1package etw
2
3// Channel represents the ETW logging channel that is used. It can be used by
4// event consumers to give an event special treatment.
5type Channel uint8
6
7const (
8	// ChannelTraceLogging is the default channel for TraceLogging events. It is
9	// not required to be used for TraceLogging, but will prevent decoding
10	// issues for these events on older operating systems.
11	ChannelTraceLogging Channel = 11
12)
13
14// Level represents the ETW logging level. There are several predefined levels
15// that are commonly used, but technically anything from 0-255 is allowed.
16// Lower levels indicate more important events, and 0 indicates an event that
17// will always be collected.
18type Level uint8
19
20// Predefined ETW log levels from winmeta.xml in the Windows SDK.
21const (
22	LevelAlways Level = iota
23	LevelCritical
24	LevelError
25	LevelWarning
26	LevelInfo
27	LevelVerbose
28)
29
30// Opcode represents the operation that the event indicates is being performed.
31type Opcode uint8
32
33// Predefined ETW opcodes from winmeta.xml in the Windows SDK.
34const (
35	// OpcodeInfo indicates an informational event.
36	OpcodeInfo Opcode = iota
37	// OpcodeStart indicates the start of an operation.
38	OpcodeStart
39	// OpcodeStop indicates the end of an operation.
40	OpcodeStop
41	// OpcodeDCStart indicates the start of a provider capture state operation.
42	OpcodeDCStart
43	// OpcodeDCStop indicates the end of a provider capture state operation.
44	OpcodeDCStop
45)
46
47// EventDescriptor represents various metadata for an ETW event.
48type eventDescriptor struct {
49	id      uint16
50	version uint8
51	channel Channel
52	level   Level
53	opcode  Opcode
54	task    uint16
55	keyword uint64
56}
57
58// NewEventDescriptor returns an EventDescriptor initialized for use with
59// TraceLogging.
60func newEventDescriptor() *eventDescriptor {
61	// Standard TraceLogging events default to the TraceLogging channel, and
62	// verbose level.
63	return &eventDescriptor{
64		channel: ChannelTraceLogging,
65		level:   LevelVerbose,
66	}
67}
68
69// Identity returns the identity of the event. If the identity is not 0, it
70// should uniquely identify the other event metadata (contained in
71// EventDescriptor, and field metadata). Only the lower 24 bits of this value
72// are relevant.
73func (ed *eventDescriptor) identity() uint32 {
74	return (uint32(ed.version) << 16) | uint32(ed.id)
75}
76
77// SetIdentity sets the identity of the event. If the identity is not 0, it
78// should uniquely identify the other event metadata (contained in
79// EventDescriptor, and field metadata). Only the lower 24 bits of this value
80// are relevant.
81func (ed *eventDescriptor) setIdentity(identity uint32) {
82	ed.id = uint16(identity)
83	ed.version = uint8(identity >> 16)
84}
85