8#define WMIAPI __stdcall
10#define WMIAPI DECLSPEC_IMPORT __stdcall
21DEFINE_GUID (EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3);
22DEFINE_GUID (SystemTraceControlGuid, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39);
23DEFINE_GUID (EventTraceConfigGuid, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35);
24DEFINE_GUID (DefaultTraceSecurityGuid, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13);
26#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
27#define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
28#define EVENT_LOGGER_NAMEW L"EventLog"
29#define DIAG_LOGGER_NAMEW L"DiagLog"
31#define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
32#define GLOBAL_LOGGER_NAMEA "GlobalLogger"
33#define EVENT_LOGGER_NAMEA "EventLog"
34#define DIAG_LOGGER_NAMEA "DiagLog"
36#define MAX_MOF_FIELDS 16
38#ifndef _TRACEHANDLE_DEFINED
39#define _TRACEHANDLE_DEFINED
43#define SYSTEM_EVENT_TYPE 1
45#define EVENT_TRACE_TYPE_INFO 0x00
46#define EVENT_TRACE_TYPE_START 0x01
47#define EVENT_TRACE_TYPE_END 0x02
48#define EVENT_TRACE_TYPE_STOP 0x02
49#define EVENT_TRACE_TYPE_DC_START 0x03
50#define EVENT_TRACE_TYPE_DC_END 0x04
51#define EVENT_TRACE_TYPE_EXTENSION 0x05
52#define EVENT_TRACE_TYPE_REPLY 0x06
53#define EVENT_TRACE_TYPE_DEQUEUE 0x07
54#define EVENT_TRACE_TYPE_RESUME 0x07
55#define EVENT_TRACE_TYPE_CHECKPOINT 0x08
56#define EVENT_TRACE_TYPE_SUSPEND 0x08
57#define EVENT_TRACE_TYPE_WINEVT_SEND 0x09
58#define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0XF0
60#define TRACE_LEVEL_NONE 0
61#define TRACE_LEVEL_CRITICAL 1
62#define TRACE_LEVEL_FATAL 1
63#define TRACE_LEVEL_ERROR 2
64#define TRACE_LEVEL_WARNING 3
65#define TRACE_LEVEL_INFORMATION 4
66#define TRACE_LEVEL_VERBOSE 5
67#define TRACE_LEVEL_RESERVED6 6
68#define TRACE_LEVEL_RESERVED7 7
69#define TRACE_LEVEL_RESERVED8 8
70#define TRACE_LEVEL_RESERVED9 9
72#define EVENT_TRACE_TYPE_LOAD 0x0A
74#define EVENT_TRACE_TYPE_IO_READ 0x0A
75#define EVENT_TRACE_TYPE_IO_WRITE 0x0B
76#define EVENT_TRACE_TYPE_IO_READ_INIT 0x0C
77#define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0D
78#define EVENT_TRACE_TYPE_IO_FLUSH 0x0E
79#define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0F
81#define EVENT_TRACE_TYPE_MM_TF 0x0A
82#define EVENT_TRACE_TYPE_MM_DZF 0x0B
83#define EVENT_TRACE_TYPE_MM_COW 0x0C
84#define EVENT_TRACE_TYPE_MM_GPF 0x0D
85#define EVENT_TRACE_TYPE_MM_HPF 0x0E
86#define EVENT_TRACE_TYPE_MM_AV 0x0F
88#define EVENT_TRACE_TYPE_SEND 0x0A
89#define EVENT_TRACE_TYPE_RECEIVE 0x0B
90#define EVENT_TRACE_TYPE_CONNECT 0x0C
91#define EVENT_TRACE_TYPE_DISCONNECT 0x0D
92#define EVENT_TRACE_TYPE_RETRANSMIT 0x0E
93#define EVENT_TRACE_TYPE_ACCEPT 0x0F
94#define EVENT_TRACE_TYPE_RECONNECT 0x10
95#define EVENT_TRACE_TYPE_CONNFAIL 0x11
96#define EVENT_TRACE_TYPE_COPY_TCP 0x12
97#define EVENT_TRACE_TYPE_COPY_ARP 0x13
98#define EVENT_TRACE_TYPE_ACKFULL 0x14
99#define EVENT_TRACE_TYPE_ACKPART 0x15
100#define EVENT_TRACE_TYPE_ACKDUP 0x16
102#define EVENT_TRACE_TYPE_GUIDMAP 0x0A
103#define EVENT_TRACE_TYPE_CONFIG 0x0B
104#define EVENT_TRACE_TYPE_SIDINFO 0x0C
105#define EVENT_TRACE_TYPE_SECURITY 0x0D
107#define EVENT_TRACE_TYPE_REGCREATE 0x0A
108#define EVENT_TRACE_TYPE_REGOPEN 0x0B
109#define EVENT_TRACE_TYPE_REGDELETE 0x0C
110#define EVENT_TRACE_TYPE_REGQUERY 0x0D
111#define EVENT_TRACE_TYPE_REGSETVALUE 0x0E
112#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0F
113#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10
114#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11
115#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12
116#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13
117#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14
118#define EVENT_TRACE_TYPE_REGFLUSH 0x15
119#define EVENT_TRACE_TYPE_REGKCBCREATE 0x16
120#define EVENT_TRACE_TYPE_REGKCBDELETE 0x17
121#define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18
122#define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19
123#define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1A
124#define EVENT_TRACE_TYPE_REGCLOSE 0x1B
125#define EVENT_TRACE_TYPE_REGSETSECURITY 0x1C
126#define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1D
127#define EVENT_TRACE_TYPE_REGCOMMIT 0x1E
128#define EVENT_TRACE_TYPE_REGPREPARE 0x1F
129#define EVENT_TRACE_TYPE_REGROLLBACK 0x20
130#define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21
132#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0A
133#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0B
134#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0C
135#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0D
136#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0E
137#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0F
138#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10
139#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11
141#define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15
142#define EVENT_TRACE_TYPE_CONFIG_PNP 0x16
143#define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17
144#define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19
146#define EVENT_TRACE_FLAG_PROCESS 0x00000001
147#define EVENT_TRACE_FLAG_THREAD 0x00000002
148#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004
150#define EVENT_TRACE_FLAG_DISK_IO 0x00000100
151#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200
153#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000
154#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000
156#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000
158#define EVENT_TRACE_FLAG_REGISTRY 0x00020000
159#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000
161#define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008
162#define EVENT_TRACE_FLAG_CSWITCH 0x00000010
163#define EVENT_TRACE_FLAG_DPC 0x00000020
164#define EVENT_TRACE_FLAG_INTERRUPT 0x00000040
165#define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080
167#define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400
169#define EVENT_TRACE_FLAG_ALPC 0x00100000
170#define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000
172#define EVENT_TRACE_FLAG_DRIVER 0x00800000
173#define EVENT_TRACE_FLAG_PROFILE 0x01000000
174#define EVENT_TRACE_FLAG_FILE_IO 0x02000000
175#define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000
177#define EVENT_TRACE_FLAG_DISPATCHER 0x00000800
178#define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000
180#define EVENT_TRACE_FLAG_EXTENSION 0x80000000
181#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000
182#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000
184#define EVENT_TRACE_FILE_MODE_NONE 0x00000000
185#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001
186#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002
187#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004
189#define EVENT_TRACE_REAL_TIME_MODE 0x00000100
190#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200
191#define EVENT_TRACE_BUFFERING_MODE 0x00000400
192#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800
193#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000
195#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000
196#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000
198#define EVENT_TRACE_RELOG_MODE 0x00010000
200#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000
202#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008
203#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020
205#define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040
206#define EVENT_TRACE_SECURE_MODE 0x00000080
207#define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000
208#define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000
209#define EVENT_TRACE_MODE_RESERVED 0x00100000
211#define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000
213#define EVENT_TRACE_CONTROL_QUERY 0
214#define EVENT_TRACE_CONTROL_STOP 1
215#define EVENT_TRACE_CONTROL_UPDATE 2
217#define EVENT_TRACE_CONTROL_FLUSH 3
219#define TRACE_MESSAGE_SEQUENCE 1
220#define TRACE_MESSAGE_GUID 2
221#define TRACE_MESSAGE_COMPONENTID 4
222#define TRACE_MESSAGE_TIMESTAMP 8
223#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16
224#define TRACE_MESSAGE_SYSTEMINFO 32
226#define TRACE_MESSAGE_POINTER32 0x0040
227#define TRACE_MESSAGE_POINTER64 0x0080
229#define TRACE_MESSAGE_FLAG_MASK 0xFFFF
231#define TRACE_MESSAGE_MAXIMUM_SIZE 8*1024
233#define EVENT_TRACE_USE_PROCTIME 0x0001
234#define EVENT_TRACE_USE_NOCPUTIME 0x0002
236#define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
237#define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000
238#define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000
239#define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000
240#define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000
242#define ETW_NULL_TYPE_VALUE 0
243#define ETW_OBJECT_TYPE_VALUE 1
244#define ETW_STRING_TYPE_VALUE 2
245#define ETW_SBYTE_TYPE_VALUE 3
246#define ETW_BYTE_TYPE_VALUE 4
247#define ETW_INT16_TYPE_VALUE 5
248#define ETW_UINT16_TYPE_VALUE 6
249#define ETW_INT32_TYPE_VALUE 7
250#define ETW_UINT32_TYPE_VALUE 8
251#define ETW_INT64_TYPE_VALUE 9
252#define ETW_UINT64_TYPE_VALUE 10
253#define ETW_CHAR_TYPE_VALUE 11
254#define ETW_SINGLE_TYPE_VALUE 12
255#define ETW_DOUBLE_TYPE_VALUE 13
256#define ETW_BOOLEAN_TYPE_VALUE 14
257#define ETW_DECIMAL_TYPE_VALUE 15
259#define ETW_GUID_TYPE_VALUE 101
260#define ETW_ASCIICHAR_TYPE_VALUE 102
261#define ETW_ASCIISTRING_TYPE_VALUE 103
262#define ETW_COUNTED_STRING_TYPE_VALUE 104
263#define ETW_POINTER_TYPE_VALUE 105
264#define ETW_SIZET_TYPE_VALUE 106
265#define ETW_HIDDEN_TYPE_VALUE 107
266#define ETW_BOOL_TYPE_VALUE 108
267#define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
268#define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
269#define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
270#define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
271#define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
272#define ETW_REDUCED_STRING_TYPE_VALUE 114
273#define ETW_SID_TYPE_VALUE 115
274#define ETW_VARIANT_TYPE_VALUE 116
275#define ETW_PTVECTOR_TYPE_VALUE 117
276#define ETW_WMITIME_TYPE_VALUE 118
277#define ETW_DATETIME_TYPE_VALUE 119
278#define ETW_REFRENCE_TYPE_VALUE 120
280#define TRACE_PROVIDER_FLAG_LEGACY 0x00000001
281#define TRACE_PROVIDER_FLAG_PRE_ENABLE 0x00000002
283#define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
284#define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
285#define EVENT_CONTROL_CODE_CAPTURE_STATE 2
287#define DEFINE_TRACE_MOF_FIELD(MOF, ptr, length, type) \
288 (MOF)->DataPtr = (ULONG64)(ULONG_PTR) ptr; \
289 (MOF)->Length = (ULONG) length; \
290 (MOF)->DataType = (ULONG) type;
329#ifndef PEVENT_TRACE_HEADER_DEFINED
330#define PEVENT_TRACE_HEADER_DEFINED
433#if !(defined(_NTDDK_) || defined(_NTIFS_)) || defined(_WMIKM_)
566#if !defined(_WMIKM_) && !defined(_NTDDK_) && !defined(_NTIFS_)
568#define ENABLE_TRACE_PARAMETERS_VERSION 1
672#if defined(_UNICODE) || defined(UNICODE)
674#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
675#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
676#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
677#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
678#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
679#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
683#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
684#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
685#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
686#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
687#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
688#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
714#define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)(ULONG_PTR)INVALID_HANDLE_VALUE)
716#if defined(UNICODE) || defined(_UNICODE)
718#define RegisterTraceGuids RegisterTraceGuidsW
719#define StartTrace StartTraceW
720#define ControlTrace ControlTraceW
722#if defined(__TRACE_W2K_COMPATIBLE)
724#define StopTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
725#define QueryTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
726#define UpdateTrace(a,b,c) ControlTraceW((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
730#define StopTrace StopTraceW
731#define QueryTrace QueryTraceW
732#define UpdateTrace UpdateTraceW
736#if (NTDDI_VERSION >= NTDDI_WINXP)
737#define FlushTrace FlushTraceW
740#define QueryAllTraces QueryAllTracesW
741#define OpenTrace OpenTraceW
745#define RegisterTraceGuids RegisterTraceGuidsA
746#define StartTrace StartTraceA
747#define ControlTrace ControlTraceA
749#if defined(__TRACE_W2K_COMPATIBLE)
751#define StopTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
752#define QueryTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
753#define UpdateTrace(a,b,c) ControlTraceA((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
757#define StopTrace StopTraceA
758#define QueryTrace QueryTraceA
759#define UpdateTrace UpdateTraceA
763#if (NTDDI_VERSION >= NTDDI_WINXP)
764#define FlushTrace FlushTraceA
767#define QueryAllTraces QueryAllTracesA
768#define OpenTrace OpenTraceA
1013#if (WINVER >= _WIN32_WINNT_WINXP)
1041#if (WINVER >= _WIN32_WINNT_VISTA)
1070#if (WINVER >= _WIN32_WINNT_WIN7)
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
VOID CALLBACK EventCallback(IN PVOID MixerEventContext, IN HANDLE hMixer, IN ULONG NotificationType, IN ULONG Value)
struct _EVENT_TRACE_PROPERTIES EVENT_TRACE_PROPERTIES
struct _TRACE_PROVIDER_INSTANCE_INFO * PTRACE_PROVIDER_INSTANCE_INFO
EXTERN_C ULONG WMIAPI StartTraceW(OUT PTRACEHANDLE TraceHandle, IN LPCWSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C ULONG WMIAPI QueryAllTracesA(OUT PEVENT_TRACE_PROPERTIES *PropertyArray, IN ULONG PropertyArrayCount, OUT PULONG LoggerCount)
struct _EVENT_TRACE_PROPERTIES * PEVENT_TRACE_PROPERTIES
EXTERN_C ULONG WMIAPI UpdateTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C ULONG WMIAPI RegisterTraceGuidsW(IN WMIDPREQUEST RequestAddress, IN PVOID RequestContext OPTIONAL, IN LPCGUID ControlGuid, IN ULONG GuidCount, IN PTRACE_GUID_REGISTRATION TraceGuidReg OPTIONAL, IN LPCWSTR MofImagePath OPTIONAL, IN LPCWSTR MofResourceName OPTIONAL, OUT PTRACEHANDLE RegistrationHandle)
EXTERN_C ULONG WMIAPI QueryTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C ULONG WMIAPI TraceSetInformation(IN TRACEHANDLE SessionHandle, IN TRACE_INFO_CLASS InformationClass, IN PVOID TraceInformation, IN ULONG InformationLength)
EXTERN_C ULONG WMIAPI TraceEvent(IN TRACEHANDLE TraceHandle, IN PEVENT_TRACE_HEADER EventTrace)
EXTERN_C ULONG WMIAPI CreateTraceInstanceId(IN HANDLE RegHandle, IN OUT PEVENT_INSTANCE_INFO InstInfo)
struct _TRACE_GUID_REGISTRATION TRACE_GUID_REGISTRATION
struct _TRACE_GUID_INFO TRACE_GUID_INFO
struct _EVENT_INSTANCE_INFO EVENT_INSTANCE_INFO
EXTERN_C ULONG WMIAPI ProcessTrace(IN PTRACEHANDLE HandleArray, IN ULONG HandleCount, IN LPFILETIME StartTime OPTIONAL, IN LPFILETIME EndTime OPTIONAL)
EXTERN_C UCHAR WMIAPI GetTraceEnableLevel(IN TRACEHANDLE TraceHandle)
ULONG(WINAPI * PEVENT_TRACE_BUFFER_CALLBACKW)(PEVENT_TRACE_LOGFILEW Logfile)
VOID(WINAPI * PEVENT_CALLBACK)(PEVENT_TRACE pEvent)
struct _TRACE_LOGFILE_HEADER TRACE_LOGFILE_HEADER
EXTERN_C ULONG WMIAPI StopTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C ULONG WMIAPI TraceMessageVa(IN TRACEHANDLE LoggerHandle, IN ULONG MessageFlags, IN LPCGUID MessageGuid, IN USHORT MessageNumber, IN va_list MessageArgList)
struct _TRACE_ENABLE_INFO * PTRACE_ENABLE_INFO
struct _MOF_FIELD * PMOF_FIELD
struct _CLASSIC_EVENT_ID CLASSIC_EVENT_ID
struct _TRACE_LOGFILE_HEADER32 TRACE_LOGFILE_HEADER32
ULONG(WINAPI * WMIDPREQUEST)(IN WMIDPREQUESTCODE RequestCode, IN PVOID RequestContext, IN OUT ULONG *BufferSize, IN OUT PVOID Buffer)
struct _EVENT_TRACE_HEADER * PEVENT_TRACE_HEADER
EXTERN_C TRACEHANDLE WMIAPI OpenTraceA(IN OUT PEVENT_TRACE_LOGFILEA Logfile)
struct _EVENT_RECORD * PEVENT_RECORD
struct _TRACE_GUID_REGISTRATION * PTRACE_GUID_REGISTRATION
VOID(WINAPI * PEVENT_RECORD_CALLBACK)(PEVENT_RECORD EventRecord)
struct _TRACE_GUID_INFO * PTRACE_GUID_INFO
EXTERN_C ULONG WMIAPI EnumerateTraceGuids(IN OUT PTRACE_GUID_PROPERTIES *GuidPropertiesArray, IN ULONG PropertyArrayCount, OUT PULONG GuidCount)
EXTERN_C ULONG WMIAPI EnableTrace(IN ULONG Enable, IN ULONG EnableFlag, IN ULONG EnableLevel, IN LPCGUID ControlGuid, IN TRACEHANDLE TraceHandle)
EXTERN_C ULONG WMIAPI RegisterTraceGuidsA(IN WMIDPREQUEST RequestAddress, IN PVOID RequestContext OPTIONAL, IN LPCGUID ControlGuid, IN ULONG GuidCount, IN PTRACE_GUID_REGISTRATION TraceGuidReg OPTIONAL, IN LPCSTR MofImagePath OPTIONAL, IN LPCSTR MofResourceName OPTIONAL, OUT PTRACEHANDLE RegistrationHandle)
struct _TRACE_LOGFILE_HEADER * PTRACE_LOGFILE_HEADER
EXTERN_C ULONG WMIAPI EnableTraceEx(IN LPCGUID ProviderId, IN LPCGUID SourceId OPTIONAL, IN TRACEHANDLE TraceHandle, IN ULONG IsEnabled, IN UCHAR Level, IN ULONGLONG MatchAnyKeyword, IN ULONGLONG MatchAllKeyword, IN ULONG EnableProperty, IN PEVENT_FILTER_DESCRIPTOR EnableFilterDesc OPTIONAL)
EXTERN_C ULONG WMIAPI UpdateTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _ENABLE_TRACE_PARAMETERS * PENABLE_TRACE_PARAMETERS
EXTERN_C ULONG WMIAPI GetTraceEnableFlags(IN TRACEHANDLE TraceHandle)
struct _EVENT_RECORD EVENT_RECORD
enum _TRACE_QUERY_INFO_CLASS TRACE_QUERY_INFO_CLASS
EXTERN_C ULONG __cdecl TraceMessage(IN TRACEHANDLE LoggerHandle, IN ULONG MessageFlags, IN LPCGUID MessageGuid, IN USHORT MessageNumber,...)
EXTERN_C ULONG WMIAPI QueryTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_GUID_PROPERTIES * PTRACE_GUID_PROPERTIES
struct _EVENT_TRACE_LOGFILEA * PEVENT_TRACE_LOGFILEA
struct _EVENT_FILTER_DESCRIPTOR * PEVENT_FILTER_DESCRIPTOR
struct _EVENT_INSTANCE_HEADER * PEVENT_INSTANCE_HEADER
EXTERN_C ULONG WMIAPI EnableTraceEx2(IN TRACEHANDLE TraceHandle, IN LPCGUID ProviderId, IN ULONG ControlCode, IN UCHAR Level, IN ULONGLONG MatchAnyKeyword, IN ULONGLONG MatchAllKeyword, IN ULONG Timeout, IN PENABLE_TRACE_PARAMETERS EnableParameters OPTIONAL)
EXTERN_C ULONG WMIAPI RemoveTraceCallback(IN LPCGUID pGuid)
struct _ENABLE_TRACE_PARAMETERS ENABLE_TRACE_PARAMETERS
EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx(IN TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, IN PVOID InBuffer OPTIONAL, IN ULONG InBufferSize, OUT PVOID OutBuffer OPTIONAL, IN ULONG OutBufferSize, OUT PULONG ReturnLength)
struct _EVENT_TRACE EVENT_TRACE
EXTERN_C ULONG WMIAPI TraceEventInstance(IN TRACEHANDLE TraceHandle, IN PEVENT_INSTANCE_HEADER EventTrace, IN PEVENT_INSTANCE_INFO InstInfo, IN PEVENT_INSTANCE_INFO ParentInstInfo OPTIONAL)
EXTERN_C ULONG WMIAPI FlushTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_PROVIDER_INSTANCE_INFO TRACE_PROVIDER_INSTANCE_INFO
struct _TRACE_LOGFILE_HEADER32 * PTRACE_LOGFILE_HEADER32
EXTERN_C ULONG WMIAPI UnregisterTraceGuids(IN TRACEHANDLE RegistrationHandle)
struct _EVENT_INSTANCE_INFO * PEVENT_INSTANCE_INFO
EXTERN_C TRACEHANDLE WMIAPI OpenTraceW(IN OUT PEVENT_TRACE_LOGFILEW Logfile)
enum _TRACE_QUERY_INFO_CLASS TRACE_INFO_CLASS
struct _EVENT_TRACE * PEVENT_TRACE
ULONG(WINAPI * PEVENT_TRACE_BUFFER_CALLBACKA)(PEVENT_TRACE_LOGFILEA Logfile)
struct _EVENT_INSTANCE_HEADER EVENT_INSTANCE_HEADER
struct _CLASSIC_EVENT_ID * PCLASSIC_EVENT_ID
EXTERN_C ULONG WMIAPI StartTraceA(OUT PTRACEHANDLE TraceHandle, IN LPCSTR InstanceName, IN OUT PEVENT_TRACE_PROPERTIES Properties)
EXTERN_C ULONG WMIAPI ControlTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
EXTERN_C ULONG WMIAPI FlushTraceW(IN TRACEHANDLE TraceHandle, IN LPCWSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _TRACE_LOGFILE_HEADER64 * PTRACE_LOGFILE_HEADER64
EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle(IN PVOID Buffer)
struct _ETW_BUFFER_CONTEXT * PETW_BUFFER_CONTEXT
EXTERN_C ULONG WMIAPI ControlTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties, IN ULONG ControlCode)
struct _TRACE_LOGFILE_HEADER64 TRACE_LOGFILE_HEADER64
struct _TRACE_GUID_PROPERTIES TRACE_GUID_PROPERTIES
struct _EVENT_TRACE_LOGFILEW * PEVENT_TRACE_LOGFILEW
struct _TRACE_ENABLE_INFO TRACE_ENABLE_INFO
EXTERN_C ULONG WMIAPI SetTraceCallback(IN LPCGUID pGuid, IN PEVENT_CALLBACK EventCallback)
struct _MOF_FIELD MOF_FIELD
struct _ETW_BUFFER_CONTEXT ETW_BUFFER_CONTEXT
EXTERN_C ULONG WMIAPI StopTraceA(IN TRACEHANDLE TraceHandle, IN LPCSTR InstanceName OPTIONAL, IN OUT PEVENT_TRACE_PROPERTIES Properties)
struct _EVENT_TRACE_HEADER EVENT_TRACE_HEADER
EXTERN_C ULONG WMIAPI QueryAllTracesW(OUT PEVENT_TRACE_PROPERTIES *PropertyArray, IN ULONG PropertyArrayCount, OUT PULONG LoggerCount)
_Must_inspect_result_ _Inout_ PFLT_VOLUME _In_opt_ PCUNICODE_STRING InstanceName
_In_ FILTER_INFORMATION_CLASS InformationClass
return pProvider IsEnabled(ProviderControl)
static LARGE_INTEGER StartTime
#define _ANONYMOUS_STRUCT
_In_ ULONGLONG _In_ ULONGLONG _In_ BOOLEAN Enable
#define DEFINE_GUID(name, l, w1, w2, b1, b2, b3, b4, b5, b6, b7, b8)
_In_ UCHAR _In_ ULONG _Out_ PUCHAR _Outptr_result_bytebuffer_ OutBufferLength PVOID * OutBuffer
PULONG MinorVersion OPTIONAL
PEVENT_FILTER_DESCRIPTOR EnableFilterDesc
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEA::@3144 DUMMYUNIONNAME
PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback
TRACE_LOGFILE_HEADER LogfileHeader
PEVENT_RECORD_CALLBACK EventRecordCallback
PEVENT_CALLBACK EventCallback
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEA::@3145 DUMMYUNIONNAME2
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEW::@3143 DUMMYUNIONNAME2
PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback
_ANONYMOUS_UNION union _EVENT_TRACE_LOGFILEW::@3142 DUMMYUNIONNAME
TRACE_LOGFILE_HEADER LogfileHeader
PEVENT_RECORD_CALLBACK EventRecordCallback
PEVENT_CALLBACK EventCallback
ULONG RealTimeBuffersLost
_ANONYMOUS_UNION union _EVENT_TRACE::@3129 DUMMYUNIONNAME
ETW_BUFFER_CONTEXT BufferContext
EVENT_TRACE_HEADER Header
ULONGLONG MatchAnyKeyword
ULONGLONG MatchAllKeyword
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING MofResourceName
_Reserved_ PVOID Reserved
_In_opt_ PETWENABLECALLBACK _In_opt_ PVOID _Out_ PREGHANDLE RegHandle
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG MatchAnyKeyword
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR _In_ ULONGLONG _In_ ULONGLONG MatchAllKeyword
_IRQL_requires_same_ typedef _In_ ULONG ControlCode
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
_Must_inspect_result_ typedef _In_ ULONG _In_ ULONG MessageNumber
_Outptr_ PVOID * RegistrationHandle
1.9.6