >= 0x0600 */
-
-#define ENABLE_TRACE_PARAMETERS_VERSION 1
-
-typedef struct _ENABLE_TRACE_PARAMETERS {
- ULONG Version;
- ULONG EnableProperty;
- ULONG ControlFlags;
- GUID SourceId;
- PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
-} ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS;
-
-#if (_WIN32_WINNT >= 0x0601)
-EXTERN_C ULONG WMIAPI EnableTraceEx2(
- TRACEHANDLE TraceHandle,
- LPCGUID ProviderId,
- ULONG ControlCode,
- UCHAR Level,
- ULONGLONG MatchAnyKeyword,
- ULONGLONG MatchAllKeyword,
- ULONG Timeout,
- PENABLE_TRACE_PARAMETERS EnableParameters
-);
-#endif /* _WIN32_WINNT >= 0x0601 */
-
-typedef enum _TRACE_QUERY_INFO_CLASS {
- TraceGuidQueryList,
- TraceGuidQueryInfo,
- TraceGuidQueryProcess,
- TraceStackTracingInfo,
- MaxTraceSetInfoClass
-} TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS;
-
-#if (_WIN32_WINNT >= 0x0600)
-EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx(
- TRACE_QUERY_INFO_CLASS TraceQueryInfoClass,
- PVOID InBuffer,
- ULONG InBufferSize,
- PVOID OutBuffer,
- ULONG OutBufferSize,
- PULONG ReturnLength
-);
-#endif /* _WIN32_WINNT >= 0x0600 */
-
-/*To enable the read event type for disk IO events, set GUID to
3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c and Type to 10.*/
-typedef struct _CLASSIC_EVENT_ID {
- GUID EventGuid;
- UCHAR Type;
- UCHAR Reserved[7];
-} CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID;
-
-#if (_WIN32_WINNT >= 0x0601)
-EXTERN_C ULONG WMIAPI TraceSetInformation(
- TRACEHANDLE SessionHandle,
- TRACE_INFO_CLASS InformationClass,
- PVOID TraceInformation,
- ULONG InformationLength
-);
-#endif /* _WIN32_WINNT >= 0x0601 */
-
-EXTERN_C ULONG WMIAPI CreateTraceInstanceId(HANDLE
RegHandle,PEVENT_INSTANCE_INFO pInstInfo);
-EXTERN_C ULONG WMIAPI TraceEvent(TRACEHANDLE TraceHandle,PEVENT_TRACE_HEADER
EventTrace);
-EXTERN_C ULONG WMIAPI TraceEventInstance(TRACEHANDLE
TraceHandle,PEVENT_INSTANCE_HEADER EventTrace,PEVENT_INSTANCE_INFO
pInstInfo,PEVENT_INSTANCE_INFO pParentInstInfo);
-EXTERN_C ULONG WMIAPI RegisterTraceGuidsW(WMIDPREQUEST RequestAddress,PVOID
RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION
TraceGuidReg,LPCWSTR MofImagePath,LPCWSTR MofResourceName,PTRACEHANDLE
RegistrationHandle);
-EXTERN_C ULONG WMIAPI RegisterTraceGuidsA(WMIDPREQUEST RequestAddress,PVOID
RequestContext,LPCGUID ControlGuid,ULONG GuidCount,PTRACE_GUID_REGISTRATION
TraceGuidReg,LPCSTR MofImagePath,LPCSTR MofResourceName,PTRACEHANDLE
RegistrationHandle);
-EXTERN_C ULONG WMIAPI EnumerateTraceGuids(PTRACE_GUID_PROPERTIES
*GuidPropertiesArray,ULONG PropertyArrayCount,PULONG GuidCount);
-EXTERN_C ULONG WMIAPI UnregisterTraceGuids(TRACEHANDLE RegistrationHandle);
-EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle(PVOID Buffer);
-EXTERN_C UCHAR WMIAPI GetTraceEnableLevel(TRACEHANDLE TraceHandle);
-EXTERN_C ULONG WMIAPI GetTraceEnableFlags(TRACEHANDLE TraceHandle);
-EXTERN_C TRACEHANDLE WMIAPI OpenTraceA(PEVENT_TRACE_LOGFILEA Logfile);
-EXTERN_C TRACEHANDLE WMIAPI OpenTraceW(PEVENT_TRACE_LOGFILEW Logfile);
-EXTERN_C ULONG WMIAPI ProcessTrace(PTRACEHANDLE HandleArray,ULONG
HandleCount,LPFILETIME StartTime,LPFILETIME EndTime);
-EXTERN_C ULONG WMIAPI CloseTrace(TRACEHANDLE TraceHandle);
-EXTERN_C ULONG WMIAPI SetTraceCallback(LPCGUID pGuid,PEVENT_CALLBACK
EventCallback);
-EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid);
-EXTERN_C ULONG __cdecl TraceMessage(TRACEHANDLE LoggerHandle,ULONG
MessageFlags,LPCGUID MessageGuid,USHORT MessageNumber,...);
-EXTERN_C ULONG WMIAPI TraceMessageVa(TRACEHANDLE LoggerHandle,ULONG
MessageFlags,LPCGUID MessageGuid,USHORT MessageNumber,va_list MessageArgList);
+#define ENABLE_TRACE_PARAMETERS_VERSION 1
+
+ typedef enum _TRACE_QUERY_INFO_CLASS {
+ TraceGuidQueryList,
+ TraceGuidQueryInfo,
+ TraceGuidQueryProcess,
+ TraceStackTracingInfo,
+ TraceSystemTraceEnableFlagsInfo,
+ TraceSampledProfileIntervalInfo,
+ TraceProfileSourceConfigInfo,
+ TraceProfileSourceListInfo,
+ TracePmcEventListInfo,
+ TracePmcCounterListInfo,
+ MaxTraceSetInfoClass
+ } TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS;
+
+ typedef struct _EVENT_FILTER_DESCRIPTOR
EVENT_FILTER_DESCRIPTOR,*PEVENT_FILTER_DESCRIPTOR;
+
+ typedef struct _ENABLE_TRACE_PARAMETERS {
+ ULONG Version;
+ ULONG EnableProperty;
+ ULONG ControlFlags;
+ GUID SourceId;
+ PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
+ } ENABLE_TRACE_PARAMETERS,*PENABLE_TRACE_PARAMETERS;
+
+ /*To enable the read event type for disk IO events, set GUID to
3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c and Type to 10.*/
+ typedef struct _CLASSIC_EVENT_ID {
+ GUID EventGuid;
+ UCHAR Type;
+ UCHAR Reserved[7];
+ } CLASSIC_EVENT_ID,*PCLASSIC_EVENT_ID;
+
+ typedef struct _TRACE_PROFILE_INTERVAL {
+ ULONG Source;
+ ULONG Interval;
+ } TRACE_PROFILE_INTERVAL,*PTRACE_PROFILE_INTERVAL;
+
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+ EXTERN_C ULONG WMIAPI StartTraceA (PTRACEHANDLE TraceHandle, LPCSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI StopTraceA (TRACEHANDLE TraceHandle, LPCSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI QueryTraceA (TRACEHANDLE TraceHandle, LPCSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI UpdateTraceW (TRACEHANDLE TraceHandle, LPCWSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI UpdateTraceA (TRACEHANDLE TraceHandle, LPCSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI FlushTraceA (TRACEHANDLE TraceHandle, LPCSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI ControlTraceA (TRACEHANDLE TraceHandle, LPCSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode);
+ EXTERN_C ULONG WMIAPI QueryAllTracesW (PEVENT_TRACE_PROPERTIES
*PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount);
+ EXTERN_C ULONG WMIAPI QueryAllTracesA (PEVENT_TRACE_PROPERTIES
*PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount);
+ EXTERN_C ULONG WMIAPI CreateTraceInstanceId (HANDLE RegHandle,
PEVENT_INSTANCE_INFO InstInfo);
+ EXTERN_C ULONG WMIAPI TraceEvent (TRACEHANDLE TraceHandle,
PEVENT_TRACE_HEADER EventTrace);
+ EXTERN_C ULONG WMIAPI TraceEventInstance (TRACEHANDLE TraceHandle,
PEVENT_INSTANCE_HEADER EventTrace, PEVENT_INSTANCE_INFO InstInfo,
PEVENT_INSTANCE_INFO ParentInstInfo);
+ EXTERN_C ULONG WMIAPI RegisterTraceGuidsA (WMIDPREQUEST RequestAddress,
PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount,
PTRACE_GUID_REGISTRATION TraceGuidReg, LPCSTR MofImagePath, LPCSTR
MofResourceName, PTRACEHANDLE RegistrationHandle);
+ EXTERN_C ULONG WMIAPI EnumerateTraceGuids (PTRACE_GUID_PROPERTIES
*GuidPropertiesArray, ULONG PropertyArrayCount, PULONG GuidCount);
+ EXTERN_C TRACEHANDLE WMIAPI OpenTraceA (PEVENT_TRACE_LOGFILEA Logfile);
+ EXTERN_C TRACEHANDLE WMIAPI OpenTraceW (PEVENT_TRACE_LOGFILEW Logfile);
+ EXTERN_C ULONG WMIAPI ProcessTrace (PTRACEHANDLE HandleArray, ULONG
HandleCount, LPFILETIME StartTime, LPFILETIME EndTime);
+ EXTERN_C ULONG WMIAPI CloseTrace (TRACEHANDLE TraceHandle);
+ EXTERN_C ULONG WMIAPI SetTraceCallback (LPCGUID pGuid, PEVENT_CALLBACK
EventCallback);
+ EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid);
+ EXTERN_C ULONG TraceMessageVa (TRACEHANDLE LoggerHandle, ULONG MessageFlags,
LPCGUID MessageGuid, USHORT MessageNumber, va_list MessageArgList);
+#if WINVER >= 0x0600
+ EXTERN_C ULONG WMIAPI EnableTraceEx (LPCGUID ProviderId, LPCGUID SourceId,
TRACEHANDLE TraceHandle, ULONG IsEnabled, UCHAR Level, ULONGLONG
MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG EnableProperty,
PEVENT_FILTER_DESCRIPTOR EnableFilterDesc);
+ EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx (TRACE_QUERY_INFO_CLASS
TraceQueryInfoClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG
OutBufferSize, PULONG ReturnLength);
+#endif
+#if WINVER >= 0x0601
+ EXTERN_C ULONG WMIAPI EnableTraceEx2 (TRACEHANDLE TraceHandle, LPCGUID
ProviderId, ULONG ControlCode, UCHAR Level, ULONGLONG MatchAnyKeyword,
ULONGLONG MatchAllKeyword, ULONG Timeout, PENABLE_TRACE_PARAMETERS
EnableParameters);
+ EXTERN_C ULONG WMIAPI TraceSetInformation (TRACEHANDLE SessionHandle,
TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG
InformationLength);
+#endif
+#if WINVER >= 0x0602
+ EXTERN_C ULONG WMIAPI TraceQueryInformation (TRACEHANDLE SessionHandle,
TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG
InformationLength, PULONG ReturnLength);
+#endif
+#endif
+
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+ EXTERN_C ULONG WMIAPI StartTraceW (PTRACEHANDLE TraceHandle, LPCWSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI StopTraceW (TRACEHANDLE TraceHandle, LPCWSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI QueryTraceW (TRACEHANDLE TraceHandle, LPCWSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI FlushTraceW (TRACEHANDLE TraceHandle, LPCWSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties);
+ EXTERN_C ULONG WMIAPI ControlTraceW (TRACEHANDLE TraceHandle, LPCWSTR
InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode);
+ EXTERN_C ULONG WMIAPI EnableTrace (ULONG Enable, ULONG EnableFlag, ULONG
EnableLevel, LPCGUID ControlGuid, TRACEHANDLE TraceHandle);
+ EXTERN_C ULONG WMIAPI RegisterTraceGuidsW (WMIDPREQUEST RequestAddress,
PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount,
PTRACE_GUID_REGISTRATION TraceGuidReg, LPCWSTR MofImagePath, LPCWSTR
MofResourceName, PTRACEHANDLE RegistrationHandle);
+ EXTERN_C ULONG WMIAPI UnregisterTraceGuids (TRACEHANDLE RegistrationHandle);
+ EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle (PVOID Buffer);
+ EXTERN_C UCHAR WMIAPI GetTraceEnableLevel (TRACEHANDLE TraceHandle);
+ EXTERN_C ULONG WMIAPI GetTraceEnableFlags (TRACEHANDLE TraceHandle);
+ EXTERN_C ULONG __cdecl TraceMessage (TRACEHANDLE LoggerHandle, ULONG
MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber,...);
+#endif
#ifdef __cplusplus
}
#endif
-#define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE)
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+#define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE)
+#endif
-#if defined(UNICODE) || defined(_UNICODE)
-#define RegisterTraceGuids RegisterTraceGuidsW
-#define StartTrace StartTraceW
-#define ControlTrace ControlTraceW
+#if defined (UNICODE) || defined (_UNICODE)
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
+#define RegisterTraceGuids RegisterTraceGuidsW
+#define StartTrace StartTraceW
+#define ControlTrace ControlTraceW
-#if defined(__TRACE_W2K_COMPATIBLE)
-#define StopTrace(a,b,c)
ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_STOP)
-#define QueryTrace(a,b,c)
ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_QUERY)
-#define UpdateTrace(a,b,c)
ControlTraceW((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE)
+#ifdef __TRACE_W2K_COMPATIBLE
+#define StopTrace(a, b, c) ControlTraceW ((a),(b),(c),
EVENT_TRACE_CONTROL_STOP)
+#define QueryTrace(a, b, c) ControlTraceW ((a),(b),(c),
EVENT_TRACE_CONTROL_QUERY)
+#define UpdateTrace(a, b, c) ControlTraceW ((a),(b),(c),
EVENT_TRACE_CONTROL_UPDATE)
#else
-#define StopTrace StopTraceW
-#define QueryTrace QueryTraceW
-#define UpdateTrace UpdateTraceW
-#endif /* defined(__TRACE_W2K_COMPATIBLE) */
-
-#define FlushTrace FlushTraceW
-#define QueryAllTraces QueryAllTracesW
-#define OpenTrace OpenTraceW
-
-#else /* defined(UNICODE) || defined(_UNICODE) */
-
-#define RegisterTraceGuids RegisterTraceGuidsA
-#define StartTrace StartTraceA
-#define ControlTrace ControlTraceA
+#define StopTrace StopTraceW
+#define QueryTrace QueryTraceW
+#define UpdateTrace UpdateTraceW
+#endif
-#if defined(__TRACE_W2K_COMPATIBLE)
-#define StopTrace(a,b,c)
ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_STOP)
-#define QueryTrace(a,b,c)
ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_QUERY)
-#define UpdateTrace(a,b,c)
ControlTraceA((a),(b),(c),EVENT_TRACE_CONTROL_UPDATE)
+#define FlushTrace FlushTraceW
+#define QueryAllTraces QueryAllTracesW
+#define OpenTrace OpenTraceW
+#endif
#else
-#define StopTrace StopTraceA
-#define QueryTrace QueryTraceA
-#define UpdateTrace UpdateTraceA
-#endif /* defined(__TRACE_W2K_COMPATIBLE) */
-
-#define FlushTrace FlushTraceA
-#define QueryAllTraces QueryAllTracesA
-#define OpenTrace OpenTraceA
-#endif /* defined(UNICODE) || defined(_UNICODE) */
-
-#endif /* !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) */
-#endif /* defined(_WINNT_) || defined(WINNT) */
+#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+#define RegisterTraceGuids RegisterTraceGuidsA
+#define StartTrace StartTraceA
+#define ControlTrace ControlTraceA
-#endif /* _EVNTRACE_ */
+#ifdef __TRACE_W2K_COMPATIBLE
+#define StopTrace(a, b, c) ControlTraceA ((a),(b),(c),
EVENT_TRACE_CONTROL_STOP)
+#define QueryTrace(a, b, c) ControlTraceA ((a),(b),(c),
EVENT_TRACE_CONTROL_QUERY)
+#define UpdateTrace(a, b, c) ControlTraceA ((a),(b),(c),
EVENT_TRACE_CONTROL_UPDATE)
+#else
+#define StopTrace StopTraceA
+#define QueryTrace QueryTraceA
+#define UpdateTrace UpdateTraceA
+#endif
+#define FlushTrace FlushTraceA
+#define QueryAllTraces QueryAllTracesA
+#define OpenTrace OpenTraceA
+#endif
+#endif
+#endif
+#endif
+#endif
--
1.7.9
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Mingw-w64-public mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
