1 /** 2 * This file is part of the mingw-w64 runtime package. 3 * No warranty is given; refer to the file DISCLAIMER within this package. 4 */ 5 6 #ifndef _EVNTCONS_H_ 7 #define _EVNTCONS_H_ 8 9 #include <winapifamily.h> 10 11 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP) 12 13 #include <wmistr.h> 14 #include <evntrace.h> 15 #include <evntprov.h> 16 17 #ifdef __cplusplus 18 extern "C" { 19 #endif 20 21 #define EVENT_HEADER_EXT_TYPE_RELATED_ACTIVITYID 0x0001 22 #define EVENT_HEADER_EXT_TYPE_SID 0x0002 23 #define EVENT_HEADER_EXT_TYPE_TS_ID 0x0003 24 #define EVENT_HEADER_EXT_TYPE_INSTANCE_INFO 0x0004 25 #define EVENT_HEADER_EXT_TYPE_STACK_TRACE32 0x0005 26 #define EVENT_HEADER_EXT_TYPE_STACK_TRACE64 0x0006 27 #define EVENT_HEADER_EXT_TYPE_PEBS_INDEX 0x0007 28 #define EVENT_HEADER_EXT_TYPE_PMC_COUNTERS 0x0008 29 #define EVENT_HEADER_EXT_TYPE_MAX 0x0009 30 31 #define EVENT_HEADER_PROPERTY_XML 0x0001 32 #define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002 33 #define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004 34 35 #define EVENT_HEADER_FLAG_EXTENDED_INFO 0x0001 36 #define EVENT_HEADER_FLAG_PRIVATE_SESSION 0x0002 37 #define EVENT_HEADER_FLAG_STRING_ONLY 0x0004 38 #define EVENT_HEADER_FLAG_TRACE_MESSAGE 0x0008 39 #define EVENT_HEADER_FLAG_NO_CPUTIME 0x0010 40 #define EVENT_HEADER_FLAG_32_BIT_HEADER 0x0020 41 #define EVENT_HEADER_FLAG_64_BIT_HEADER 0x0040 42 #define EVENT_HEADER_FLAG_CLASSIC_HEADER 0x0100 43 #define EVENT_HEADER_FLAG_PROCESSOR_INDEX 0x0200 44 45 #define EVENT_ENABLE_PROPERTY_SID 0x00000001 46 #define EVENT_ENABLE_PROPERTY_TS_ID 0x00000002 47 #define EVENT_ENABLE_PROPERTY_STACK_TRACE 0x00000004 48 49 #define PROCESS_TRACE_MODE_REAL_TIME 0x00000100 50 #define PROCESS_TRACE_MODE_RAW_TIMESTAMP 0x00001000 51 #define PROCESS_TRACE_MODE_EVENT_RECORD 0x10000000 52 53 typedef enum { 54 EventSecuritySetDACL, 55 EventSecuritySetSACL, 56 EventSecurityAddDACL, 57 EventSecurityAddSACL, 58 EventSecurityMax 59 } EVENTSECURITYOPERATION; 60 61 #ifndef EVENT_HEADER_EXTENDED_DATA_ITEM_DEF 62 #define EVENT_HEADER_EXTENDED_DATA_ITEM_DEF 63 typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM { 64 USHORT Reserved1; 65 USHORT ExtType; 66 __C89_NAMELESS struct { 67 USHORT Linkage : 1; 68 USHORT Reserved2 : 15; 69 }; 70 USHORT DataSize; 71 ULONGLONG DataPtr; 72 } EVENT_HEADER_EXTENDED_DATA_ITEM,*PEVENT_HEADER_EXTENDED_DATA_ITEM; 73 #endif 74 75 typedef struct _EVENT_EXTENDED_ITEM_INSTANCE { 76 ULONG InstanceId; 77 ULONG ParentInstanceId; 78 GUID ParentGuid; 79 } EVENT_EXTENDED_ITEM_INSTANCE,*PEVENT_EXTENDED_ITEM_INSTANCE; 80 81 typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID { 82 GUID RelatedActivityId; 83 } EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID,*PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID; 84 85 typedef struct _EVENT_EXTENDED_ITEM_TS_ID { 86 ULONG SessionId; 87 } EVENT_EXTENDED_ITEM_TS_ID,*PEVENT_EXTENDED_ITEM_TS_ID; 88 89 typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 { 90 ULONG64 MatchId; 91 ULONG Address[ANYSIZE_ARRAY]; 92 } EVENT_EXTENDED_ITEM_STACK_TRACE32,*PEVENT_EXTENDED_ITEM_STACK_TRACE32; 93 94 typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 { 95 ULONG64 MatchId; 96 ULONG64 Address[ANYSIZE_ARRAY]; 97 } EVENT_EXTENDED_ITEM_STACK_TRACE64,*PEVENT_EXTENDED_ITEM_STACK_TRACE64; 98 99 typedef struct _EVENT_EXTENDED_ITEM_PEBS_INDEX { 100 ULONG64 PebsIndex; 101 } EVENT_EXTENDED_ITEM_PEBS_INDEX,*PEVENT_EXTENDED_ITEM_PEBS_INDEX; 102 103 typedef struct _EVENT_EXTENDED_ITEM_PMC_COUNTERS { 104 ULONG64 Counter[ANYSIZE_ARRAY]; 105 } EVENT_EXTENDED_ITEM_PMC_COUNTERS,*PEVENT_EXTENDED_ITEM_PMC_COUNTERS; 106 107 #ifndef EVENT_HEADER_DEF 108 #define EVENT_HEADER_DEF 109 typedef struct _EVENT_HEADER { 110 USHORT Size; 111 USHORT HeaderType; 112 USHORT Flags; 113 USHORT EventProperty; 114 ULONG ThreadId; 115 ULONG ProcessId; 116 LARGE_INTEGER TimeStamp; 117 GUID ProviderId; 118 EVENT_DESCRIPTOR EventDescriptor; 119 __C89_NAMELESS union { 120 __C89_NAMELESS struct { 121 ULONG KernelTime; 122 ULONG UserTime; 123 } DUMMYSTRUCTNAME; 124 ULONG64 ProcessorTime; 125 } DUMMYUNIONNAME; 126 GUID ActivityId; 127 } EVENT_HEADER,*PEVENT_HEADER; 128 #endif 129 130 #ifndef EVENT_RECORD_DEF 131 #define EVENT_RECORD_DEF 132 typedef struct _EVENT_RECORD { 133 EVENT_HEADER EventHeader; 134 ETW_BUFFER_CONTEXT BufferContext; 135 USHORT ExtendedDataCount; 136 USHORT UserDataLength; 137 PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData; 138 PVOID UserData; 139 PVOID UserContext; 140 } EVENT_RECORD,*PEVENT_RECORD; 141 142 typedef const EVENT_RECORD *PCEVENT_RECORD; 143 #endif 144 145 #if WINVER >= 0x0600 146 ULONG EVNTAPI EventAccessControl (LPGUID Guid, ULONG Operation, PSID Sid, ULONG Rights, BOOLEAN AllowOrDeny); 147 ULONG EVNTAPI EventAccessQuery (LPGUID Guid, PSECURITY_DESCRIPTOR Buffer, PULONG BufferSize); 148 ULONG EVNTAPI EventAccessRemove (LPGUID Guid); 149 #endif 150 GetEventProcessorIndex(PCEVENT_RECORD er)151 FORCEINLINE ULONG GetEventProcessorIndex (PCEVENT_RECORD er) { 152 return ((er->EventHeader.Flags & EVENT_HEADER_FLAG_PROCESSOR_INDEX) != 0 ? er->BufferContext.ProcessorIndex : er->BufferContext.ProcessorNumber); 153 } 154 155 #ifdef __cplusplus 156 } 157 #endif 158 159 #endif 160 #endif 161