master
1/**
2 * This file has no copyright assigned and is placed in the Public Domain.
3 * This file is part of the mingw-w64 runtime package.
4 * No warranty is given; refer to the file DISCLAIMER.PD within this package.
5 */
6#ifndef __WINEVT_H__
7#define __WINEVT_H__
8
9#include <winapifamily.h>
10
11#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
12
13#if (_WIN32_WINNT >= 0x0600)
14
15#ifdef __cplusplus
16extern "C" {
17#endif
18
19#define EVT_READ_ACCESS 0x1
20#define EVT_WRITE_ACCESS 0x2
21#define EVT_CLEAR_ACCESS 0x4
22#define EVT_ALL_ACCESS 0x7
23
24typedef enum _EVT_CHANNEL_CLOCK_TYPE {
25 EvtChannelClockTypeSystemTime = 0,
26 EvtChannelClockTypeQPC = 1
27} EVT_CHANNEL_CLOCK_TYPE;
28
29typedef enum _EVT_CHANNEL_CONFIG_PROPERTY_ID {
30 EvtChannelConfigEnabled = 0,
31 EvtChannelConfigIsolation = 1,
32 EvtChannelConfigType = 2,
33 EvtChannelConfigOwningPublisher = 3,
34 EvtChannelConfigClassicEventlog = 4,
35 EvtChannelConfigAccess = 5,
36 EvtChannelLoggingConfigRetention = 6,
37 EvtChannelLoggingConfigAutoBackup = 7,
38 EvtChannelLoggingConfigMaxSize = 8,
39 EvtChannelLoggingConfigLogFilePath = 9,
40 EvtChannelPublishingConfigLevel = 10,
41 EvtChannelPublishingConfigKeywords = 11,
42 EvtChannelPublishingConfigControlGuid = 12,
43 EvtChannelPublishingConfigBufferSize = 13,
44 EvtChannelPublishingConfigMinBuffers = 14,
45 EvtChannelPublishingConfigMaxBuffers = 15,
46 EvtChannelPublishingConfigLatency = 16,
47 EvtChannelPublishingConfigClockType = 17,
48 EvtChannelPublishingConfigSidType = 18,
49 EvtChannelPublisherList = 19,
50 EvtChannelPublishingConfigFileMax = 20,
51 EvtChannelConfigPropertyIdEND = 21
52} EVT_CHANNEL_CONFIG_PROPERTY_ID;
53
54typedef enum _EVT_CHANNEL_ISOLATION_TYPE {
55 EvtChannelIsolationTypeApplication = 0,
56 EvtChannelIsolationTypeSystem = 1,
57 EvtChannelIsolationTypeCustom = 2
58} EVT_CHANNEL_ISOLATION_TYPE;
59
60typedef enum _EVT_CHANNEL_REFERENCE_FLAGS {
61 EvtChannelReferenceImported = 0x1
62} EVT_CHANNEL_REFERENCE_FLAGS;
63
64typedef enum _EVT_CHANNEL_SID_TYPE {
65 EvtChannelSidTypeNone = 0,
66 EvtChannelSidTypePublishing = 1
67} EVT_CHANNEL_SID_TYPE;
68
69typedef enum _EVT_CHANNEL_TYPE {
70 EvtChannelTypeAdmin = 0,
71 EvtChannelTypeOperational = 1,
72 EvtChannelTypeAnalytic = 2,
73 EvtChannelTypeDebug = 3
74} EVT_CHANNEL_TYPE;
75
76typedef enum _EVT_EVENT_METADATA_PROPERTY_ID {
77 EventMetadataEventID = 0,
78 EventMetadataEventVersion = 1,
79 EventMetadataEventChannel = 2,
80 EventMetadataEventLevel = 3,
81 EventMetadataEventOpcode = 4,
82 EventMetadataEventTask = 5,
83 EventMetadataEventKeyword = 6,
84 EventMetadataEventMessageID = 7,
85 EventMetadataEventTemplate = 8,
86 EvtEventMetadataPropertyIdEND = 9
87} EVT_EVENT_METADATA_PROPERTY_ID;
88
89typedef enum _EVT_EVENT_PROPERTY_ID {
90 EvtEventQueryIDs = 0,
91 EvtEventPath = 1,
92 EvtEventPropertyIdEND = 2
93} EVT_EVENT_PROPERTY_ID;
94
95typedef enum _EVT_EXPORTLOG_FLAGS {
96 EvtExportLogChannelPath = 0x1,
97 EvtExportLogFilePath = 0x2,
98 EvtExportLogTolerateQueryErrors = 0x1000
99} EVT_EXPORTLOG_FLAGS;
100
101typedef enum _EVT_FORMAT_MESSAGE_FLAGS {
102 EvtFormatMessageEvent = 1,
103 EvtFormatMessageLevel = 2,
104 EvtFormatMessageTask = 3,
105 EvtFormatMessageOpcode = 4,
106 EvtFormatMessageKeyword = 5,
107 EvtFormatMessageChannel = 6,
108 EvtFormatMessageProvider = 7,
109 EvtFormatMessageId = 8,
110 EvtFormatMessageXml = 9
111} EVT_FORMAT_MESSAGE_FLAGS;
112
113typedef enum _EVT_LOG_PROPERTY_ID {
114 EvtLogCreationTime = 0,
115 EvtLogLastAccessTime = 1,
116 EvtLogLastWriteTime = 2,
117 EvtLogFileSize = 3,
118 EvtLogAttributes = 4,
119 EvtLogNumberOfLogRecords = 5,
120 EvtLogOldestRecordNumber = 6,
121 EvtLogFull = 7
122} EVT_LOG_PROPERTY_ID;
123
124typedef enum _EVT_LOGIN_CLASS {
125 EvtRpcLogin = 1
126} EVT_LOGIN_CLASS;
127
128typedef enum _EVT_OPEN_LOG_FLAGS {
129 EvtOpenChannelPath = 0x1,
130 EvtOpenFilePath = 0x2
131} EVT_OPEN_LOG_FLAGS;
132
133typedef enum _EVT_PUBLISHER_METADATA_PROPERTY_ID {
134 EvtPublisherMetadataPublisherGuid = 0,
135 EvtPublisherMetadataResourceFilePath,
136 EvtPublisherMetadataParameterFilePath,
137 EvtPublisherMetadataMessageFilePath,
138 EvtPublisherMetadataHelpLink,
139 EvtPublisherMetadataPublisherMessageID,
140 EvtPublisherMetadataChannelReferences,
141 EvtPublisherMetadataChannelReferencePath,
142 EvtPublisherMetadataChannelReferenceIndex,
143 EvtPublisherMetadataChannelReferenceID,
144 EvtPublisherMetadataChannelReferenceFlags,
145 EvtPublisherMetadataChannelReferenceMessageID,
146 EvtPublisherMetadataLevels,
147 EvtPublisherMetadataLevelName,
148 EvtPublisherMetadataLevelValue,
149 EvtPublisherMetadataLevelMessageID,
150 EvtPublisherMetadataTasks,
151 EvtPublisherMetadataTaskName,
152 EvtPublisherMetadataTaskEventGuid,
153 EvtPublisherMetadataTaskValue,
154 EvtPublisherMetadataTaskMessageID,
155 EvtPublisherMetadataOpcodes,
156 EvtPublisherMetadataOpcodeName,
157 EvtPublisherMetadataOpcodeValue,
158 EvtPublisherMetadataOpcodeMessageID,
159 EvtPublisherMetadataKeywords,
160 EvtPublisherMetadataKeywordName,
161 EvtPublisherMetadataKeywordValue,
162 EvtPublisherMetadataKeywordMessageID,
163 EvtPublisherMetadataPropertyIdEND
164} EVT_PUBLISHER_METADATA_PROPERTY_ID;
165
166typedef enum _EVT_QUERY_FLAGS {
167 EvtQueryChannelPath = 0x1,
168 EvtQueryFilePath = 0x2,
169 EvtQueryForwardDirection = 0x100,
170 EvtQueryReverseDirection = 0x200,
171 EvtQueryTolerateQueryErrors = 0x1000
172} EVT_QUERY_FLAGS;
173
174typedef enum _EVT_QUERY_PROPERTY_ID {
175 EvtQueryNames = 0,
176 EvtQueryStatuses = 1,
177 EvtQueryPropertyIdEND = 2
178} EVT_QUERY_PROPERTY_ID;
179
180typedef enum _EVT_RENDER_CONTEXT_FLAGS {
181 EvtRenderContextValues = 0,
182 EvtRenderContextSystem = 1,
183 EvtRenderContextUser = 2
184} EVT_RENDER_CONTEXT_FLAGS;
185
186typedef enum _EVT_RENDER_FLAGS {
187 EvtRenderEventValues = 0,
188 EvtRenderEventXml = 1,
189 EvtRenderBookmark = 2
190} EVT_RENDER_FLAGS;
191
192typedef struct _EVT_RPC_LOGIN {
193 LPWSTR Server;
194 LPWSTR User;
195 LPWSTR Domain;
196 LPWSTR Password;
197 DWORD Flags;
198} EVT_RPC_LOGIN;
199
200typedef enum _EVT_RPC_LOGIN_FLAGS {
201 EvtRpcLoginAuthDefault = 0,
202 EvtRpcLoginAuthNegotiate = 1,
203 EvtRpcLoginAuthKerberos = 2,
204 EvtRpcLoginAuthNTLM = 3
205} EVT_RPC_LOGIN_FLAGS;
206
207typedef enum _EVT_SEEK_FLAGS {
208 EvtSeekRelativeToFirst = 1,
209 EvtSeekRelativeToLast = 2,
210 EvtSeekRelativeToCurrent = 3,
211 EvtSeekRelativeToBookmark = 4,
212 EvtSeekOriginMask = 7,
213 EvtSeekStrict = 0x10000
214} EVT_SEEK_FLAGS;
215
216typedef enum _EVT_SUBSCRIBE_FLAGS {
217 EvtSubscribeToFutureEvents = 1,
218 EvtSubscribeStartAtOldestRecord = 2,
219 EvtSubscribeStartAfterBookmark = 3,
220 EvtSubscribeOriginMask = 0x3,
221 EvtSubscribeTolerateQueryErrors = 0x1000,
222 EvtSubscribeStrict = 0x10000
223} EVT_SUBSCRIBE_FLAGS;
224
225typedef enum _EVT_SUBSCRIBE_NOTIFY_ACTION {
226 EvtSubscribeActionError = 0,
227 EvtSubscribeActionDeliver = 1
228} EVT_SUBSCRIBE_NOTIFY_ACTION;
229
230typedef enum _EVT_SYSTEM_PROPERTY_ID {
231 EvtSystemProviderName = 0,
232 EvtSystemProviderGuid,
233 EvtSystemEventID,
234 EvtSystemQualifiers,
235 EvtSystemLevel,
236 EvtSystemTask,
237 EvtSystemOpcode,
238 EvtSystemKeywords,
239 EvtSystemTimeCreated,
240 EvtSystemEventRecordId,
241 EvtSystemActivityID,
242 EvtSystemRelatedActivityID,
243 EvtSystemProcessID,
244 EvtSystemThreadID,
245 EvtSystemChannel,
246 EvtSystemComputer,
247 EvtSystemUserID,
248 EvtSystemVersion,
249 EvtSystemPropertyIdEND
250} EVT_SYSTEM_PROPERTY_ID;
251
252typedef enum _EVT_VARIANT_TYPE {
253 EvtVarTypeNull = 0,
254 EvtVarTypeString = 1,
255 EvtVarTypeAnsiString = 2,
256 EvtVarTypeSByte = 3,
257 EvtVarTypeByte = 4,
258 EvtVarTypeInt16 = 5,
259 EvtVarTypeUInt16 = 6,
260 EvtVarTypeInt32 = 7,
261 EvtVarTypeUInt32 = 8,
262 EvtVarTypeInt64 = 9,
263 EvtVarTypeUInt64 = 10,
264 EvtVarTypeSingle = 11,
265 EvtVarTypeDouble = 12,
266 EvtVarTypeBoolean = 13,
267 EvtVarTypeBinary = 14,
268 EvtVarTypeGuid = 15,
269 EvtVarTypeSizeT = 16,
270 EvtVarTypeFileTime = 17,
271 EvtVarTypeSysTime = 18,
272 EvtVarTypeSid = 19,
273 EvtVarTypeHexInt32 = 20,
274 EvtVarTypeHexInt64 = 21,
275 EvtVarTypeEvtHandle = 32,
276 EvtVarTypeEvtXml = 35
277} EVT_VARIANT_TYPE;
278
279#define EVT_VARIANT_TYPE_MASK 0x7f
280#define EVT_VARIANT_TYPE_ARRAY 128
281
282typedef HANDLE EVT_HANDLE;
283typedef HANDLE EVT_OBJECT_ARRAY_PROPERTY_HANDLE;
284
285typedef struct _EVT_VARIANT {
286 __C89_NAMELESS union {
287 WINBOOL BooleanVal;
288 INT8 SByteVal;
289 INT16 Int16Val;
290 INT32 Int32Val;
291 INT64 Int64Val;
292 UINT8 ByteVal;
293 UINT16 UInt16Val;
294 UINT32 UInt32Val;
295 UINT64 UInt64Val;
296 float SingleVal;
297 double DoubleVal;
298 ULONGLONG FileTimeVal;
299 SYSTEMTIME *SysTimeVal;
300 GUID *GuidVal;
301 LPCWSTR StringVal;
302 LPCSTR AnsiStringVal;
303 PBYTE BinaryVal;
304 PSID SidVal;
305 size_t SizeTVal;
306 EVT_HANDLE EvtHandleVal;
307 BOOL *BooleanArr;
308 INT8 *SByteArr;
309 INT16 *Int16Arr;
310 INT32 *Int32Arr;
311 INT64 *Int64Arr;
312 UINT8 *ByteArr;
313 UINT16 *UInt16Arr;
314 UINT32 *UInt32Arr;
315 UINT64 *UInt64Arr;
316 float *SingleArr;
317 double *DoubleArr;
318 FILETIME *FileTimeArr;
319 SYSTEMTIME *SysTimeArr;
320 GUID *GuidArr;
321 LPWSTR *StringArr;
322 LPSTR *AnsiStringArr;
323 PSID *SidArr;
324 size_t *SizeTArr;
325 LPCWSTR XmlVal;
326 LPCWSTR* XmlValArr;
327 };
328 DWORD Count;
329 DWORD Type;
330} EVT_VARIANT, *PEVT_VARIANT;
331
332typedef DWORD ( WINAPI *EVT_SUBSCRIBE_CALLBACK )(
333 EVT_SUBSCRIBE_NOTIFY_ACTION Action,
334 PVOID UserContext,
335 EVT_HANDLE Event
336);
337
338WINBOOL WINAPI EvtArchiveExportedLog(
339 EVT_HANDLE Session,
340 LPCWSTR LogFilePath,
341 LCID Locale,
342 DWORD Flags
343);
344
345WINBOOL WINAPI EvtCancel(
346 EVT_HANDLE Object
347);
348
349WINBOOL WINAPI EvtClearLog(
350 EVT_HANDLE Session,
351 LPCWSTR ChannelPath,
352 LPCWSTR TargetFilePath,
353 DWORD Flags
354);
355
356WINBOOL WINAPI EvtClose(
357 EVT_HANDLE Object
358);
359
360EVT_HANDLE WINAPI EvtCreateBookmark(
361 LPCWSTR BookmarkXml
362);
363
364EVT_HANDLE WINAPI EvtCreateRenderContext(
365 DWORD ValuePathsCount,
366 LPCWSTR *ValuePaths,
367 DWORD Flags
368);
369
370WINBOOL WINAPI EvtExportLog(
371 EVT_HANDLE Session,
372 LPCWSTR Path,
373 LPCWSTR Query,
374 LPCWSTR TargetFilePath,
375 DWORD Flags
376);
377
378WINBOOL WINAPI EvtFormatMessage(
379 EVT_HANDLE PublisherMetadata,
380 EVT_HANDLE Event,
381 DWORD MessageId,
382 DWORD ValueCount,
383 PEVT_VARIANT Values,
384 DWORD Flags,
385 DWORD BufferSize,
386 LPWSTR Buffer,
387 PDWORD BufferUsed
388);
389
390WINBOOL WINAPI EvtGetChannelConfigProperty(
391 EVT_HANDLE ChannelConfig,
392 EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId,
393 DWORD Flags,
394 DWORD PropertyValueBufferSize,
395 PEVT_VARIANT PropertyValueBuffer,
396 PDWORD PropertyValueBufferUsed
397);
398
399WINBOOL WINAPI EvtGetEventInfo(
400 EVT_HANDLE Event,
401 EVT_EVENT_PROPERTY_ID PropertyId,
402 DWORD PropertyValueBufferSize,
403 PEVT_VARIANT PropertyValueBuffer,
404 PDWORD PropertyValueBufferUsed
405);
406
407WINBOOL WINAPI EvtGetEventMetadataProperty(
408 EVT_HANDLE EventMetadata,
409 EVT_EVENT_METADATA_PROPERTY_ID PropertyId,
410 DWORD Flags,
411 DWORD EventMetadataPropertyBufferSize,
412 PEVT_VARIANT EventMetadataPropertyBuffer,
413 PDWORD EventMetadataPropertyBufferUsed
414);
415
416DWORD WINAPI EvtGetExtendedStatus(
417 DWORD BufferSize,
418 LPWSTR Buffer,
419 PDWORD BufferUsed
420);
421
422WINBOOL WINAPI EvtGetLogInfo(
423 EVT_HANDLE Log,
424 EVT_LOG_PROPERTY_ID PropertyId,
425 DWORD PropertyValueBufferSize,
426 PEVT_VARIANT PropertyValueBuffer,
427 PDWORD PropertyValueBufferUsed
428);
429
430WINBOOL WINAPI EvtGetObjectArrayProperty(
431 EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray,
432 DWORD PropertyId,
433 DWORD ArrayIndex,
434 DWORD Flags,
435 DWORD PropertyValueBufferSize,
436 PEVT_VARIANT PropertyValueBuffer,
437 PDWORD PropertyValueBufferUsed
438);
439
440WINBOOL WINAPI EvtGetObjectArraySize(
441 EVT_OBJECT_ARRAY_PROPERTY_HANDLE ObjectArray,
442 PDWORD ObjectArraySize
443);
444
445WINBOOL WINAPI EvtGetPublisherMetadataProperty(
446 EVT_HANDLE PublisherMetadata,
447 EVT_PUBLISHER_METADATA_PROPERTY_ID PropertyId,
448 DWORD Flags,
449 DWORD PublisherMetadataPropertyBufferSize,
450 PEVT_VARIANT PublisherMetadataPropertyBuffer,
451 PDWORD PublisherMetadataPropertyBufferUsed
452);
453
454WINBOOL WINAPI EvtGetQueryInfo(
455 EVT_HANDLE QueryOrSubscription,
456 EVT_QUERY_PROPERTY_ID PropertyId,
457 DWORD PropertyValueBufferSize,
458 PEVT_VARIANT PropertyValueBuffer,
459 PDWORD PropertyValueBufferUsed
460);
461
462WINBOOL WINAPI EvtNext(
463 EVT_HANDLE ResultSet,
464 DWORD EventArraySize,
465 EVT_HANDLE* EventArray,
466 DWORD Timeout,
467 DWORD Flags,
468 PDWORD Returned
469);
470
471WINBOOL WINAPI EvtNextChannelPath(
472 EVT_HANDLE ChannelEnum,
473 DWORD ChannelPathBufferSize,
474 LPWSTR ChannelPathBuffer,
475 PDWORD ChannelPathBufferUsed
476);
477
478EVT_HANDLE WINAPI EvtNextEventMetadata(
479 EVT_HANDLE EventMetadataEnum,
480 DWORD Flags
481);
482
483WINBOOL WINAPI EvtNextPublisherId(
484 EVT_HANDLE PublisherEnum,
485 DWORD PublisherIdBufferSize,
486 LPWSTR PublisherIdBuffer,
487 PDWORD PublisherIdBufferUsed
488);
489
490EVT_HANDLE WINAPI EvtOpenChannelConfig(
491 EVT_HANDLE Session,
492 LPCWSTR ChannelPath,
493 DWORD Flags
494);
495
496EVT_HANDLE WINAPI EvtOpenChannelEnum(
497 EVT_HANDLE Session,
498 DWORD Flags
499);
500
501EVT_HANDLE WINAPI EvtOpenEventMetadataEnum(
502 EVT_HANDLE PublisherMetadata,
503 DWORD Flags
504);
505
506EVT_HANDLE WINAPI EvtOpenLog(
507 EVT_HANDLE Session,
508 LPCWSTR Path,
509 DWORD Flags
510);
511
512EVT_HANDLE WINAPI EvtOpenPublisherEnum(
513 EVT_HANDLE Session,
514 DWORD Flags
515);
516
517EVT_HANDLE WINAPI EvtOpenPublisherMetadata(
518 EVT_HANDLE Session,
519 LPCWSTR PublisherIdentity,
520 LPCWSTR LogFilePath,
521 LCID Locale,
522 DWORD Flags
523);
524
525EVT_HANDLE WINAPI EvtOpenSession(
526 EVT_LOGIN_CLASS LoginClass,
527 PVOID Login,
528 DWORD Timeout,
529 DWORD Flags
530);
531
532EVT_HANDLE WINAPI EvtQuery(
533 EVT_HANDLE Session,
534 LPCWSTR Path,
535 LPCWSTR Query,
536 DWORD Flags
537);
538
539WINBOOL WINAPI EvtRender(
540 EVT_HANDLE Context,
541 EVT_HANDLE Fragment,
542 DWORD Flags,
543 DWORD BufferSize,
544 PVOID Buffer,
545 PDWORD BufferUsed,
546 PDWORD PropertyCount
547);
548
549WINBOOL WINAPI EvtSaveChannelConfig(
550 EVT_HANDLE ChannelConfig,
551 DWORD Flags
552);
553
554WINBOOL WINAPI EvtSeek(
555 EVT_HANDLE ResultSet,
556 LONGLONG Position,
557 EVT_HANDLE Bookmark,
558 DWORD Timeout,
559 DWORD Flags
560);
561
562WINBOOL WINAPI EvtSetChannelConfigProperty(
563 EVT_HANDLE ChannelConfig,
564 EVT_CHANNEL_CONFIG_PROPERTY_ID PropertyId,
565 DWORD Flags,
566 PEVT_VARIANT PropertyValue
567);
568
569EVT_HANDLE WINAPI EvtSubscribe(
570 EVT_HANDLE Session,
571 HANDLE SignalEvent,
572 LPCWSTR ChannelPath,
573 LPCWSTR Query,
574 EVT_HANDLE Bookmark,
575 PVOID context,
576 EVT_SUBSCRIBE_CALLBACK Callback,
577 DWORD Flags
578);
579
580WINBOOL WINAPI EvtUpdateBookmark(
581 EVT_HANDLE Bookmark,
582 EVT_HANDLE Event
583);
584
585#ifdef __cplusplus
586}
587#endif
588
589#endif /*(_WIN32_WINNT >= 0x0600)*/
590#endif /* WINAPI_PARTITION_DESKTOP */
591#endif /*__WINEVT_H__ */