8 #define WMIAPI __stdcall 10 #define WMIAPI DECLSPEC_IMPORT __stdcall 21 DEFINE_GUID (EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3);
22 DEFINE_GUID (SystemTraceControlGuid, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39);
23 DEFINE_GUID (EventTraceConfigGuid, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35);
24 DEFINE_GUID (DefaultTraceSecurityGuid, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13);
26 #define KERNEL_LOGGER_NAMEW L"NT Kernel Logger" 27 #define GLOBAL_LOGGER_NAMEW L"GlobalLogger" 28 #define EVENT_LOGGER_NAMEW L"EventLog" 29 #define DIAG_LOGGER_NAMEW L"DiagLog" 31 #define KERNEL_LOGGER_NAMEA "NT Kernel Logger" 32 #define GLOBAL_LOGGER_NAMEA "GlobalLogger" 33 #define EVENT_LOGGER_NAMEA "EventLog" 34 #define DIAG_LOGGER_NAMEA "DiagLog" 36 #define MAX_MOF_FIELDS 16 38 #ifndef _TRACEHANDLE_DEFINED 39 #define _TRACEHANDLE_DEFINED 43 #define SYSTEM_EVENT_TYPE 1 45 #define EVENT_TRACE_TYPE_INFO 0x00 46 #define EVENT_TRACE_TYPE_START 0x01 47 #define EVENT_TRACE_TYPE_END 0x02 48 #define EVENT_TRACE_TYPE_STOP 0x02 49 #define EVENT_TRACE_TYPE_DC_START 0x03 50 #define EVENT_TRACE_TYPE_DC_END 0x04 51 #define EVENT_TRACE_TYPE_EXTENSION 0x05 52 #define EVENT_TRACE_TYPE_REPLY 0x06 53 #define EVENT_TRACE_TYPE_DEQUEUE 0x07 54 #define EVENT_TRACE_TYPE_RESUME 0x07 55 #define EVENT_TRACE_TYPE_CHECKPOINT 0x08 56 #define EVENT_TRACE_TYPE_SUSPEND 0x08 57 #define EVENT_TRACE_TYPE_WINEVT_SEND 0x09 58 #define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0 60 #define TRACE_LEVEL_NONE 0 61 #define TRACE_LEVEL_CRITICAL 1 62 #define TRACE_LEVEL_FATAL 1 63 #define TRACE_LEVEL_ERROR 2 64 #define TRACE_LEVEL_WARNING 3 65 #define TRACE_LEVEL_INFORMATION 4 66 #define TRACE_LEVEL_VERBOSE 5 67 #define TRACE_LEVEL_RESERVED6 6 68 #define TRACE_LEVEL_RESERVED7 7 69 #define TRACE_LEVEL_RESERVED8 8 70 #define TRACE_LEVEL_RESERVED9 9 72 #define EVENT_TRACE_TYPE_LOAD 0x0A 74 #define EVENT_TRACE_TYPE_IO_READ 0x0A 75 #define EVENT_TRACE_TYPE_IO_WRITE 0x0B 76 #define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C 77 #define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D 78 #define EVENT_TRACE_TYPE_IO_FLUSH 0x0E 79 #define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F 81 #define EVENT_TRACE_TYPE_MM_TF 0x0A 82 #define EVENT_TRACE_TYPE_MM_DZF 0x0B 83 #define EVENT_TRACE_TYPE_MM_COW 0x0C 84 #define EVENT_TRACE_TYPE_MM_GPF 0x0D 85 #define EVENT_TRACE_TYPE_MM_HPF 0x0E 86 #define EVENT_TRACE_TYPE_MM_AV 0x0F 88 #define EVENT_TRACE_TYPE_SEND 0x0A 89 #define EVENT_TRACE_TYPE_RECEIVE 0x0B 90 #define EVENT_TRACE_TYPE_CONNECT 0x0C 91 #define EVENT_TRACE_TYPE_DISCONNECT 0x0D 92 #define EVENT_TRACE_TYPE_RETRANSMIT 0x0E 93 #define EVENT_TRACE_TYPE_ACCEPT 0x0F 94 #define EVENT_TRACE_TYPE_RECONNECT 0x10 95 #define EVENT_TRACE_TYPE_CONNFAIL 0x11 96 #define EVENT_TRACE_TYPE_COPY_TCP 0x12 97 #define EVENT_TRACE_TYPE_COPY_ARP 0x13 98 #define EVENT_TRACE_TYPE_ACKFULL 0x14 99 #define EVENT_TRACE_TYPE_ACKPART 0x15 100 #define EVENT_TRACE_TYPE_ACKDUP 0x16 102 #define EVENT_TRACE_TYPE_GUIDMAP 0x0A 103 #define EVENT_TRACE_TYPE_CONFIG 0x0B 104 #define EVENT_TRACE_TYPE_SIDINFO 0x0C 105 #define EVENT_TRACE_TYPE_SECURITY 0x0D 107 #define EVENT_TRACE_TYPE_REGCREATE 0x0A 108 #define EVENT_TRACE_TYPE_REGOPEN 0x0B 109 #define EVENT_TRACE_TYPE_REGDELETE 0x0C 110 #define EVENT_TRACE_TYPE_REGQUERY 0x0D 111 #define EVENT_TRACE_TYPE_REGSETVALUE 0x0E 112 #define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F 113 #define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10 114 #define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11 115 #define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12 116 #define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13 117 #define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14 118 #define EVENT_TRACE_TYPE_REGFLUSH 0x15 119 #define EVENT_TRACE_TYPE_REGKCBCREATE 0x16 120 #define EVENT_TRACE_TYPE_REGKCBDELETE 0x17 121 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18 122 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19 123 #define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A 124 #define EVENT_TRACE_TYPE_REGCLOSE 0x1B 125 #define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C 126 #define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D 127 #define EVENT_TRACE_TYPE_REGCOMMIT 0x1E 128 #define EVENT_TRACE_TYPE_REGPREPARE 0x1F 129 #define EVENT_TRACE_TYPE_REGROLLBACK 0x20 130 #define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21 132 #define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A 133 #define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B 134 #define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C 135 #define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D 136 #define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E 137 #define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F 138 #define EVENT_TRACE_TYPE_CONFIG_POWER 0x10 139 #define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11 141 #define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15 142 #define EVENT_TRACE_TYPE_CONFIG_PNP 0x16 143 #define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17 144 #define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19 146 #define EVENT_TRACE_FLAG_PROCESS 0x00000001 147 #define EVENT_TRACE_FLAG_THREAD 0x00000002 148 #define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004 150 #define EVENT_TRACE_FLAG_DISK_IO 0x00000100 151 #define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200 153 #define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000 154 #define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000 156 #define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000 158 #define EVENT_TRACE_FLAG_REGISTRY 0x00020000 159 #define EVENT_TRACE_FLAG_DBGPRINT 0x00040000 161 #define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008 162 #define EVENT_TRACE_FLAG_CSWITCH 0x00000010 163 #define EVENT_TRACE_FLAG_DPC 0x00000020 164 #define EVENT_TRACE_FLAG_INTERRUPT 0x00000040 165 #define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080 167 #define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400 169 #define EVENT_TRACE_FLAG_ALPC 0x00100000 170 #define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000 172 #define EVENT_TRACE_FLAG_DRIVER 0x00800000 173 #define EVENT_TRACE_FLAG_PROFILE 0x01000000 174 #define EVENT_TRACE_FLAG_FILE_IO 0x02000000 175 #define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000 177 #define EVENT_TRACE_FLAG_DISPATCHER 0x00000800 178 #define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000 180 #define EVENT_TRACE_FLAG_EXTENSION 0x80000000 181 #define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000 182 #define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000 184 #define EVENT_TRACE_FILE_MODE_NONE 0x00000000 185 #define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001 186 #define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002 187 #define EVENT_TRACE_FILE_MODE_APPEND 0x00000004 189 #define EVENT_TRACE_REAL_TIME_MODE 0x00000100 190 #define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200 191 #define EVENT_TRACE_BUFFERING_MODE 0x00000400 192 #define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800 193 #define EVENT_TRACE_ADD_HEADER_MODE 0x00001000 195 #define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000 196 #define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000 198 #define EVENT_TRACE_RELOG_MODE 0x00010000 200 #define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000 202 #define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008 203 #define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020 205 #define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040 206 #define EVENT_TRACE_SECURE_MODE 0x00000080 207 #define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000 208 #define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000 209 #define EVENT_TRACE_MODE_RESERVED 0x00100000 211 #define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000 213 #define EVENT_TRACE_CONTROL_QUERY 0 214 #define EVENT_TRACE_CONTROL_STOP 1 215 #define EVENT_TRACE_CONTROL_UPDATE 2 217 #define EVENT_TRACE_CONTROL_FLUSH 3 219 #define TRACE_MESSAGE_SEQUENCE 1 220 #define TRACE_MESSAGE_GUID 2 221 #define TRACE_MESSAGE_COMPONENTID 4 222 #define TRACE_MESSAGE_TIMESTAMP 8 223 #define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16 224 #define TRACE_MESSAGE_SYSTEMINFO 32 226 #define TRACE_MESSAGE_POINTER32 0x0040 227 #define TRACE_MESSAGE_POINTER64 0x0080 229 #define TRACE_MESSAGE_FLAG_MASK 0xFFFF 231 #define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024 233 #define EVENT_TRACE_USE_PROCTIME 0x0001 234 #define EVENT_TRACE_USE_NOCPUTIME 0x0002 236 #define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200 237 #define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000 238 #define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000 239 #define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000 240 #define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000 242 #define ETW_NULL_TYPE_VALUE 0 243 #define ETW_OBJECT_TYPE_VALUE 1 244 #define ETW_STRING_TYPE_VALUE 2 245 #define ETW_SBYTE_TYPE_VALUE 3 246 #define ETW_BYTE_TYPE_VALUE 4 247 #define ETW_INT16_TYPE_VALUE 5 248 #define ETW_UINT16_TYPE_VALUE 6 249 #define ETW_INT32_TYPE_VALUE 7 250 #define ETW_UINT32_TYPE_VALUE 8 251 #define ETW_INT64_TYPE_VALUE 9 252 #define ETW_UINT64_TYPE_VALUE 10 253 #define ETW_CHAR_TYPE_VALUE 11 254 #define ETW_SINGLE_TYPE_VALUE 12 255 #define ETW_DOUBLE_TYPE_VALUE 13 256 #define ETW_BOOLEAN_TYPE_VALUE 14 257 #define ETW_DECIMAL_TYPE_VALUE 15 259 #define ETW_GUID_TYPE_VALUE 101 260 #define ETW_ASCIICHAR_TYPE_VALUE 102 261 #define ETW_ASCIISTRING_TYPE_VALUE 103 262 #define ETW_COUNTED_STRING_TYPE_VALUE 104 263 #define ETW_POINTER_TYPE_VALUE 105 264 #define ETW_SIZET_TYPE_VALUE 106 265 #define ETW_HIDDEN_TYPE_VALUE 107 266 #define ETW_BOOL_TYPE_VALUE 108 267 #define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109 268 #define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110 269 #define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111 270 #define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112 271 #define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113 272 #define ETW_REDUCED_STRING_TYPE_VALUE 114 273 #define ETW_SID_TYPE_VALUE 115 274 #define ETW_VARIANT_TYPE_VALUE 116 275 #define ETW_PTVECTOR_TYPE_VALUE 117 276 #define ETW_WMITIME_TYPE_VALUE 118 277 #define ETW_DATETIME_TYPE_VALUE 119 278 #define ETW_REFRENCE_TYPE_VALUE 120 280 #define TRACE_PROVIDER_FLAG_LEGACY 0x00000001 281 #define TRACE_PROVIDER_FLAG_PRE_ENABLE 0x00000002 283 #define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0 284 #define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1 285 #define EVENT_CONTROL_CODE_CAPTURE_STATE 2 287 #define DEFINE_TRACE_MOF_FIELD(MOF, ptr, length, type) \ 288 (MOF)->DataPtr = (ULONG64)(ULONG_PTR) ptr; \ 289 (MOF)->Length = (ULONG) length; \ 290 (MOF)->DataType = (ULONG) type; 329 #ifndef PEVENT_TRACE_HEADER_DEFINED 330 #define PEVENT_TRACE_HEADER_DEFINED 433 #if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_) 566 #if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_) 568 #define ENABLE_TRACE_PARAMETERS_VERSION 1 672 #if defined(_UNICODE) || defined(UNICODE) 674 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW 675 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW 676 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW 677 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW 678 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW 679 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW 683 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA 684 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA 685 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA 686 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA 687 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA 688 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA 714 #define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)(ULONG_PTR)INVALID_HANDLE_VALUE) 716 #if defined(UNICODE) || defined(_UNICODE) 718 #define RegisterTraceGuids RegisterTraceGuidsW 719 #define StartTrace StartTraceW 720 #define ControlTrace ControlTraceW 722 #if defined(__TRACE_W2K_COMPATIBLE) 724 #define StopTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_STOP) 725 #define QueryTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_QUERY) 726 #define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE) 730 #define StopTrace StopTraceW 731 #define QueryTrace QueryTraceW 732 #define UpdateTrace UpdateTraceW 736 #if (NTDDI_VERSION >= NTDDI_WINXP) 737 #define FlushTrace FlushTraceW 740 #define QueryAllTraces QueryAllTracesW 741 #define OpenTrace OpenTraceW 745 #define RegisterTraceGuids RegisterTraceGuidsA 746 #define StartTrace StartTraceA 747 #define ControlTrace ControlTraceA 749 #if defined(__TRACE_W2K_COMPATIBLE) 751 #define StopTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_STOP) 752 #define QueryTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_QUERY) 753 #define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE) 757 #define StopTrace StopTraceA 758 #define QueryTrace QueryTraceA 759 #define UpdateTrace UpdateTraceA 763 #if (NTDDI_VERSION >= NTDDI_WINXP) 764 #define FlushTrace FlushTraceA 767 #define QueryAllTraces QueryAllTracesA 768 #define OpenTrace OpenTraceA 1013 #if (WINVER >= _WIN32_WINNT_WINXP) 1041 #if (WINVER >= _WIN32_WINNT_VISTA) 1070 #if (WINVER >= _WIN32_WINNT_WIN7) EXTERN_C TRACEHANDLE WMIAPI OpenTraceA(IN OUT PEVENT_TRACE_LOGFILEA Logfile)
struct _ENABLE_TRACE_PARAMETERS * PENABLE_TRACE_PARAMETERS
VOID CALLBACK EventCallback(IN PVOID MixerEventContext, IN HANDLE hMixer, IN ULONG NotificationType, IN ULONG Value)
EXTERN_C ULONG WMIAPI EnableTraceEx2(IN TRACEHANDLE TraceHandle, IN LPCGUID ProviderId, IN ULONG ControlCode, IN UCHAR Level, IN ULONGLONG MatchAnyKeyword, IN ULONGLONG MatchAllKeyword, IN ULONG Timeout, IN PENABLE_TRACE_PARAMETERS EnableParameters OPTIONAL)
struct _TRACE_LOGFILE_HEADER TRACE_LOGFILE_HEADER
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
EXTERN_C ULONG WMIAPI UnregisterTraceGuids(IN TRACEHANDLE RegistrationHandle)
struct _EVENT_TRACE * PEVENT_TRACE
EXTERN_C ULONG WMIAPI CloseTrace(IN TRACEHANDLE TraceHandle)
PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback
EXTERN_C ULONG WMIAPI RemoveTraceCallback(IN LPCGUID pGuid)
struct _MOF_FIELD MOF_FIELD
EXTERN_C ULONG WMIAPI RegisterTraceGuidsW(IN WMIDPREQUEST RequestAddress, IN PVOID RequestContext OPTIONAL, IN LPCGUID ControlGuid, IN ULONG GuidCount, IN PTRACE_GUID_REGISTRATION TraceGuidReg OPTIONAL, IN LPCWSTR MofImagePath OPTIONAL, IN LPCWSTR MofResourceName OPTIONAL, OUT PTRACEHANDLE RegistrationHandle)
PEVENT_RECORD_CALLBACK EventRecordCallback
TRACE_LOGFILE_HEADER LogfileHeader
struct _TRACE_LOGFILE_HEADER64 * PTRACE_LOGFILE_HEADER64
EXTERN_C ULONG WMIAPI UpdateTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _EVENT_FILTER_DESCRIPTOR * PEVENT_FILTER_DESCRIPTOR
DEFINE_GUID(EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3)
_In_ ULONGLONG _In_ ULONGLONG _In_ BOOLEAN Enable
EXTERN_C ULONG WMIAPI QueryTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_GUID_REGISTRATION TRACE_GUID_REGISTRATION
enum _TRACE_QUERY_INFO_CLASS TRACE_INFO_CLASS
_In_ PIRP _In_ ULONG _In_ ULONG _In_ ULONG _In_ ULONG OutBufferSize
struct _EVENT_INSTANCE_HEADER EVENT_INSTANCE_HEADER
EXTERN_C ULONG WMIAPI QueryAllTracesW(OUT PEVENT_TRACE_PROPERTIES *PropertyArray, IN ULONG PropertyArrayCount, OUT PULONG LoggerCount)
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
struct _CLASSIC_EVENT_ID * PCLASSIC_EVENT_ID
EXTERN_C ULONG WMIAPI EnableTrace(IN ULONG Enable, IN ULONG EnableFlag, IN ULONG EnableLevel, IN LPCGUID ControlGuid, IN TRACEHANDLE TraceHandle)
ULONGLONG MatchAllKeyword
EXTERN_C ULONG WMIAPI UpdateTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
static LARGE_INTEGER StartTime
enum _TRACE_QUERY_INFO_CLASS TRACE_QUERY_INFO_CLASS
EVENT_TRACE_HEADER Header
EXTERN_C TRACEHANDLE WMIAPI OpenTraceW(IN OUT PEVENT_TRACE_LOGFILEW Logfile)
struct _EVENT_TRACE_HEADER * PEVENT_TRACE_HEADER
struct _TRACE_ENABLE_INFO TRACE_ENABLE_INFO
struct _TRACE_GUID_INFO TRACE_GUID_INFO
struct _TRACE_LOGFILE_HEADER32 * PTRACE_LOGFILE_HEADER32
TRACE_LOGFILE_HEADER LogfileHeader
_Out_ ULONG _Out_ PUNICODE_STRING _Out_ PUNICODE_STRING MofResourceName
struct _EVENT_TRACE EVENT_TRACE
_Reserved_ PVOID Reserved
struct _EVENT_TRACE_LOGFILEW * PEVENT_TRACE_LOGFILEW
_IRQL_requires_same_ typedef _In_ ULONG ControlCode
_In_opt_ PETWENABLECALLBACK _In_opt_ PVOID _Out_ PREGHANDLE RegHandle
EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle(IN PVOID Buffer)
struct _ETW_BUFFER_CONTEXT ETW_BUFFER_CONTEXT
struct _EVENT_TRACE_LOGFILEA * PEVENT_TRACE_LOGFILEA
EXTERN_C ULONG WMIAPI GetTraceEnableFlags(IN TRACEHANDLE TraceHandle)
ULONG(WINAPI * PEVENT_TRACE_BUFFER_CALLBACKA)(PEVENT_TRACE_LOGFILEA Logfile)
struct _EVENT_TRACE_PROPERTIES EVENT_TRACE_PROPERTIES
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEA::@2843 DUMMYUNIONNAME
PEVENT_FILTER_DESCRIPTOR EnableFilterDesc
VOID(WINAPI * PEVENT_CALLBACK)(PEVENT_TRACE pEvent)
_In_ PIRP _In_ ULONG _In_ ULONG _In_ ULONG InBufferSize
EXTERN_C ULONG WMIAPI TraceMessageVa(IN TRACEHANDLE LoggerHandle, IN ULONG MessageFlags, IN LPCGUID MessageGuid, IN USHORT MessageNumber, IN va_list MessageArgList)
EXTERN_C ULONG WMIAPI RegisterTraceGuidsA(IN WMIDPREQUEST RequestAddress, IN PVOID RequestContext OPTIONAL, IN LPCGUID ControlGuid, IN ULONG GuidCount, IN PTRACE_GUID_REGISTRATION TraceGuidReg OPTIONAL, IN LPCSTR MofImagePath OPTIONAL, IN LPCSTR MofResourceName OPTIONAL, OUT PTRACEHANDLE RegistrationHandle)
struct _EVENT_RECORD EVENT_RECORD
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEW::@2842 DUMMYUNIONNAME2
EXTERN_C ULONG WMIAPI TraceEvent(IN TRACEHANDLE TraceHandle, IN PEVENT_TRACE_HEADER EventTrace)
EXTERN_C ULONG WMIAPI TraceEventInstance(IN TRACEHANDLE TraceHandle, IN PEVENT_INSTANCE_HEADER EventTrace, IN PEVENT_INSTANCE_INFO InstInfo, IN PEVENT_INSTANCE_INFO ParentInstInfo OPTIONAL)
PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback
EXTERN_C ULONG WMIAPI CreateTraceInstanceId(IN HANDLE RegHandle, IN OUT PEVENT_INSTANCE_INFO InstInfo)
struct _MOF_FIELD * PMOF_FIELD
ETW_BUFFER_CONTEXT BufferContext
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG MatchAnyKeyword
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG MatchAllKeyword
EXTERN_C ULONG WMIAPI EnableTraceEx(IN LPCGUID ProviderId, IN LPCGUID SourceId OPTIONAL, IN TRACEHANDLE TraceHandle, IN ULONG IsEnabled, IN UCHAR Level, IN ULONGLONG MatchAnyKeyword, IN ULONGLONG MatchAllKeyword, IN ULONG EnableProperty, IN PEVENT_FILTER_DESCRIPTOR EnableFilterDesc OPTIONAL)
EXTERN_C ULONG WMIAPI QueryAllTracesA(OUT PEVENT_TRACE_PROPERTIES *PropertyArray, IN ULONG PropertyArrayCount, OUT PULONG LoggerCount)
_Outptr_ PVOID * RegistrationHandle
EXTERN_C ULONG WMIAPI QueryTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_ENABLE_INFO * PTRACE_ENABLE_INFO
struct _TRACE_GUID_INFO * PTRACE_GUID_INFO
#define _ANONYMOUS_STRUCT
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEA::@2844 DUMMYUNIONNAME2
PEVENT_CALLBACK EventCallback
PEVENT_RECORD_CALLBACK EventRecordCallback
_ANONYMOUS_UNION union _EVENT_TRACE::@2828 DUMMYUNIONNAME
EXTERN_C ULONG WMIAPI StopTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_GUID_PROPERTIES * PTRACE_GUID_PROPERTIES
struct _TRACE_LOGFILE_HEADER32 TRACE_LOGFILE_HEADER32
_Must_inspect_result_ typedef _In_ ULONG _In_ ULONG MessageNumber
struct _TRACE_PROVIDER_INSTANCE_INFO * PTRACE_PROVIDER_INSTANCE_INFO
struct _TRACE_LOGFILE_HEADER * PTRACE_LOGFILE_HEADER
PEVENT_CALLBACK EventCallback
struct _TRACE_GUID_REGISTRATION * PTRACE_GUID_REGISTRATION
EXTERN_C ULONG WMIAPI StopTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
_Must_inspect_result_ _Inout_ PFLT_VOLUME _In_opt_ PCUNICODE_STRING InstanceName
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEW::@2841 DUMMYUNIONNAME
EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx(IN TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferSize, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferSize, OUT PULONG ReturnLength)
EXTERN_C ULONG WMIAPI SetTraceCallback(IN LPCGUID pGuid, IN PEVENT_CALLBACK EventCallback)
struct _CLASSIC_EVENT_ID CLASSIC_EVENT_ID
VOID(WINAPI * PEVENT_RECORD_CALLBACK)(PEVENT_RECORD EventRecord)
ULONG RealTimeBuffersLost
ULONGLONG MatchAnyKeyword
struct _ENABLE_TRACE_PARAMETERS ENABLE_TRACE_PARAMETERS
EXTERN_C ULONG WMIAPI FlushTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C ULONG WMIAPI EnumerateTraceGuids(IN OUT PTRACE_GUID_PROPERTIES *GuidPropertiesArray, IN ULONG PropertyArrayCount, OUT PULONG GuidCount)
ULONG(WINAPI * WMIDPREQUEST)(IN WMIDPREQUESTCODE RequestCode, IN PVOID RequestContext, IN OUT ULONG *BufferSize, IN OUT PVOID Buffer)
_In_ FILTER_INFORMATION_CLASS InformationClass
struct _TRACE_PROVIDER_INSTANCE_INFO TRACE_PROVIDER_INSTANCE_INFO
ULONG(WINAPI * PEVENT_TRACE_BUFFER_CALLBACKW)(PEVENT_TRACE_LOGFILEW Logfile)
IN BOOLEAN OUT PSTR Buffer
EXTERN_C ULONG WMIAPI ControlTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
struct _EVENT_TRACE_HEADER EVENT_TRACE_HEADER
EXTERN_C ULONG WMIAPI TraceSetInformation(IN TRACEHANDLE SessionHandle, IN TRACE_INFO_CLASS InformationClass, IN PVOID TraceInformation, IN ULONG InformationLength)
struct _TRACE_GUID_PROPERTIES TRACE_GUID_PROPERTIES
EXTERN_C ULONG WMIAPI ProcessTrace(IN PTRACEHANDLE HandleArray, IN ULONG HandleCount, IN LPFILETIME StartTime OPTIONAL, IN LPFILETIME EndTime OPTIONAL)
EXTERN_C ULONG WMIAPI ControlTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
struct _EVENT_RECORD * PEVENT_RECORD
struct _EVENT_INSTANCE_HEADER * PEVENT_INSTANCE_HEADER
EXTERN_C ULONG WMIAPI FlushTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_LOGFILE_HEADER64 TRACE_LOGFILE_HEADER64
struct _ETW_BUFFER_CONTEXT * PETW_BUFFER_CONTEXT
EXTERN_C ULONG WMIAPI StartTraceA(OUT PTRACEHANDLE TraceHandle, IN LPCSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C UCHAR WMIAPI GetTraceEnableLevel(IN TRACEHANDLE TraceHandle)
struct _EVENT_TRACE_PROPERTIES * PEVENT_TRACE_PROPERTIES
EXTERN_C ULONG __cdecl TraceMessage(IN TRACEHANDLE LoggerHandle, IN ULONG MessageFlags, IN LPCGUID MessageGuid, IN USHORT MessageNumber,...)
struct _EVENT_INSTANCE_INFO * PEVENT_INSTANCE_INFO
EXTERN_C ULONG WMIAPI StartTraceW(OUT PTRACEHANDLE TraceHandle, IN LPCWSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _EVENT_INSTANCE_INFO EVENT_INSTANCE_INFO
PULONG MinorVersion OPTIONAL
1.8.15