1 // Licensed under the Apache License, Version 2.0 2 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 3 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. 4 // All files in the project carrying such notice may not be copied, modified, or distributed 5 // except according to those terms. 6 use shared::basetsd::{SIZE_T, ULONG32, ULONG64}; 7 use shared::evntprov::PEVENT_FILTER_DESCRIPTOR; 8 use shared::guiddef::{GUID, LPCGUID, LPGUID}; 9 use shared::minwindef::{DWORD, LPFILETIME, PULONG, UCHAR, UINT, ULONG, USHORT}; 10 use shared::wmistr::{WMIDPREQUESTCODE, WNODE_HEADER}; 11 use um::evntcons::PEVENT_RECORD; 12 use um::handleapi::INVALID_HANDLE_VALUE; 13 use um::timezoneapi::TIME_ZONE_INFORMATION; 14 use um::winnt::{ 15 ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR, 16 PVOID, ULONGLONG, WCHAR 17 }; 18 use vc::vadefs::va_list; 19 DEFINE_GUID!{EventTraceGuid, 20 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3} 21 DEFINE_GUID!{SystemTraceControlGuid, 22 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39} 23 DEFINE_GUID!{EventTraceConfigGuid, 24 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35} 25 DEFINE_GUID!{DefaultTraceSecurityGuid, 26 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13} 27 DEFINE_GUID!{PrivateLoggerNotificationGuid, 28 0x3595ab5c, 0x042a, 0x4c8e, 0xb9, 0x42, 0x2d, 0x05, 0x9b, 0xfe, 0xb1, 0xb1} 29 pub const KERNEL_LOGGER_NAME: &'static str = "NT Kernel Logger"; 30 pub const GLOBAL_LOGGER_NAME: &'static str = "GlobalLogger"; 31 pub const EVENT_LOGGER_NAME: &'static str = "EventLog"; 32 pub const DIAG_LOGGER_NAME: &'static str = "DiagLog"; 33 pub const MAX_MOF_FIELDS: SIZE_T = 16; 34 DECLARE_HANDLE!{TRACEHANDLE, __TRACEHANDLE} 35 pub type PTRACEHANDLE = *mut TRACEHANDLE; 36 pub const EVENT_TRACE_TYPE_INFO: DWORD = 0x00; 37 pub const EVENT_TRACE_TYPE_START: DWORD = 0x01; 38 pub const EVENT_TRACE_TYPE_END: DWORD = 0x02; 39 pub const EVENT_TRACE_TYPE_STOP: DWORD = 0x02; 40 pub const EVENT_TRACE_TYPE_DC_START: DWORD = 0x03; 41 pub const EVENT_TRACE_TYPE_DC_END: DWORD = 0x04; 42 pub const EVENT_TRACE_TYPE_EXTENSION: DWORD = 0x05; 43 pub const EVENT_TRACE_TYPE_REPLY: DWORD = 0x06; 44 pub const EVENT_TRACE_TYPE_DEQUEUE: DWORD = 0x07; 45 pub const EVENT_TRACE_TYPE_RESUME: DWORD = 0x07; 46 pub const EVENT_TRACE_TYPE_CHECKPOINT: DWORD = 0x08; 47 pub const EVENT_TRACE_TYPE_SUSPEND: DWORD = 0x08; 48 pub const EVENT_TRACE_TYPE_WINEVT_SEND: DWORD = 0x09; 49 pub const EVENT_TRACE_TYPE_WINEVT_RECEIVE: DWORD = 0xF0; 50 pub const TRACE_LEVEL_CRITICAL: UCHAR = 1; 51 pub const TRACE_LEVEL_ERROR: UCHAR = 2; 52 pub const TRACE_LEVEL_WARNING: UCHAR = 3; 53 pub const TRACE_LEVEL_INFORMATION: UCHAR = 4; 54 pub const TRACE_LEVEL_VERBOSE: UCHAR = 5; 55 pub const TRACE_LEVEL_RESERVED6: UCHAR = 6; 56 pub const TRACE_LEVEL_RESERVED7: UCHAR = 7; 57 pub const TRACE_LEVEL_RESERVED8: UCHAR = 8; 58 pub const TRACE_LEVEL_RESERVED9: UCHAR = 9; 59 pub const EVENT_TRACE_TYPE_LOAD: DWORD = 0x0A; 60 pub const EVENT_TRACE_TYPE_TERMINATE: DWORD = 0x0B; 61 pub const EVENT_TRACE_TYPE_IO_READ: DWORD = 0x0A; 62 pub const EVENT_TRACE_TYPE_IO_WRITE: DWORD = 0x0B; 63 pub const EVENT_TRACE_TYPE_IO_READ_INIT: DWORD = 0x0C; 64 pub const EVENT_TRACE_TYPE_IO_WRITE_INIT: DWORD = 0x0D; 65 pub const EVENT_TRACE_TYPE_IO_FLUSH: DWORD = 0x0E; 66 pub const EVENT_TRACE_TYPE_IO_FLUSH_INIT: DWORD = 0x0F; 67 pub const EVENT_TRACE_TYPE_IO_REDIRECTED_INIT: DWORD = 0x10; 68 pub const EVENT_TRACE_TYPE_MM_TF: DWORD = 0x0A; 69 pub const EVENT_TRACE_TYPE_MM_DZF: DWORD = 0x0B; 70 pub const EVENT_TRACE_TYPE_MM_COW: DWORD = 0x0C; 71 pub const EVENT_TRACE_TYPE_MM_GPF: DWORD = 0x0D; 72 pub const EVENT_TRACE_TYPE_MM_HPF: DWORD = 0x0E; 73 pub const EVENT_TRACE_TYPE_MM_AV: DWORD = 0x0F; 74 pub const EVENT_TRACE_TYPE_SEND: DWORD = 0x0A; 75 pub const EVENT_TRACE_TYPE_RECEIVE: DWORD = 0x0B; 76 pub const EVENT_TRACE_TYPE_CONNECT: DWORD = 0x0C; 77 pub const EVENT_TRACE_TYPE_DISCONNECT: DWORD = 0x0D; 78 pub const EVENT_TRACE_TYPE_RETRANSMIT: DWORD = 0x0E; 79 pub const EVENT_TRACE_TYPE_ACCEPT: DWORD = 0x0F; 80 pub const EVENT_TRACE_TYPE_RECONNECT: DWORD = 0x10; 81 pub const EVENT_TRACE_TYPE_CONNFAIL: DWORD = 0x11; 82 pub const EVENT_TRACE_TYPE_COPY_TCP: DWORD = 0x12; 83 pub const EVENT_TRACE_TYPE_COPY_ARP: DWORD = 0x13; 84 pub const EVENT_TRACE_TYPE_ACKFULL: DWORD = 0x14; 85 pub const EVENT_TRACE_TYPE_ACKPART: DWORD = 0x15; 86 pub const EVENT_TRACE_TYPE_ACKDUP: DWORD = 0x16; 87 pub const EVENT_TRACE_TYPE_GUIDMAP: DWORD = 0x0A; 88 pub const EVENT_TRACE_TYPE_CONFIG: DWORD = 0x0B; 89 pub const EVENT_TRACE_TYPE_SIDINFO: DWORD = 0x0C; 90 pub const EVENT_TRACE_TYPE_SECURITY: DWORD = 0x0D; 91 pub const EVENT_TRACE_TYPE_DBGID_RSDS: DWORD = 0x40; 92 pub const EVENT_TRACE_TYPE_REGCREATE: DWORD = 0x0A; 93 pub const EVENT_TRACE_TYPE_REGOPEN: DWORD = 0x0B; 94 pub const EVENT_TRACE_TYPE_REGDELETE: DWORD = 0x0C; 95 pub const EVENT_TRACE_TYPE_REGQUERY: DWORD = 0x0D; 96 pub const EVENT_TRACE_TYPE_REGSETVALUE: DWORD = 0x0E; 97 pub const EVENT_TRACE_TYPE_REGDELETEVALUE: DWORD = 0x0F; 98 pub const EVENT_TRACE_TYPE_REGQUERYVALUE: DWORD = 0x10; 99 pub const EVENT_TRACE_TYPE_REGENUMERATEKEY: DWORD = 0x11; 100 pub const EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY: DWORD = 0x12; 101 pub const EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE: DWORD = 0x13; 102 pub const EVENT_TRACE_TYPE_REGSETINFORMATION: DWORD = 0x14; 103 pub const EVENT_TRACE_TYPE_REGFLUSH: DWORD = 0x15; 104 pub const EVENT_TRACE_TYPE_REGKCBCREATE: DWORD = 0x16; 105 pub const EVENT_TRACE_TYPE_REGKCBDELETE: DWORD = 0x17; 106 pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN: DWORD = 0x18; 107 pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNEND: DWORD = 0x19; 108 pub const EVENT_TRACE_TYPE_REGVIRTUALIZE: DWORD = 0x1A; 109 pub const EVENT_TRACE_TYPE_REGCLOSE: DWORD = 0x1B; 110 pub const EVENT_TRACE_TYPE_REGSETSECURITY: DWORD = 0x1C; 111 pub const EVENT_TRACE_TYPE_REGQUERYSECURITY: DWORD = 0x1D; 112 pub const EVENT_TRACE_TYPE_REGCOMMIT: DWORD = 0x1E; 113 pub const EVENT_TRACE_TYPE_REGPREPARE: DWORD = 0x1F; 114 pub const EVENT_TRACE_TYPE_REGROLLBACK: DWORD = 0x20; 115 pub const EVENT_TRACE_TYPE_REGMOUNTHIVE: DWORD = 0x21; 116 pub const EVENT_TRACE_TYPE_CONFIG_CPU: DWORD = 0x0A; 117 pub const EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK: DWORD = 0x0B; 118 pub const EVENT_TRACE_TYPE_CONFIG_LOGICALDISK: DWORD = 0x0C; 119 pub const EVENT_TRACE_TYPE_CONFIG_NIC: DWORD = 0x0D; 120 pub const EVENT_TRACE_TYPE_CONFIG_VIDEO: DWORD = 0x0E; 121 pub const EVENT_TRACE_TYPE_CONFIG_SERVICES: DWORD = 0x0F; 122 pub const EVENT_TRACE_TYPE_CONFIG_POWER: DWORD = 0x10; 123 pub const EVENT_TRACE_TYPE_CONFIG_NETINFO: DWORD = 0x11; 124 pub const EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA: DWORD = 0x12; 125 pub const EVENT_TRACE_TYPE_CONFIG_IRQ: DWORD = 0x15; 126 pub const EVENT_TRACE_TYPE_CONFIG_PNP: DWORD = 0x16; 127 pub const EVENT_TRACE_TYPE_CONFIG_IDECHANNEL: DWORD = 0x17; 128 pub const EVENT_TRACE_TYPE_CONFIG_NUMANODE: DWORD = 0x18; 129 pub const EVENT_TRACE_TYPE_CONFIG_PLATFORM: DWORD = 0x19; 130 pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP: DWORD = 0x1A; 131 pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER: DWORD = 0x1B; 132 pub const EVENT_TRACE_TYPE_CONFIG_DPI: DWORD = 0x1C; 133 pub const EVENT_TRACE_TYPE_CONFIG_CI_INFO: DWORD = 0x1D; 134 pub const EVENT_TRACE_TYPE_CONFIG_MACHINEID: DWORD = 0x1E; 135 pub const EVENT_TRACE_TYPE_CONFIG_DEFRAG: DWORD = 0x1F; 136 pub const EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM: DWORD = 0x20; 137 pub const EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY: DWORD = 0x21; 138 pub const EVENT_TRACE_TYPE_CONFIG_FLIGHTID: DWORD = 0x22; 139 pub const EVENT_TRACE_TYPE_CONFIG_PROCESSOR: DWORD = 0x23; 140 pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ: DWORD = 0x37; 141 pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE: DWORD = 0x38; 142 pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH: DWORD = 0x39; 143 pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT: DWORD = 0x3a; 144 pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT: DWORD = 0x3b; 145 pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT: DWORD = 0x3c; 146 pub const EVENT_TRACE_TYPE_FLT_PREOP_INIT: DWORD = 0x60; 147 pub const EVENT_TRACE_TYPE_FLT_POSTOP_INIT: DWORD = 0x61; 148 pub const EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION: DWORD = 0x62; 149 pub const EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION: DWORD = 0x63; 150 pub const EVENT_TRACE_TYPE_FLT_PREOP_FAILURE: DWORD = 0x64; 151 pub const EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE: DWORD = 0x65; 152 pub const EVENT_TRACE_FLAG_PROCESS: DWORD = 0x00000001; 153 pub const EVENT_TRACE_FLAG_THREAD: DWORD = 0x00000002; 154 pub const EVENT_TRACE_FLAG_IMAGE_LOAD: DWORD = 0x00000004; 155 pub const EVENT_TRACE_FLAG_DISK_IO: DWORD = 0x00000100; 156 pub const EVENT_TRACE_FLAG_DISK_FILE_IO: DWORD = 0x00000200; 157 pub const EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS: DWORD = 0x00001000; 158 pub const EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS: DWORD = 0x00002000; 159 pub const EVENT_TRACE_FLAG_NETWORK_TCPIP: DWORD = 0x00010000; 160 pub const EVENT_TRACE_FLAG_REGISTRY: DWORD = 0x00020000; 161 pub const EVENT_TRACE_FLAG_DBGPRINT: DWORD = 0x00040000; 162 pub const EVENT_TRACE_FLAG_PROCESS_COUNTERS: DWORD = 0x00000008; 163 pub const EVENT_TRACE_FLAG_CSWITCH: DWORD = 0x00000010; 164 pub const EVENT_TRACE_FLAG_DPC: DWORD = 0x00000020; 165 pub const EVENT_TRACE_FLAG_INTERRUPT: DWORD = 0x00000040; 166 pub const EVENT_TRACE_FLAG_SYSTEMCALL: DWORD = 0x00000080; 167 pub const EVENT_TRACE_FLAG_DISK_IO_INIT: DWORD = 0x00000400; 168 pub const EVENT_TRACE_FLAG_ALPC: DWORD = 0x00100000; 169 pub const EVENT_TRACE_FLAG_SPLIT_IO: DWORD = 0x00200000; 170 pub const EVENT_TRACE_FLAG_DRIVER: DWORD = 0x00800000; 171 pub const EVENT_TRACE_FLAG_PROFILE: DWORD = 0x01000000; 172 pub const EVENT_TRACE_FLAG_FILE_IO: DWORD = 0x02000000; 173 pub const EVENT_TRACE_FLAG_FILE_IO_INIT: DWORD = 0x04000000; 174 pub const EVENT_TRACE_FLAG_DISPATCHER: DWORD = 0x00000800; 175 pub const EVENT_TRACE_FLAG_VIRTUAL_ALLOC: DWORD = 0x00004000; 176 pub const EVENT_TRACE_FLAG_VAMAP: DWORD = 0x00008000; 177 pub const EVENT_TRACE_FLAG_NO_SYSCONFIG: DWORD = 0x10000000; 178 pub const EVENT_TRACE_FLAG_JOB: DWORD = 0x00080000; 179 pub const EVENT_TRACE_FLAG_DEBUG_EVENTS: DWORD = 0x00400000; 180 pub const EVENT_TRACE_FLAG_EXTENSION: DWORD = 0x80000000; 181 pub const EVENT_TRACE_FLAG_FORWARD_WMI: DWORD = 0x40000000; 182 pub const EVENT_TRACE_FLAG_ENABLE_RESERVE: DWORD = 0x20000000; 183 pub const EVENT_TRACE_FILE_MODE_NONE: DWORD = 0x00000000; 184 pub const EVENT_TRACE_FILE_MODE_SEQUENTIAL: DWORD = 0x00000001; 185 pub const EVENT_TRACE_FILE_MODE_CIRCULAR: DWORD = 0x00000002; 186 pub const EVENT_TRACE_FILE_MODE_APPEND: DWORD = 0x00000004; 187 pub const EVENT_TRACE_REAL_TIME_MODE: DWORD = 0x00000100; 188 pub const EVENT_TRACE_DELAY_OPEN_FILE_MODE: DWORD = 0x00000200; 189 pub const EVENT_TRACE_BUFFERING_MODE: DWORD = 0x00000400; 190 pub const EVENT_TRACE_PRIVATE_LOGGER_MODE: DWORD = 0x00000800; 191 pub const EVENT_TRACE_ADD_HEADER_MODE: DWORD = 0x00001000; 192 pub const EVENT_TRACE_USE_GLOBAL_SEQUENCE: DWORD = 0x00004000; 193 pub const EVENT_TRACE_USE_LOCAL_SEQUENCE: DWORD = 0x00008000; 194 pub const EVENT_TRACE_RELOG_MODE: DWORD = 0x00010000; 195 pub const EVENT_TRACE_USE_PAGED_MEMORY: DWORD = 0x01000000; 196 pub const EVENT_TRACE_FILE_MODE_NEWFILE: DWORD = 0x00000008; 197 pub const EVENT_TRACE_FILE_MODE_PREALLOCATE: DWORD = 0x00000020; 198 pub const EVENT_TRACE_NONSTOPPABLE_MODE: DWORD = 0x00000040; 199 pub const EVENT_TRACE_SECURE_MODE: DWORD = 0x00000080; 200 pub const EVENT_TRACE_USE_KBYTES_FOR_SIZE: DWORD = 0x00002000; 201 pub const EVENT_TRACE_PRIVATE_IN_PROC: DWORD = 0x00020000; 202 pub const EVENT_TRACE_MODE_RESERVED: DWORD = 0x00100000; 203 pub const EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING: DWORD = 0x10000000; 204 pub const EVENT_TRACE_SYSTEM_LOGGER_MODE: DWORD = 0x02000000; 205 pub const EVENT_TRACE_ADDTO_TRIAGE_DUMP: DWORD = 0x80000000; 206 pub const EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN: DWORD = 0x00400000; 207 pub const EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN: DWORD = 0x00800000; 208 pub const EVENT_TRACE_INDEPENDENT_SESSION_MODE: DWORD = 0x08000000; 209 pub const EVENT_TRACE_COMPRESSED_MODE: DWORD = 0x04000000; 210 pub const EVENT_TRACE_CONTROL_QUERY: DWORD = 0; 211 pub const EVENT_TRACE_CONTROL_STOP: DWORD = 1; 212 pub const EVENT_TRACE_CONTROL_UPDATE: DWORD = 2; 213 pub const EVENT_TRACE_CONTROL_FLUSH: DWORD = 3; 214 pub const TRACE_MESSAGE_SEQUENCE: DWORD = 1; 215 pub const TRACE_MESSAGE_GUID: DWORD = 2; 216 pub const TRACE_MESSAGE_COMPONENTID: DWORD = 4; 217 pub const TRACE_MESSAGE_TIMESTAMP: DWORD = 8; 218 pub const TRACE_MESSAGE_PERFORMANCE_TIMESTAMP: DWORD = 16; 219 pub const TRACE_MESSAGE_SYSTEMINFO: DWORD = 32; 220 pub const TRACE_MESSAGE_POINTER32: DWORD = 0x0040; 221 pub const TRACE_MESSAGE_POINTER64: DWORD = 0x0080; 222 pub const TRACE_MESSAGE_FLAG_MASK: DWORD = 0xFFFF; 223 pub const TRACE_MESSAGE_MAXIMUM_SIZE: SIZE_T = 64 * 1024; 224 pub const EVENT_TRACE_USE_PROCTIME: DWORD = 0x0001; 225 pub const EVENT_TRACE_USE_NOCPUTIME: DWORD = 0x0002; 226 pub const TRACE_HEADER_FLAG_USE_TIMESTAMP: DWORD = 0x00000200; 227 pub const TRACE_HEADER_FLAG_TRACED_GUID: DWORD = 0x00020000; 228 pub const TRACE_HEADER_FLAG_LOG_WNODE: DWORD = 0x00040000; 229 pub const TRACE_HEADER_FLAG_USE_GUID_PTR: DWORD = 0x00080000; 230 pub const TRACE_HEADER_FLAG_USE_MOF_PTR: DWORD = 0x00100000; 231 ENUM!{enum ETW_COMPRESSION_RESUMPTION_MODE { 232 EtwCompressionModeRestart = 0, 233 EtwCompressionModeNoDisable = 1, 234 EtwCompressionModeNoRestart = 2, 235 }} 236 STRUCT!{struct EVENT_TRACE_HEADER_u1_s { 237 HeaderType: UCHAR, 238 MarkerFlags: UCHAR, 239 }} 240 UNION!{union EVENT_TRACE_HEADER_u1 { 241 [u16; 1], 242 FieldTypeFlags FieldTypeFlags_mut: USHORT, 243 s s_mut: EVENT_TRACE_HEADER_u1_s, 244 }} 245 STRUCT!{struct EVENT_TRACE_HEADER_u2_CLASS { 246 Type: UCHAR, 247 Level: UCHAR, 248 Version: USHORT, 249 }} 250 UNION!{union EVENT_TRACE_HEADER_u2 { 251 [u32; 1], 252 Version Version_mut: ULONG, 253 Class Class_mut: EVENT_TRACE_HEADER_u2_CLASS, 254 }} 255 UNION!{union EVENT_TRACE_HEADER_u3 { 256 [u64; 2], 257 Guid Guid_mut: GUID, 258 GuidPtr GuidPtr_mut: ULONGLONG, 259 }} 260 STRUCT!{struct EVENT_TRACE_HEADER_u4_s1 { 261 ClientContext: ULONG, 262 Flags: ULONG, 263 }} 264 STRUCT!{struct EVENT_TRACE_HEADER_u4_s2 { 265 KernelTime: ULONG, 266 UserTime: ULONG, 267 }} 268 UNION!{union EVENT_TRACE_HEADER_u4 { 269 [u64; 1], 270 s1 s1_mut: EVENT_TRACE_HEADER_u4_s1, 271 s2 s2_mut: EVENT_TRACE_HEADER_u4_s2, 272 ProcessorTime ProcessorTime_mut: ULONG64, 273 }} 274 STRUCT!{struct EVENT_TRACE_HEADER { 275 Size: USHORT, 276 u1: EVENT_TRACE_HEADER_u1, 277 u2: EVENT_TRACE_HEADER_u2, 278 ThreadId: ULONG, 279 ProcessId: ULONG, 280 TimeStamp: LARGE_INTEGER, 281 u3: EVENT_TRACE_HEADER_u3, 282 u4: EVENT_TRACE_HEADER_u4, 283 }} 284 pub type PEVENT_TRACE_HEADER = *mut EVENT_TRACE_HEADER; 285 STRUCT!{struct EVENT_INSTANCE_HEADER_u1_s { 286 HeaderType: UCHAR, 287 MarkerFlags: UCHAR, 288 }} 289 UNION!{union EVENT_INSTANCE_HEADER_u1 { 290 [u16; 1], 291 FieldTypeFlags FieldTypeFlags_mut: USHORT, 292 s s_mut: EVENT_INSTANCE_HEADER_u1_s, 293 }} 294 STRUCT!{struct EVENT_INSTANCE_HEADER_u2_CLASS { 295 Type: UCHAR, 296 Level: UCHAR, 297 Version: USHORT, 298 }} 299 UNION!{union EVENT_INSTANCE_HEADER_u2 { 300 [u32; 1], 301 Version Version_mut: ULONG, 302 Class Class_mut: EVENT_INSTANCE_HEADER_u2_CLASS, 303 }} 304 STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s1 { 305 KernelTime: ULONG, 306 UserTime: ULONG, 307 }} 308 STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s2 { 309 EventId: ULONG, 310 Flags: ULONG, 311 }} 312 UNION!{union EVENT_INSTANCE_HEADER_u3 { 313 [u64; 1], 314 s1 s1_mut: EVENT_INSTANCE_HEADER_u3_s1, 315 ProcessorTime ProcessorTime_mut: ULONG64, 316 s2 s2_mut: EVENT_INSTANCE_HEADER_u3_s2, 317 }} 318 STRUCT!{struct EVENT_INSTANCE_HEADER { 319 Size: USHORT, 320 u1: EVENT_INSTANCE_HEADER_u1, 321 u2: EVENT_INSTANCE_HEADER_u2, 322 ThreadId: ULONG, 323 ProcessId: ULONG, 324 TimeStamp: LARGE_INTEGER, 325 RegHandle: ULONGLONG, 326 InstanceId: ULONG, 327 ParentInstanceId: ULONG, 328 u3: EVENT_INSTANCE_HEADER_u3, 329 ParentRegHandle: ULONGLONG, 330 }} 331 pub type PEVENT_INSTANCE_HEADER = *mut EVENT_INSTANCE_HEADER; 332 pub const ETW_NULL_TYPE_VALUE: ULONG = 0; 333 pub const ETW_OBJECT_TYPE_VALUE: ULONG = 1; 334 pub const ETW_STRING_TYPE_VALUE: ULONG = 2; 335 pub const ETW_SBYTE_TYPE_VALUE: ULONG = 3; 336 pub const ETW_BYTE_TYPE_VALUE: ULONG = 4; 337 pub const ETW_INT16_TYPE_VALUE: ULONG = 5; 338 pub const ETW_UINT16_TYPE_VALUE: ULONG = 6; 339 pub const ETW_INT32_TYPE_VALUE: ULONG = 7; 340 pub const ETW_UINT32_TYPE_VALUE: ULONG = 8; 341 pub const ETW_INT64_TYPE_VALUE: ULONG = 9; 342 pub const ETW_UINT64_TYPE_VALUE: ULONG = 10; 343 pub const ETW_CHAR_TYPE_VALUE: ULONG = 11; 344 pub const ETW_SINGLE_TYPE_VALUE: ULONG = 12; 345 pub const ETW_DOUBLE_TYPE_VALUE: ULONG = 13; 346 pub const ETW_BOOLEAN_TYPE_VALUE: ULONG = 14; 347 pub const ETW_DECIMAL_TYPE_VALUE: ULONG = 15; 348 pub const ETW_GUID_TYPE_VALUE: ULONG = 101; 349 pub const ETW_ASCIICHAR_TYPE_VALUE: ULONG = 102; 350 pub const ETW_ASCIISTRING_TYPE_VALUE: ULONG = 103; 351 pub const ETW_COUNTED_STRING_TYPE_VALUE: ULONG = 104; 352 pub const ETW_POINTER_TYPE_VALUE: ULONG = 105; 353 pub const ETW_SIZET_TYPE_VALUE: ULONG = 106; 354 pub const ETW_HIDDEN_TYPE_VALUE: ULONG = 107; 355 pub const ETW_BOOL_TYPE_VALUE: ULONG = 108; 356 pub const ETW_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 109; 357 pub const ETW_REVERSED_COUNTED_STRING_TYPE_VALUE: ULONG = 110; 358 pub const ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 111; 359 pub const ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE: ULONG = 112; 360 pub const ETW_REDUCED_ANSISTRING_TYPE_VALUE: ULONG = 113; 361 pub const ETW_REDUCED_STRING_TYPE_VALUE: ULONG = 114; 362 pub const ETW_SID_TYPE_VALUE: ULONG = 115; 363 pub const ETW_VARIANT_TYPE_VALUE: ULONG = 116; 364 pub const ETW_PTVECTOR_TYPE_VALUE: ULONG = 117; 365 pub const ETW_WMITIME_TYPE_VALUE: ULONG = 118; 366 pub const ETW_DATETIME_TYPE_VALUE: ULONG = 119; 367 pub const ETW_REFRENCE_TYPE_VALUE: ULONG = 120; 368 // TODO: DEFINE_TRACE_MOF_FIELD 369 STRUCT!{struct MOF_FIELD { 370 DataPtr: ULONG64, 371 Length: ULONG, 372 DataType: ULONG, 373 }} 374 pub type PMOF_FIELD = *mut MOF_FIELD; 375 STRUCT!{struct TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL { 376 MajorVersion: UCHAR, 377 MinorVersion: UCHAR, 378 SubVersion: UCHAR, 379 SubMinorVersion: UCHAR, 380 }} 381 UNION!{union TRACE_LOGFILE_HEADER_u1 { 382 [u32; 1], 383 Version Version_mut: ULONG, 384 VersionDetail VersionDetail_mut: TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL, 385 }} 386 STRUCT!{struct TRACE_LOGFILE_HEADER_u2_s { 387 StartBuffers: ULONG, 388 PointerSize: ULONG, 389 EventsLost: ULONG, 390 CpuSpeedInMHz: ULONG, 391 }} 392 UNION!{union TRACE_LOGFILE_HEADER_u2 { 393 [u32; 4], 394 LogInstanceGuid LogInstanceGuid_mut: GUID, 395 s s_mut: TRACE_LOGFILE_HEADER_u2_s, 396 }} 397 STRUCT!{struct TRACE_LOGFILE_HEADER { 398 BufferSize: ULONG, 399 u1: TRACE_LOGFILE_HEADER_u1, 400 ProviderVersion: ULONG, 401 NumberOfProcessors: ULONG, 402 EndTime: LARGE_INTEGER, 403 TimerResolution: ULONG, 404 MaximumFileSize: ULONG, 405 LogFileMode: ULONG, 406 BuffersWritten: ULONG, 407 u2: TRACE_LOGFILE_HEADER_u2, 408 LoggerName: LPWSTR, 409 LogFileName: LPWSTR, 410 TimeZone: TIME_ZONE_INFORMATION, 411 BootTime: LARGE_INTEGER, 412 PrefFreq: LARGE_INTEGER, 413 StartTime: LARGE_INTEGER, 414 ReservedFlags: ULONG, 415 BuffersLost: ULONG, 416 }} 417 pub type PTRACE_LOGFILE_HEADER = *mut TRACE_LOGFILE_HEADER; 418 STRUCT!{struct TRACE_LOGFILE_HEADER32 { 419 BufferSize: ULONG, 420 u1: TRACE_LOGFILE_HEADER_u1, 421 ProviderVersion: ULONG, 422 NumberOfProcessors: ULONG, 423 EndTime: LARGE_INTEGER, 424 TimerResolution: ULONG, 425 MaximumFileSize: ULONG, 426 LogFileMode: ULONG, 427 BuffersWritten: ULONG, 428 u2: TRACE_LOGFILE_HEADER_u2, 429 LoggerName: ULONG32, 430 LogFileName: ULONG32, 431 TimeZone: TIME_ZONE_INFORMATION, 432 BootTime: LARGE_INTEGER, 433 PrefFreq: LARGE_INTEGER, 434 StartTime: LARGE_INTEGER, 435 ReservedFlags: ULONG, 436 BuffersLost: ULONG, 437 }} 438 pub type PTRACE_LOGFILE_HEADER32 = *mut TRACE_LOGFILE_HEADER32; 439 STRUCT!{struct TRACE_LOGFILE_HEADER64 { 440 BufferSize: ULONG, 441 u1: TRACE_LOGFILE_HEADER_u1, 442 ProviderVersion: ULONG, 443 NumberOfProcessors: ULONG, 444 EndTime: LARGE_INTEGER, 445 TimerResolution: ULONG, 446 MaximumFileSize: ULONG, 447 LogFileMode: ULONG, 448 BuffersWritten: ULONG, 449 u2: TRACE_LOGFILE_HEADER_u2, 450 LoggerName: ULONG64, 451 LogFileName: ULONG64, 452 TimeZone: TIME_ZONE_INFORMATION, 453 BootTime: LARGE_INTEGER, 454 PrefFreq: LARGE_INTEGER, 455 StartTime: LARGE_INTEGER, 456 ReservedFlags: ULONG, 457 BuffersLost: ULONG, 458 }} 459 pub type PTRACE_LOGFILE_HEADER64 = *mut TRACE_LOGFILE_HEADER64; 460 STRUCT!{struct EVENT_INSTANCE_INFO { 461 RegHandle: HANDLE, 462 InstanceId: ULONG, 463 }} 464 pub type PEVENT_INSTANCE_INFO = *mut EVENT_INSTANCE_INFO; 465 UNION!{union EVENT_TRACE_PROPERTIES_u { 466 [u32; 1], 467 AgeLimit AgeLimit_mut: LONG, 468 FlushThreshold FlushThreshold_mut: LONG, 469 }} 470 STRUCT!{struct EVENT_TRACE_PROPERTIES { 471 Wnode: WNODE_HEADER, 472 BufferSize: ULONG, 473 MinimumBuffers: ULONG, 474 MaximumBuffers: ULONG, 475 MaximumFileSize: ULONG, 476 LogFileMode: ULONG, 477 FlushTimer: ULONG, 478 EnableFlags: ULONG, 479 u: EVENT_TRACE_PROPERTIES_u, 480 NumberOfBuffers: ULONG, 481 FreeBuffers: ULONG, 482 EventsLost: ULONG, 483 BuffersWritten: ULONG, 484 LogBuffersLost: ULONG, 485 RealTimeBuffersLost: ULONG, 486 LoggerThreadId: HANDLE, 487 LogFileNameOffset: ULONG, 488 LoggerNameOffset: ULONG, 489 }} 490 pub type PEVENT_TRACE_PROPERTIES = *mut EVENT_TRACE_PROPERTIES; 491 UNION!{union EVENT_TRACE_PROPERTIES_V2_u1 { 492 [u32; 1], 493 AgeLimit AgeLimit_mut: LONG, 494 FlushThreshold FlushThreshold_mut: LONG, 495 }} 496 STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u2_s { 497 bitfield: ULONG, 498 }} 499 BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u2_s bitfield: ULONG [ 500 VersionNumber set_VersionNumber[0..8], 501 ]} 502 UNION!{union EVENT_TRACE_PROPERTIES_V2_u2 { 503 [u32; 1], 504 s s_mut: EVENT_TRACE_PROPERTIES_V2_u2_s, 505 V2Control V2Control_mut: ULONG, 506 }} 507 STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u3_s { 508 bitfield: ULONG, 509 }} 510 BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u3_s bitfield: ULONG [ 511 Wow set_Wow[0..1], 512 ]} 513 UNION!{union EVENT_TRACE_PROPERTIES_V2_u3 { 514 [u64; 1], 515 s s_mut: EVENT_TRACE_PROPERTIES_V2_u3_s, 516 V2Options V2Options_mut: ULONG64, 517 }} 518 STRUCT!{struct EVENT_TRACE_PROPERTIES_V2 { 519 Wnode: WNODE_HEADER, 520 BufferSize: ULONG, 521 MinimumBuffers: ULONG, 522 MaximumBuffers: ULONG, 523 MaximumFileSize: ULONG, 524 LogFileMode: ULONG, 525 FlushTimer: ULONG, 526 EnableFlags: ULONG, 527 u1: EVENT_TRACE_PROPERTIES_u, 528 NumberOfBuffers: ULONG, 529 FreeBuffers: ULONG, 530 EventsLost: ULONG, 531 BuffersWritten: ULONG, 532 LogBuffersLost: ULONG, 533 RealTimeBuffersLost: ULONG, 534 LoggerThreadId: HANDLE, 535 LogFileNameOffset: ULONG, 536 LoggerNameOffset: ULONG, 537 u2: EVENT_TRACE_PROPERTIES_V2_u2, 538 FilterDescCount: ULONG, 539 FilterDesc: PEVENT_FILTER_DESCRIPTOR, 540 u3: EVENT_TRACE_PROPERTIES_V2_u3, 541 }} 542 pub type PEVENT_TRACE_PROPERTIES_V2 = *mut EVENT_TRACE_PROPERTIES_V2; 543 STRUCT!{struct TRACE_GUID_REGISTRATION { 544 Guid: LPCGUID, 545 RegHandle: HANDLE, 546 }} 547 pub type PTRACE_GUID_REGISTRATION = *mut TRACE_GUID_REGISTRATION; 548 STRUCT!{struct TRACE_GUID_PROPERTIES { 549 Guid: GUID, 550 GuidType: ULONG, 551 LoggerId: ULONG, 552 EnableLevel: ULONG, 553 EnableFlags: ULONG, 554 IsEnable: BOOLEAN, 555 }} 556 pub type PTRACE_GUID_PROPERTIES = *mut TRACE_GUID_PROPERTIES; 557 STRUCT!{struct ETW_BUFFER_CONTEXT_u_s { 558 ProcessorNumber: UCHAR, 559 Alignment: UCHAR, 560 }} 561 UNION!{union ETW_BUFFER_CONTEXT_u { 562 [u16; 1], 563 s s_mut: ETW_BUFFER_CONTEXT_u_s, 564 ProcessorIndex ProcessorIndex_mut: USHORT, 565 }} 566 STRUCT!{struct ETW_BUFFER_CONTEXT { 567 u: ETW_BUFFER_CONTEXT_u, 568 LoggerId: USHORT, 569 }} 570 pub type PETW_BUFFER_CONTEXT = *mut ETW_BUFFER_CONTEXT; 571 pub const TRACE_PROVIDER_FLAG_LEGACY: ULONG = 0x00000001; 572 pub const TRACE_PROVIDER_FLAG_PRE_ENABLE: ULONG = 0x00000002; 573 STRUCT!{struct TRACE_ENABLE_INFO { 574 IsEnabled: ULONG, 575 Level: UCHAR, 576 Reserved1: UCHAR, 577 LoggerId: USHORT, 578 EnabledProperty: ULONG, 579 Reserved2: ULONG, 580 MatchAnyKeyword: ULONGLONG, 581 MatchAllKeyword: ULONGLONG, 582 }} 583 pub type PTRACE_ENABLE_INFO = *mut TRACE_ENABLE_INFO; 584 STRUCT!{struct TRACE_PROVIDER_INSTANCE_INFO { 585 NameOffset: ULONG, 586 EnableCount: ULONG, 587 Pid: ULONG, 588 Flags: ULONG, 589 }} 590 pub type PTRACE_PROVIDER_INSTANCE_INFO = *mut TRACE_PROVIDER_INSTANCE_INFO; 591 STRUCT!{struct TRACE_GUID_INFO { 592 InstanceCount: ULONG, 593 Reserved: ULONG, 594 }} 595 pub type PTRACE_GUID_INFO = *mut TRACE_GUID_INFO; 596 STRUCT!{struct PROFILE_SOURCE_INFO { 597 NextEntryOffset: ULONG, 598 Source: ULONG, 599 MinInterval: ULONG, 600 MaxInterval: ULONG, 601 Reserved: ULONG64, 602 Description: [WCHAR; ANYSIZE_ARRAY], 603 }} 604 pub type PPROFILE_SOURCE_INFO = *mut PROFILE_SOURCE_INFO; 605 UNION!{union EVENT_TRACE_u { 606 [u32; 1], 607 ClientContext ClientContext_mut: ULONG, 608 BufferContext BufferContext_mut: ETW_BUFFER_CONTEXT, 609 }} 610 STRUCT!{struct EVENT_TRACE { 611 Header: EVENT_TRACE_HEADER, 612 InstanceId: ULONG, 613 ParentInstanceId: ULONG, 614 ParentGuid: GUID, 615 MofData: PVOID, 616 MofLength: ULONG, 617 u: EVENT_TRACE_u, 618 }} 619 pub type PEVENT_TRACE = *mut EVENT_TRACE; 620 pub const EVENT_CONTROL_CODE_DISABLE_PROVIDER: ULONG = 0; 621 pub const EVENT_CONTROL_CODE_ENABLE_PROVIDER: ULONG = 1; 622 pub const EVENT_CONTROL_CODE_CAPTURE_STATE: ULONG = 2; 623 FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKW( 624 PEVENT_TRACE_LOGFILEW, 625 ) -> ULONG} 626 FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKA( 627 PEVENT_TRACE_LOGFILEA, 628 ) -> ULONG} 629 FN!{stdcall PEVENT_CALLBACK( 630 pEvent: PEVENT_TRACE, 631 ) -> ()} 632 FN!{stdcall PEVENT_RECORD_CALLBACK( 633 EventRecord: PEVENT_RECORD, 634 ) -> ()} 635 FN!{stdcall WMIDPREQUEST( 636 RequestCode: WMIDPREQUESTCODE, 637 RequestContext: PVOID, 638 BufferSize: *mut ULONG, 639 Buffer: PVOID, 640 ) -> ULONG} 641 UNION!{union EVENT_TRACE_LOGFILE_u1 { 642 [u32; 1], 643 LogFileMode LogFileMode_mut: ULONG, 644 ProcessTraceMode ProcessTraceMode_mut: ULONG, 645 }} 646 UNION!{union EVENT_TRACE_LOGFILE_u2 { 647 [u32; 1] [u64; 1], 648 EventCallback EventCallback_mut: PEVENT_CALLBACK, 649 EventRecordCallback EventRecordCallback_mut: PEVENT_RECORD_CALLBACK, 650 }} 651 STRUCT!{struct EVENT_TRACE_LOGFILEW { 652 LogFileName: LPWSTR, 653 LoggerName: LPWSTR, 654 CurrentTime: LONGLONG, 655 BuffersRead: ULONG, 656 u1: EVENT_TRACE_LOGFILE_u1, 657 CurrentEvent: EVENT_TRACE, 658 LogfileHeader: TRACE_LOGFILE_HEADER, 659 BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKW, 660 BufferSize: ULONG, 661 Filled: ULONG, 662 EventsLost: ULONG, 663 u2: EVENT_TRACE_LOGFILE_u2, 664 IsKernelTrace: ULONG, 665 Context: PVOID, 666 }} 667 pub type PEVENT_TRACE_LOGFILEW = *mut EVENT_TRACE_LOGFILEW; 668 STRUCT!{struct EVENT_TRACE_LOGFILEA { 669 LogFileName: LPSTR, 670 LoggerName: LPSTR, 671 CurrentTime: LONGLONG, 672 BuffersRead: ULONG, 673 u1: EVENT_TRACE_LOGFILE_u1, 674 CurrentEvent: EVENT_TRACE, 675 LogfileHeader: TRACE_LOGFILE_HEADER, 676 BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKA, 677 BufferSize: ULONG, 678 Filled: ULONG, 679 EventsLost: ULONG, 680 u2: EVENT_TRACE_LOGFILE_u2, 681 IsKernelTrace: ULONG, 682 Context: PVOID, 683 }} 684 pub type PEVENT_TRACE_LOGFILEA = *mut EVENT_TRACE_LOGFILEA; 685 extern "system" { StartTraceW( SessionHandle: PTRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG686 pub fn StartTraceW( 687 SessionHandle: PTRACEHANDLE, 688 SessionName: LPCWSTR, 689 Properties: PEVENT_TRACE_PROPERTIES, 690 ) -> ULONG; StartTraceA( SessionHandle: PTRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG691 pub fn StartTraceA( 692 SessionHandle: PTRACEHANDLE, 693 SessionName: LPCSTR, 694 Properties: PEVENT_TRACE_PROPERTIES, 695 ) -> ULONG; StopTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG696 pub fn StopTraceW( 697 SessionHandle: TRACEHANDLE, 698 SessionName: LPCWSTR, 699 Properties: PEVENT_TRACE_PROPERTIES, 700 ) -> ULONG; StopTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG701 pub fn StopTraceA( 702 SessionHandle: TRACEHANDLE, 703 SessionName: LPCSTR, 704 Properties: PEVENT_TRACE_PROPERTIES, 705 ) -> ULONG; QueryTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG706 pub fn QueryTraceW( 707 SessionHandle: TRACEHANDLE, 708 SessionName: LPCWSTR, 709 Properties: PEVENT_TRACE_PROPERTIES, 710 ) -> ULONG; QueryTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG711 pub fn QueryTraceA( 712 SessionHandle: TRACEHANDLE, 713 SessionName: LPCSTR, 714 Properties: PEVENT_TRACE_PROPERTIES, 715 ) -> ULONG; UpdateTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG716 pub fn UpdateTraceW( 717 SessionHandle: TRACEHANDLE, 718 SessionName: LPCWSTR, 719 Properties: PEVENT_TRACE_PROPERTIES, 720 ) -> ULONG; UpdateTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG721 pub fn UpdateTraceA( 722 SessionHandle: TRACEHANDLE, 723 SessionName: LPCSTR, 724 Properties: PEVENT_TRACE_PROPERTIES, 725 ) -> ULONG; FlushTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG726 pub fn FlushTraceW( 727 SessionHandle: TRACEHANDLE, 728 SessionName: LPCWSTR, 729 Properties: PEVENT_TRACE_PROPERTIES, 730 ) -> ULONG; FlushTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG731 pub fn FlushTraceA( 732 SessionHandle: TRACEHANDLE, 733 SessionName: LPCSTR, 734 Properties: PEVENT_TRACE_PROPERTIES, 735 ) -> ULONG; ControlTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ControlCode: ULONG, ) -> ULONG736 pub fn ControlTraceW( 737 SessionHandle: TRACEHANDLE, 738 SessionName: LPCWSTR, 739 Properties: PEVENT_TRACE_PROPERTIES, 740 ControlCode: ULONG, 741 ) -> ULONG; ControlTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ControlCode: ULONG, ) -> ULONG742 pub fn ControlTraceA( 743 SessionHandle: TRACEHANDLE, 744 SessionName: LPCSTR, 745 Properties: PEVENT_TRACE_PROPERTIES, 746 ControlCode: ULONG, 747 ) -> ULONG; QueryAllTracesW( PropertyArray: *mut PEVENT_TRACE_PROPERTIES, PropertyArrayCount: ULONG, SessionCount: PULONG, ) -> ULONG748 pub fn QueryAllTracesW( 749 PropertyArray: *mut PEVENT_TRACE_PROPERTIES, 750 PropertyArrayCount: ULONG, 751 SessionCount: PULONG, 752 ) -> ULONG; QueryAllTracesA( PropertyArray: *mut PEVENT_TRACE_PROPERTIES, PropertyArrayCount: ULONG, SessionCount: PULONG, ) -> ULONG753 pub fn QueryAllTracesA( 754 PropertyArray: *mut PEVENT_TRACE_PROPERTIES, 755 PropertyArrayCount: ULONG, 756 SessionCount: PULONG, 757 ) -> ULONG; EnableTrace( Enable: ULONG, EnableFlag: ULONG, EnableLevel: ULONG, ControlGuid: LPCGUID, SessionHandle: TRACEHANDLE, ) -> ULONG758 pub fn EnableTrace( 759 Enable: ULONG, 760 EnableFlag: ULONG, 761 EnableLevel: ULONG, 762 ControlGuid: LPCGUID, 763 SessionHandle: TRACEHANDLE, 764 ) -> ULONG; EnableTraceEx( ProviderId: LPCGUID, SourceId: LPCGUID, TraceHandle: TRACEHANDLE, IsEnabled: ULONG, Level: UCHAR, MatchAnyKeyword: ULONGLONG, MatchAllKeyword: ULONGLONG, EnableProperty: ULONG, EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, ) -> ULONG765 pub fn EnableTraceEx( 766 ProviderId: LPCGUID, 767 SourceId: LPCGUID, 768 TraceHandle: TRACEHANDLE, 769 IsEnabled: ULONG, 770 Level: UCHAR, 771 MatchAnyKeyword: ULONGLONG, 772 MatchAllKeyword: ULONGLONG, 773 EnableProperty: ULONG, 774 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, 775 ) -> ULONG; 776 } 777 pub const ENABLE_TRACE_PARAMETERS_VERSION: ULONG = 1; 778 pub const ENABLE_TRACE_PARAMETERS_VERSION_2: ULONG = 2; 779 STRUCT!{struct ENABLE_TRACE_PARAMETERS_V1 { 780 Version: ULONG, 781 EnableProperty: ULONG, 782 ControlFlags: ULONG, 783 SourceId: GUID, 784 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, 785 }} 786 pub type PENABLE_TRACE_PARAMETERS_V1 = *mut ENABLE_TRACE_PARAMETERS_V1; 787 STRUCT!{struct ENABLE_TRACE_PARAMETERS { 788 Version: ULONG, 789 EnableProperty: ULONG, 790 ControlFlags: ULONG, 791 SourceId: GUID, 792 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, 793 FilterDescCount: ULONG, 794 }} 795 pub type PENABLE_TRACE_PARAMETERS = *mut ENABLE_TRACE_PARAMETERS; 796 extern "system" { EnableTraceEx2( TraceHandle: TRACEHANDLE, ProviderId: LPCGUID, ControlCode: ULONG, Level: UCHAR, MatchAnyKeyword: ULONGLONG, MatchAllKeyword: ULONGLONG, Timeout: ULONG, EnableParameters: PENABLE_TRACE_PARAMETERS, ) -> ULONG797 pub fn EnableTraceEx2( 798 TraceHandle: TRACEHANDLE, 799 ProviderId: LPCGUID, 800 ControlCode: ULONG, 801 Level: UCHAR, 802 MatchAnyKeyword: ULONGLONG, 803 MatchAllKeyword: ULONGLONG, 804 Timeout: ULONG, 805 EnableParameters: PENABLE_TRACE_PARAMETERS, 806 ) -> ULONG; 807 } 808 ENUM!{enum TRACE_QUERY_INFO_CLASS { 809 TraceGuidQueryList, 810 TraceGuidQueryInfo, 811 TraceGuidQueryProcess, 812 TraceStackTracingInfo, 813 TraceSystemTraceEnableFlagsInfo, 814 TraceSampledProfileIntervalInfo, 815 TraceProfileSourceConfigInfo, 816 TraceProfileSourceListInfo, 817 TracePmcEventListInfo, 818 TracePmcCounterListInfo, 819 TraceSetDisallowList, 820 TraceVersionInfo, 821 TraceGroupQueryList, 822 TraceGroupQueryInfo, 823 TraceDisallowListQuery, 824 TraceCompressionInfo, 825 TracePeriodicCaptureStateListInfo, 826 TracePeriodicCaptureStateInfo, 827 TraceProviderBinaryTracking, 828 TraceMaxLoggersQuery, 829 MaxTraceSetInfoClass, 830 }} 831 pub type TRACE_INFO_CLASS = TRACE_QUERY_INFO_CLASS; 832 extern "system" { EnumerateTraceGuidsEx( TraceQueryInfoClass: TRACE_QUERY_INFO_CLASS, InBuffer: PVOID, InBufferSize: ULONG, OutBuffer: PVOID, OutBufferSize: ULONG, ReturnLength: PULONG, ) -> ULONG833 pub fn EnumerateTraceGuidsEx( 834 TraceQueryInfoClass: TRACE_QUERY_INFO_CLASS, 835 InBuffer: PVOID, 836 InBufferSize: ULONG, 837 OutBuffer: PVOID, 838 OutBufferSize: ULONG, 839 ReturnLength: PULONG, 840 ) -> ULONG; 841 } 842 STRUCT!{struct CLASSIC_EVENT_ID { 843 EventGuid: GUID, 844 Type: UCHAR, 845 Reserved: [UCHAR; 7], 846 }} 847 pub type PCLASSIC_EVENT_ID = *mut CLASSIC_EVENT_ID; 848 STRUCT!{struct TRACE_PROFILE_INTERVAL { 849 Source: ULONG, 850 Interval: ULONG, 851 }} 852 pub type PTRACE_PROFILE_INTERVAL = *mut TRACE_PROFILE_INTERVAL; 853 STRUCT!{struct TRACE_VERSION_INFO { 854 EtwTraceProcessingVersion: UINT, 855 Reserved: UINT, 856 }} 857 pub type PTRACE_VERSION_INFO = *mut TRACE_VERSION_INFO; 858 STRUCT!{struct TRACE_PERIODIC_CAPTURE_STATE_INFO { 859 CaptureStateFrequencyInSeconds: ULONG, 860 ProviderCount: USHORT, 861 Reserved: USHORT, 862 }} 863 pub type PTRACE_PERIODIC_CAPTURE_STATE_INFO = *mut TRACE_PERIODIC_CAPTURE_STATE_INFO; 864 extern "system" { TraceSetInformation( SessionHandle: TRACEHANDLE, InformationClass: TRACE_INFO_CLASS, TraceInformation: PVOID, InformationLength: ULONG, ) -> ULONG865 pub fn TraceSetInformation( 866 SessionHandle: TRACEHANDLE, 867 InformationClass: TRACE_INFO_CLASS, 868 TraceInformation: PVOID, 869 InformationLength: ULONG, 870 ) -> ULONG; TraceQueryInformation( SessionHandle: TRACEHANDLE, InformationClass: TRACE_QUERY_INFO_CLASS, TraceInformation: PVOID, InformationLength: ULONG, ReturnLength: PULONG, ) -> ULONG871 pub fn TraceQueryInformation( 872 SessionHandle: TRACEHANDLE, 873 InformationClass: TRACE_QUERY_INFO_CLASS, 874 TraceInformation: PVOID, 875 InformationLength: ULONG, 876 ReturnLength: PULONG, 877 ) -> ULONG; CreateTraceInstanceId( RegHandle: HANDLE, pInstInfo: PEVENT_INSTANCE_INFO, ) -> ULONG878 pub fn CreateTraceInstanceId( 879 RegHandle: HANDLE, 880 pInstInfo: PEVENT_INSTANCE_INFO, 881 ) -> ULONG; TraceEvent( SessionHandle: TRACEHANDLE, EventTrace: PEVENT_TRACE_HEADER, ) -> ULONG882 pub fn TraceEvent( 883 SessionHandle: TRACEHANDLE, 884 EventTrace: PEVENT_TRACE_HEADER, 885 ) -> ULONG; TraceEventInstance( SessionHandle: TRACEHANDLE, EventTrace: PEVENT_TRACE_HEADER, pInstInfo: PEVENT_INSTANCE_INFO, pParentInstInfo: PEVENT_INSTANCE_INFO, ) -> ULONG886 pub fn TraceEventInstance( 887 SessionHandle: TRACEHANDLE, 888 EventTrace: PEVENT_TRACE_HEADER, 889 pInstInfo: PEVENT_INSTANCE_INFO, 890 pParentInstInfo: PEVENT_INSTANCE_INFO, 891 ) -> ULONG; RegisterTraceGuidsW( RequestAddress: WMIDPREQUEST, RequestContext: PVOID, ControlGuid: LPCGUID, GuidCount: ULONG, TraceGuidReg: PTRACE_GUID_REGISTRATION, MofImagePath: LPCWSTR, MofResourceName: LPCWSTR, RegistrationHandle: PTRACEHANDLE, ) -> ULONG892 pub fn RegisterTraceGuidsW( 893 RequestAddress: WMIDPREQUEST, 894 RequestContext: PVOID, 895 ControlGuid: LPCGUID, 896 GuidCount: ULONG, 897 TraceGuidReg: PTRACE_GUID_REGISTRATION, 898 MofImagePath: LPCWSTR, 899 MofResourceName: LPCWSTR, 900 RegistrationHandle: PTRACEHANDLE, 901 ) -> ULONG; RegisterTraceGuidsA( RequestAddress: WMIDPREQUEST, RequestContext: PVOID, ControlGuid: LPCGUID, GuidCount: ULONG, TraceGuidReg: PTRACE_GUID_REGISTRATION, MofImagePath: LPCSTR, MofResourceName: LPCSTR, RegistrationHandle: PTRACEHANDLE, ) -> ULONG902 pub fn RegisterTraceGuidsA( 903 RequestAddress: WMIDPREQUEST, 904 RequestContext: PVOID, 905 ControlGuid: LPCGUID, 906 GuidCount: ULONG, 907 TraceGuidReg: PTRACE_GUID_REGISTRATION, 908 MofImagePath: LPCSTR, 909 MofResourceName: LPCSTR, 910 RegistrationHandle: PTRACEHANDLE, 911 ) -> ULONG; EnumerateTraceGuids( GuidPropertiesArray: *mut PTRACE_GUID_PROPERTIES, PropertyArrayCount: ULONG, GuidCount: PULONG, ) -> ULONG912 pub fn EnumerateTraceGuids( 913 GuidPropertiesArray: *mut PTRACE_GUID_PROPERTIES, 914 PropertyArrayCount: ULONG, 915 GuidCount: PULONG, 916 ) -> ULONG; UnregisterTraceGuids( RegistrationHandle: TRACEHANDLE, ) -> ULONG917 pub fn UnregisterTraceGuids( 918 RegistrationHandle: TRACEHANDLE, 919 ) -> ULONG; GetTraceLoggerHandle( Buffer: PVOID, ) -> TRACEHANDLE920 pub fn GetTraceLoggerHandle( 921 Buffer: PVOID, 922 ) -> TRACEHANDLE; GetTraceEnableLevel( SessionHandle: TRACEHANDLE, ) -> UCHAR923 pub fn GetTraceEnableLevel( 924 SessionHandle: TRACEHANDLE, 925 ) -> UCHAR; GetTraceEnableFlags( SessionHandle: TRACEHANDLE, ) -> ULONG926 pub fn GetTraceEnableFlags( 927 SessionHandle: TRACEHANDLE, 928 ) -> ULONG; OpenTraceW( Logfile: PEVENT_TRACE_LOGFILEW, ) -> TRACEHANDLE929 pub fn OpenTraceW( 930 Logfile: PEVENT_TRACE_LOGFILEW, 931 ) -> TRACEHANDLE; ProcessTrace( HandleArray: PTRACEHANDLE, HandleCount: ULONG, StartTime: LPFILETIME, EndTime: LPFILETIME, ) -> ULONG932 pub fn ProcessTrace( 933 HandleArray: PTRACEHANDLE, 934 HandleCount: ULONG, 935 StartTime: LPFILETIME, 936 EndTime: LPFILETIME, 937 ) -> ULONG; CloseTrace( TraceHandle: TRACEHANDLE, ) -> ULONG938 pub fn CloseTrace( 939 TraceHandle: TRACEHANDLE, 940 ) -> ULONG; 941 } 942 ENUM!{enum ETW_PROCESS_HANDLE_INFO_TYPE { 943 EtwQueryPartitionInformation = 1, 944 EtwQueryProcessHandleInfoMax, 945 }} 946 STRUCT!{struct ETW_TRACE_PARTITION_INFORMATION { 947 PartitionId: GUID, 948 ParentId: GUID, 949 Reserved: ULONG64, 950 PartitionType: ULONG, 951 }} 952 pub type PETW_TRACE_PARTITION_INFORMATION = *mut ETW_TRACE_PARTITION_INFORMATION; 953 extern "system" { QueryTraceProcessingHandle( ProcessingHandle: TRACEHANDLE, InformationClass: ETW_PROCESS_HANDLE_INFO_TYPE, InBuffer: PVOID, InBufferSize: ULONG, OutBuffer: PVOID, OutBufferSize: ULONG, ReturnLength: PULONG, ) -> ULONG954 pub fn QueryTraceProcessingHandle( 955 ProcessingHandle: TRACEHANDLE, 956 InformationClass: ETW_PROCESS_HANDLE_INFO_TYPE, 957 InBuffer: PVOID, 958 InBufferSize: ULONG, 959 OutBuffer: PVOID, 960 OutBufferSize: ULONG, 961 ReturnLength: PULONG, 962 ) -> ULONG; OpenTraceA( Logfile: PEVENT_TRACE_LOGFILEA, ) -> TRACEHANDLE963 pub fn OpenTraceA( 964 Logfile: PEVENT_TRACE_LOGFILEA, 965 ) -> TRACEHANDLE; SetTraceCallback( pGuid: LPCGUID, EventCallback: PEVENT_CALLBACK, ) -> ULONG966 pub fn SetTraceCallback( 967 pGuid: LPCGUID, 968 EventCallback: PEVENT_CALLBACK, 969 ) -> ULONG; RemoveTraceCallback( pGuid: LPCGUID, ) -> ULONG970 pub fn RemoveTraceCallback( 971 pGuid: LPCGUID, 972 ) -> ULONG; 973 } 974 extern "C" { TraceMessage( SessionHandle: TRACEHANDLE, MessageFlags: ULONG, MessageGuid: LPGUID, MessageNumber: USHORT, ... ) -> ULONG975 pub fn TraceMessage( 976 SessionHandle: TRACEHANDLE, 977 MessageFlags: ULONG, 978 MessageGuid: LPGUID, 979 MessageNumber: USHORT, 980 ... 981 ) -> ULONG; TraceMessageVa( SessionHandle: TRACEHANDLE, MessageFlags: ULONG, MessageGuid: LPGUID, MessageNumber: USHORT, MessageArgList: va_list, )982 pub fn TraceMessageVa( 983 SessionHandle: TRACEHANDLE, 984 MessageFlags: ULONG, 985 MessageGuid: LPGUID, 986 MessageNumber: USHORT, 987 MessageArgList: va_list, 988 ); 989 } 990 pub const INVALID_PROCESSTRACE_HANDLE: TRACEHANDLE = INVALID_HANDLE_VALUE as TRACEHANDLE; 991