master
1/**
2 * This file is part of the mingw-w64 runtime package.
3 * No warranty is given; refer to the file DISCLAIMER within this package.
4 */
5
6#include <winapifamily.h>
7
8#ifndef _EVNTRACE_
9#define _EVNTRACE_
10
11#if defined (_WINNT_) || defined (WINNT)
12
13#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
14
15#if !defined (WMIAPI) && !defined (__WIDL__) && !defined (MIDL_PASS)
16#ifdef _WMI_SOURCE_
17#ifdef _ARM_
18#define WMIAPI
19#else
20#define WMIAPI __stdcall
21#endif
22#else
23#ifdef _ARM_
24#define WMIAPI DECLSPEC_IMPORT
25#else
26#define WMIAPI DECLSPEC_IMPORT __stdcall
27#endif
28#endif
29#endif
30
31#include <guiddef.h>
32
33#if defined (_NTDDK_) || defined (_NTIFS_) || defined (_WMIKM_)
34#define _EVNTRACE_KERNEL_MODE
35#endif
36
37#ifndef _EVNTRACE_KERNEL_MODE
38#include <wmistr.h>
39#endif
40
41DEFINE_GUID (EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3);
42DEFINE_GUID (SystemTraceControlGuid, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39);
43DEFINE_GUID (EventTraceConfigGuid, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35);
44DEFINE_GUID (DefaultTraceSecurityGuid, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13);
45
46#define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
47#define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
48#define EVENT_LOGGER_NAMEW L"EventLog"
49#define DIAG_LOGGER_NAMEW L"DiagLog"
50
51#define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
52#define GLOBAL_LOGGER_NAMEA "GlobalLogger"
53#define EVENT_LOGGER_NAMEA "EventLog"
54#define DIAG_LOGGER_NAMEA "DiagLog"
55
56#define MAX_MOF_FIELDS 16
57
58#ifndef _TRACEHANDLE_DEFINED
59#define _TRACEHANDLE_DEFINED
60typedef ULONG64 TRACEHANDLE,*PTRACEHANDLE;
61#endif
62
63#define SYSTEM_EVENT_TYPE 1
64
65#define EVENT_TRACE_TYPE_INFO 0x00
66#define EVENT_TRACE_TYPE_START 0x01
67#define EVENT_TRACE_TYPE_END 0x02
68#define EVENT_TRACE_TYPE_STOP 0x02
69#define EVENT_TRACE_TYPE_DC_START 0x03
70#define EVENT_TRACE_TYPE_DC_END 0x04
71#define EVENT_TRACE_TYPE_EXTENSION 0x05
72#define EVENT_TRACE_TYPE_REPLY 0x06
73#define EVENT_TRACE_TYPE_DEQUEUE 0x07
74#define EVENT_TRACE_TYPE_RESUME 0x07
75#define EVENT_TRACE_TYPE_CHECKPOINT 0x08
76#define EVENT_TRACE_TYPE_SUSPEND 0x08
77#define EVENT_TRACE_TYPE_WINEVT_SEND 0x09
78#define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0xf0
79
80#define TRACE_LEVEL_NONE 0
81#define TRACE_LEVEL_CRITICAL 1
82#define TRACE_LEVEL_FATAL 1
83#define TRACE_LEVEL_ERROR 2
84#define TRACE_LEVEL_WARNING 3
85#define TRACE_LEVEL_INFORMATION 4
86#define TRACE_LEVEL_VERBOSE 5
87#define TRACE_LEVEL_RESERVED6 6
88#define TRACE_LEVEL_RESERVED7 7
89#define TRACE_LEVEL_RESERVED8 8
90#define TRACE_LEVEL_RESERVED9 9
91
92#define EVENT_TRACE_TYPE_LOAD 0x0a
93#define EVENT_TRACE_TYPE_TERMINATE 0x0b
94
95#define EVENT_TRACE_TYPE_IO_READ 0x0a
96#define EVENT_TRACE_TYPE_IO_WRITE 0x0b
97#define EVENT_TRACE_TYPE_IO_READ_INIT 0x0c
98#define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0d
99#define EVENT_TRACE_TYPE_IO_FLUSH 0x0e
100#define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0f
101
102#define EVENT_TRACE_TYPE_MM_TF 0x0a
103#define EVENT_TRACE_TYPE_MM_DZF 0x0b
104#define EVENT_TRACE_TYPE_MM_COW 0x0c
105#define EVENT_TRACE_TYPE_MM_GPF 0x0d
106#define EVENT_TRACE_TYPE_MM_HPF 0x0e
107#define EVENT_TRACE_TYPE_MM_AV 0x0f
108
109#define EVENT_TRACE_TYPE_SEND 0x0a
110#define EVENT_TRACE_TYPE_RECEIVE 0x0b
111#define EVENT_TRACE_TYPE_CONNECT 0x0c
112#define EVENT_TRACE_TYPE_DISCONNECT 0x0d
113#define EVENT_TRACE_TYPE_RETRANSMIT 0x0e
114#define EVENT_TRACE_TYPE_ACCEPT 0x0f
115#define EVENT_TRACE_TYPE_RECONNECT 0x10
116#define EVENT_TRACE_TYPE_CONNFAIL 0x11
117#define EVENT_TRACE_TYPE_COPY_TCP 0x12
118#define EVENT_TRACE_TYPE_COPY_ARP 0x13
119#define EVENT_TRACE_TYPE_ACKFULL 0x14
120#define EVENT_TRACE_TYPE_ACKPART 0x15
121#define EVENT_TRACE_TYPE_ACKDUP 0x16
122
123#define EVENT_TRACE_TYPE_GUIDMAP 0x0a
124#define EVENT_TRACE_TYPE_CONFIG 0x0b
125#define EVENT_TRACE_TYPE_SIDINFO 0x0c
126#define EVENT_TRACE_TYPE_SECURITY 0x0d
127#define EVENT_TRACE_TYPE_DBGID_RSDS 0x40
128
129#define EVENT_TRACE_TYPE_REGCREATE 0x0a
130#define EVENT_TRACE_TYPE_REGOPEN 0x0b
131#define EVENT_TRACE_TYPE_REGDELETE 0x0c
132#define EVENT_TRACE_TYPE_REGQUERY 0x0d
133#define EVENT_TRACE_TYPE_REGSETVALUE 0x0e
134#define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0f
135#define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10
136#define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11
137#define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12
138#define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13
139#define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14
140#define EVENT_TRACE_TYPE_REGFLUSH 0x15
141#define EVENT_TRACE_TYPE_REGKCBCREATE 0x16
142#define EVENT_TRACE_TYPE_REGKCBDELETE 0x17
143#define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18
144#define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19
145#define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1a
146#define EVENT_TRACE_TYPE_REGCLOSE 0x1b
147#define EVENT_TRACE_TYPE_REGSETSECURITY 0x1c
148#define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1d
149#define EVENT_TRACE_TYPE_REGCOMMIT 0x1e
150#define EVENT_TRACE_TYPE_REGPREPARE 0x1f
151#define EVENT_TRACE_TYPE_REGROLLBACK 0x20
152#define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21
153
154#define EVENT_TRACE_TYPE_CONFIG_CPU 0x0a
155#define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0b
156#define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0c
157#define EVENT_TRACE_TYPE_CONFIG_NIC 0x0d
158#define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0e
159#define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0f
160#define EVENT_TRACE_TYPE_CONFIG_POWER 0x10
161#define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11
162#define EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA 0x12
163
164#define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15
165#define EVENT_TRACE_TYPE_CONFIG_PNP 0x16
166#define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17
167#define EVENT_TRACE_TYPE_CONFIG_NUMANODE 0x18
168#define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19
169#define EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP 0x1a
170#define EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER 0x1b
171#define EVENT_TRACE_TYPE_CONFIG_DPI 0x1c
172#define EVENT_TRACE_TYPE_CONFIG_CI_INFO 0x1d
173#define EVENT_TRACE_TYPE_CONFIG_MACHINEID 0x1e
174#define EVENT_TRACE_TYPE_CONFIG_DEFRAG 0x1f
175#define EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM 0x20
176#define EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY 0x21
177#define EVENT_TRACE_TYPE_CONFIG_FLIGHTID 0x22
178#define EVENT_TRACE_TYPE_CONFIG_PROCESSOR 0x23
179
180#define EVENT_TRACE_TYPE_OPTICAL_IO_READ 0x37
181#define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE 0x38
182#define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH 0x39
183#define EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT 0x3a
184#define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT 0x3b
185#define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT 0x3c
186
187#define EVENT_TRACE_TYPE_FLT_PREOP_INIT 0x60
188#define EVENT_TRACE_TYPE_FLT_POSTOP_INIT 0x61
189#define EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION 0x62
190#define EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION 0x63
191#define EVENT_TRACE_TYPE_FLT_PREOP_FAILURE 0x64
192#define EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE 0x65
193
194#define EVENT_TRACE_FLAG_PROCESS 0x00000001
195#define EVENT_TRACE_FLAG_THREAD 0x00000002
196#define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004
197
198#define EVENT_TRACE_FLAG_DISK_IO 0x00000100
199#define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200
200
201#define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000
202#define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000
203
204#define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000
205
206#define EVENT_TRACE_FLAG_REGISTRY 0x00020000
207#define EVENT_TRACE_FLAG_DBGPRINT 0x00040000
208
209#define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008
210#define EVENT_TRACE_FLAG_CSWITCH 0x00000010
211#define EVENT_TRACE_FLAG_DPC 0x00000020
212#define EVENT_TRACE_FLAG_INTERRUPT 0x00000040
213#define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080
214
215#define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400
216#define EVENT_TRACE_FLAG_ALPC 0x00100000
217#define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000
218
219#define EVENT_TRACE_FLAG_DRIVER 0x00800000
220#define EVENT_TRACE_FLAG_PROFILE 0x01000000
221#define EVENT_TRACE_FLAG_FILE_IO 0x02000000
222#define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000
223
224#define EVENT_TRACE_FLAG_DISPATCHER 0x00000800
225#define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000
226
227#define EVENT_TRACE_FLAG_VAMAP 0x00008000
228#define EVENT_TRACE_FLAG_NO_SYSCONFIG 0x10000000
229
230#define EVENT_TRACE_FLAG_JOB 0x00080000
231#define EVENT_TRACE_FLAG_DEBUG_EVENTS 0x00400000
232
233#define EVENT_TRACE_FLAG_EXTENSION 0x80000000
234#define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000
235#define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000
236
237#define EVENT_TRACE_FILE_MODE_NONE 0x00000000
238#define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001
239#define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002
240#define EVENT_TRACE_FILE_MODE_APPEND 0x00000004
241
242#define EVENT_TRACE_REAL_TIME_MODE 0x00000100
243#define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200
244#define EVENT_TRACE_BUFFERING_MODE 0x00000400
245#define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800
246#define EVENT_TRACE_ADD_HEADER_MODE 0x00001000
247
248#define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000
249#define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000
250
251#define EVENT_TRACE_RELOG_MODE 0x00010000
252
253#define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000
254
255#define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008
256#define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020
257
258#define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040
259#define EVENT_TRACE_SECURE_MODE 0x00000080
260#define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000
261#define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000
262#define EVENT_TRACE_MODE_RESERVED 0x00100000
263
264#define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000
265
266#define EVENT_TRACE_SYSTEM_LOGGER_MODE 0x02000000
267#define EVENT_TRACE_ADDTO_TRIAGE_DUMP 0x80000000
268#define EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN 0x00400000
269#define EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN 0x00800000
270
271#define EVENT_TRACE_INDEPENDENT_SESSION_MODE 0x08000000
272#define EVENT_TRACE_COMPRESSED_MODE 0x04000000
273
274#define EVENT_TRACE_CONTROL_QUERY 0
275#define EVENT_TRACE_CONTROL_STOP 1
276#define EVENT_TRACE_CONTROL_UPDATE 2
277#define EVENT_TRACE_CONTROL_FLUSH 3
278#define EVENT_TRACE_CONTROL_INCREMENT_FILE 4
279
280#define TRACE_MESSAGE_SEQUENCE 1
281#define TRACE_MESSAGE_GUID 2
282#define TRACE_MESSAGE_COMPONENTID 4
283#define TRACE_MESSAGE_TIMESTAMP 8
284#define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16
285#define TRACE_MESSAGE_SYSTEMINFO 32
286
287#define TRACE_MESSAGE_POINTER32 0x0040
288#define TRACE_MESSAGE_POINTER64 0x0080
289
290#define TRACE_MESSAGE_FLAG_MASK 0xffff
291
292#define TRACE_MESSAGE_MAXIMUM_SIZE (64 * 1024)
293
294#define EVENT_TRACE_USE_PROCTIME 0x0001
295#define EVENT_TRACE_USE_NOCPUTIME 0x0002
296
297#define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
298#define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000
299#define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000
300#define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000
301#define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000
302
303typedef enum {
304 EtwCompressionModeRestart = 0,
305 EtwCompressionModeNoDisable = 1,
306 EtwCompressionModeNoRestart = 2
307} ETW_COMPRESSION_RESUMPTION_MODE;
308
309typedef struct _EVENT_TRACE_HEADER {
310 USHORT Size;
311 __C89_NAMELESS union {
312 USHORT FieldTypeFlags;
313 __C89_NAMELESS struct {
314 UCHAR HeaderType;
315 UCHAR MarkerFlags;
316 } DUMMYSTRUCTNAME;
317 } DUMMYUNIONNAME;
318 __C89_NAMELESS union {
319 ULONG Version;
320 struct {
321 UCHAR Type;
322 UCHAR Level;
323 USHORT Version;
324 } Class;
325 } DUMMYUNIONNAME2;
326 ULONG ThreadId;
327 ULONG ProcessId;
328 LARGE_INTEGER TimeStamp;
329 __C89_NAMELESS union {
330 GUID Guid;
331 ULONGLONG GuidPtr;
332 } DUMMYUNIONNAME3;
333 __C89_NAMELESS union {
334 __C89_NAMELESS struct {
335 ULONG KernelTime;
336 ULONG UserTime;
337 } DUMMYSTRUCTNAME;
338 ULONG64 ProcessorTime;
339 __C89_NAMELESS struct {
340 ULONG ClientContext;
341 ULONG Flags;
342 } DUMMYSTRUCTNAME2;
343 } DUMMYUNIONNAME4;
344} EVENT_TRACE_HEADER,*PEVENT_TRACE_HEADER;
345
346typedef struct _EVENT_INSTANCE_HEADER {
347 USHORT Size;
348 __C89_NAMELESS union {
349 USHORT FieldTypeFlags;
350 __C89_NAMELESS struct {
351 UCHAR HeaderType;
352 UCHAR MarkerFlags;
353 } DUMMYSTRUCTNAME;
354 } DUMMYUNIONNAME;
355 __C89_NAMELESS union {
356 ULONG Version;
357 struct {
358 UCHAR Type;
359 UCHAR Level;
360 USHORT Version;
361 } Class;
362 } DUMMYUNIONNAME2;
363 ULONG ThreadId;
364 ULONG ProcessId;
365 LARGE_INTEGER TimeStamp;
366 ULONGLONG RegHandle;
367 ULONG InstanceId;
368 ULONG ParentInstanceId;
369 __C89_NAMELESS union {
370 __C89_NAMELESS struct {
371 ULONG KernelTime;
372 ULONG UserTime;
373 } DUMMYSTRUCTNAME;
374 ULONG64 ProcessorTime;
375 __C89_NAMELESS struct {
376 ULONG EventId;
377 ULONG Flags;
378 } DUMMYSTRUCTNAME2;
379 } DUMMYUNIONNAME3;
380 ULONGLONG ParentRegHandle;
381} EVENT_INSTANCE_HEADER,*PEVENT_INSTANCE_HEADER;
382
383#define ETW_NULL_TYPE_VALUE 0
384#define ETW_OBJECT_TYPE_VALUE 1
385#define ETW_STRING_TYPE_VALUE 2
386#define ETW_SBYTE_TYPE_VALUE 3
387#define ETW_BYTE_TYPE_VALUE 4
388#define ETW_INT16_TYPE_VALUE 5
389#define ETW_UINT16_TYPE_VALUE 6
390#define ETW_INT32_TYPE_VALUE 7
391#define ETW_UINT32_TYPE_VALUE 8
392#define ETW_INT64_TYPE_VALUE 9
393#define ETW_UINT64_TYPE_VALUE 10
394#define ETW_CHAR_TYPE_VALUE 11
395#define ETW_SINGLE_TYPE_VALUE 12
396#define ETW_DOUBLE_TYPE_VALUE 13
397#define ETW_BOOLEAN_TYPE_VALUE 14
398#define ETW_DECIMAL_TYPE_VALUE 15
399
400#define ETW_GUID_TYPE_VALUE 101
401#define ETW_ASCIICHAR_TYPE_VALUE 102
402#define ETW_ASCIISTRING_TYPE_VALUE 103
403#define ETW_COUNTED_STRING_TYPE_VALUE 104
404#define ETW_POINTER_TYPE_VALUE 105
405#define ETW_SIZET_TYPE_VALUE 106
406#define ETW_HIDDEN_TYPE_VALUE 107
407#define ETW_BOOL_TYPE_VALUE 108
408#define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
409#define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
410#define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
411#define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
412#define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
413#define ETW_REDUCED_STRING_TYPE_VALUE 114
414#define ETW_SID_TYPE_VALUE 115
415#define ETW_VARIANT_TYPE_VALUE 116
416#define ETW_PTVECTOR_TYPE_VALUE 117
417#define ETW_WMITIME_TYPE_VALUE 118
418#define ETW_DATETIME_TYPE_VALUE 119
419#define ETW_REFRENCE_TYPE_VALUE 120
420
421#define DEFINE_TRACE_MOF_FIELD(M, P, LEN, TYP) (M)->DataPtr = (ULONG64) (ULONG_PTR) P; (M)->Length = (ULONG) LEN; (M)->DataType = (ULONG) TYP;
422
423typedef struct _MOF_FIELD {
424 ULONG64 DataPtr;
425 ULONG Length;
426 ULONG DataType;
427} MOF_FIELD,*PMOF_FIELD;
428
429#if !defined (_EVNTRACE_KERNEL_MODE) || defined (_WMIKM_)
430typedef struct _TRACE_LOGFILE_HEADER {
431 ULONG BufferSize;
432 __C89_NAMELESS union {
433 ULONG Version;
434 struct {
435 UCHAR MajorVersion;
436 UCHAR MinorVersion;
437 UCHAR SubVersion;
438 UCHAR SubMinorVersion;
439 } VersionDetail;
440 } DUMMYUNIONNAME;
441 ULONG ProviderVersion;
442 ULONG NumberOfProcessors;
443 LARGE_INTEGER EndTime;
444 ULONG TimerResolution;
445 ULONG MaximumFileSize;
446 ULONG LogFileMode;
447 ULONG BuffersWritten;
448 __C89_NAMELESS union {
449 GUID LogInstanceGuid;
450 __C89_NAMELESS struct {
451 ULONG StartBuffers;
452 ULONG PointerSize;
453 ULONG EventsLost;
454 ULONG CpuSpeedInMHz;
455 } DUMMYSTRUCTNAME;
456 } DUMMYUNIONNAME2;
457#if defined (_WMIKM_)
458 PWCHAR LoggerName;
459 PWCHAR LogFileName;
460 RTL_TIME_ZONE_INFORMATION TimeZone;
461#else
462 LPWSTR LoggerName;
463 LPWSTR LogFileName;
464 TIME_ZONE_INFORMATION TimeZone;
465#endif
466 LARGE_INTEGER BootTime;
467 LARGE_INTEGER PerfFreq;
468 LARGE_INTEGER StartTime;
469 ULONG ReservedFlags;
470 ULONG BuffersLost;
471} TRACE_LOGFILE_HEADER,*PTRACE_LOGFILE_HEADER;
472
473typedef struct _TRACE_LOGFILE_HEADER32 {
474 ULONG BufferSize;
475 __C89_NAMELESS union {
476 ULONG Version;
477 struct {
478 UCHAR MajorVersion;
479 UCHAR MinorVersion;
480 UCHAR SubVersion;
481 UCHAR SubMinorVersion;
482 } VersionDetail;
483 };
484 ULONG ProviderVersion;
485 ULONG NumberOfProcessors;
486 LARGE_INTEGER EndTime;
487 ULONG TimerResolution;
488 ULONG MaximumFileSize;
489 ULONG LogFileMode;
490 ULONG BuffersWritten;
491 __C89_NAMELESS union {
492 GUID LogInstanceGuid;
493 __C89_NAMELESS struct {
494 ULONG StartBuffers;
495 ULONG PointerSize;
496 ULONG EventsLost;
497 ULONG CpuSpeedInMHz;
498 };
499 };
500 ULONG32 LoggerName;
501 ULONG32 LogFileName;
502#if defined (_WMIKM_)
503 RTL_TIME_ZONE_INFORMATION TimeZone;
504#else
505 TIME_ZONE_INFORMATION TimeZone;
506#endif
507 LARGE_INTEGER BootTime;
508 LARGE_INTEGER PerfFreq;
509 LARGE_INTEGER StartTime;
510 ULONG ReservedFlags;
511 ULONG BuffersLost;
512} TRACE_LOGFILE_HEADER32,*PTRACE_LOGFILE_HEADER32;
513
514typedef struct _TRACE_LOGFILE_HEADER64 {
515 ULONG BufferSize;
516 __C89_NAMELESS union {
517 ULONG Version;
518 __C89_NAMELESS struct {
519 UCHAR MajorVersion;
520 UCHAR MinorVersion;
521 UCHAR SubVersion;
522 UCHAR SubMinorVersion;
523 } VersionDetail;
524 };
525 ULONG ProviderVersion;
526 ULONG NumberOfProcessors;
527 LARGE_INTEGER EndTime;
528 ULONG TimerResolution;
529 ULONG MaximumFileSize;
530 ULONG LogFileMode;
531 ULONG BuffersWritten;
532 __C89_NAMELESS union {
533 GUID LogInstanceGuid;
534 __C89_NAMELESS struct {
535 ULONG StartBuffers;
536 ULONG PointerSize;
537 ULONG EventsLost;
538 ULONG CpuSpeedInMHz;
539 };
540 };
541 ULONG64 LoggerName;
542 ULONG64 LogFileName;
543#if defined (_WMIKM_)
544 RTL_TIME_ZONE_INFORMATION TimeZone;
545#else
546 TIME_ZONE_INFORMATION TimeZone;
547#endif
548 LARGE_INTEGER BootTime;
549 LARGE_INTEGER PerfFreq;
550 LARGE_INTEGER StartTime;
551 ULONG ReservedFlags;
552 ULONG BuffersLost;
553} TRACE_LOGFILE_HEADER64,*PTRACE_LOGFILE_HEADER64;
554#endif
555
556typedef struct EVENT_INSTANCE_INFO {
557 HANDLE RegHandle;
558 ULONG InstanceId;
559} EVENT_INSTANCE_INFO,*PEVENT_INSTANCE_INFO;
560
561#ifndef _EVNTRACE_KERNEL_MODE
562
563typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR;
564
565typedef struct _EVENT_TRACE_PROPERTIES {
566 WNODE_HEADER Wnode;
567 ULONG BufferSize;
568 ULONG MinimumBuffers;
569 ULONG MaximumBuffers;
570 ULONG MaximumFileSize;
571 ULONG LogFileMode;
572 ULONG FlushTimer;
573 ULONG EnableFlags;
574 LONG AgeLimit;
575 ULONG NumberOfBuffers;
576 ULONG FreeBuffers;
577 ULONG EventsLost;
578 ULONG BuffersWritten;
579 ULONG LogBuffersLost;
580 ULONG RealTimeBuffersLost;
581 HANDLE LoggerThreadId;
582 ULONG LogFileNameOffset;
583 ULONG LoggerNameOffset;
584} EVENT_TRACE_PROPERTIES,*PEVENT_TRACE_PROPERTIES;
585
586typedef struct _EVENT_TRACE_PROPERTIES_V2 {
587 WNODE_HEADER Wnode;
588 ULONG BufferSize;
589 ULONG MinimumBuffers;
590 ULONG MaximumBuffers;
591 ULONG MaximumFileSize;
592 ULONG LogFileMode;
593 ULONG FlushTimer;
594 ULONG EnableFlags;
595 __C89_NAMELESS union {
596 LONG AgeLimit;
597 LONG FlushThreshold;
598 };
599 ULONG NumberOfBuffers;
600 ULONG FreeBuffers;
601 ULONG EventsLost;
602 ULONG BuffersWritten;
603 ULONG LogBuffersLost;
604 ULONG RealTimeBuffersLost;
605 HANDLE LoggerThreadId;
606 ULONG LogFileNameOffset;
607 ULONG LoggerNameOffset;
608 __C89_NAMELESS union {
609 __C89_NAMELESS struct {
610 ULONG VersionNumber : 8;
611 };
612 ULONG V2Control;
613 };
614 ULONG FilterDescCount;
615 PEVENT_FILTER_DESCRIPTOR FilterDesc;
616 __C89_NAMELESS union {
617 __C89_NAMELESS struct {
618 ULONG Wow : 1;
619 ULONG QpcDeltaTracking : 1;
620 };
621 ULONG64 V2Options;
622 };
623} EVENT_TRACE_PROPERTIES_V2, *PEVENT_TRACE_PROPERTIES_V2;
624
625typedef struct _TRACE_GUID_REGISTRATION {
626 LPCGUID Guid;
627 HANDLE RegHandle;
628} TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION;
629#endif
630
631typedef struct _TRACE_GUID_PROPERTIES {
632 GUID Guid;
633 ULONG GuidType;
634 ULONG LoggerId;
635 ULONG EnableLevel;
636 ULONG EnableFlags;
637 BOOLEAN IsEnable;
638} TRACE_GUID_PROPERTIES,*PTRACE_GUID_PROPERTIES;
639
640#ifndef ETW_BUFFER_CONTEXT_DEF
641#define ETW_BUFFER_CONTEXT_DEF
642
643typedef struct _ETW_BUFFER_CONTEXT {
644 __C89_NAMELESS union {
645 __C89_NAMELESS struct {
646 UCHAR ProcessorNumber;
647 UCHAR Alignment;
648 } DUMMYSTRUCTNAME;
649 USHORT ProcessorIndex;
650 } DUMMYUNIONNAME;
651 USHORT LoggerId;
652} ETW_BUFFER_CONTEXT,*PETW_BUFFER_CONTEXT;
653#endif
654
655#define TRACE_PROVIDER_FLAG_LEGACY (0x00000001)
656#define TRACE_PROVIDER_FLAG_PRE_ENABLE (0x00000002)
657
658typedef struct _TRACE_ENABLE_INFO {
659 ULONG IsEnabled;
660 UCHAR Level;
661 UCHAR Reserved1;
662 USHORT LoggerId;
663 ULONG EnableProperty;
664 ULONG Reserved2;
665 ULONGLONG MatchAnyKeyword;
666 ULONGLONG MatchAllKeyword;
667} TRACE_ENABLE_INFO,*PTRACE_ENABLE_INFO;
668
669typedef struct _TRACE_PROVIDER_INSTANCE_INFO {
670 ULONG NextOffset;
671 ULONG EnableCount;
672 ULONG Pid;
673 ULONG Flags;
674} TRACE_PROVIDER_INSTANCE_INFO,*PTRACE_PROVIDER_INSTANCE_INFO;
675
676typedef struct _TRACE_GUID_INFO {
677 ULONG InstanceCount;
678 ULONG Reserved;
679} TRACE_GUID_INFO,*PTRACE_GUID_INFO;
680
681typedef struct _PROFILE_SOURCE_INFO {
682 ULONG NextEntryOffset;
683 ULONG Source;
684 ULONG MinInterval;
685 ULONG MaxInterval;
686 ULONG64 Reserved;
687 WCHAR Description[ANYSIZE_ARRAY];
688} PROFILE_SOURCE_INFO,*PPROFILE_SOURCE_INFO;
689
690typedef struct _EVENT_TRACE {
691 EVENT_TRACE_HEADER Header;
692 ULONG InstanceId;
693 ULONG ParentInstanceId;
694 GUID ParentGuid;
695 PVOID MofData;
696 ULONG MofLength;
697 __C89_NAMELESS union {
698 ULONG ClientContext;
699 ETW_BUFFER_CONTEXT BufferContext;
700 } DUMMYUNIONNAME;
701} EVENT_TRACE,*PEVENT_TRACE;
702
703#define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
704#define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
705#define EVENT_CONTROL_CODE_CAPTURE_STATE 2
706#endif
707
708#ifndef _EVNTRACE_KERNEL_MODE
709#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
710typedef struct _EVENT_RECORD EVENT_RECORD,*PEVENT_RECORD;
711typedef struct _EVENT_TRACE_LOGFILEW EVENT_TRACE_LOGFILEW,*PEVENT_TRACE_LOGFILEW;
712typedef struct _EVENT_TRACE_LOGFILEA EVENT_TRACE_LOGFILEA,*PEVENT_TRACE_LOGFILEA;
713typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW) (PEVENT_TRACE_LOGFILEW Logfile);
714typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA) (PEVENT_TRACE_LOGFILEA Logfile);
715typedef VOID (WINAPI *PEVENT_CALLBACK) (PEVENT_TRACE pEvent);
716typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK) (PEVENT_RECORD EventRecord);
717typedef ULONG (WINAPI *WMIDPREQUEST) (WMIDPREQUESTCODE RequestCode, PVOID RequestContext, ULONG *BufferSize, PVOID Buffer);
718
719struct _EVENT_TRACE_LOGFILEW {
720 LPWSTR LogFileName;
721 LPWSTR LoggerName;
722 LONGLONG CurrentTime;
723 ULONG BuffersRead;
724 __C89_NAMELESS union {
725 ULONG LogFileMode;
726 ULONG ProcessTraceMode;
727 } DUMMYUNIONNAME;
728 EVENT_TRACE CurrentEvent;
729 TRACE_LOGFILE_HEADER LogfileHeader;
730 PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback;
731 ULONG BufferSize;
732 ULONG Filled;
733 ULONG EventsLost;
734 __C89_NAMELESS union {
735 PEVENT_CALLBACK EventCallback;
736 PEVENT_RECORD_CALLBACK EventRecordCallback;
737 } DUMMYUNIONNAME2;
738 ULONG IsKernelTrace;
739 PVOID Context;
740};
741
742struct _EVENT_TRACE_LOGFILEA {
743 LPSTR LogFileName;
744 LPSTR LoggerName;
745 LONGLONG CurrentTime;
746 ULONG BuffersRead;
747 __C89_NAMELESS union {
748 ULONG LogFileMode;
749 ULONG ProcessTraceMode;
750 } DUMMYUNIONNAME;
751 EVENT_TRACE CurrentEvent;
752 TRACE_LOGFILE_HEADER LogfileHeader;
753 PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback;
754 ULONG BufferSize;
755 ULONG Filled;
756 ULONG EventsLost;
757 __C89_NAMELESS union {
758 PEVENT_CALLBACK EventCallback;
759 PEVENT_RECORD_CALLBACK EventRecordCallback;
760 } DUMMYUNIONNAME2;
761 ULONG IsKernelTrace;
762 PVOID Context;
763};
764
765#if defined (_UNICODE) || defined (UNICODE)
766#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
767#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
768#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
769#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
770#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
771#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
772#else
773#define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
774#define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
775#define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
776#define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
777#define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
778#define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
779#endif
780#endif
781
782#ifdef __cplusplus
783extern "C" {
784#endif
785
786#define ENABLE_TRACE_PARAMETERS_VERSION 1
787#define ENABLE_TRACE_PARAMETERS_VERSION_2 2
788
789typedef enum _TRACE_QUERY_INFO_CLASS {
790 TraceGuidQueryList,
791 TraceGuidQueryInfo,
792 TraceGuidQueryProcess,
793 TraceStackTracingInfo,
794 TraceSystemTraceEnableFlagsInfo,
795 TraceSampledProfileIntervalInfo,
796 TraceProfileSourceConfigInfo,
797 TraceProfileSourceListInfo,
798 TracePmcEventListInfo,
799 TracePmcCounterListInfo,
800 TraceSetDisallowList,
801 TraceVersionInfo,
802 TraceGroupQueryList,
803 TraceGroupQueryInfo,
804 TraceDisallowListQuery,
805 TraceCompressionInfo,
806 TracePeriodicCaptureStateListInfo,
807 TracePeriodicCaptureStateInfo,
808 TraceProviderBinaryTracking,
809 TraceMaxLoggersQuery,
810 MaxTraceSetInfoClass
811} TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS;
812
813typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR,*PEVENT_FILTER_DESCRIPTOR;
814
815typedef struct _ENABLE_TRACE_PARAMETERS_V1 {
816 ULONG Version;
817 ULONG EnableProperty;
818 ULONG ControlFlags;
819 GUID SourceId;
820 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
821} ENABLE_TRACE_PARAMETERS_V1, *PENABLE_TRACE_PARAMETERS_V1;
822
823typedef struct _ENABLE_TRACE_PARAMETERS {
824 ULONG Version;
825 ULONG EnableProperty;
826 ULONG ControlFlags;
827 GUID SourceId;
828 PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
829 ULONG FilterDescCount;
830} ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS;
831
832/*To enable the read event type for disk IO events, set GUID to 3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c and Type to 10.*/
833typedef struct _CLASSIC_EVENT_ID {
834 GUID EventGuid;
835 UCHAR Type;
836 UCHAR Reserved[7];
837} CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID;
838
839typedef struct _TRACE_PROFILE_INTERVAL {
840 ULONG Source;
841 ULONG Interval;
842} TRACE_PROFILE_INTERVAL, *PTRACE_PROFILE_INTERVAL;
843
844typedef struct _TRACE_VERSION_INFO {
845 UINT EtwTraceProcessingVersion;
846 UINT Reserved;
847} TRACE_VERSION_INFO, *PTRACE_VERSION_INFO;
848
849typedef struct _TRACE_PERIODIC_CAPTURE_STATE_INFO {
850 ULONG CaptureStateFrequencyInSeconds;
851 USHORT ProviderCount;
852 USHORT Reserved;
853} TRACE_PERIODIC_CAPTURE_STATE_INFO, *PTRACE_PERIODIC_CAPTURE_STATE_INFO;
854
855#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
856 EXTERN_C ULONG WMIAPI ControlTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode);
857 EXTERN_C ULONG WMIAPI FlushTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); EXTERN_C ULONG WMIAPI QueryTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); EXTERN_C ULONG WMIAPI StartTraceA (PTRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
858 EXTERN_C ULONG WMIAPI StopTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
859 EXTERN_C ULONG WMIAPI RegisterTraceGuidsA (WMIDPREQUEST RequestAddress, PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount, PTRACE_GUID_REGISTRATION TraceGuidReg, LPCSTR MofImagePath, LPCSTR MofResourceName, PTRACEHANDLE RegistrationHandle);
860 EXTERN_C TRACEHANDLE WMIAPI OpenTraceA (PEVENT_TRACE_LOGFILEA Logfile);
861 EXTERN_C ULONG WMIAPI CloseTrace (TRACEHANDLE TraceHandle);
862 EXTERN_C ULONG WMIAPI ProcessTrace (PTRACEHANDLE HandleArray, ULONG HandleCount, LPFILETIME StartTime, LPFILETIME EndTime);
863#endif
864
865#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
866 EXTERN_C ULONG WMIAPI UpdateTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
867 EXTERN_C ULONG WMIAPI UpdateTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
868 EXTERN_C ULONG WMIAPI QueryAllTracesW (PEVENT_TRACE_PROPERTIES *PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount);
869 EXTERN_C ULONG WMIAPI QueryAllTracesA (PEVENT_TRACE_PROPERTIES *PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount);
870 EXTERN_C ULONG WMIAPI CreateTraceInstanceId (HANDLE RegHandle, PEVENT_INSTANCE_INFO InstInfo);
871 EXTERN_C ULONG WMIAPI TraceEvent (TRACEHANDLE TraceHandle, PEVENT_TRACE_HEADER EventTrace);
872 EXTERN_C ULONG WMIAPI TraceEventInstance (TRACEHANDLE TraceHandle, PEVENT_INSTANCE_HEADER EventTrace, PEVENT_INSTANCE_INFO InstInfo, PEVENT_INSTANCE_INFO ParentInstInfo);
873 EXTERN_C ULONG WMIAPI EnumerateTraceGuids (PTRACE_GUID_PROPERTIES *GuidPropertiesArray, ULONG PropertyArrayCount, PULONG GuidCount);
874 EXTERN_C ULONG WMIAPI SetTraceCallback (LPCGUID pGuid, PEVENT_CALLBACK EventCallback);
875 EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid);
876 EXTERN_C ULONG TraceMessageVa (TRACEHANDLE LoggerHandle, ULONG MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber, va_list MessageArgList);
877#if WINVER >= 0x0601
878 EXTERN_C ULONG WMIAPI TraceSetInformation (TRACEHANDLE SessionHandle, TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG InformationLength);
879#endif
880#if WINVER >= 0x0602
881 EXTERN_C ULONG WMIAPI TraceQueryInformation (TRACEHANDLE SessionHandle, TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG InformationLength, PULONG ReturnLength);
882#endif
883#endif /* WINAPI_PARTITION_DESKTOP */
884
885#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
886
887typedef enum _ETW_PROCESS_HANDLE_INFO_TYPE {
888 EtwQueryPartitionInformation = 1,
889 EtwQueryProcessHandleInfoMax
890} ETW_PROCESS_HANDLE_INFO_TYPE;
891
892typedef struct _ETW_TRACE_PARTITION_INFORMATION {
893 GUID PartitionId;
894 GUID ParentId;
895 LONG64 QpcOffsetFromRoot;
896 ULONG PartitionType;
897} ETW_TRACE_PARTITION_INFORMATION, *PETW_TRACE_PARTITION_INFORMATION;
898
899 EXTERN_C TRACEHANDLE WMIAPI OpenTraceW (PEVENT_TRACE_LOGFILEW Logfile);
900#if WINVER >= 0x0600
901 EXTERN_C ULONG WMIAPI EnableTraceEx (LPCGUID ProviderId, LPCGUID SourceId, TRACEHANDLE TraceHandle, ULONG IsEnabled, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG EnableProperty, PEVENT_FILTER_DESCRIPTOR EnableFilterDesc);
902 EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx (TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG OutBufferSize, PULONG ReturnLength);
903#endif
904#if WINVER >= 0x0601
905 EXTERN_C ULONG WMIAPI EnableTraceEx2 (TRACEHANDLE TraceHandle, LPCGUID ProviderId, ULONG ControlCode, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG Timeout, PENABLE_TRACE_PARAMETERS EnableParameters);
906#endif
907 EXTERN_C ULONG WMIAPI StartTraceA (PTRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
908 EXTERN_C ULONG WMIAPI StartTraceW (PTRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
909 EXTERN_C ULONG WMIAPI StopTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
910 EXTERN_C ULONG WMIAPI QueryTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
911 EXTERN_C ULONG WMIAPI FlushTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
912 EXTERN_C ULONG WMIAPI ControlTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode);
913 EXTERN_C ULONG WMIAPI EnableTrace (ULONG Enable, ULONG EnableFlag, ULONG EnableLevel, LPCGUID ControlGuid, TRACEHANDLE TraceHandle);
914 EXTERN_C ULONG WMIAPI RegisterTraceGuidsW (WMIDPREQUEST RequestAddress, PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount, PTRACE_GUID_REGISTRATION TraceGuidReg, LPCWSTR MofImagePath, LPCWSTR MofResourceName, PTRACEHANDLE RegistrationHandle);
915 EXTERN_C ULONG WMIAPI UnregisterTraceGuids (TRACEHANDLE RegistrationHandle);
916 EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle (PVOID Buffer);
917 EXTERN_C UCHAR WMIAPI GetTraceEnableLevel (TRACEHANDLE TraceHandle);
918 EXTERN_C ULONG WMIAPI GetTraceEnableFlags (TRACEHANDLE TraceHandle);
919 EXTERN_C ULONG __cdecl TraceMessage (TRACEHANDLE LoggerHandle, ULONG MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber,...);
920 EXTERN_C ULONG WMIAPI QueryTraceProcessingHandle (TRACEHANDLE ProcessingHandle, ETW_PROCESS_HANDLE_INFO_TYPE InformationClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG OutBufferSize, PULONG ReturnLength);
921#endif /* WINAPI_PARTITION_APP */
922
923#ifdef __cplusplus
924}
925#endif
926
927#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
928#define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE)
929#endif
930
931#if defined (UNICODE) || defined (_UNICODE)
932#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
933#define RegisterTraceGuids RegisterTraceGuidsW
934#define StartTrace StartTraceW
935#define ControlTrace ControlTraceW
936
937#ifdef __TRACE_W2K_COMPATIBLE
938#define StopTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
939#define QueryTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
940#define UpdateTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
941#else
942#define StopTrace StopTraceW
943#define QueryTrace QueryTraceW
944#define UpdateTrace UpdateTraceW
945#endif
946
947#define FlushTrace FlushTraceW
948#define QueryAllTraces QueryAllTracesW
949#define OpenTrace OpenTraceW
950#endif
951#else
952
953#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
954#define RegisterTraceGuids RegisterTraceGuidsA
955#define StartTrace StartTraceA
956#define ControlTrace ControlTraceA
957
958#ifdef __TRACE_W2K_COMPATIBLE
959#define StopTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
960#define QueryTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
961#define UpdateTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
962#else
963#define StopTrace StopTraceA
964#define QueryTrace QueryTraceA
965#define UpdateTrace UpdateTraceA
966#endif
967
968#define FlushTrace FlushTraceA
969#define QueryAllTraces QueryAllTracesA
970#define OpenTrace OpenTraceA
971#endif
972#endif
973#endif
974#endif
975#endif