winapi_ui_automation/um/
winevt.rs

1// Licensed under the Apache License, Version 2.0
2// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
3// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
4// All files in the project carrying such notice may not be copied, modified, or distributed
5// except according to those terms.
6//! Windows Events API
7use ctypes::{c_double, c_float};
8use shared::basetsd::{INT16, INT32, INT64, INT8, UINT16, UINT32, UINT64, UINT8};
9use shared::guiddef::GUID;
10use shared::minwindef::{BOOL, DWORD, FILETIME, PBYTE, PDWORD};
11use um::minwinbase::SYSTEMTIME;
12use um::winnt::{HANDLE, LCID, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR, PSID, PVOID, ULONGLONG};
13use vc::vcruntime::size_t;
14pub type EVT_HANDLE = HANDLE;
15pub type PEVT_HANDLE = *mut HANDLE;
16ENUM!{enum EVT_VARIANT_TYPE {
17    EvtVarTypeNull = 0,
18    EvtVarTypeString = 1,
19    EvtVarTypeAnsiString = 2,
20    EvtVarTypeSByte = 3,
21    EvtVarTypeByte = 4,
22    EvtVarTypeInt16 = 5,
23    EvtVarTypeUInt16 = 6,
24    EvtVarTypeInt32 = 7,
25    EvtVarTypeUInt32 = 8,
26    EvtVarTypeInt64 = 9,
27    EvtVarTypeUInt64 = 10,
28    EvtVarTypeSingle = 11,
29    EvtVarTypeDouble = 12,
30    EvtVarTypeBoolean = 13,
31    EvtVarTypeBinary = 14,
32    EvtVarTypeGuid = 15,
33    EvtVarTypeSizeT = 16,
34    EvtVarTypeFileTime = 17,
35    EvtVarTypeSysTime = 18,
36    EvtVarTypeSid = 19,
37    EvtVarTypeHexInt32 = 20,
38    EvtVarTypeHexInt64 = 21,
39    EvtVarTypeEvtHandle = 32,
40    EvtVarTypeEvtXml = 35,
41}}
42pub const EVT_VARIANT_TYPE_MASK: DWORD = 0x7f;
43pub const EVT_VARIANT_TYPE_ARRAY: DWORD = 128;
44UNION!{union EVT_VARIANT_u {
45    [u64; 1],
46    BooleanVal BooleanVal_mut: BOOL,
47    SByteVal SByteVal_mut: INT8,
48    Int16Val Int16Val_mut: INT16,
49    Int32Val Int32Val_mut: INT32,
50    Int64Val Int64Val_mut: INT64,
51    ByteVal ByteVal_mut: UINT8,
52    UInt16Val UInt16Val_mut: UINT16,
53    UInt32Val UInt32Val_mut: UINT32,
54    UInt64Val UInt64Val_mut: UINT64,
55    SingleVal SingleVal_mut: c_float,
56    DoubleVal DoubleVal_mut: c_double,
57    FileTimeVal FileTimeVal_mut: ULONGLONG,
58    SysTimeVal SysTimeVal_mut: *mut SYSTEMTIME,
59    GuidVal GuidVal_mut: *mut GUID,
60    StringVal StringVal_mut: LPCWSTR,
61    AnsiStringVal AnsiStringVal_mut: LPCSTR,
62    BinaryVal BinaryVal_mut: PBYTE,
63    SidVal SidVal_mut: PSID,
64    SizeTVal SizeTVal_mut: size_t,
65    BooleanArr BooleanArr_mut: *mut BOOL,
66    SByteArr SByteArr_mut: *mut INT8,
67    Int16Arr Int16Arr_mut: *mut INT16,
68    Int32Arr Int32Arr_mut: *mut INT32,
69    Int64Arr Int64Arr_mut: *mut INT64,
70    ByteArr ByteArr_mut: *mut UINT8,
71    UInt16Arr UInt16Arr_mut: *mut UINT16,
72    UInt32Arr UInt32Arr_mut: *mut UINT32,
73    UInt64Arr UInt64Arr_mut: *mut UINT64,
74    SingleArr SingleArr_mut: *mut c_float,
75    DoubleArr DoubleArr_mut: *mut c_double,
76    FileTimeArr FileTimeArr_mut: *mut FILETIME,
77    SysTimeArr SysTimeArr_mut: *mut SYSTEMTIME,
78    GuidArr GuidArr_mut: *mut GUID,
79    StringArr StringArr_mut: *mut LPWSTR,
80    AnsiStringArr AnsiStringArr_mut: *mut LPSTR,
81    SidArr SidArr_mut: *mut PSID,
82    SizeTArr SizeTArr_mut: *mut size_t,
83    EvtHandleVal EvtHandleVal_mut: EVT_HANDLE,
84    XmlVal XmlVal_mut: LPCWSTR,
85    XmlValArr XmlValArr_mut: *mut LPCWSTR,
86}}
87STRUCT!{struct EVT_VARIANT {
88    u: EVT_VARIANT_u,
89    Count: DWORD,
90    Type: DWORD,
91}}
92pub type PEVT_VARIANT = *mut EVT_VARIANT;
93ENUM!{enum EVT_LOGIN_CLASS {
94    EvtRpcLogin = 1,
95}}
96ENUM!{enum EVT_RPC_LOGIN_FLAGS {
97    EvtRpcLoginAuthDefault = 0,
98    EvtRpcLoginAuthNegotiate,
99    EvtRpcLoginAuthKerberos,
100    EvtRpcLoginAuthNTLM,
101}}
102STRUCT!{struct EVT_RPC_LOGIN {
103    Server: LPWSTR,
104    User: LPWSTR,
105    Domain: LPWSTR,
106    Password: LPWSTR,
107    Flags: DWORD,
108}}
109extern "system" {
110    pub fn EvtOpenSession(
111        LoginClass: EVT_LOGIN_CLASS,
112        Login: PVOID,
113        Timeout: DWORD,
114        Flags: DWORD,
115    ) -> EVT_HANDLE;
116    pub fn EvtClose(
117        Object: EVT_HANDLE,
118    ) -> BOOL;
119    pub fn EvtCancel(
120        Object: EVT_HANDLE,
121    ) -> BOOL;
122    pub fn EvtGetExtendedStatus(
123        BufferSize: DWORD,
124        Buffer: LPWSTR,
125        BufferUsed: PDWORD,
126    ) -> DWORD;
127}
128ENUM!{enum EVT_QUERY_FLAGS {
129    EvtQueryChannelPath = 0x1,
130    EvtQueryFilePath = 0x2,
131    EvtQueryForwardDirection = 0x100,
132    EvtQueryReverseDirection = 0x200,
133    EvtQueryTolerateQueryErrors = 0x1000,
134}}
135ENUM!{enum EVT_SEEK_FLAGS {
136    EvtSeekRelativeToFirst = 1,
137    EvtSeekRelativeToLast = 2,
138    EvtSeekRelativeToCurrent = 3,
139    EvtSeekRelativeToBookmark = 4,
140    EvtSeekOriginMask = 7,
141    EvtSeekStrict = 0x10000,
142}}
143extern "system" {
144    pub fn EvtQuery(
145        Session: EVT_HANDLE,
146        Path: LPCWSTR,
147        Query: LPCWSTR,
148        Flags: DWORD,
149    ) -> EVT_HANDLE;
150    pub fn EvtNext(
151        ResultSet: EVT_HANDLE,
152        EventsSize: DWORD,
153        Events: PEVT_HANDLE,
154        Timeout: DWORD,
155        Flags: DWORD,
156        Returned: PDWORD,
157    ) -> BOOL;
158    pub fn EvtSeek(
159        ResultSet: EVT_HANDLE,
160        Position: LONGLONG,
161        Bookmark: EVT_HANDLE,
162        Timeout: DWORD,
163        Flags: DWORD,
164    ) -> BOOL;
165}
166ENUM!{enum EVT_SUBSCRIBE_FLAGS {
167    EvtSubscribeToFutureEvents = 1,
168    EvtSubscribeStartAtOldestRecord = 2,
169    EvtSubscribeStartAfterBookmark = 3,
170    EvtSubscribeOriginMask = 3,
171    EvtSubscribeTolerateQueryErrors = 0x1000,
172    EvtSubscribeStrict = 0x10000,
173}}
174ENUM!{enum EVT_SUBSCRIBE_NOTIFY_ACTION {
175    EvtSubscribeActionError = 0,
176    EvtSubscribeActionDeliver,
177}}
178FN!{stdcall EVT_SUBSCRIBE_CALLBACK(
179    Action: EVT_SUBSCRIBE_NOTIFY_ACTION,
180    UserContext: PVOID,
181    Event: EVT_HANDLE,
182) -> DWORD}
183extern "system" {
184    pub fn EvtSubscribe(
185        Session: EVT_HANDLE,
186        SignalEvent: HANDLE,
187        ChannelPath: LPCWSTR,
188        Query: LPCWSTR,
189        Bookmark: EVT_HANDLE,
190        Context: PVOID,
191        Callback: EVT_SUBSCRIBE_CALLBACK,
192        Flags: DWORD,
193    ) -> EVT_HANDLE;
194}
195ENUM!{enum EVT_SYSTEM_PROPERTY_ID {
196    EvtSystemProviderName = 0,
197    EvtSystemProviderGuid,
198    EvtSystemEventID,
199    EvtSystemQualifiers,
200    EvtSystemLevel,
201    EvtSystemTask,
202    EvtSystemOpcode,
203    EvtSystemKeywords,
204    EvtSystemTimeCreated,
205    EvtSystemEventRecordId,
206    EvtSystemActivityID,
207    EvtSystemRelatedActivityID,
208    EvtSystemProcessID,
209    EvtSystemThreadID,
210    EvtSystemChannel,
211    EvtSystemComputer,
212    EvtSystemUserID,
213    EvtSystemVersion,
214    EvtSystemPropertyIdEND,
215}}
216ENUM!{enum EVT_RENDER_CONTEXT_FLAGS {
217    EvtRenderContextValues = 0,
218    EvtRenderContextSystem,
219    EvtRenderContextUser,
220}}
221ENUM!{enum EVT_RENDER_FLAGS {
222    EvtRenderEventValues = 0,
223    EvtRenderEventXml,
224    EvtRenderBookmark,
225}}
226extern "system" {
227    pub fn EvtCreateRenderContext(
228        ValuePathsCount: DWORD,
229        ValuePaths: *mut LPCWSTR,
230        Flags: DWORD,
231    ) -> EVT_HANDLE;
232    pub fn EvtRender(
233        Context: EVT_HANDLE,
234        Fragment: EVT_HANDLE,
235        Flags: DWORD,
236        BufferSize: DWORD,
237        Buffer: PVOID,
238        BufferUsed: PDWORD,
239        PropertyCount: PDWORD,
240    ) -> BOOL;
241}
242ENUM!{enum EVT_FORMAT_MESSAGE_FLAGS {
243    EvtFormatMessageEvent = 1,
244    EvtFormatMessageLevel,
245    EvtFormatMessageTask,
246    EvtFormatMessageOpcode,
247    EvtFormatMessageKeyword,
248    EvtFormatMessageChannel,
249    EvtFormatMessageProvider,
250    EvtFormatMessageId,
251    EvtFormatMessageXml,
252}}
253extern "system" {
254    pub fn EvtFormatMessage(
255        PublisherMetadata: EVT_HANDLE,
256        Event: EVT_HANDLE,
257        MessageId: DWORD,
258        ValueCount: DWORD,
259        Values: PEVT_VARIANT,
260        Flags: DWORD,
261        BufferSize: DWORD,
262        Buffer: LPWSTR,
263        BufferUsed: PDWORD,
264    ) -> BOOL;
265}
266ENUM!{enum EVT_OPEN_LOG_FLAGS {
267    EvtOpenChannelPath = 0x1,
268    EvtOpenFilePath = 0x2,
269}}
270ENUM!{enum EVT_LOG_PROPERTY_ID {
271    EvtLogCreationTime = 0,
272    EvtLogLastAccessTime,
273    EvtLogLastWriteTime,
274    EvtLogFileSize,
275    EvtLogAttributes,
276    EvtLogNumberOfLogRecords,
277    EvtLogOldestRecordNumber,
278    EvtLogFull,
279}}
280extern "system" {
281    pub fn EvtOpenLog(
282        Session: EVT_HANDLE,
283        Path: LPCWSTR,
284        Flags: DWORD,
285    ) -> EVT_HANDLE;
286    pub fn EvtGetLogInfo(
287        Log: EVT_HANDLE,
288        PropertyId: EVT_LOG_PROPERTY_ID,
289        PropertyValueBufferSize: DWORD,
290        PropertyValueBuffer: PEVT_VARIANT,
291        PropertyValueBufferUsed: PDWORD,
292    ) -> BOOL;
293    pub fn EvtClearLog(
294        Session: EVT_HANDLE,
295        ChannelPath: LPCWSTR,
296        TargetFilePath: LPCWSTR,
297        Flags: DWORD,
298    ) -> BOOL;
299}
300ENUM!{enum EVT_EXPORTLOG_FLAGS {
301    EvtExportLogChannelPath = 0x1,
302    EvtExportLogFilePath = 0x2,
303    EvtExportLogTolerateQueryErrors = 0x1000,
304    EvtExportLogOverwrite = 0x2000,
305}}
306extern "system" {
307    pub fn EvtExportLog(
308        Session: EVT_HANDLE,
309        Path: LPCWSTR,
310        Query: LPCWSTR,
311        TargetFilePath: LPCWSTR,
312        Flags: DWORD,
313    ) -> BOOL;
314    pub fn EvtArchiveExportedLog(
315        Session: EVT_HANDLE,
316        LogFilePath: LPCWSTR,
317        Locale: LCID,
318        Flags: DWORD,
319    ) -> BOOL;
320}
321ENUM!{enum EVT_CHANNEL_CONFIG_PROPERTY_ID {
322    EvtChannelConfigEnabled = 0,
323    EvtChannelConfigIsolation,
324    EvtChannelConfigType,
325    EvtChannelConfigOwningPublisher,
326    EvtChannelConfigClassicEventlog,
327    EvtChannelConfigAccess,
328    EvtChannelLoggingConfigRetention,
329    EvtChannelLoggingConfigAutoBackup,
330    EvtChannelLoggingConfigMaxSize,
331    EvtChannelLoggingConfigLogFilePath,
332    EvtChannelPublishingConfigLevel,
333    EvtChannelPublishingConfigKeywords,
334    EvtChannelPublishingConfigControlGuid,
335    EvtChannelPublishingConfigBufferSize,
336    EvtChannelPublishingConfigMinBuffers,
337    EvtChannelPublishingConfigMaxBuffers,
338    EvtChannelPublishingConfigLatency,
339    EvtChannelPublishingConfigClockType,
340    EvtChannelPublishingConfigSidType,
341    EvtChannelPublisherList,
342    EvtChannelPublishingConfigFileMax,
343    EvtChannelConfigPropertyIdEND,
344}}
345ENUM!{enum EVT_CHANNEL_TYPE {
346    EvtChannelTypeAdmin = 0,
347    EvtChannelTypeOperational,
348    EvtChannelTypeAnalytic,
349    EvtChannelTypeDebug,
350}}
351ENUM!{enum EVT_CHANNEL_ISOLATION_TYPE {
352    EvtChannelIsolationTypeApplication = 0,
353    EvtChannelIsolationTypeSystem,
354    EvtChannelIsolationTypeCustom,
355}}
356ENUM!{enum EVT_CHANNEL_CLOCK_TYPE {
357    EvtChannelClockTypeSystemTime = 0,
358    EvtChannelClockTypeQPC,
359}}
360ENUM!{enum EVT_CHANNEL_SID_TYPE {
361    EvtChannelSidTypeNone = 0,
362    EvtChannelSidTypePublishing,
363}}
364extern "system" {
365    pub fn EvtOpenChannelEnum(
366        Session: EVT_HANDLE,
367        Flags: DWORD,
368    ) -> EVT_HANDLE;
369    pub fn EvtNextChannelPath(
370        ChannelEnum: EVT_HANDLE,
371        ChannelPathBufferSize: DWORD,
372        ChannelPathBuffer: LPWSTR,
373        ChannelPathBufferUsed: PDWORD,
374    ) -> BOOL;
375    pub fn EvtOpenChannelConfig(
376        Session: EVT_HANDLE,
377        ChannelPath: LPCWSTR,
378        Flags: DWORD,
379    ) -> EVT_HANDLE;
380    pub fn EvtSaveChannelConfig(
381        ChannelConfig: EVT_HANDLE,
382        Flags: DWORD,
383    ) -> BOOL;
384    pub fn EvtSetChannelConfigProperty(
385        ChannelConfig: EVT_HANDLE,
386        PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID,
387        Flags: DWORD,
388        PropertyValue: PEVT_VARIANT,
389    ) -> BOOL;
390    pub fn EvtGetChannelConfigProperty(
391        ChannelConfig: EVT_HANDLE,
392        PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID,
393        Flags: DWORD,
394        PropertyValueBufferSize: DWORD,
395        PropertyValueBuffer: PEVT_VARIANT,
396        PropertyValueBufferUsed: PDWORD,
397    ) -> BOOL;
398}
399ENUM!{enum EVT_CHANNEL_REFERENCE_FLAGS {
400    EvtChannelReferenceImported = 0x1,
401}}
402ENUM!{enum EVT_PUBLISHER_METADATA_PROPERTY_ID {
403    EvtPublisherMetadataPublisherGuid = 0,
404    EvtPublisherMetadataResourceFilePath,
405    EvtPublisherMetadataParameterFilePath,
406    EvtPublisherMetadataMessageFilePath,
407    EvtPublisherMetadataHelpLink,
408    EvtPublisherMetadataPublisherMessageID,
409    EvtPublisherMetadataChannelReferences,
410    EvtPublisherMetadataChannelReferencePath,
411    EvtPublisherMetadataChannelReferenceIndex,
412    EvtPublisherMetadataChannelReferenceID,
413    EvtPublisherMetadataChannelReferenceFlags,
414    EvtPublisherMetadataChannelReferenceMessageID,
415    EvtPublisherMetadataLevels,
416    EvtPublisherMetadataLevelName,
417    EvtPublisherMetadataLevelValue,
418    EvtPublisherMetadataLevelMessageID,
419    EvtPublisherMetadataTasks,
420    EvtPublisherMetadataTaskName,
421    EvtPublisherMetadataTaskEventGuid,
422    EvtPublisherMetadataTaskValue,
423    EvtPublisherMetadataTaskMessageID,
424    EvtPublisherMetadataOpcodes,
425    EvtPublisherMetadataOpcodeName,
426    EvtPublisherMetadataOpcodeValue,
427    EvtPublisherMetadataOpcodeMessageID,
428    EvtPublisherMetadataKeywords,
429    EvtPublisherMetadataKeywordName,
430    EvtPublisherMetadataKeywordValue,
431    EvtPublisherMetadataKeywordMessageID,
432    EvtPublisherMetadataPropertyIdEND,
433}}
434extern "system" {
435    pub fn EvtOpenPublisherEnum(
436        Session: EVT_HANDLE,
437        Flags: DWORD,
438    ) -> EVT_HANDLE;
439    pub fn EvtNextPublisherId(
440        PublisherEnum: EVT_HANDLE,
441        PublisherIdBufferSize: DWORD,
442        PublisherIdBuffer: LPWSTR,
443        PublisherIdBufferUsed: PDWORD,
444    ) -> BOOL;
445    pub fn EvtOpenPublisherMetadata(
446        Session: EVT_HANDLE,
447        PublisherId: LPCWSTR,
448        LogFilePath: LPCWSTR,
449        Locale: LCID,
450        Flags: DWORD,
451    ) -> EVT_HANDLE;
452    pub fn EvtGetPublisherMetadataProperty(
453        PublisherMetadata: EVT_HANDLE,
454        PropertyId: EVT_PUBLISHER_METADATA_PROPERTY_ID,
455        Flags: DWORD,
456        PublisherMetadataPropertyBufferSize: DWORD,
457        PublisherMetadataPropertyBuffer: PEVT_VARIANT,
458        PublisherMetadataPropertyBufferUsed: PDWORD,
459    ) -> BOOL;
460}
461ENUM!{enum EVT_EVENT_METADATA_PROPERTY_ID {
462    EventMetadataEventID,
463    EventMetadataEventVersion,
464    EventMetadataEventChannel,
465    EventMetadataEventLevel,
466    EventMetadataEventOpcode,
467    EventMetadataEventTask,
468    EventMetadataEventKeyword,
469    EventMetadataEventMessageID,
470    EventMetadataEventTemplate,
471    EvtEventMetadataPropertyIdEND,
472}}
473extern "system" {
474    pub fn EvtOpenEventMetadataEnum(
475        PublisherMetadata: EVT_HANDLE,
476        Flags: DWORD,
477    ) -> EVT_HANDLE;
478    pub fn EvtNextEventMetadata(
479        EventMetadataEnum: EVT_HANDLE,
480        Flags: DWORD,
481    ) -> EVT_HANDLE;
482    pub fn EvtGetEventMetadataProperty(
483        EventMetadata: EVT_HANDLE,
484        PropertyId: EVT_EVENT_METADATA_PROPERTY_ID,
485        Flags: DWORD,
486        EventMetadataPropertyBufferSize: DWORD,
487        EventMetadataPropertyBuffer: PEVT_VARIANT,
488        EventMetadataPropertyBufferUsed: PDWORD,
489    ) -> BOOL;
490}
491pub type EVT_OBJECT_ARRAY_PROPERTY_HANDLE = HANDLE;
492extern "system" {
493    pub fn EvtGetObjectArraySize(
494        ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE,
495        ObjectArraySize: PDWORD,
496    ) -> BOOL;
497    pub fn EvtGetObjectArrayProperty(
498        ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE,
499        PropertyId: DWORD,
500        ArrayIndex: DWORD,
501        Flags: DWORD,
502        PropertyValueBufferSize: DWORD,
503        PropertyValueBuffer: PEVT_VARIANT,
504        PropertyValueBufferUsed: PDWORD,
505    ) -> BOOL;
506}
507ENUM!{enum EVT_QUERY_PROPERTY_ID {
508    EvtQueryNames,
509    EvtQueryStatuses,
510    EvtQueryPropertyIdEND,
511}}
512ENUM!{enum EVT_EVENT_PROPERTY_ID {
513    EvtEventQueryIDs = 0,
514    EvtEventPath,
515    EvtEventPropertyIdEND,
516}}
517extern "system" {
518    pub fn EvtGetQueryInfo(
519        QueryOrSubscription: EVT_HANDLE,
520        PropertyId: EVT_QUERY_PROPERTY_ID,
521        PropertyValueBufferSize: DWORD,
522        PropertyValueBuffer: PEVT_VARIANT,
523        PropertyValueBufferUsed: PDWORD,
524    ) -> BOOL;
525    pub fn EvtCreateBookmark(
526        BookmarkXml: LPCWSTR,
527    ) -> EVT_HANDLE;
528    pub fn EvtUpdateBookmark(
529        Bookmark: EVT_HANDLE,
530        Event: EVT_HANDLE,
531    ) -> BOOL;
532    pub fn EvtGetEventInfo(
533        Event: EVT_HANDLE,
534        PropertyId: EVT_EVENT_PROPERTY_ID,
535        PropertyValueBufferSize: DWORD,
536        PropertyValueBuffer: PEVT_VARIANT,
537        PropertyValueBufferUsed: PDWORD,
538    ) -> BOOL;
539}
540pub const EVT_READ_ACCESS: DWORD = 0x1;
541pub const EVT_WRITE_ACCESS: DWORD = 0x2;
542pub const EVT_CLEAR_ACCESS: DWORD = 0x4;
543pub const EVT_ALL_ACCESS: DWORD = 0x7;
winapi_ui_automation/um/winevt.rs

winapi_ui_automation/um/
winevt.rs
