1use shared::basetsd::{SIZE_T, ULONG32, ULONG64};
7use shared::evntprov::PEVENT_FILTER_DESCRIPTOR;
8use shared::guiddef::{GUID, LPCGUID, LPGUID};
9use shared::minwindef::{DWORD, LPFILETIME, PULONG, UCHAR, UINT, ULONG, USHORT};
10use shared::wmistr::{WMIDPREQUESTCODE, WNODE_HEADER};
11use um::evntcons::PEVENT_RECORD;
12use um::handleapi::INVALID_HANDLE_VALUE;
13use um::timezoneapi::TIME_ZONE_INFORMATION;
14use um::winnt::{
15 ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR,
16 PVOID, ULONGLONG, WCHAR
17};
18use vc::vadefs::va_list;
19DEFINE_GUID!{EventTraceGuid,
20 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3}
21DEFINE_GUID!{SystemTraceControlGuid,
22 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39}
23DEFINE_GUID!{EventTraceConfigGuid,
24 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35}
25DEFINE_GUID!{DefaultTraceSecurityGuid,
26 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13}
27DEFINE_GUID!{PrivateLoggerNotificationGuid,
28 0x3595ab5c, 0x042a, 0x4c8e, 0xb9, 0x42, 0x2d, 0x05, 0x9b, 0xfe, 0xb1, 0xb1}
29pub const KERNEL_LOGGER_NAME: &'static str = "NT Kernel Logger";
30pub const GLOBAL_LOGGER_NAME: &'static str = "GlobalLogger";
31pub const EVENT_LOGGER_NAME: &'static str = "EventLog";
32pub const DIAG_LOGGER_NAME: &'static str = "DiagLog";
33pub const MAX_MOF_FIELDS: SIZE_T = 16;
34DECLARE_HANDLE!{TRACEHANDLE, __TRACEHANDLE}
35pub type PTRACEHANDLE = *mut TRACEHANDLE;
36pub const EVENT_TRACE_TYPE_INFO: DWORD = 0x00;
37pub const EVENT_TRACE_TYPE_START: DWORD = 0x01;
38pub const EVENT_TRACE_TYPE_END: DWORD = 0x02;
39pub const EVENT_TRACE_TYPE_STOP: DWORD = 0x02;
40pub const EVENT_TRACE_TYPE_DC_START: DWORD = 0x03;
41pub const EVENT_TRACE_TYPE_DC_END: DWORD = 0x04;
42pub const EVENT_TRACE_TYPE_EXTENSION: DWORD = 0x05;
43pub const EVENT_TRACE_TYPE_REPLY: DWORD = 0x06;
44pub const EVENT_TRACE_TYPE_DEQUEUE: DWORD = 0x07;
45pub const EVENT_TRACE_TYPE_RESUME: DWORD = 0x07;
46pub const EVENT_TRACE_TYPE_CHECKPOINT: DWORD = 0x08;
47pub const EVENT_TRACE_TYPE_SUSPEND: DWORD = 0x08;
48pub const EVENT_TRACE_TYPE_WINEVT_SEND: DWORD = 0x09;
49pub const EVENT_TRACE_TYPE_WINEVT_RECEIVE: DWORD = 0xF0;
50pub const TRACE_LEVEL_CRITICAL: UCHAR = 1;
51pub const TRACE_LEVEL_ERROR: UCHAR = 2;
52pub const TRACE_LEVEL_WARNING: UCHAR = 3;
53pub const TRACE_LEVEL_INFORMATION: UCHAR = 4;
54pub const TRACE_LEVEL_VERBOSE: UCHAR = 5;
55pub const TRACE_LEVEL_RESERVED6: UCHAR = 6;
56pub const TRACE_LEVEL_RESERVED7: UCHAR = 7;
57pub const TRACE_LEVEL_RESERVED8: UCHAR = 8;
58pub const TRACE_LEVEL_RESERVED9: UCHAR = 9;
59pub const EVENT_TRACE_TYPE_LOAD: DWORD = 0x0A;
60pub const EVENT_TRACE_TYPE_TERMINATE: DWORD = 0x0B;
61pub const EVENT_TRACE_TYPE_IO_READ: DWORD = 0x0A;
62pub const EVENT_TRACE_TYPE_IO_WRITE: DWORD = 0x0B;
63pub const EVENT_TRACE_TYPE_IO_READ_INIT: DWORD = 0x0C;
64pub const EVENT_TRACE_TYPE_IO_WRITE_INIT: DWORD = 0x0D;
65pub const EVENT_TRACE_TYPE_IO_FLUSH: DWORD = 0x0E;
66pub const EVENT_TRACE_TYPE_IO_FLUSH_INIT: DWORD = 0x0F;
67pub const EVENT_TRACE_TYPE_IO_REDIRECTED_INIT: DWORD = 0x10;
68pub const EVENT_TRACE_TYPE_MM_TF: DWORD = 0x0A;
69pub const EVENT_TRACE_TYPE_MM_DZF: DWORD = 0x0B;
70pub const EVENT_TRACE_TYPE_MM_COW: DWORD = 0x0C;
71pub const EVENT_TRACE_TYPE_MM_GPF: DWORD = 0x0D;
72pub const EVENT_TRACE_TYPE_MM_HPF: DWORD = 0x0E;
73pub const EVENT_TRACE_TYPE_MM_AV: DWORD = 0x0F;
74pub const EVENT_TRACE_TYPE_SEND: DWORD = 0x0A;
75pub const EVENT_TRACE_TYPE_RECEIVE: DWORD = 0x0B;
76pub const EVENT_TRACE_TYPE_CONNECT: DWORD = 0x0C;
77pub const EVENT_TRACE_TYPE_DISCONNECT: DWORD = 0x0D;
78pub const EVENT_TRACE_TYPE_RETRANSMIT: DWORD = 0x0E;
79pub const EVENT_TRACE_TYPE_ACCEPT: DWORD = 0x0F;
80pub const EVENT_TRACE_TYPE_RECONNECT: DWORD = 0x10;
81pub const EVENT_TRACE_TYPE_CONNFAIL: DWORD = 0x11;
82pub const EVENT_TRACE_TYPE_COPY_TCP: DWORD = 0x12;
83pub const EVENT_TRACE_TYPE_COPY_ARP: DWORD = 0x13;
84pub const EVENT_TRACE_TYPE_ACKFULL: DWORD = 0x14;
85pub const EVENT_TRACE_TYPE_ACKPART: DWORD = 0x15;
86pub const EVENT_TRACE_TYPE_ACKDUP: DWORD = 0x16;
87pub const EVENT_TRACE_TYPE_GUIDMAP: DWORD = 0x0A;
88pub const EVENT_TRACE_TYPE_CONFIG: DWORD = 0x0B;
89pub const EVENT_TRACE_TYPE_SIDINFO: DWORD = 0x0C;
90pub const EVENT_TRACE_TYPE_SECURITY: DWORD = 0x0D;
91pub const EVENT_TRACE_TYPE_DBGID_RSDS: DWORD = 0x40;
92pub const EVENT_TRACE_TYPE_REGCREATE: DWORD = 0x0A;
93pub const EVENT_TRACE_TYPE_REGOPEN: DWORD = 0x0B;
94pub const EVENT_TRACE_TYPE_REGDELETE: DWORD = 0x0C;
95pub const EVENT_TRACE_TYPE_REGQUERY: DWORD = 0x0D;
96pub const EVENT_TRACE_TYPE_REGSETVALUE: DWORD = 0x0E;
97pub const EVENT_TRACE_TYPE_REGDELETEVALUE: DWORD = 0x0F;
98pub const EVENT_TRACE_TYPE_REGQUERYVALUE: DWORD = 0x10;
99pub const EVENT_TRACE_TYPE_REGENUMERATEKEY: DWORD = 0x11;
100pub const EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY: DWORD = 0x12;
101pub const EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE: DWORD = 0x13;
102pub const EVENT_TRACE_TYPE_REGSETINFORMATION: DWORD = 0x14;
103pub const EVENT_TRACE_TYPE_REGFLUSH: DWORD = 0x15;
104pub const EVENT_TRACE_TYPE_REGKCBCREATE: DWORD = 0x16;
105pub const EVENT_TRACE_TYPE_REGKCBDELETE: DWORD = 0x17;
106pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN: DWORD = 0x18;
107pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNEND: DWORD = 0x19;
108pub const EVENT_TRACE_TYPE_REGVIRTUALIZE: DWORD = 0x1A;
109pub const EVENT_TRACE_TYPE_REGCLOSE: DWORD = 0x1B;
110pub const EVENT_TRACE_TYPE_REGSETSECURITY: DWORD = 0x1C;
111pub const EVENT_TRACE_TYPE_REGQUERYSECURITY: DWORD = 0x1D;
112pub const EVENT_TRACE_TYPE_REGCOMMIT: DWORD = 0x1E;
113pub const EVENT_TRACE_TYPE_REGPREPARE: DWORD = 0x1F;
114pub const EVENT_TRACE_TYPE_REGROLLBACK: DWORD = 0x20;
115pub const EVENT_TRACE_TYPE_REGMOUNTHIVE: DWORD = 0x21;
116pub const EVENT_TRACE_TYPE_CONFIG_CPU: DWORD = 0x0A;
117pub const EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK: DWORD = 0x0B;
118pub const EVENT_TRACE_TYPE_CONFIG_LOGICALDISK: DWORD = 0x0C;
119pub const EVENT_TRACE_TYPE_CONFIG_NIC: DWORD = 0x0D;
120pub const EVENT_TRACE_TYPE_CONFIG_VIDEO: DWORD = 0x0E;
121pub const EVENT_TRACE_TYPE_CONFIG_SERVICES: DWORD = 0x0F;
122pub const EVENT_TRACE_TYPE_CONFIG_POWER: DWORD = 0x10;
123pub const EVENT_TRACE_TYPE_CONFIG_NETINFO: DWORD = 0x11;
124pub const EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA: DWORD = 0x12;
125pub const EVENT_TRACE_TYPE_CONFIG_IRQ: DWORD = 0x15;
126pub const EVENT_TRACE_TYPE_CONFIG_PNP: DWORD = 0x16;
127pub const EVENT_TRACE_TYPE_CONFIG_IDECHANNEL: DWORD = 0x17;
128pub const EVENT_TRACE_TYPE_CONFIG_NUMANODE: DWORD = 0x18;
129pub const EVENT_TRACE_TYPE_CONFIG_PLATFORM: DWORD = 0x19;
130pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP: DWORD = 0x1A;
131pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER: DWORD = 0x1B;
132pub const EVENT_TRACE_TYPE_CONFIG_DPI: DWORD = 0x1C;
133pub const EVENT_TRACE_TYPE_CONFIG_CI_INFO: DWORD = 0x1D;
134pub const EVENT_TRACE_TYPE_CONFIG_MACHINEID: DWORD = 0x1E;
135pub const EVENT_TRACE_TYPE_CONFIG_DEFRAG: DWORD = 0x1F;
136pub const EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM: DWORD = 0x20;
137pub const EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY: DWORD = 0x21;
138pub const EVENT_TRACE_TYPE_CONFIG_FLIGHTID: DWORD = 0x22;
139pub const EVENT_TRACE_TYPE_CONFIG_PROCESSOR: DWORD = 0x23;
140pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ: DWORD = 0x37;
141pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE: DWORD = 0x38;
142pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH: DWORD = 0x39;
143pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT: DWORD = 0x3a;
144pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT: DWORD = 0x3b;
145pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT: DWORD = 0x3c;
146pub const EVENT_TRACE_TYPE_FLT_PREOP_INIT: DWORD = 0x60;
147pub const EVENT_TRACE_TYPE_FLT_POSTOP_INIT: DWORD = 0x61;
148pub const EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION: DWORD = 0x62;
149pub const EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION: DWORD = 0x63;
150pub const EVENT_TRACE_TYPE_FLT_PREOP_FAILURE: DWORD = 0x64;
151pub const EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE: DWORD = 0x65;
152pub const EVENT_TRACE_FLAG_PROCESS: DWORD = 0x00000001;
153pub const EVENT_TRACE_FLAG_THREAD: DWORD = 0x00000002;
154pub const EVENT_TRACE_FLAG_IMAGE_LOAD: DWORD = 0x00000004;
155pub const EVENT_TRACE_FLAG_DISK_IO: DWORD = 0x00000100;
156pub const EVENT_TRACE_FLAG_DISK_FILE_IO: DWORD = 0x00000200;
157pub const EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS: DWORD = 0x00001000;
158pub const EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS: DWORD = 0x00002000;
159pub const EVENT_TRACE_FLAG_NETWORK_TCPIP: DWORD = 0x00010000;
160pub const EVENT_TRACE_FLAG_REGISTRY: DWORD = 0x00020000;
161pub const EVENT_TRACE_FLAG_DBGPRINT: DWORD = 0x00040000;
162pub const EVENT_TRACE_FLAG_PROCESS_COUNTERS: DWORD = 0x00000008;
163pub const EVENT_TRACE_FLAG_CSWITCH: DWORD = 0x00000010;
164pub const EVENT_TRACE_FLAG_DPC: DWORD = 0x00000020;
165pub const EVENT_TRACE_FLAG_INTERRUPT: DWORD = 0x00000040;
166pub const EVENT_TRACE_FLAG_SYSTEMCALL: DWORD = 0x00000080;
167pub const EVENT_TRACE_FLAG_DISK_IO_INIT: DWORD = 0x00000400;
168pub const EVENT_TRACE_FLAG_ALPC: DWORD = 0x00100000;
169pub const EVENT_TRACE_FLAG_SPLIT_IO: DWORD = 0x00200000;
170pub const EVENT_TRACE_FLAG_DRIVER: DWORD = 0x00800000;
171pub const EVENT_TRACE_FLAG_PROFILE: DWORD = 0x01000000;
172pub const EVENT_TRACE_FLAG_FILE_IO: DWORD = 0x02000000;
173pub const EVENT_TRACE_FLAG_FILE_IO_INIT: DWORD = 0x04000000;
174pub const EVENT_TRACE_FLAG_DISPATCHER: DWORD = 0x00000800;
175pub const EVENT_TRACE_FLAG_VIRTUAL_ALLOC: DWORD = 0x00004000;
176pub const EVENT_TRACE_FLAG_VAMAP: DWORD = 0x00008000;
177pub const EVENT_TRACE_FLAG_NO_SYSCONFIG: DWORD = 0x10000000;
178pub const EVENT_TRACE_FLAG_JOB: DWORD = 0x00080000;
179pub const EVENT_TRACE_FLAG_DEBUG_EVENTS: DWORD = 0x00400000;
180pub const EVENT_TRACE_FLAG_EXTENSION: DWORD = 0x80000000;
181pub const EVENT_TRACE_FLAG_FORWARD_WMI: DWORD = 0x40000000;
182pub const EVENT_TRACE_FLAG_ENABLE_RESERVE: DWORD = 0x20000000;
183pub const EVENT_TRACE_FILE_MODE_NONE: DWORD = 0x00000000;
184pub const EVENT_TRACE_FILE_MODE_SEQUENTIAL: DWORD = 0x00000001;
185pub const EVENT_TRACE_FILE_MODE_CIRCULAR: DWORD = 0x00000002;
186pub const EVENT_TRACE_FILE_MODE_APPEND: DWORD = 0x00000004;
187pub const EVENT_TRACE_REAL_TIME_MODE: DWORD = 0x00000100;
188pub const EVENT_TRACE_DELAY_OPEN_FILE_MODE: DWORD = 0x00000200;
189pub const EVENT_TRACE_BUFFERING_MODE: DWORD = 0x00000400;
190pub const EVENT_TRACE_PRIVATE_LOGGER_MODE: DWORD = 0x00000800;
191pub const EVENT_TRACE_ADD_HEADER_MODE: DWORD = 0x00001000;
192pub const EVENT_TRACE_USE_GLOBAL_SEQUENCE: DWORD = 0x00004000;
193pub const EVENT_TRACE_USE_LOCAL_SEQUENCE: DWORD = 0x00008000;
194pub const EVENT_TRACE_RELOG_MODE: DWORD = 0x00010000;
195pub const EVENT_TRACE_USE_PAGED_MEMORY: DWORD = 0x01000000;
196pub const EVENT_TRACE_FILE_MODE_NEWFILE: DWORD = 0x00000008;
197pub const EVENT_TRACE_FILE_MODE_PREALLOCATE: DWORD = 0x00000020;
198pub const EVENT_TRACE_NONSTOPPABLE_MODE: DWORD = 0x00000040;
199pub const EVENT_TRACE_SECURE_MODE: DWORD = 0x00000080;
200pub const EVENT_TRACE_USE_KBYTES_FOR_SIZE: DWORD = 0x00002000;
201pub const EVENT_TRACE_PRIVATE_IN_PROC: DWORD = 0x00020000;
202pub const EVENT_TRACE_MODE_RESERVED: DWORD = 0x00100000;
203pub const EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING: DWORD = 0x10000000;
204pub const EVENT_TRACE_SYSTEM_LOGGER_MODE: DWORD = 0x02000000;
205pub const EVENT_TRACE_ADDTO_TRIAGE_DUMP: DWORD = 0x80000000;
206pub const EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN: DWORD = 0x00400000;
207pub const EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN: DWORD = 0x00800000;
208pub const EVENT_TRACE_INDEPENDENT_SESSION_MODE: DWORD = 0x08000000;
209pub const EVENT_TRACE_COMPRESSED_MODE: DWORD = 0x04000000;
210pub const EVENT_TRACE_CONTROL_QUERY: DWORD = 0;
211pub const EVENT_TRACE_CONTROL_STOP: DWORD = 1;
212pub const EVENT_TRACE_CONTROL_UPDATE: DWORD = 2;
213pub const EVENT_TRACE_CONTROL_FLUSH: DWORD = 3;
214pub const TRACE_MESSAGE_SEQUENCE: DWORD = 1;
215pub const TRACE_MESSAGE_GUID: DWORD = 2;
216pub const TRACE_MESSAGE_COMPONENTID: DWORD = 4;
217pub const TRACE_MESSAGE_TIMESTAMP: DWORD = 8;
218pub const TRACE_MESSAGE_PERFORMANCE_TIMESTAMP: DWORD = 16;
219pub const TRACE_MESSAGE_SYSTEMINFO: DWORD = 32;
220pub const TRACE_MESSAGE_POINTER32: DWORD = 0x0040;
221pub const TRACE_MESSAGE_POINTER64: DWORD = 0x0080;
222pub const TRACE_MESSAGE_FLAG_MASK: DWORD = 0xFFFF;
223pub const TRACE_MESSAGE_MAXIMUM_SIZE: SIZE_T = 64 * 1024;
224pub const EVENT_TRACE_USE_PROCTIME: DWORD = 0x0001;
225pub const EVENT_TRACE_USE_NOCPUTIME: DWORD = 0x0002;
226pub const TRACE_HEADER_FLAG_USE_TIMESTAMP: DWORD = 0x00000200;
227pub const TRACE_HEADER_FLAG_TRACED_GUID: DWORD = 0x00020000;
228pub const TRACE_HEADER_FLAG_LOG_WNODE: DWORD = 0x00040000;
229pub const TRACE_HEADER_FLAG_USE_GUID_PTR: DWORD = 0x00080000;
230pub const TRACE_HEADER_FLAG_USE_MOF_PTR: DWORD = 0x00100000;
231ENUM!{enum ETW_COMPRESSION_RESUMPTION_MODE {
232 EtwCompressionModeRestart = 0,
233 EtwCompressionModeNoDisable = 1,
234 EtwCompressionModeNoRestart = 2,
235}}
236STRUCT!{struct EVENT_TRACE_HEADER_u1_s {
237 HeaderType: UCHAR,
238 MarkerFlags: UCHAR,
239}}
240UNION!{union EVENT_TRACE_HEADER_u1 {
241 [u16; 1],
242 FieldTypeFlags FieldTypeFlags_mut: USHORT,
243 s s_mut: EVENT_TRACE_HEADER_u1_s,
244}}
245STRUCT!{struct EVENT_TRACE_HEADER_u2_CLASS {
246 Type: UCHAR,
247 Level: UCHAR,
248 Version: USHORT,
249}}
250UNION!{union EVENT_TRACE_HEADER_u2 {
251 [u32; 1],
252 Version Version_mut: ULONG,
253 Class Class_mut: EVENT_TRACE_HEADER_u2_CLASS,
254}}
255UNION!{union EVENT_TRACE_HEADER_u3 {
256 [u64; 2],
257 Guid Guid_mut: GUID,
258 GuidPtr GuidPtr_mut: ULONGLONG,
259}}
260STRUCT!{struct EVENT_TRACE_HEADER_u4_s1 {
261 ClientContext: ULONG,
262 Flags: ULONG,
263}}
264STRUCT!{struct EVENT_TRACE_HEADER_u4_s2 {
265 KernelTime: ULONG,
266 UserTime: ULONG,
267}}
268UNION!{union EVENT_TRACE_HEADER_u4 {
269 [u64; 1],
270 s1 s1_mut: EVENT_TRACE_HEADER_u4_s1,
271 s2 s2_mut: EVENT_TRACE_HEADER_u4_s2,
272 ProcessorTime ProcessorTime_mut: ULONG64,
273}}
274STRUCT!{struct EVENT_TRACE_HEADER {
275 Size: USHORT,
276 u1: EVENT_TRACE_HEADER_u1,
277 u2: EVENT_TRACE_HEADER_u2,
278 ThreadId: ULONG,
279 ProcessId: ULONG,
280 TimeStamp: LARGE_INTEGER,
281 u3: EVENT_TRACE_HEADER_u3,
282 u4: EVENT_TRACE_HEADER_u4,
283}}
284pub type PEVENT_TRACE_HEADER = *mut EVENT_TRACE_HEADER;
285STRUCT!{struct EVENT_INSTANCE_HEADER_u1_s {
286 HeaderType: UCHAR,
287 MarkerFlags: UCHAR,
288}}
289UNION!{union EVENT_INSTANCE_HEADER_u1 {
290 [u16; 1],
291 FieldTypeFlags FieldTypeFlags_mut: USHORT,
292 s s_mut: EVENT_INSTANCE_HEADER_u1_s,
293}}
294STRUCT!{struct EVENT_INSTANCE_HEADER_u2_CLASS {
295 Type: UCHAR,
296 Level: UCHAR,
297 Version: USHORT,
298}}
299UNION!{union EVENT_INSTANCE_HEADER_u2 {
300 [u32; 1],
301 Version Version_mut: ULONG,
302 Class Class_mut: EVENT_INSTANCE_HEADER_u2_CLASS,
303}}
304STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s1 {
305 KernelTime: ULONG,
306 UserTime: ULONG,
307}}
308STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s2 {
309 EventId: ULONG,
310 Flags: ULONG,
311}}
312UNION!{union EVENT_INSTANCE_HEADER_u3 {
313 [u64; 1],
314 s1 s1_mut: EVENT_INSTANCE_HEADER_u3_s1,
315 ProcessorTime ProcessorTime_mut: ULONG64,
316 s2 s2_mut: EVENT_INSTANCE_HEADER_u3_s2,
317}}
318STRUCT!{struct EVENT_INSTANCE_HEADER {
319 Size: USHORT,
320 u1: EVENT_INSTANCE_HEADER_u1,
321 u2: EVENT_INSTANCE_HEADER_u2,
322 ThreadId: ULONG,
323 ProcessId: ULONG,
324 TimeStamp: LARGE_INTEGER,
325 RegHandle: ULONGLONG,
326 InstanceId: ULONG,
327 ParentInstanceId: ULONG,
328 u3: EVENT_INSTANCE_HEADER_u3,
329 ParentRegHandle: ULONGLONG,
330}}
331pub type PEVENT_INSTANCE_HEADER = *mut EVENT_INSTANCE_HEADER;
332pub const ETW_NULL_TYPE_VALUE: ULONG = 0;
333pub const ETW_OBJECT_TYPE_VALUE: ULONG = 1;
334pub const ETW_STRING_TYPE_VALUE: ULONG = 2;
335pub const ETW_SBYTE_TYPE_VALUE: ULONG = 3;
336pub const ETW_BYTE_TYPE_VALUE: ULONG = 4;
337pub const ETW_INT16_TYPE_VALUE: ULONG = 5;
338pub const ETW_UINT16_TYPE_VALUE: ULONG = 6;
339pub const ETW_INT32_TYPE_VALUE: ULONG = 7;
340pub const ETW_UINT32_TYPE_VALUE: ULONG = 8;
341pub const ETW_INT64_TYPE_VALUE: ULONG = 9;
342pub const ETW_UINT64_TYPE_VALUE: ULONG = 10;
343pub const ETW_CHAR_TYPE_VALUE: ULONG = 11;
344pub const ETW_SINGLE_TYPE_VALUE: ULONG = 12;
345pub const ETW_DOUBLE_TYPE_VALUE: ULONG = 13;
346pub const ETW_BOOLEAN_TYPE_VALUE: ULONG = 14;
347pub const ETW_DECIMAL_TYPE_VALUE: ULONG = 15;
348pub const ETW_GUID_TYPE_VALUE: ULONG = 101;
349pub const ETW_ASCIICHAR_TYPE_VALUE: ULONG = 102;
350pub const ETW_ASCIISTRING_TYPE_VALUE: ULONG = 103;
351pub const ETW_COUNTED_STRING_TYPE_VALUE: ULONG = 104;
352pub const ETW_POINTER_TYPE_VALUE: ULONG = 105;
353pub const ETW_SIZET_TYPE_VALUE: ULONG = 106;
354pub const ETW_HIDDEN_TYPE_VALUE: ULONG = 107;
355pub const ETW_BOOL_TYPE_VALUE: ULONG = 108;
356pub const ETW_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 109;
357pub const ETW_REVERSED_COUNTED_STRING_TYPE_VALUE: ULONG = 110;
358pub const ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 111;
359pub const ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE: ULONG = 112;
360pub const ETW_REDUCED_ANSISTRING_TYPE_VALUE: ULONG = 113;
361pub const ETW_REDUCED_STRING_TYPE_VALUE: ULONG = 114;
362pub const ETW_SID_TYPE_VALUE: ULONG = 115;
363pub const ETW_VARIANT_TYPE_VALUE: ULONG = 116;
364pub const ETW_PTVECTOR_TYPE_VALUE: ULONG = 117;
365pub const ETW_WMITIME_TYPE_VALUE: ULONG = 118;
366pub const ETW_DATETIME_TYPE_VALUE: ULONG = 119;
367pub const ETW_REFRENCE_TYPE_VALUE: ULONG = 120;
368STRUCT!{struct MOF_FIELD {
370 DataPtr: ULONG64,
371 Length: ULONG,
372 DataType: ULONG,
373}}
374pub type PMOF_FIELD = *mut MOF_FIELD;
375STRUCT!{struct TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL {
376 MajorVersion: UCHAR,
377 MinorVersion: UCHAR,
378 SubVersion: UCHAR,
379 SubMinorVersion: UCHAR,
380}}
381UNION!{union TRACE_LOGFILE_HEADER_u1 {
382 [u32; 1],
383 Version Version_mut: ULONG,
384 VersionDetail VersionDetail_mut: TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL,
385}}
386STRUCT!{struct TRACE_LOGFILE_HEADER_u2_s {
387 StartBuffers: ULONG,
388 PointerSize: ULONG,
389 EventsLost: ULONG,
390 CpuSpeedInMHz: ULONG,
391}}
392UNION!{union TRACE_LOGFILE_HEADER_u2 {
393 [u32; 4],
394 LogInstanceGuid LogInstanceGuid_mut: GUID,
395 s s_mut: TRACE_LOGFILE_HEADER_u2_s,
396}}
397STRUCT!{struct TRACE_LOGFILE_HEADER {
398 BufferSize: ULONG,
399 u1: TRACE_LOGFILE_HEADER_u1,
400 ProviderVersion: ULONG,
401 NumberOfProcessors: ULONG,
402 EndTime: LARGE_INTEGER,
403 TimerResolution: ULONG,
404 MaximumFileSize: ULONG,
405 LogFileMode: ULONG,
406 BuffersWritten: ULONG,
407 u2: TRACE_LOGFILE_HEADER_u2,
408 LoggerName: LPWSTR,
409 LogFileName: LPWSTR,
410 TimeZone: TIME_ZONE_INFORMATION,
411 BootTime: LARGE_INTEGER,
412 PrefFreq: LARGE_INTEGER,
413 StartTime: LARGE_INTEGER,
414 ReservedFlags: ULONG,
415 BuffersLost: ULONG,
416}}
417pub type PTRACE_LOGFILE_HEADER = *mut TRACE_LOGFILE_HEADER;
418STRUCT!{struct TRACE_LOGFILE_HEADER32 {
419 BufferSize: ULONG,
420 u1: TRACE_LOGFILE_HEADER_u1,
421 ProviderVersion: ULONG,
422 NumberOfProcessors: ULONG,
423 EndTime: LARGE_INTEGER,
424 TimerResolution: ULONG,
425 MaximumFileSize: ULONG,
426 LogFileMode: ULONG,
427 BuffersWritten: ULONG,
428 u2: TRACE_LOGFILE_HEADER_u2,
429 LoggerName: ULONG32,
430 LogFileName: ULONG32,
431 TimeZone: TIME_ZONE_INFORMATION,
432 BootTime: LARGE_INTEGER,
433 PrefFreq: LARGE_INTEGER,
434 StartTime: LARGE_INTEGER,
435 ReservedFlags: ULONG,
436 BuffersLost: ULONG,
437}}
438pub type PTRACE_LOGFILE_HEADER32 = *mut TRACE_LOGFILE_HEADER32;
439STRUCT!{struct TRACE_LOGFILE_HEADER64 {
440 BufferSize: ULONG,
441 u1: TRACE_LOGFILE_HEADER_u1,
442 ProviderVersion: ULONG,
443 NumberOfProcessors: ULONG,
444 EndTime: LARGE_INTEGER,
445 TimerResolution: ULONG,
446 MaximumFileSize: ULONG,
447 LogFileMode: ULONG,
448 BuffersWritten: ULONG,
449 u2: TRACE_LOGFILE_HEADER_u2,
450 LoggerName: ULONG64,
451 LogFileName: ULONG64,
452 TimeZone: TIME_ZONE_INFORMATION,
453 BootTime: LARGE_INTEGER,
454 PrefFreq: LARGE_INTEGER,
455 StartTime: LARGE_INTEGER,
456 ReservedFlags: ULONG,
457 BuffersLost: ULONG,
458}}
459pub type PTRACE_LOGFILE_HEADER64 = *mut TRACE_LOGFILE_HEADER64;
460STRUCT!{struct EVENT_INSTANCE_INFO {
461 RegHandle: HANDLE,
462 InstanceId: ULONG,
463}}
464pub type PEVENT_INSTANCE_INFO = *mut EVENT_INSTANCE_INFO;
465UNION!{union EVENT_TRACE_PROPERTIES_u {
466 [u32; 1],
467 AgeLimit AgeLimit_mut: LONG,
468 FlushThreshold FlushThreshold_mut: LONG,
469}}
470STRUCT!{struct EVENT_TRACE_PROPERTIES {
471 Wnode: WNODE_HEADER,
472 BufferSize: ULONG,
473 MinimumBuffers: ULONG,
474 MaximumBuffers: ULONG,
475 MaximumFileSize: ULONG,
476 LogFileMode: ULONG,
477 FlushTimer: ULONG,
478 EnableFlags: ULONG,
479 u: EVENT_TRACE_PROPERTIES_u,
480 NumberOfBuffers: ULONG,
481 FreeBuffers: ULONG,
482 EventsLost: ULONG,
483 BuffersWritten: ULONG,
484 LogBuffersLost: ULONG,
485 RealTimeBuffersLost: ULONG,
486 LoggerThreadId: HANDLE,
487 LogFileNameOffset: ULONG,
488 LoggerNameOffset: ULONG,
489}}
490pub type PEVENT_TRACE_PROPERTIES = *mut EVENT_TRACE_PROPERTIES;
491UNION!{union EVENT_TRACE_PROPERTIES_V2_u1 {
492 [u32; 1],
493 AgeLimit AgeLimit_mut: LONG,
494 FlushThreshold FlushThreshold_mut: LONG,
495}}
496STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u2_s {
497 bitfield: ULONG,
498}}
499BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u2_s bitfield: ULONG [
500 VersionNumber set_VersionNumber[0..8],
501]}
502UNION!{union EVENT_TRACE_PROPERTIES_V2_u2 {
503 [u32; 1],
504 s s_mut: EVENT_TRACE_PROPERTIES_V2_u2_s,
505 V2Control V2Control_mut: ULONG,
506}}
507STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u3_s {
508 bitfield: ULONG,
509}}
510BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u3_s bitfield: ULONG [
511 Wow set_Wow[0..1],
512]}
513UNION!{union EVENT_TRACE_PROPERTIES_V2_u3 {
514 [u64; 1],
515 s s_mut: EVENT_TRACE_PROPERTIES_V2_u3_s,
516 V2Options V2Options_mut: ULONG64,
517}}
518STRUCT!{struct EVENT_TRACE_PROPERTIES_V2 {
519 Wnode: WNODE_HEADER,
520 BufferSize: ULONG,
521 MinimumBuffers: ULONG,
522 MaximumBuffers: ULONG,
523 MaximumFileSize: ULONG,
524 LogFileMode: ULONG,
525 FlushTimer: ULONG,
526 EnableFlags: ULONG,
527 u1: EVENT_TRACE_PROPERTIES_u,
528 NumberOfBuffers: ULONG,
529 FreeBuffers: ULONG,
530 EventsLost: ULONG,
531 BuffersWritten: ULONG,
532 LogBuffersLost: ULONG,
533 RealTimeBuffersLost: ULONG,
534 LoggerThreadId: HANDLE,
535 LogFileNameOffset: ULONG,
536 LoggerNameOffset: ULONG,
537 u2: EVENT_TRACE_PROPERTIES_V2_u2,
538 FilterDescCount: ULONG,
539 FilterDesc: PEVENT_FILTER_DESCRIPTOR,
540 u3: EVENT_TRACE_PROPERTIES_V2_u3,
541}}
542pub type PEVENT_TRACE_PROPERTIES_V2 = *mut EVENT_TRACE_PROPERTIES_V2;
543STRUCT!{struct TRACE_GUID_REGISTRATION {
544 Guid: LPCGUID,
545 RegHandle: HANDLE,
546}}
547pub type PTRACE_GUID_REGISTRATION = *mut TRACE_GUID_REGISTRATION;
548STRUCT!{struct TRACE_GUID_PROPERTIES {
549 Guid: GUID,
550 GuidType: ULONG,
551 LoggerId: ULONG,
552 EnableLevel: ULONG,
553 EnableFlags: ULONG,
554 IsEnable: BOOLEAN,
555}}
556pub type PTRACE_GUID_PROPERTIES = *mut TRACE_GUID_PROPERTIES;
557STRUCT!{struct ETW_BUFFER_CONTEXT_u_s {
558 ProcessorNumber: UCHAR,
559 Alignment: UCHAR,
560}}
561UNION!{union ETW_BUFFER_CONTEXT_u {
562 [u16; 1],
563 s s_mut: ETW_BUFFER_CONTEXT_u_s,
564 ProcessorIndex ProcessorIndex_mut: USHORT,
565}}
566STRUCT!{struct ETW_BUFFER_CONTEXT {
567 u: ETW_BUFFER_CONTEXT_u,
568 LoggerId: USHORT,
569}}
570pub type PETW_BUFFER_CONTEXT = *mut ETW_BUFFER_CONTEXT;
571pub const TRACE_PROVIDER_FLAG_LEGACY: ULONG = 0x00000001;
572pub const TRACE_PROVIDER_FLAG_PRE_ENABLE: ULONG = 0x00000002;
573STRUCT!{struct TRACE_ENABLE_INFO {
574 IsEnabled: ULONG,
575 Level: UCHAR,
576 Reserved1: UCHAR,
577 LoggerId: USHORT,
578 EnabledProperty: ULONG,
579 Reserved2: ULONG,
580 MatchAnyKeyword: ULONGLONG,
581 MatchAllKeyword: ULONGLONG,
582}}
583pub type PTRACE_ENABLE_INFO = *mut TRACE_ENABLE_INFO;
584STRUCT!{struct TRACE_PROVIDER_INSTANCE_INFO {
585 NameOffset: ULONG,
586 EnableCount: ULONG,
587 Pid: ULONG,
588 Flags: ULONG,
589}}
590pub type PTRACE_PROVIDER_INSTANCE_INFO = *mut TRACE_PROVIDER_INSTANCE_INFO;
591STRUCT!{struct TRACE_GUID_INFO {
592 InstanceCount: ULONG,
593 Reserved: ULONG,
594}}
595pub type PTRACE_GUID_INFO = *mut TRACE_GUID_INFO;
596STRUCT!{struct PROFILE_SOURCE_INFO {
597 NextEntryOffset: ULONG,
598 Source: ULONG,
599 MinInterval: ULONG,
600 MaxInterval: ULONG,
601 Reserved: ULONG64,
602 Description: [WCHAR; ANYSIZE_ARRAY],
603}}
604pub type PPROFILE_SOURCE_INFO = *mut PROFILE_SOURCE_INFO;
605UNION!{union EVENT_TRACE_u {
606 [u32; 1],
607 ClientContext ClientContext_mut: ULONG,
608 BufferContext BufferContext_mut: ETW_BUFFER_CONTEXT,
609}}
610STRUCT!{struct EVENT_TRACE {
611 Header: EVENT_TRACE_HEADER,
612 InstanceId: ULONG,
613 ParentInstanceId: ULONG,
614 ParentGuid: GUID,
615 MofData: PVOID,
616 MofLength: ULONG,
617 u: EVENT_TRACE_u,
618}}
619pub type PEVENT_TRACE = *mut EVENT_TRACE;
620pub const EVENT_CONTROL_CODE_DISABLE_PROVIDER: ULONG = 0;
621pub const EVENT_CONTROL_CODE_ENABLE_PROVIDER: ULONG = 1;
622pub const EVENT_CONTROL_CODE_CAPTURE_STATE: ULONG = 2;
623FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKW(
624 PEVENT_TRACE_LOGFILEW,
625) -> ULONG}
626FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKA(
627 PEVENT_TRACE_LOGFILEA,
628) -> ULONG}
629FN!{stdcall PEVENT_CALLBACK(
630 pEvent: PEVENT_TRACE,
631) -> ()}
632FN!{stdcall PEVENT_RECORD_CALLBACK(
633 EventRecord: PEVENT_RECORD,
634) -> ()}
635FN!{stdcall WMIDPREQUEST(
636 RequestCode: WMIDPREQUESTCODE,
637 RequestContext: PVOID,
638 BufferSize: *mut ULONG,
639 Buffer: PVOID,
640) -> ULONG}
641UNION!{union EVENT_TRACE_LOGFILE_u1 {
642 [u32; 1],
643 LogFileMode LogFileMode_mut: ULONG,
644 ProcessTraceMode ProcessTraceMode_mut: ULONG,
645}}
646UNION!{union EVENT_TRACE_LOGFILE_u2 {
647 [u32; 1] [u64; 1],
648 EventCallback EventCallback_mut: PEVENT_CALLBACK,
649 EventRecordCallback EventRecordCallback_mut: PEVENT_RECORD_CALLBACK,
650}}
651STRUCT!{struct EVENT_TRACE_LOGFILEW {
652 LogFileName: LPWSTR,
653 LoggerName: LPWSTR,
654 CurrentTime: LONGLONG,
655 BuffersRead: ULONG,
656 u1: EVENT_TRACE_LOGFILE_u1,
657 CurrentEvent: EVENT_TRACE,
658 LogfileHeader: TRACE_LOGFILE_HEADER,
659 BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKW,
660 BufferSize: ULONG,
661 Filled: ULONG,
662 EventsLost: ULONG,
663 u2: EVENT_TRACE_LOGFILE_u2,
664 IsKernelTrace: ULONG,
665 Context: PVOID,
666}}
667pub type PEVENT_TRACE_LOGFILEW = *mut EVENT_TRACE_LOGFILEW;
668STRUCT!{struct EVENT_TRACE_LOGFILEA {
669 LogFileName: LPSTR,
670 LoggerName: LPSTR,
671 CurrentTime: LONGLONG,
672 BuffersRead: ULONG,
673 u1: EVENT_TRACE_LOGFILE_u1,
674 CurrentEvent: EVENT_TRACE,
675 LogfileHeader: TRACE_LOGFILE_HEADER,
676 BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKA,
677 BufferSize: ULONG,
678 Filled: ULONG,
679 EventsLost: ULONG,
680 u2: EVENT_TRACE_LOGFILE_u2,
681 IsKernelTrace: ULONG,
682 Context: PVOID,
683}}
684pub type PEVENT_TRACE_LOGFILEA = *mut EVENT_TRACE_LOGFILEA;
685extern "system" {
686 pub fn StartTraceW(
687 SessionHandle: PTRACEHANDLE,
688 SessionName: LPCWSTR,
689 Properties: PEVENT_TRACE_PROPERTIES,
690 ) -> ULONG;
691 pub fn StartTraceA(
692 SessionHandle: PTRACEHANDLE,
693 SessionName: LPCSTR,
694 Properties: PEVENT_TRACE_PROPERTIES,
695 ) -> ULONG;
696 pub fn StopTraceW(
697 SessionHandle: TRACEHANDLE,
698 SessionName: LPCWSTR,
699 Properties: PEVENT_TRACE_PROPERTIES,
700 ) -> ULONG;
701 pub fn StopTraceA(
702 SessionHandle: TRACEHANDLE,
703 SessionName: LPCSTR,
704 Properties: PEVENT_TRACE_PROPERTIES,
705 ) -> ULONG;
706 pub fn QueryTraceW(
707 SessionHandle: TRACEHANDLE,
708 SessionName: LPCWSTR,
709 Properties: PEVENT_TRACE_PROPERTIES,
710 ) -> ULONG;
711 pub fn QueryTraceA(
712 SessionHandle: TRACEHANDLE,
713 SessionName: LPCSTR,
714 Properties: PEVENT_TRACE_PROPERTIES,
715 ) -> ULONG;
716 pub fn UpdateTraceW(
717 SessionHandle: TRACEHANDLE,
718 SessionName: LPCWSTR,
719 Properties: PEVENT_TRACE_PROPERTIES,
720 ) -> ULONG;
721 pub fn UpdateTraceA(
722 SessionHandle: TRACEHANDLE,
723 SessionName: LPCSTR,
724 Properties: PEVENT_TRACE_PROPERTIES,
725 ) -> ULONG;
726 pub fn FlushTraceW(
727 SessionHandle: TRACEHANDLE,
728 SessionName: LPCWSTR,
729 Properties: PEVENT_TRACE_PROPERTIES,
730 ) -> ULONG;
731 pub fn FlushTraceA(
732 SessionHandle: TRACEHANDLE,
733 SessionName: LPCSTR,
734 Properties: PEVENT_TRACE_PROPERTIES,
735 ) -> ULONG;
736 pub fn ControlTraceW(
737 SessionHandle: TRACEHANDLE,
738 SessionName: LPCWSTR,
739 Properties: PEVENT_TRACE_PROPERTIES,
740 ControlCode: ULONG,
741 ) -> ULONG;
742 pub fn ControlTraceA(
743 SessionHandle: TRACEHANDLE,
744 SessionName: LPCSTR,
745 Properties: PEVENT_TRACE_PROPERTIES,
746 ControlCode: ULONG,
747 ) -> ULONG;
748 pub fn QueryAllTracesW(
749 PropertyArray: *mut PEVENT_TRACE_PROPERTIES,
750 PropertyArrayCount: ULONG,
751 SessionCount: PULONG,
752 ) -> ULONG;
753 pub fn QueryAllTracesA(
754 PropertyArray: *mut PEVENT_TRACE_PROPERTIES,
755 PropertyArrayCount: ULONG,
756 SessionCount: PULONG,
757 ) -> ULONG;
758 pub fn EnableTrace(
759 Enable: ULONG,
760 EnableFlag: ULONG,
761 EnableLevel: ULONG,
762 ControlGuid: LPCGUID,
763 SessionHandle: TRACEHANDLE,
764 ) -> ULONG;
765 pub fn EnableTraceEx(
766 ProviderId: LPCGUID,
767 SourceId: LPCGUID,
768 TraceHandle: TRACEHANDLE,
769 IsEnabled: ULONG,
770 Level: UCHAR,
771 MatchAnyKeyword: ULONGLONG,
772 MatchAllKeyword: ULONGLONG,
773 EnableProperty: ULONG,
774 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR,
775 ) -> ULONG;
776}
777pub const ENABLE_TRACE_PARAMETERS_VERSION: ULONG = 1;
778pub const ENABLE_TRACE_PARAMETERS_VERSION_2: ULONG = 2;
779STRUCT!{struct ENABLE_TRACE_PARAMETERS_V1 {
780 Version: ULONG,
781 EnableProperty: ULONG,
782 ControlFlags: ULONG,
783 SourceId: GUID,
784 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR,
785}}
786pub type PENABLE_TRACE_PARAMETERS_V1 = *mut ENABLE_TRACE_PARAMETERS_V1;
787STRUCT!{struct ENABLE_TRACE_PARAMETERS {
788 Version: ULONG,
789 EnableProperty: ULONG,
790 ControlFlags: ULONG,
791 SourceId: GUID,
792 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR,
793 FilterDescCount: ULONG,
794}}
795pub type PENABLE_TRACE_PARAMETERS = *mut ENABLE_TRACE_PARAMETERS;
796extern "system" {
797 pub fn EnableTraceEx2(
798 TraceHandle: TRACEHANDLE,
799 ProviderId: LPCGUID,
800 ControlCode: ULONG,
801 Level: UCHAR,
802 MatchAnyKeyword: ULONGLONG,
803 MatchAllKeyword: ULONGLONG,
804 Timeout: ULONG,
805 EnableParameters: PENABLE_TRACE_PARAMETERS,
806 ) -> ULONG;
807}
808ENUM!{enum TRACE_QUERY_INFO_CLASS {
809 TraceGuidQueryList,
810 TraceGuidQueryInfo,
811 TraceGuidQueryProcess,
812 TraceStackTracingInfo,
813 TraceSystemTraceEnableFlagsInfo,
814 TraceSampledProfileIntervalInfo,
815 TraceProfileSourceConfigInfo,
816 TraceProfileSourceListInfo,
817 TracePmcEventListInfo,
818 TracePmcCounterListInfo,
819 TraceSetDisallowList,
820 TraceVersionInfo,
821 TraceGroupQueryList,
822 TraceGroupQueryInfo,
823 TraceDisallowListQuery,
824 TraceCompressionInfo,
825 TracePeriodicCaptureStateListInfo,
826 TracePeriodicCaptureStateInfo,
827 TraceProviderBinaryTracking,
828 TraceMaxLoggersQuery,
829 MaxTraceSetInfoClass,
830}}
831pub type TRACE_INFO_CLASS = TRACE_QUERY_INFO_CLASS;
832extern "system" {
833 pub fn EnumerateTraceGuidsEx(
834 TraceQueryInfoClass: TRACE_QUERY_INFO_CLASS,
835 InBuffer: PVOID,
836 InBufferSize: ULONG,
837 OutBuffer: PVOID,
838 OutBufferSize: ULONG,
839 ReturnLength: PULONG,
840 ) -> ULONG;
841}
842STRUCT!{struct CLASSIC_EVENT_ID {
843 EventGuid: GUID,
844 Type: UCHAR,
845 Reserved: [UCHAR; 7],
846}}
847pub type PCLASSIC_EVENT_ID = *mut CLASSIC_EVENT_ID;
848STRUCT!{struct TRACE_PROFILE_INTERVAL {
849 Source: ULONG,
850 Interval: ULONG,
851}}
852pub type PTRACE_PROFILE_INTERVAL = *mut TRACE_PROFILE_INTERVAL;
853STRUCT!{struct TRACE_VERSION_INFO {
854 EtwTraceProcessingVersion: UINT,
855 Reserved: UINT,
856}}
857pub type PTRACE_VERSION_INFO = *mut TRACE_VERSION_INFO;
858STRUCT!{struct TRACE_PERIODIC_CAPTURE_STATE_INFO {
859 CaptureStateFrequencyInSeconds: ULONG,
860 ProviderCount: USHORT,
861 Reserved: USHORT,
862}}
863pub type PTRACE_PERIODIC_CAPTURE_STATE_INFO = *mut TRACE_PERIODIC_CAPTURE_STATE_INFO;
864extern "system" {
865 pub fn TraceSetInformation(
866 SessionHandle: TRACEHANDLE,
867 InformationClass: TRACE_INFO_CLASS,
868 TraceInformation: PVOID,
869 InformationLength: ULONG,
870 ) -> ULONG;
871 pub fn TraceQueryInformation(
872 SessionHandle: TRACEHANDLE,
873 InformationClass: TRACE_QUERY_INFO_CLASS,
874 TraceInformation: PVOID,
875 InformationLength: ULONG,
876 ReturnLength: PULONG,
877 ) -> ULONG;
878 pub fn CreateTraceInstanceId(
879 RegHandle: HANDLE,
880 pInstInfo: PEVENT_INSTANCE_INFO,
881 ) -> ULONG;
882 pub fn TraceEvent(
883 SessionHandle: TRACEHANDLE,
884 EventTrace: PEVENT_TRACE_HEADER,
885 ) -> ULONG;
886 pub fn TraceEventInstance(
887 SessionHandle: TRACEHANDLE,
888 EventTrace: PEVENT_TRACE_HEADER,
889 pInstInfo: PEVENT_INSTANCE_INFO,
890 pParentInstInfo: PEVENT_INSTANCE_INFO,
891 ) -> ULONG;
892 pub fn RegisterTraceGuidsW(
893 RequestAddress: WMIDPREQUEST,
894 RequestContext: PVOID,
895 ControlGuid: LPCGUID,
896 GuidCount: ULONG,
897 TraceGuidReg: PTRACE_GUID_REGISTRATION,
898 MofImagePath: LPCWSTR,
899 MofResourceName: LPCWSTR,
900 RegistrationHandle: PTRACEHANDLE,
901 ) -> ULONG;
902 pub fn RegisterTraceGuidsA(
903 RequestAddress: WMIDPREQUEST,
904 RequestContext: PVOID,
905 ControlGuid: LPCGUID,
906 GuidCount: ULONG,
907 TraceGuidReg: PTRACE_GUID_REGISTRATION,
908 MofImagePath: LPCSTR,
909 MofResourceName: LPCSTR,
910 RegistrationHandle: PTRACEHANDLE,
911 ) -> ULONG;
912 pub fn EnumerateTraceGuids(
913 GuidPropertiesArray: *mut PTRACE_GUID_PROPERTIES,
914 PropertyArrayCount: ULONG,
915 GuidCount: PULONG,
916 ) -> ULONG;
917 pub fn UnregisterTraceGuids(
918 RegistrationHandle: TRACEHANDLE,
919 ) -> ULONG;
920 pub fn GetTraceLoggerHandle(
921 Buffer: PVOID,
922 ) -> TRACEHANDLE;
923 pub fn GetTraceEnableLevel(
924 SessionHandle: TRACEHANDLE,
925 ) -> UCHAR;
926 pub fn GetTraceEnableFlags(
927 SessionHandle: TRACEHANDLE,
928 ) -> ULONG;
929 pub fn OpenTraceW(
930 Logfile: PEVENT_TRACE_LOGFILEW,
931 ) -> TRACEHANDLE;
932 pub fn ProcessTrace(
933 HandleArray: PTRACEHANDLE,
934 HandleCount: ULONG,
935 StartTime: LPFILETIME,
936 EndTime: LPFILETIME,
937 ) -> ULONG;
938 pub fn CloseTrace(
939 TraceHandle: TRACEHANDLE,
940 ) -> ULONG;
941}
942ENUM!{enum ETW_PROCESS_HANDLE_INFO_TYPE {
943 EtwQueryPartitionInformation = 1,
944 EtwQueryProcessHandleInfoMax,
945}}
946STRUCT!{struct ETW_TRACE_PARTITION_INFORMATION {
947 PartitionId: GUID,
948 ParentId: GUID,
949 Reserved: ULONG64,
950 PartitionType: ULONG,
951}}
952pub type PETW_TRACE_PARTITION_INFORMATION = *mut ETW_TRACE_PARTITION_INFORMATION;
953extern "system" {
954 pub fn QueryTraceProcessingHandle(
955 ProcessingHandle: TRACEHANDLE,
956 InformationClass: ETW_PROCESS_HANDLE_INFO_TYPE,
957 InBuffer: PVOID,
958 InBufferSize: ULONG,
959 OutBuffer: PVOID,
960 OutBufferSize: ULONG,
961 ReturnLength: PULONG,
962 ) -> ULONG;
963 pub fn OpenTraceA(
964 Logfile: PEVENT_TRACE_LOGFILEA,
965 ) -> TRACEHANDLE;
966 pub fn SetTraceCallback(
967 pGuid: LPCGUID,
968 EventCallback: PEVENT_CALLBACK,
969 ) -> ULONG;
970 pub fn RemoveTraceCallback(
971 pGuid: LPCGUID,
972 ) -> ULONG;
973}
974extern "C" {
975 pub fn TraceMessage(
976 SessionHandle: TRACEHANDLE,
977 MessageFlags: ULONG,
978 MessageGuid: LPGUID,
979 MessageNumber: USHORT,
980 ...
981 ) -> ULONG;
982 pub fn TraceMessageVa(
983 SessionHandle: TRACEHANDLE,
984 MessageFlags: ULONG,
985 MessageGuid: LPGUID,
986 MessageNumber: USHORT,
987 MessageArgList: va_list,
988 );
989}
990pub const INVALID_PROCESSTRACE_HANDLE: TRACEHANDLE = INVALID_HANDLE_VALUE as TRACEHANDLE;