summaryrefslogtreecommitdiffstats
path: root/third_party/rust/winapi/src/shared/evntrace.rs
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/rust/winapi/src/shared/evntrace.rs')
-rw-r--r--third_party/rust/winapi/src/shared/evntrace.rs990
1 files changed, 990 insertions, 0 deletions
diff --git a/third_party/rust/winapi/src/shared/evntrace.rs b/third_party/rust/winapi/src/shared/evntrace.rs
new file mode 100644
index 0000000000..23a93eec31
--- /dev/null
+++ b/third_party/rust/winapi/src/shared/evntrace.rs
@@ -0,0 +1,990 @@
+// Licensed under the Apache License, Version 2.0
+// <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
+// All files in the project carrying such notice may not be copied, modified, or distributed
+// except according to those terms.
+use shared::basetsd::{SIZE_T, ULONG32, ULONG64};
+use shared::evntprov::PEVENT_FILTER_DESCRIPTOR;
+use shared::guiddef::{GUID, LPCGUID, LPGUID};
+use shared::minwindef::{DWORD, LPFILETIME, PULONG, UCHAR, UINT, ULONG, USHORT};
+use shared::wmistr::{WMIDPREQUESTCODE, WNODE_HEADER};
+use um::evntcons::PEVENT_RECORD;
+use um::handleapi::INVALID_HANDLE_VALUE;
+use um::timezoneapi::TIME_ZONE_INFORMATION;
+use um::winnt::{
+ ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR,
+ PVOID, ULONGLONG, WCHAR
+};
+use vc::vadefs::va_list;
+DEFINE_GUID!{EventTraceGuid,
+ 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3}
+DEFINE_GUID!{SystemTraceControlGuid,
+ 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39}
+DEFINE_GUID!{EventTraceConfigGuid,
+ 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35}
+DEFINE_GUID!{DefaultTraceSecurityGuid,
+ 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13}
+DEFINE_GUID!{PrivateLoggerNotificationGuid,
+ 0x3595ab5c, 0x042a, 0x4c8e, 0xb9, 0x42, 0x2d, 0x05, 0x9b, 0xfe, 0xb1, 0xb1}
+pub const KERNEL_LOGGER_NAME: &'static str = "NT Kernel Logger";
+pub const GLOBAL_LOGGER_NAME: &'static str = "GlobalLogger";
+pub const EVENT_LOGGER_NAME: &'static str = "EventLog";
+pub const DIAG_LOGGER_NAME: &'static str = "DiagLog";
+pub const MAX_MOF_FIELDS: SIZE_T = 16;
+DECLARE_HANDLE!{TRACEHANDLE, __TRACEHANDLE}
+pub type PTRACEHANDLE = *mut TRACEHANDLE;
+pub const EVENT_TRACE_TYPE_INFO: DWORD = 0x00;
+pub const EVENT_TRACE_TYPE_START: DWORD = 0x01;
+pub const EVENT_TRACE_TYPE_END: DWORD = 0x02;
+pub const EVENT_TRACE_TYPE_STOP: DWORD = 0x02;
+pub const EVENT_TRACE_TYPE_DC_START: DWORD = 0x03;
+pub const EVENT_TRACE_TYPE_DC_END: DWORD = 0x04;
+pub const EVENT_TRACE_TYPE_EXTENSION: DWORD = 0x05;
+pub const EVENT_TRACE_TYPE_REPLY: DWORD = 0x06;
+pub const EVENT_TRACE_TYPE_DEQUEUE: DWORD = 0x07;
+pub const EVENT_TRACE_TYPE_RESUME: DWORD = 0x07;
+pub const EVENT_TRACE_TYPE_CHECKPOINT: DWORD = 0x08;
+pub const EVENT_TRACE_TYPE_SUSPEND: DWORD = 0x08;
+pub const EVENT_TRACE_TYPE_WINEVT_SEND: DWORD = 0x09;
+pub const EVENT_TRACE_TYPE_WINEVT_RECEIVE: DWORD = 0xF0;
+pub const TRACE_LEVEL_CRITICAL: UCHAR = 1;
+pub const TRACE_LEVEL_ERROR: UCHAR = 2;
+pub const TRACE_LEVEL_WARNING: UCHAR = 3;
+pub const TRACE_LEVEL_INFORMATION: UCHAR = 4;
+pub const TRACE_LEVEL_VERBOSE: UCHAR = 5;
+pub const TRACE_LEVEL_RESERVED6: UCHAR = 6;
+pub const TRACE_LEVEL_RESERVED7: UCHAR = 7;
+pub const TRACE_LEVEL_RESERVED8: UCHAR = 8;
+pub const TRACE_LEVEL_RESERVED9: UCHAR = 9;
+pub const EVENT_TRACE_TYPE_LOAD: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_TERMINATE: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_IO_READ: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_IO_WRITE: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_IO_READ_INIT: DWORD = 0x0C;
+pub const EVENT_TRACE_TYPE_IO_WRITE_INIT: DWORD = 0x0D;
+pub const EVENT_TRACE_TYPE_IO_FLUSH: DWORD = 0x0E;
+pub const EVENT_TRACE_TYPE_IO_FLUSH_INIT: DWORD = 0x0F;
+pub const EVENT_TRACE_TYPE_IO_REDIRECTED_INIT: DWORD = 0x10;
+pub const EVENT_TRACE_TYPE_MM_TF: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_MM_DZF: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_MM_COW: DWORD = 0x0C;
+pub const EVENT_TRACE_TYPE_MM_GPF: DWORD = 0x0D;
+pub const EVENT_TRACE_TYPE_MM_HPF: DWORD = 0x0E;
+pub const EVENT_TRACE_TYPE_MM_AV: DWORD = 0x0F;
+pub const EVENT_TRACE_TYPE_SEND: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_RECEIVE: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_CONNECT: DWORD = 0x0C;
+pub const EVENT_TRACE_TYPE_DISCONNECT: DWORD = 0x0D;
+pub const EVENT_TRACE_TYPE_RETRANSMIT: DWORD = 0x0E;
+pub const EVENT_TRACE_TYPE_ACCEPT: DWORD = 0x0F;
+pub const EVENT_TRACE_TYPE_RECONNECT: DWORD = 0x10;
+pub const EVENT_TRACE_TYPE_CONNFAIL: DWORD = 0x11;
+pub const EVENT_TRACE_TYPE_COPY_TCP: DWORD = 0x12;
+pub const EVENT_TRACE_TYPE_COPY_ARP: DWORD = 0x13;
+pub const EVENT_TRACE_TYPE_ACKFULL: DWORD = 0x14;
+pub const EVENT_TRACE_TYPE_ACKPART: DWORD = 0x15;
+pub const EVENT_TRACE_TYPE_ACKDUP: DWORD = 0x16;
+pub const EVENT_TRACE_TYPE_GUIDMAP: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_CONFIG: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_SIDINFO: DWORD = 0x0C;
+pub const EVENT_TRACE_TYPE_SECURITY: DWORD = 0x0D;
+pub const EVENT_TRACE_TYPE_DBGID_RSDS: DWORD = 0x40;
+pub const EVENT_TRACE_TYPE_REGCREATE: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_REGOPEN: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_REGDELETE: DWORD = 0x0C;
+pub const EVENT_TRACE_TYPE_REGQUERY: DWORD = 0x0D;
+pub const EVENT_TRACE_TYPE_REGSETVALUE: DWORD = 0x0E;
+pub const EVENT_TRACE_TYPE_REGDELETEVALUE: DWORD = 0x0F;
+pub const EVENT_TRACE_TYPE_REGQUERYVALUE: DWORD = 0x10;
+pub const EVENT_TRACE_TYPE_REGENUMERATEKEY: DWORD = 0x11;
+pub const EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY: DWORD = 0x12;
+pub const EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE: DWORD = 0x13;
+pub const EVENT_TRACE_TYPE_REGSETINFORMATION: DWORD = 0x14;
+pub const EVENT_TRACE_TYPE_REGFLUSH: DWORD = 0x15;
+pub const EVENT_TRACE_TYPE_REGKCBCREATE: DWORD = 0x16;
+pub const EVENT_TRACE_TYPE_REGKCBDELETE: DWORD = 0x17;
+pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN: DWORD = 0x18;
+pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNEND: DWORD = 0x19;
+pub const EVENT_TRACE_TYPE_REGVIRTUALIZE: DWORD = 0x1A;
+pub const EVENT_TRACE_TYPE_REGCLOSE: DWORD = 0x1B;
+pub const EVENT_TRACE_TYPE_REGSETSECURITY: DWORD = 0x1C;
+pub const EVENT_TRACE_TYPE_REGQUERYSECURITY: DWORD = 0x1D;
+pub const EVENT_TRACE_TYPE_REGCOMMIT: DWORD = 0x1E;
+pub const EVENT_TRACE_TYPE_REGPREPARE: DWORD = 0x1F;
+pub const EVENT_TRACE_TYPE_REGROLLBACK: DWORD = 0x20;
+pub const EVENT_TRACE_TYPE_REGMOUNTHIVE: DWORD = 0x21;
+pub const EVENT_TRACE_TYPE_CONFIG_CPU: DWORD = 0x0A;
+pub const EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK: DWORD = 0x0B;
+pub const EVENT_TRACE_TYPE_CONFIG_LOGICALDISK: DWORD = 0x0C;
+pub const EVENT_TRACE_TYPE_CONFIG_NIC: DWORD = 0x0D;
+pub const EVENT_TRACE_TYPE_CONFIG_VIDEO: DWORD = 0x0E;
+pub const EVENT_TRACE_TYPE_CONFIG_SERVICES: DWORD = 0x0F;
+pub const EVENT_TRACE_TYPE_CONFIG_POWER: DWORD = 0x10;
+pub const EVENT_TRACE_TYPE_CONFIG_NETINFO: DWORD = 0x11;
+pub const EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA: DWORD = 0x12;
+pub const EVENT_TRACE_TYPE_CONFIG_IRQ: DWORD = 0x15;
+pub const EVENT_TRACE_TYPE_CONFIG_PNP: DWORD = 0x16;
+pub const EVENT_TRACE_TYPE_CONFIG_IDECHANNEL: DWORD = 0x17;
+pub const EVENT_TRACE_TYPE_CONFIG_NUMANODE: DWORD = 0x18;
+pub const EVENT_TRACE_TYPE_CONFIG_PLATFORM: DWORD = 0x19;
+pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP: DWORD = 0x1A;
+pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER: DWORD = 0x1B;
+pub const EVENT_TRACE_TYPE_CONFIG_DPI: DWORD = 0x1C;
+pub const EVENT_TRACE_TYPE_CONFIG_CI_INFO: DWORD = 0x1D;
+pub const EVENT_TRACE_TYPE_CONFIG_MACHINEID: DWORD = 0x1E;
+pub const EVENT_TRACE_TYPE_CONFIG_DEFRAG: DWORD = 0x1F;
+pub const EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM: DWORD = 0x20;
+pub const EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY: DWORD = 0x21;
+pub const EVENT_TRACE_TYPE_CONFIG_FLIGHTID: DWORD = 0x22;
+pub const EVENT_TRACE_TYPE_CONFIG_PROCESSOR: DWORD = 0x23;
+pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ: DWORD = 0x37;
+pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE: DWORD = 0x38;
+pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH: DWORD = 0x39;
+pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT: DWORD = 0x3a;
+pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT: DWORD = 0x3b;
+pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT: DWORD = 0x3c;
+pub const EVENT_TRACE_TYPE_FLT_PREOP_INIT: DWORD = 0x60;
+pub const EVENT_TRACE_TYPE_FLT_POSTOP_INIT: DWORD = 0x61;
+pub const EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION: DWORD = 0x62;
+pub const EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION: DWORD = 0x63;
+pub const EVENT_TRACE_TYPE_FLT_PREOP_FAILURE: DWORD = 0x64;
+pub const EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE: DWORD = 0x65;
+pub const EVENT_TRACE_FLAG_PROCESS: DWORD = 0x00000001;
+pub const EVENT_TRACE_FLAG_THREAD: DWORD = 0x00000002;
+pub const EVENT_TRACE_FLAG_IMAGE_LOAD: DWORD = 0x00000004;
+pub const EVENT_TRACE_FLAG_DISK_IO: DWORD = 0x00000100;
+pub const EVENT_TRACE_FLAG_DISK_FILE_IO: DWORD = 0x00000200;
+pub const EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS: DWORD = 0x00001000;
+pub const EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS: DWORD = 0x00002000;
+pub const EVENT_TRACE_FLAG_NETWORK_TCPIP: DWORD = 0x00010000;
+pub const EVENT_TRACE_FLAG_REGISTRY: DWORD = 0x00020000;
+pub const EVENT_TRACE_FLAG_DBGPRINT: DWORD = 0x00040000;
+pub const EVENT_TRACE_FLAG_PROCESS_COUNTERS: DWORD = 0x00000008;
+pub const EVENT_TRACE_FLAG_CSWITCH: DWORD = 0x00000010;
+pub const EVENT_TRACE_FLAG_DPC: DWORD = 0x00000020;
+pub const EVENT_TRACE_FLAG_INTERRUPT: DWORD = 0x00000040;
+pub const EVENT_TRACE_FLAG_SYSTEMCALL: DWORD = 0x00000080;
+pub const EVENT_TRACE_FLAG_DISK_IO_INIT: DWORD = 0x00000400;
+pub const EVENT_TRACE_FLAG_ALPC: DWORD = 0x00100000;
+pub const EVENT_TRACE_FLAG_SPLIT_IO: DWORD = 0x00200000;
+pub const EVENT_TRACE_FLAG_DRIVER: DWORD = 0x00800000;
+pub const EVENT_TRACE_FLAG_PROFILE: DWORD = 0x01000000;
+pub const EVENT_TRACE_FLAG_FILE_IO: DWORD = 0x02000000;
+pub const EVENT_TRACE_FLAG_FILE_IO_INIT: DWORD = 0x04000000;
+pub const EVENT_TRACE_FLAG_DISPATCHER: DWORD = 0x00000800;
+pub const EVENT_TRACE_FLAG_VIRTUAL_ALLOC: DWORD = 0x00004000;
+pub const EVENT_TRACE_FLAG_VAMAP: DWORD = 0x00008000;
+pub const EVENT_TRACE_FLAG_NO_SYSCONFIG: DWORD = 0x10000000;
+pub const EVENT_TRACE_FLAG_JOB: DWORD = 0x00080000;
+pub const EVENT_TRACE_FLAG_DEBUG_EVENTS: DWORD = 0x00400000;
+pub const EVENT_TRACE_FLAG_EXTENSION: DWORD = 0x80000000;
+pub const EVENT_TRACE_FLAG_FORWARD_WMI: DWORD = 0x40000000;
+pub const EVENT_TRACE_FLAG_ENABLE_RESERVE: DWORD = 0x20000000;
+pub const EVENT_TRACE_FILE_MODE_NONE: DWORD = 0x00000000;
+pub const EVENT_TRACE_FILE_MODE_SEQUENTIAL: DWORD = 0x00000001;
+pub const EVENT_TRACE_FILE_MODE_CIRCULAR: DWORD = 0x00000002;
+pub const EVENT_TRACE_FILE_MODE_APPEND: DWORD = 0x00000004;
+pub const EVENT_TRACE_REAL_TIME_MODE: DWORD = 0x00000100;
+pub const EVENT_TRACE_DELAY_OPEN_FILE_MODE: DWORD = 0x00000200;
+pub const EVENT_TRACE_BUFFERING_MODE: DWORD = 0x00000400;
+pub const EVENT_TRACE_PRIVATE_LOGGER_MODE: DWORD = 0x00000800;
+pub const EVENT_TRACE_ADD_HEADER_MODE: DWORD = 0x00001000;
+pub const EVENT_TRACE_USE_GLOBAL_SEQUENCE: DWORD = 0x00004000;
+pub const EVENT_TRACE_USE_LOCAL_SEQUENCE: DWORD = 0x00008000;
+pub const EVENT_TRACE_RELOG_MODE: DWORD = 0x00010000;
+pub const EVENT_TRACE_USE_PAGED_MEMORY: DWORD = 0x01000000;
+pub const EVENT_TRACE_FILE_MODE_NEWFILE: DWORD = 0x00000008;
+pub const EVENT_TRACE_FILE_MODE_PREALLOCATE: DWORD = 0x00000020;
+pub const EVENT_TRACE_NONSTOPPABLE_MODE: DWORD = 0x00000040;
+pub const EVENT_TRACE_SECURE_MODE: DWORD = 0x00000080;
+pub const EVENT_TRACE_USE_KBYTES_FOR_SIZE: DWORD = 0x00002000;
+pub const EVENT_TRACE_PRIVATE_IN_PROC: DWORD = 0x00020000;
+pub const EVENT_TRACE_MODE_RESERVED: DWORD = 0x00100000;
+pub const EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING: DWORD = 0x10000000;
+pub const EVENT_TRACE_SYSTEM_LOGGER_MODE: DWORD = 0x02000000;
+pub const EVENT_TRACE_ADDTO_TRIAGE_DUMP: DWORD = 0x80000000;
+pub const EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN: DWORD = 0x00400000;
+pub const EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN: DWORD = 0x00800000;
+pub const EVENT_TRACE_INDEPENDENT_SESSION_MODE: DWORD = 0x08000000;
+pub const EVENT_TRACE_COMPRESSED_MODE: DWORD = 0x04000000;
+pub const EVENT_TRACE_CONTROL_QUERY: DWORD = 0;
+pub const EVENT_TRACE_CONTROL_STOP: DWORD = 1;
+pub const EVENT_TRACE_CONTROL_UPDATE: DWORD = 2;
+pub const EVENT_TRACE_CONTROL_FLUSH: DWORD = 3;
+pub const TRACE_MESSAGE_SEQUENCE: DWORD = 1;
+pub const TRACE_MESSAGE_GUID: DWORD = 2;
+pub const TRACE_MESSAGE_COMPONENTID: DWORD = 4;
+pub const TRACE_MESSAGE_TIMESTAMP: DWORD = 8;
+pub const TRACE_MESSAGE_PERFORMANCE_TIMESTAMP: DWORD = 16;
+pub const TRACE_MESSAGE_SYSTEMINFO: DWORD = 32;
+pub const TRACE_MESSAGE_POINTER32: DWORD = 0x0040;
+pub const TRACE_MESSAGE_POINTER64: DWORD = 0x0080;
+pub const TRACE_MESSAGE_FLAG_MASK: DWORD = 0xFFFF;
+pub const TRACE_MESSAGE_MAXIMUM_SIZE: SIZE_T = 64 * 1024;
+pub const EVENT_TRACE_USE_PROCTIME: DWORD = 0x0001;
+pub const EVENT_TRACE_USE_NOCPUTIME: DWORD = 0x0002;
+pub const TRACE_HEADER_FLAG_USE_TIMESTAMP: DWORD = 0x00000200;
+pub const TRACE_HEADER_FLAG_TRACED_GUID: DWORD = 0x00020000;
+pub const TRACE_HEADER_FLAG_LOG_WNODE: DWORD = 0x00040000;
+pub const TRACE_HEADER_FLAG_USE_GUID_PTR: DWORD = 0x00080000;
+pub const TRACE_HEADER_FLAG_USE_MOF_PTR: DWORD = 0x00100000;
+ENUM!{enum ETW_COMPRESSION_RESUMPTION_MODE {
+ EtwCompressionModeRestart = 0,
+ EtwCompressionModeNoDisable = 1,
+ EtwCompressionModeNoRestart = 2,
+}}
+STRUCT!{struct EVENT_TRACE_HEADER_u1_s {
+ HeaderType: UCHAR,
+ MarkerFlags: UCHAR,
+}}
+UNION!{union EVENT_TRACE_HEADER_u1 {
+ [u16; 1],
+ FieldTypeFlags FieldTypeFlags_mut: USHORT,
+ s s_mut: EVENT_TRACE_HEADER_u1_s,
+}}
+STRUCT!{struct EVENT_TRACE_HEADER_u2_CLASS {
+ Type: UCHAR,
+ Level: UCHAR,
+ Version: USHORT,
+}}
+UNION!{union EVENT_TRACE_HEADER_u2 {
+ [u32; 1],
+ Version Version_mut: ULONG,
+ Class Class_mut: EVENT_TRACE_HEADER_u2_CLASS,
+}}
+UNION!{union EVENT_TRACE_HEADER_u3 {
+ [u64; 2],
+ Guid Guid_mut: GUID,
+ GuidPtr GuidPtr_mut: ULONGLONG,
+}}
+STRUCT!{struct EVENT_TRACE_HEADER_u4_s1 {
+ ClientContext: ULONG,
+ Flags: ULONG,
+}}
+STRUCT!{struct EVENT_TRACE_HEADER_u4_s2 {
+ KernelTime: ULONG,
+ UserTime: ULONG,
+}}
+UNION!{union EVENT_TRACE_HEADER_u4 {
+ [u64; 1],
+ s1 s1_mut: EVENT_TRACE_HEADER_u4_s1,
+ s2 s2_mut: EVENT_TRACE_HEADER_u4_s2,
+ ProcessorTime ProcessorTime_mut: ULONG64,
+}}
+STRUCT!{struct EVENT_TRACE_HEADER {
+ Size: USHORT,
+ u1: EVENT_TRACE_HEADER_u1,
+ u2: EVENT_TRACE_HEADER_u2,
+ ThreadId: ULONG,
+ ProcessId: ULONG,
+ TimeStamp: LARGE_INTEGER,
+ u3: EVENT_TRACE_HEADER_u3,
+ u4: EVENT_TRACE_HEADER_u4,
+}}
+pub type PEVENT_TRACE_HEADER = *mut EVENT_TRACE_HEADER;
+STRUCT!{struct EVENT_INSTANCE_HEADER_u1_s {
+ HeaderType: UCHAR,
+ MarkerFlags: UCHAR,
+}}
+UNION!{union EVENT_INSTANCE_HEADER_u1 {
+ [u16; 1],
+ FieldTypeFlags FieldTypeFlags_mut: USHORT,
+ s s_mut: EVENT_INSTANCE_HEADER_u1_s,
+}}
+STRUCT!{struct EVENT_INSTANCE_HEADER_u2_CLASS {
+ Type: UCHAR,
+ Level: UCHAR,
+ Version: USHORT,
+}}
+UNION!{union EVENT_INSTANCE_HEADER_u2 {
+ [u32; 1],
+ Version Version_mut: ULONG,
+ Class Class_mut: EVENT_INSTANCE_HEADER_u2_CLASS,
+}}
+STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s1 {
+ KernelTime: ULONG,
+ UserTime: ULONG,
+}}
+STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s2 {
+ EventId: ULONG,
+ Flags: ULONG,
+}}
+UNION!{union EVENT_INSTANCE_HEADER_u3 {
+ [u64; 1],
+ s1 s1_mut: EVENT_INSTANCE_HEADER_u3_s1,
+ ProcessorTime ProcessorTime_mut: ULONG64,
+ s2 s2_mut: EVENT_INSTANCE_HEADER_u3_s2,
+}}
+STRUCT!{struct EVENT_INSTANCE_HEADER {
+ Size: USHORT,
+ u1: EVENT_INSTANCE_HEADER_u1,
+ u2: EVENT_INSTANCE_HEADER_u2,
+ ThreadId: ULONG,
+ ProcessId: ULONG,
+ TimeStamp: LARGE_INTEGER,
+ RegHandle: ULONGLONG,
+ InstanceId: ULONG,
+ ParentInstanceId: ULONG,
+ u3: EVENT_INSTANCE_HEADER_u3,
+ ParentRegHandle: ULONGLONG,
+}}
+pub type PEVENT_INSTANCE_HEADER = *mut EVENT_INSTANCE_HEADER;
+pub const ETW_NULL_TYPE_VALUE: ULONG = 0;
+pub const ETW_OBJECT_TYPE_VALUE: ULONG = 1;
+pub const ETW_STRING_TYPE_VALUE: ULONG = 2;
+pub const ETW_SBYTE_TYPE_VALUE: ULONG = 3;
+pub const ETW_BYTE_TYPE_VALUE: ULONG = 4;
+pub const ETW_INT16_TYPE_VALUE: ULONG = 5;
+pub const ETW_UINT16_TYPE_VALUE: ULONG = 6;
+pub const ETW_INT32_TYPE_VALUE: ULONG = 7;
+pub const ETW_UINT32_TYPE_VALUE: ULONG = 8;
+pub const ETW_INT64_TYPE_VALUE: ULONG = 9;
+pub const ETW_UINT64_TYPE_VALUE: ULONG = 10;
+pub const ETW_CHAR_TYPE_VALUE: ULONG = 11;
+pub const ETW_SINGLE_TYPE_VALUE: ULONG = 12;
+pub const ETW_DOUBLE_TYPE_VALUE: ULONG = 13;
+pub const ETW_BOOLEAN_TYPE_VALUE: ULONG = 14;
+pub const ETW_DECIMAL_TYPE_VALUE: ULONG = 15;
+pub const ETW_GUID_TYPE_VALUE: ULONG = 101;
+pub const ETW_ASCIICHAR_TYPE_VALUE: ULONG = 102;
+pub const ETW_ASCIISTRING_TYPE_VALUE: ULONG = 103;
+pub const ETW_COUNTED_STRING_TYPE_VALUE: ULONG = 104;
+pub const ETW_POINTER_TYPE_VALUE: ULONG = 105;
+pub const ETW_SIZET_TYPE_VALUE: ULONG = 106;
+pub const ETW_HIDDEN_TYPE_VALUE: ULONG = 107;
+pub const ETW_BOOL_TYPE_VALUE: ULONG = 108;
+pub const ETW_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 109;
+pub const ETW_REVERSED_COUNTED_STRING_TYPE_VALUE: ULONG = 110;
+pub const ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 111;
+pub const ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE: ULONG = 112;
+pub const ETW_REDUCED_ANSISTRING_TYPE_VALUE: ULONG = 113;
+pub const ETW_REDUCED_STRING_TYPE_VALUE: ULONG = 114;
+pub const ETW_SID_TYPE_VALUE: ULONG = 115;
+pub const ETW_VARIANT_TYPE_VALUE: ULONG = 116;
+pub const ETW_PTVECTOR_TYPE_VALUE: ULONG = 117;
+pub const ETW_WMITIME_TYPE_VALUE: ULONG = 118;
+pub const ETW_DATETIME_TYPE_VALUE: ULONG = 119;
+pub const ETW_REFRENCE_TYPE_VALUE: ULONG = 120;
+// TODO: DEFINE_TRACE_MOF_FIELD
+STRUCT!{struct MOF_FIELD {
+ DataPtr: ULONG64,
+ Length: ULONG,
+ DataType: ULONG,
+}}
+pub type PMOF_FIELD = *mut MOF_FIELD;
+STRUCT!{struct TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL {
+ MajorVersion: UCHAR,
+ MinorVersion: UCHAR,
+ SubVersion: UCHAR,
+ SubMinorVersion: UCHAR,
+}}
+UNION!{union TRACE_LOGFILE_HEADER_u1 {
+ [u32; 1],
+ Version Version_mut: ULONG,
+ VersionDetail VersionDetail_mut: TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL,
+}}
+STRUCT!{struct TRACE_LOGFILE_HEADER_u2_s {
+ StartBuffers: ULONG,
+ PointerSize: ULONG,
+ EventsLost: ULONG,
+ CpuSpeedInMHz: ULONG,
+}}
+UNION!{union TRACE_LOGFILE_HEADER_u2 {
+ [u32; 4],
+ LogInstanceGuid LogInstanceGuid_mut: GUID,
+ s s_mut: TRACE_LOGFILE_HEADER_u2_s,
+}}
+STRUCT!{struct TRACE_LOGFILE_HEADER {
+ BufferSize: ULONG,
+ u1: TRACE_LOGFILE_HEADER_u1,
+ ProviderVersion: ULONG,
+ NumberOfProcessors: ULONG,
+ EndTime: LARGE_INTEGER,
+ TimerResolution: ULONG,
+ MaximumFileSize: ULONG,
+ LogFileMode: ULONG,
+ BuffersWritten: ULONG,
+ u2: TRACE_LOGFILE_HEADER_u2,
+ LoggerName: LPWSTR,
+ LogFileName: LPWSTR,
+ TimeZone: TIME_ZONE_INFORMATION,
+ BootTime: LARGE_INTEGER,
+ PrefFreq: LARGE_INTEGER,
+ StartTime: LARGE_INTEGER,
+ ReservedFlags: ULONG,
+ BuffersLost: ULONG,
+}}
+pub type PTRACE_LOGFILE_HEADER = *mut TRACE_LOGFILE_HEADER;
+STRUCT!{struct TRACE_LOGFILE_HEADER32 {
+ BufferSize: ULONG,
+ u1: TRACE_LOGFILE_HEADER_u1,
+ ProviderVersion: ULONG,
+ NumberOfProcessors: ULONG,
+ EndTime: LARGE_INTEGER,
+ TimerResolution: ULONG,
+ MaximumFileSize: ULONG,
+ LogFileMode: ULONG,
+ BuffersWritten: ULONG,
+ u2: TRACE_LOGFILE_HEADER_u2,
+ LoggerName: ULONG32,
+ LogFileName: ULONG32,
+ TimeZone: TIME_ZONE_INFORMATION,
+ BootTime: LARGE_INTEGER,
+ PrefFreq: LARGE_INTEGER,
+ StartTime: LARGE_INTEGER,
+ ReservedFlags: ULONG,
+ BuffersLost: ULONG,
+}}
+pub type PTRACE_LOGFILE_HEADER32 = *mut TRACE_LOGFILE_HEADER32;
+STRUCT!{struct TRACE_LOGFILE_HEADER64 {
+ BufferSize: ULONG,
+ u1: TRACE_LOGFILE_HEADER_u1,
+ ProviderVersion: ULONG,
+ NumberOfProcessors: ULONG,
+ EndTime: LARGE_INTEGER,
+ TimerResolution: ULONG,
+ MaximumFileSize: ULONG,
+ LogFileMode: ULONG,
+ BuffersWritten: ULONG,
+ u2: TRACE_LOGFILE_HEADER_u2,
+ LoggerName: ULONG64,
+ LogFileName: ULONG64,
+ TimeZone: TIME_ZONE_INFORMATION,
+ BootTime: LARGE_INTEGER,
+ PrefFreq: LARGE_INTEGER,
+ StartTime: LARGE_INTEGER,
+ ReservedFlags: ULONG,
+ BuffersLost: ULONG,
+}}
+pub type PTRACE_LOGFILE_HEADER64 = *mut TRACE_LOGFILE_HEADER64;
+STRUCT!{struct EVENT_INSTANCE_INFO {
+ RegHandle: HANDLE,
+ InstanceId: ULONG,
+}}
+pub type PEVENT_INSTANCE_INFO = *mut EVENT_INSTANCE_INFO;
+UNION!{union EVENT_TRACE_PROPERTIES_u {
+ [u32; 1],
+ AgeLimit AgeLimit_mut: LONG,
+ FlushThreshold FlushThreshold_mut: LONG,
+}}
+STRUCT!{struct EVENT_TRACE_PROPERTIES {
+ Wnode: WNODE_HEADER,
+ BufferSize: ULONG,
+ MinimumBuffers: ULONG,
+ MaximumBuffers: ULONG,
+ MaximumFileSize: ULONG,
+ LogFileMode: ULONG,
+ FlushTimer: ULONG,
+ EnableFlags: ULONG,
+ u: EVENT_TRACE_PROPERTIES_u,
+ NumberOfBuffers: ULONG,
+ FreeBuffers: ULONG,
+ EventsLost: ULONG,
+ BuffersWritten: ULONG,
+ LogBuffersLost: ULONG,
+ RealTimeBuffersLost: ULONG,
+ LoggerThreadId: HANDLE,
+ LogFileNameOffset: ULONG,
+ LoggerNameOffset: ULONG,
+}}
+pub type PEVENT_TRACE_PROPERTIES = *mut EVENT_TRACE_PROPERTIES;
+UNION!{union EVENT_TRACE_PROPERTIES_V2_u1 {
+ [u32; 1],
+ AgeLimit AgeLimit_mut: LONG,
+ FlushThreshold FlushThreshold_mut: LONG,
+}}
+STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u2_s {
+ bitfield: ULONG,
+}}
+BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u2_s bitfield: ULONG [
+ VersionNumber set_VersionNumber[0..8],
+]}
+UNION!{union EVENT_TRACE_PROPERTIES_V2_u2 {
+ [u32; 1],
+ s s_mut: EVENT_TRACE_PROPERTIES_V2_u2_s,
+ V2Control V2Control_mut: ULONG,
+}}
+STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u3_s {
+ bitfield: ULONG,
+}}
+BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u3_s bitfield: ULONG [
+ Wow set_Wow[0..1],
+]}
+UNION!{union EVENT_TRACE_PROPERTIES_V2_u3 {
+ [u64; 1],
+ s s_mut: EVENT_TRACE_PROPERTIES_V2_u3_s,
+ V2Options V2Options_mut: ULONG64,
+}}
+STRUCT!{struct EVENT_TRACE_PROPERTIES_V2 {
+ Wnode: WNODE_HEADER,
+ BufferSize: ULONG,
+ MinimumBuffers: ULONG,
+ MaximumBuffers: ULONG,
+ MaximumFileSize: ULONG,
+ LogFileMode: ULONG,
+ FlushTimer: ULONG,
+ EnableFlags: ULONG,
+ u1: EVENT_TRACE_PROPERTIES_u,
+ NumberOfBuffers: ULONG,
+ FreeBuffers: ULONG,
+ EventsLost: ULONG,
+ BuffersWritten: ULONG,
+ LogBuffersLost: ULONG,
+ RealTimeBuffersLost: ULONG,
+ LoggerThreadId: HANDLE,
+ LogFileNameOffset: ULONG,
+ LoggerNameOffset: ULONG,
+ u2: EVENT_TRACE_PROPERTIES_V2_u2,
+ FilterDescCount: ULONG,
+ FilterDesc: PEVENT_FILTER_DESCRIPTOR,
+ u3: EVENT_TRACE_PROPERTIES_V2_u3,
+}}
+pub type PEVENT_TRACE_PROPERTIES_V2 = *mut EVENT_TRACE_PROPERTIES_V2;
+STRUCT!{struct TRACE_GUID_REGISTRATION {
+ Guid: LPCGUID,
+ RegHandle: HANDLE,
+}}
+pub type PTRACE_GUID_REGISTRATION = *mut TRACE_GUID_REGISTRATION;
+STRUCT!{struct TRACE_GUID_PROPERTIES {
+ Guid: GUID,
+ GuidType: ULONG,
+ LoggerId: ULONG,
+ EnableLevel: ULONG,
+ EnableFlags: ULONG,
+ IsEnable: BOOLEAN,
+}}
+pub type PTRACE_GUID_PROPERTIES = *mut TRACE_GUID_PROPERTIES;
+STRUCT!{struct ETW_BUFFER_CONTEXT_u_s {
+ ProcessorNumber: UCHAR,
+ Alignment: UCHAR,
+}}
+UNION!{union ETW_BUFFER_CONTEXT_u {
+ [u16; 1],
+ s s_mut: ETW_BUFFER_CONTEXT_u_s,
+ ProcessorIndex ProcessorIndex_mut: USHORT,
+}}
+STRUCT!{struct ETW_BUFFER_CONTEXT {
+ u: ETW_BUFFER_CONTEXT_u,
+ LoggerId: USHORT,
+}}
+pub type PETW_BUFFER_CONTEXT = *mut ETW_BUFFER_CONTEXT;
+pub const TRACE_PROVIDER_FLAG_LEGACY: ULONG = 0x00000001;
+pub const TRACE_PROVIDER_FLAG_PRE_ENABLE: ULONG = 0x00000002;
+STRUCT!{struct TRACE_ENABLE_INFO {
+ IsEnabled: ULONG,
+ Level: UCHAR,
+ Reserved1: UCHAR,
+ LoggerId: USHORT,
+ EnabledProperty: ULONG,
+ Reserved2: ULONG,
+ MatchAnyKeyword: ULONGLONG,
+ MatchAllKeyword: ULONGLONG,
+}}
+pub type PTRACE_ENABLE_INFO = *mut TRACE_ENABLE_INFO;
+STRUCT!{struct TRACE_PROVIDER_INSTANCE_INFO {
+ NameOffset: ULONG,
+ EnableCount: ULONG,
+ Pid: ULONG,
+ Flags: ULONG,
+}}
+pub type PTRACE_PROVIDER_INSTANCE_INFO = *mut TRACE_PROVIDER_INSTANCE_INFO;
+STRUCT!{struct TRACE_GUID_INFO {
+ InstanceCount: ULONG,
+ Reserved: ULONG,
+}}
+pub type PTRACE_GUID_INFO = *mut TRACE_GUID_INFO;
+STRUCT!{struct PROFILE_SOURCE_INFO {
+ NextEntryOffset: ULONG,
+ Source: ULONG,
+ MinInterval: ULONG,
+ MaxInterval: ULONG,
+ Reserved: ULONG64,
+ Description: [WCHAR; ANYSIZE_ARRAY],
+}}
+pub type PPROFILE_SOURCE_INFO = *mut PROFILE_SOURCE_INFO;
+UNION!{union EVENT_TRACE_u {
+ [u32; 1],
+ ClientContext ClientContext_mut: ULONG,
+ BufferContext BufferContext_mut: ETW_BUFFER_CONTEXT,
+}}
+STRUCT!{struct EVENT_TRACE {
+ Header: EVENT_TRACE_HEADER,
+ InstanceId: ULONG,
+ ParentInstanceId: ULONG,
+ ParentGuid: GUID,
+ MofData: PVOID,
+ MofLength: ULONG,
+ u: EVENT_TRACE_u,
+}}
+pub type PEVENT_TRACE = *mut EVENT_TRACE;
+pub const EVENT_CONTROL_CODE_DISABLE_PROVIDER: ULONG = 0;
+pub const EVENT_CONTROL_CODE_ENABLE_PROVIDER: ULONG = 1;
+pub const EVENT_CONTROL_CODE_CAPTURE_STATE: ULONG = 2;
+FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKW(
+ PEVENT_TRACE_LOGFILEW,
+) -> ULONG}
+FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKA(
+ PEVENT_TRACE_LOGFILEA,
+) -> ULONG}
+FN!{stdcall PEVENT_CALLBACK(
+ pEvent: PEVENT_TRACE,
+) -> ()}
+FN!{stdcall PEVENT_RECORD_CALLBACK(
+ EventRecord: PEVENT_RECORD,
+) -> ()}
+FN!{stdcall WMIDPREQUEST(
+ RequestCode: WMIDPREQUESTCODE,
+ RequestContext: PVOID,
+ BufferSize: *mut ULONG,
+ Buffer: PVOID,
+) -> ULONG}
+UNION!{union EVENT_TRACE_LOGFILE_u1 {
+ [u32; 1],
+ LogFileMode LogFileMode_mut: ULONG,
+ ProcessTraceMode ProcessTraceMode_mut: ULONG,
+}}
+UNION!{union EVENT_TRACE_LOGFILE_u2 {
+ [u32; 1] [u64; 1],
+ EventCallback EventCallback_mut: PEVENT_CALLBACK,
+ EventRecordCallback EventRecordCallback_mut: PEVENT_RECORD_CALLBACK,
+}}
+STRUCT!{struct EVENT_TRACE_LOGFILEW {
+ LogFileName: LPWSTR,
+ LoggerName: LPWSTR,
+ CurrentTime: LONGLONG,
+ BuffersRead: ULONG,
+ u1: EVENT_TRACE_LOGFILE_u1,
+ CurrentEvent: EVENT_TRACE,
+ LogfileHeader: TRACE_LOGFILE_HEADER,
+ BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKW,
+ BufferSize: ULONG,
+ Filled: ULONG,
+ EventsLost: ULONG,
+ u2: EVENT_TRACE_LOGFILE_u2,
+ IsKernelTrace: ULONG,
+ Context: PVOID,
+}}
+pub type PEVENT_TRACE_LOGFILEW = *mut EVENT_TRACE_LOGFILEW;
+STRUCT!{struct EVENT_TRACE_LOGFILEA {
+ LogFileName: LPSTR,
+ LoggerName: LPSTR,
+ CurrentTime: LONGLONG,
+ BuffersRead: ULONG,
+ u1: EVENT_TRACE_LOGFILE_u1,
+ CurrentEvent: EVENT_TRACE,
+ LogfileHeader: TRACE_LOGFILE_HEADER,
+ BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKA,
+ BufferSize: ULONG,
+ Filled: ULONG,
+ EventsLost: ULONG,
+ u2: EVENT_TRACE_LOGFILE_u2,
+ IsKernelTrace: ULONG,
+ Context: PVOID,
+}}
+pub type PEVENT_TRACE_LOGFILEA = *mut EVENT_TRACE_LOGFILEA;
+extern "system" {
+ pub fn StartTraceW(
+ SessionHandle: PTRACEHANDLE,
+ SessionName: LPCWSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn StartTraceA(
+ SessionHandle: PTRACEHANDLE,
+ SessionName: LPCSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn StopTraceW(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCWSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn StopTraceA(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn QueryTraceW(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCWSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn QueryTraceA(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn UpdateTraceW(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCWSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn UpdateTraceA(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn FlushTraceW(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCWSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn FlushTraceA(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ) -> ULONG;
+ pub fn ControlTraceW(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCWSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ControlCode: ULONG,
+ ) -> ULONG;
+ pub fn ControlTraceA(
+ SessionHandle: TRACEHANDLE,
+ SessionName: LPCSTR,
+ Properties: PEVENT_TRACE_PROPERTIES,
+ ControlCode: ULONG,
+ ) -> ULONG;
+ pub fn QueryAllTracesW(
+ PropertyArray: *mut PEVENT_TRACE_PROPERTIES,
+ PropertyArrayCount: ULONG,
+ SessionCount: PULONG,
+ ) -> ULONG;
+ pub fn QueryAllTracesA(
+ PropertyArray: *mut PEVENT_TRACE_PROPERTIES,
+ PropertyArrayCount: ULONG,
+ SessionCount: PULONG,
+ ) -> ULONG;
+ pub fn EnableTrace(
+ Enable: ULONG,
+ EnableFlag: ULONG,
+ EnableLevel: ULONG,
+ ControlGuid: LPCGUID,
+ SessionHandle: TRACEHANDLE,
+ ) -> ULONG;
+ pub fn EnableTraceEx(
+ ProviderId: LPCGUID,
+ SourceId: LPCGUID,
+ TraceHandle: TRACEHANDLE,
+ IsEnabled: ULONG,
+ Level: UCHAR,
+ MatchAnyKeyword: ULONGLONG,
+ MatchAllKeyword: ULONGLONG,
+ EnableProperty: ULONG,
+ EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR,
+ ) -> ULONG;
+}
+pub const ENABLE_TRACE_PARAMETERS_VERSION: ULONG = 1;
+pub const ENABLE_TRACE_PARAMETERS_VERSION_2: ULONG = 2;
+STRUCT!{struct ENABLE_TRACE_PARAMETERS_V1 {
+ Version: ULONG,
+ EnableProperty: ULONG,
+ ControlFlags: ULONG,
+ SourceId: GUID,
+ EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR,
+}}
+pub type PENABLE_TRACE_PARAMETERS_V1 = *mut ENABLE_TRACE_PARAMETERS_V1;
+STRUCT!{struct ENABLE_TRACE_PARAMETERS {
+ Version: ULONG,
+ EnableProperty: ULONG,
+ ControlFlags: ULONG,
+ SourceId: GUID,
+ EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR,
+ FilterDescCount: ULONG,
+}}
+pub type PENABLE_TRACE_PARAMETERS = *mut ENABLE_TRACE_PARAMETERS;
+extern "system" {
+ pub fn EnableTraceEx2(
+ TraceHandle: TRACEHANDLE,
+ ProviderId: LPCGUID,
+ ControlCode: ULONG,
+ Level: UCHAR,
+ MatchAnyKeyword: ULONGLONG,
+ MatchAllKeyword: ULONGLONG,
+ Timeout: ULONG,
+ EnableParameters: PENABLE_TRACE_PARAMETERS,
+ ) -> ULONG;
+}
+ENUM!{enum TRACE_QUERY_INFO_CLASS {
+ TraceGuidQueryList,
+ TraceGuidQueryInfo,
+ TraceGuidQueryProcess,
+ TraceStackTracingInfo,
+ TraceSystemTraceEnableFlagsInfo,
+ TraceSampledProfileIntervalInfo,
+ TraceProfileSourceConfigInfo,
+ TraceProfileSourceListInfo,
+ TracePmcEventListInfo,
+ TracePmcCounterListInfo,
+ TraceSetDisallowList,
+ TraceVersionInfo,
+ TraceGroupQueryList,
+ TraceGroupQueryInfo,
+ TraceDisallowListQuery,
+ TraceCompressionInfo,
+ TracePeriodicCaptureStateListInfo,
+ TracePeriodicCaptureStateInfo,
+ TraceProviderBinaryTracking,
+ TraceMaxLoggersQuery,
+ MaxTraceSetInfoClass,
+}}
+pub type TRACE_INFO_CLASS = TRACE_QUERY_INFO_CLASS;
+extern "system" {
+ pub fn EnumerateTraceGuidsEx(
+ TraceQueryInfoClass: TRACE_QUERY_INFO_CLASS,
+ InBuffer: PVOID,
+ InBufferSize: ULONG,
+ OutBuffer: PVOID,
+ OutBufferSize: ULONG,
+ ReturnLength: PULONG,
+ ) -> ULONG;
+}
+STRUCT!{struct CLASSIC_EVENT_ID {
+ EventGuid: GUID,
+ Type: UCHAR,
+ Reserved: [UCHAR; 7],
+}}
+pub type PCLASSIC_EVENT_ID = *mut CLASSIC_EVENT_ID;
+STRUCT!{struct TRACE_PROFILE_INTERVAL {
+ Source: ULONG,
+ Interval: ULONG,
+}}
+pub type PTRACE_PROFILE_INTERVAL = *mut TRACE_PROFILE_INTERVAL;
+STRUCT!{struct TRACE_VERSION_INFO {
+ EtwTraceProcessingVersion: UINT,
+ Reserved: UINT,
+}}
+pub type PTRACE_VERSION_INFO = *mut TRACE_VERSION_INFO;
+STRUCT!{struct TRACE_PERIODIC_CAPTURE_STATE_INFO {
+ CaptureStateFrequencyInSeconds: ULONG,
+ ProviderCount: USHORT,
+ Reserved: USHORT,
+}}
+pub type PTRACE_PERIODIC_CAPTURE_STATE_INFO = *mut TRACE_PERIODIC_CAPTURE_STATE_INFO;
+extern "system" {
+ pub fn TraceSetInformation(
+ SessionHandle: TRACEHANDLE,
+ InformationClass: TRACE_INFO_CLASS,
+ TraceInformation: PVOID,
+ InformationLength: ULONG,
+ ) -> ULONG;
+ pub fn TraceQueryInformation(
+ SessionHandle: TRACEHANDLE,
+ InformationClass: TRACE_QUERY_INFO_CLASS,
+ TraceInformation: PVOID,
+ InformationLength: ULONG,
+ ReturnLength: PULONG,
+ ) -> ULONG;
+ pub fn CreateTraceInstanceId(
+ RegHandle: HANDLE,
+ pInstInfo: PEVENT_INSTANCE_INFO,
+ ) -> ULONG;
+ pub fn TraceEvent(
+ SessionHandle: TRACEHANDLE,
+ EventTrace: PEVENT_TRACE_HEADER,
+ ) -> ULONG;
+ pub fn TraceEventInstance(
+ SessionHandle: TRACEHANDLE,
+ EventTrace: PEVENT_TRACE_HEADER,
+ pInstInfo: PEVENT_INSTANCE_INFO,
+ pParentInstInfo: PEVENT_INSTANCE_INFO,
+ ) -> ULONG;
+ pub fn RegisterTraceGuidsW(
+ RequestAddress: WMIDPREQUEST,
+ RequestContext: PVOID,
+ ControlGuid: LPCGUID,
+ GuidCount: ULONG,
+ TraceGuidReg: PTRACE_GUID_REGISTRATION,
+ MofImagePath: LPCWSTR,
+ MofResourceName: LPCWSTR,
+ RegistrationHandle: PTRACEHANDLE,
+ ) -> ULONG;
+ pub fn RegisterTraceGuidsA(
+ RequestAddress: WMIDPREQUEST,
+ RequestContext: PVOID,
+ ControlGuid: LPCGUID,
+ GuidCount: ULONG,
+ TraceGuidReg: PTRACE_GUID_REGISTRATION,
+ MofImagePath: LPCSTR,
+ MofResourceName: LPCSTR,
+ RegistrationHandle: PTRACEHANDLE,
+ ) -> ULONG;
+ pub fn EnumerateTraceGuids(
+ GuidPropertiesArray: *mut PTRACE_GUID_PROPERTIES,
+ PropertyArrayCount: ULONG,
+ GuidCount: PULONG,
+ ) -> ULONG;
+ pub fn UnregisterTraceGuids(
+ RegistrationHandle: TRACEHANDLE,
+ ) -> ULONG;
+ pub fn GetTraceLoggerHandle(
+ Buffer: PVOID,
+ ) -> TRACEHANDLE;
+ pub fn GetTraceEnableLevel(
+ SessionHandle: TRACEHANDLE,
+ ) -> UCHAR;
+ pub fn GetTraceEnableFlags(
+ SessionHandle: TRACEHANDLE,
+ ) -> ULONG;
+ pub fn OpenTraceW(
+ Logfile: PEVENT_TRACE_LOGFILEW,
+ ) -> TRACEHANDLE;
+ pub fn ProcessTrace(
+ HandleArray: PTRACEHANDLE,
+ HandleCount: ULONG,
+ StartTime: LPFILETIME,
+ EndTime: LPFILETIME,
+ ) -> ULONG;
+ pub fn CloseTrace(
+ TraceHandle: TRACEHANDLE,
+ ) -> ULONG;
+}
+ENUM!{enum ETW_PROCESS_HANDLE_INFO_TYPE {
+ EtwQueryPartitionInformation = 1,
+ EtwQueryProcessHandleInfoMax,
+}}
+STRUCT!{struct ETW_TRACE_PARTITION_INFORMATION {
+ PartitionId: GUID,
+ ParentId: GUID,
+ Reserved: ULONG64,
+ PartitionType: ULONG,
+}}
+pub type PETW_TRACE_PARTITION_INFORMATION = *mut ETW_TRACE_PARTITION_INFORMATION;
+extern "system" {
+ pub fn QueryTraceProcessingHandle(
+ ProcessingHandle: TRACEHANDLE,
+ InformationClass: ETW_PROCESS_HANDLE_INFO_TYPE,
+ InBuffer: PVOID,
+ InBufferSize: ULONG,
+ OutBuffer: PVOID,
+ OutBufferSize: ULONG,
+ ReturnLength: PULONG,
+ ) -> ULONG;
+ pub fn OpenTraceA(
+ Logfile: PEVENT_TRACE_LOGFILEA,
+ ) -> TRACEHANDLE;
+ pub fn SetTraceCallback(
+ pGuid: LPCGUID,
+ EventCallback: PEVENT_CALLBACK,
+ ) -> ULONG;
+ pub fn RemoveTraceCallback(
+ pGuid: LPCGUID,
+ ) -> ULONG;
+}
+extern "C" {
+ pub fn TraceMessage(
+ SessionHandle: TRACEHANDLE,
+ MessageFlags: ULONG,
+ MessageGuid: LPGUID,
+ MessageNumber: USHORT,
+ ...
+ ) -> ULONG;
+ pub fn TraceMessageVa(
+ SessionHandle: TRACEHANDLE,
+ MessageFlags: ULONG,
+ MessageGuid: LPGUID,
+ MessageNumber: USHORT,
+ MessageArgList: va_list,
+ );
+}
+pub const INVALID_PROCESSTRACE_HANDLE: TRACEHANDLE = INVALID_HANDLE_VALUE as TRACEHANDLE;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 06:08:47 +0000