/**
* This file has no copyright assigned and is placed in the Public Domain.
* This file is part of the mingw-w64 runtime package.
* No warranty is given; refer to the file DISCLAIMER.PD within this package.
*/
#ifndef _EVNTCONS_H_
#define _EVNTCONS_H_
#include <wmistr.h>
#include <evntrace.h>
#include <evntprov.h>
#ifdef __cplusplus
extern "C" {
#endif
typedef enum EVENTSECURITYOPERATION {
EventSecuritySetDACL,
EventSecuritySetSACL,
EventSecurityAddDACL,
EventSecurityAddSACL,
EventSecurityMax
} EVENTSECURITYOPERATION;
typedef struct _EVENT_EXTENDED_ITEM_INSTANCE {
ULONG InstanceId;
ULONG ParentInstanceId;
GUID ParentGuid;
} EVENT_EXTENDED_ITEM_INSTANCE, *PEVENT_EXTENDED_ITEM_INSTANCE;
typedef struct _EVENT_EXTENDED_ITEM_TS_ID {
ULONG SessionId;
} EVENT_EXTENDED_ITEM_TS_ID, *PEVENT_EXTENDED_ITEM_TS_ID;
typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID {
GUID RelatedActivityId;
} EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID, *PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID;
typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM {
USHORT Reserved1;
USHORT ExtType;
__C89_NAMELESS struct {
USHORT Linkage : 1;
USHORT Reserved2 :15;
} DUMMYSTRUCTNAME;
USHORT DataSize;
ULONGLONG DataPtr;
} EVENT_HEADER_EXTENDED_DATA_ITEM, *PEVENT_HEADER_EXTENDED_DATA_ITEM;
typedef struct _EVENT_HEADER {
USHORT Size;
USHORT HeaderType;
USHORT Flags;
USHORT EventProperty;
ULONG ThreadId;
ULONG ProcessId;
LARGE_INTEGER TimeStamp;
GUID ProviderId;
EVENT_DESCRIPTOR EventDescriptor;
__C89_NAMELESS union {
__C89_NAMELESS struct {
ULONG KernelTime;
ULONG UserTime;
} DUMMYSTRUCTNAME;
ULONG64 ProcessorTime;
} DUMMYUNIONNAME;
GUID ActivityId;
} EVENT_HEADER, *PEVENT_HEADER;
#define EVENT_HEADER_PROPERTY_XML 0x0001
#define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002
#define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004
#define EVENT_HEADER_FLAG_EXTENDED_INFO 0x0001
#define EVENT_HEADER_FLAG_PRIVATE_SESSION 0x0002
#define EVENT_HEADER_FLAG_STRING_ONLY 0x0004
#define EVENT_HEADER_FLAG_TRACE_MESSAGE 0x0008
#define EVENT_HEADER_FLAG_NO_CPUTIME 0x0010
#define EVENT_HEADER_FLAG_32_BIT_HEADER 0x0020
#define EVENT_HEADER_FLAG_64_BIT_HEADER 0x0040
#define EVENT_HEADER_FLAG_CLASSIC_HEADER 0x0100
#define EVENT_HEADER_EXT_TYPE_RELATED_ACTIVITYID 0x0001
#define EVENT_HEADER_EXT_TYPE_SID 0x0002
#define EVENT_HEADER_EXT_TYPE_TS_ID 0x0003
#define EVENT_HEADER_EXT_TYPE_INSTANCE_INFO 0x0004
#define EVENT_HEADER_EXT_TYPE_STACK_TRACE32 0x0005
#define EVENT_HEADER_EXT_TYPE_STACK_TRACE64 0x0006
struct _EVENT_RECORD {
EVENT_HEADER EventHeader;
ETW_BUFFER_CONTEXT BufferContext;
USHORT ExtendedDataCount;
USHORT UserDataLength;
PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData;
PVOID UserData;
PVOID UserContext;
};
#ifndef DEFINED_PEVENT_RECORD
typedef struct _EVENT_RECORD EVENT_RECORD, *PEVENT_RECORD;
#define DEFINED_PEVENT_RECORD 1
#endif /* for evntrace.h */
#if (_WIN32_WINNT >= 0x0601)
typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 {
ULONG64 MatchId;
ULONG Address[ANYSIZE_ARRAY];
} EVENT_EXTENDED_ITEM_STACK_TRACE32, *PEVENT_EXTENDED_ITEM_STACK_TRACE32;
typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 {
ULONG64 MatchId;
ULONG64 Address[ANYSIZE_ARRAY];
} EVENT_EXTENDED_ITEM_STACK_TRACE64, *PEVENT_EXTENDED_ITEM_STACK_TRACE64;
#endif /*(_WIN32_WINNT >= 0x0601)*/
#define EVENT_ENABLE_PROPERTY_SID 0x00000001
#define EVENT_ENABLE_PROPERTY_TS_ID 0x00000002
#define EVENT_ENABLE_PROPERTY_STACK_TRACE 0x00000004
#define PROCESS_TRACE_MODE_REAL_TIME 0x00000100
#define PROCESS_TRACE_MODE_RAW_TIMESTAMP 0x00001000
#define PROCESS_TRACE_MODE_EVENT_RECORD 0x10000000
#if (_WIN32_WINNT >= 0x0600)
ULONG EVNTAPI EventAccessControl(
LPGUID Guid,
ULONG Operation,
PSID Sid,
ULONG Rights,
BOOLEAN AllowOrDeny
);
ULONG EVNTAPI EventAccessQuery(
LPGUID Guid,
PSECURITY_DESCRIPTOR Buffer,
PULONG BufferSize
);
ULONG EVNTAPI EventAccessRemove(
LPGUID Guid
);
#endif /*(_WIN32_WINNT >= 0x0600)*/
#ifdef __cplusplus
}
#endif
#endif /* _EVNTCONS_H_ */