1 // Copyright © 2017 winapi-rs developers 2 // Licensed under the Apache License, Version 2.0 3 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 4 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. 5 // All files in the project carrying such notice may not be copied, modified, or distributed 6 // except according to those terms. 7 use shared::basetsd::{SIZE_T, ULONG32, ULONG64}; 8 use shared::evntprov::PEVENT_FILTER_DESCRIPTOR; 9 use shared::guiddef::{GUID, LPCGUID, LPGUID}; 10 use shared::minwindef::{DWORD, LPFILETIME, PULONG, UCHAR, UINT, ULONG, USHORT}; 11 use shared::wmistr::{WMIDPREQUESTCODE, WNODE_HEADER}; 12 use um::evntcons::PEVENT_RECORD; 13 use um::handleapi::INVALID_HANDLE_VALUE; 14 use um::timezoneapi::TIME_ZONE_INFORMATION; 15 use um::winnt::{ 16 ANYSIZE_ARRAY, BOOLEAN, HANDLE, LARGE_INTEGER, LONG, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR, 17 PVOID, ULONGLONG, WCHAR 18 }; 19 use vc::vadefs::va_list; 20 DEFINE_GUID!{EventTraceGuid, 21 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3} 22 DEFINE_GUID!{SystemTraceControlGuid, 23 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39} 24 DEFINE_GUID!{EventTraceConfigGuid, 25 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35} 26 DEFINE_GUID!{DefaultTraceSecurityGuid, 27 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13} 28 DEFINE_GUID!{PrivateLoggerNotificationGuid, 29 0x3595ab5c, 0x042a, 0x4c8e, 0xb9, 0x42, 0x2d, 0x05, 0x9b, 0xfe, 0xb1, 0xb1} 30 pub const KERNEL_LOGGER_NAME: &'static str = "NT Kernel Logger"; 31 pub const GLOBAL_LOGGER_NAME: &'static str = "GlobalLogger"; 32 pub const EVENT_LOGGER_NAME: &'static str = "EventLog"; 33 pub const DIAG_LOGGER_NAME: &'static str = "DiagLog"; 34 pub const MAX_MOF_FIELDS: SIZE_T = 16; 35 DECLARE_HANDLE!{TRACEHANDLE, __TRACEHANDLE} 36 pub type PTRACEHANDLE = *mut TRACEHANDLE; 37 pub const EVENT_TRACE_TYPE_INFO: DWORD = 0x00; 38 pub const EVENT_TRACE_TYPE_START: DWORD = 0x01; 39 pub const EVENT_TRACE_TYPE_END: DWORD = 0x02; 40 pub const EVENT_TRACE_TYPE_STOP: DWORD = 0x02; 41 pub const EVENT_TRACE_TYPE_DC_START: DWORD = 0x03; 42 pub const EVENT_TRACE_TYPE_DC_END: DWORD = 0x04; 43 pub const EVENT_TRACE_TYPE_EXTENSION: DWORD = 0x05; 44 pub const EVENT_TRACE_TYPE_REPLY: DWORD = 0x06; 45 pub const EVENT_TRACE_TYPE_DEQUEUE: DWORD = 0x07; 46 pub const EVENT_TRACE_TYPE_RESUME: DWORD = 0x07; 47 pub const EVENT_TRACE_TYPE_CHECKPOINT: DWORD = 0x08; 48 pub const EVENT_TRACE_TYPE_SUSPEND: DWORD = 0x08; 49 pub const EVENT_TRACE_TYPE_WINEVT_SEND: DWORD = 0x09; 50 pub const EVENT_TRACE_TYPE_WINEVT_RECEIVE: DWORD = 0xF0; 51 pub const TRACE_LEVEL_CRITICAL: UCHAR = 1; 52 pub const TRACE_LEVEL_ERROR: UCHAR = 2; 53 pub const TRACE_LEVEL_WARNING: UCHAR = 3; 54 pub const TRACE_LEVEL_INFORMATION: UCHAR = 4; 55 pub const TRACE_LEVEL_VERBOSE: UCHAR = 5; 56 pub const TRACE_LEVEL_RESERVED6: UCHAR = 6; 57 pub const TRACE_LEVEL_RESERVED7: UCHAR = 7; 58 pub const TRACE_LEVEL_RESERVED8: UCHAR = 8; 59 pub const TRACE_LEVEL_RESERVED9: UCHAR = 9; 60 pub const EVENT_TRACE_TYPE_LOAD: DWORD = 0x0A; 61 pub const EVENT_TRACE_TYPE_TERMINATE: DWORD = 0x0B; 62 pub const EVENT_TRACE_TYPE_IO_READ: DWORD = 0x0A; 63 pub const EVENT_TRACE_TYPE_IO_WRITE: DWORD = 0x0B; 64 pub const EVENT_TRACE_TYPE_IO_READ_INIT: DWORD = 0x0C; 65 pub const EVENT_TRACE_TYPE_IO_WRITE_INIT: DWORD = 0x0D; 66 pub const EVENT_TRACE_TYPE_IO_FLUSH: DWORD = 0x0E; 67 pub const EVENT_TRACE_TYPE_IO_FLUSH_INIT: DWORD = 0x0F; 68 pub const EVENT_TRACE_TYPE_IO_REDIRECTED_INIT: DWORD = 0x10; 69 pub const EVENT_TRACE_TYPE_MM_TF: DWORD = 0x0A; 70 pub const EVENT_TRACE_TYPE_MM_DZF: DWORD = 0x0B; 71 pub const EVENT_TRACE_TYPE_MM_COW: DWORD = 0x0C; 72 pub const EVENT_TRACE_TYPE_MM_GPF: DWORD = 0x0D; 73 pub const EVENT_TRACE_TYPE_MM_HPF: DWORD = 0x0E; 74 pub const EVENT_TRACE_TYPE_MM_AV: DWORD = 0x0F; 75 pub const EVENT_TRACE_TYPE_SEND: DWORD = 0x0A; 76 pub const EVENT_TRACE_TYPE_RECEIVE: DWORD = 0x0B; 77 pub const EVENT_TRACE_TYPE_CONNECT: DWORD = 0x0C; 78 pub const EVENT_TRACE_TYPE_DISCONNECT: DWORD = 0x0D; 79 pub const EVENT_TRACE_TYPE_RETRANSMIT: DWORD = 0x0E; 80 pub const EVENT_TRACE_TYPE_ACCEPT: DWORD = 0x0F; 81 pub const EVENT_TRACE_TYPE_RECONNECT: DWORD = 0x10; 82 pub const EVENT_TRACE_TYPE_CONNFAIL: DWORD = 0x11; 83 pub const EVENT_TRACE_TYPE_COPY_TCP: DWORD = 0x12; 84 pub const EVENT_TRACE_TYPE_COPY_ARP: DWORD = 0x13; 85 pub const EVENT_TRACE_TYPE_ACKFULL: DWORD = 0x14; 86 pub const EVENT_TRACE_TYPE_ACKPART: DWORD = 0x15; 87 pub const EVENT_TRACE_TYPE_ACKDUP: DWORD = 0x16; 88 pub const EVENT_TRACE_TYPE_GUIDMAP: DWORD = 0x0A; 89 pub const EVENT_TRACE_TYPE_CONFIG: DWORD = 0x0B; 90 pub const EVENT_TRACE_TYPE_SIDINFO: DWORD = 0x0C; 91 pub const EVENT_TRACE_TYPE_SECURITY: DWORD = 0x0D; 92 pub const EVENT_TRACE_TYPE_DBGID_RSDS: DWORD = 0x40; 93 pub const EVENT_TRACE_TYPE_REGCREATE: DWORD = 0x0A; 94 pub const EVENT_TRACE_TYPE_REGOPEN: DWORD = 0x0B; 95 pub const EVENT_TRACE_TYPE_REGDELETE: DWORD = 0x0C; 96 pub const EVENT_TRACE_TYPE_REGQUERY: DWORD = 0x0D; 97 pub const EVENT_TRACE_TYPE_REGSETVALUE: DWORD = 0x0E; 98 pub const EVENT_TRACE_TYPE_REGDELETEVALUE: DWORD = 0x0F; 99 pub const EVENT_TRACE_TYPE_REGQUERYVALUE: DWORD = 0x10; 100 pub const EVENT_TRACE_TYPE_REGENUMERATEKEY: DWORD = 0x11; 101 pub const EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY: DWORD = 0x12; 102 pub const EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE: DWORD = 0x13; 103 pub const EVENT_TRACE_TYPE_REGSETINFORMATION: DWORD = 0x14; 104 pub const EVENT_TRACE_TYPE_REGFLUSH: DWORD = 0x15; 105 pub const EVENT_TRACE_TYPE_REGKCBCREATE: DWORD = 0x16; 106 pub const EVENT_TRACE_TYPE_REGKCBDELETE: DWORD = 0x17; 107 pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN: DWORD = 0x18; 108 pub const EVENT_TRACE_TYPE_REGKCBRUNDOWNEND: DWORD = 0x19; 109 pub const EVENT_TRACE_TYPE_REGVIRTUALIZE: DWORD = 0x1A; 110 pub const EVENT_TRACE_TYPE_REGCLOSE: DWORD = 0x1B; 111 pub const EVENT_TRACE_TYPE_REGSETSECURITY: DWORD = 0x1C; 112 pub const EVENT_TRACE_TYPE_REGQUERYSECURITY: DWORD = 0x1D; 113 pub const EVENT_TRACE_TYPE_REGCOMMIT: DWORD = 0x1E; 114 pub const EVENT_TRACE_TYPE_REGPREPARE: DWORD = 0x1F; 115 pub const EVENT_TRACE_TYPE_REGROLLBACK: DWORD = 0x20; 116 pub const EVENT_TRACE_TYPE_REGMOUNTHIVE: DWORD = 0x21; 117 pub const EVENT_TRACE_TYPE_CONFIG_CPU: DWORD = 0x0A; 118 pub const EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK: DWORD = 0x0B; 119 pub const EVENT_TRACE_TYPE_CONFIG_LOGICALDISK: DWORD = 0x0C; 120 pub const EVENT_TRACE_TYPE_CONFIG_NIC: DWORD = 0x0D; 121 pub const EVENT_TRACE_TYPE_CONFIG_VIDEO: DWORD = 0x0E; 122 pub const EVENT_TRACE_TYPE_CONFIG_SERVICES: DWORD = 0x0F; 123 pub const EVENT_TRACE_TYPE_CONFIG_POWER: DWORD = 0x10; 124 pub const EVENT_TRACE_TYPE_CONFIG_NETINFO: DWORD = 0x11; 125 pub const EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA: DWORD = 0x12; 126 pub const EVENT_TRACE_TYPE_CONFIG_IRQ: DWORD = 0x15; 127 pub const EVENT_TRACE_TYPE_CONFIG_PNP: DWORD = 0x16; 128 pub const EVENT_TRACE_TYPE_CONFIG_IDECHANNEL: DWORD = 0x17; 129 pub const EVENT_TRACE_TYPE_CONFIG_NUMANODE: DWORD = 0x18; 130 pub const EVENT_TRACE_TYPE_CONFIG_PLATFORM: DWORD = 0x19; 131 pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP: DWORD = 0x1A; 132 pub const EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER: DWORD = 0x1B; 133 pub const EVENT_TRACE_TYPE_CONFIG_DPI: DWORD = 0x1C; 134 pub const EVENT_TRACE_TYPE_CONFIG_CI_INFO: DWORD = 0x1D; 135 pub const EVENT_TRACE_TYPE_CONFIG_MACHINEID: DWORD = 0x1E; 136 pub const EVENT_TRACE_TYPE_CONFIG_DEFRAG: DWORD = 0x1F; 137 pub const EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM: DWORD = 0x20; 138 pub const EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY: DWORD = 0x21; 139 pub const EVENT_TRACE_TYPE_CONFIG_FLIGHTID: DWORD = 0x22; 140 pub const EVENT_TRACE_TYPE_CONFIG_PROCESSOR: DWORD = 0x23; 141 pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ: DWORD = 0x37; 142 pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE: DWORD = 0x38; 143 pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH: DWORD = 0x39; 144 pub const EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT: DWORD = 0x3a; 145 pub const EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT: DWORD = 0x3b; 146 pub const EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT: DWORD = 0x3c; 147 pub const EVENT_TRACE_TYPE_FLT_PREOP_INIT: DWORD = 0x60; 148 pub const EVENT_TRACE_TYPE_FLT_POSTOP_INIT: DWORD = 0x61; 149 pub const EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION: DWORD = 0x62; 150 pub const EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION: DWORD = 0x63; 151 pub const EVENT_TRACE_TYPE_FLT_PREOP_FAILURE: DWORD = 0x64; 152 pub const EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE: DWORD = 0x65; 153 pub const EVENT_TRACE_FLAG_PROCESS: DWORD = 0x00000001; 154 pub const EVENT_TRACE_FLAG_THREAD: DWORD = 0x00000002; 155 pub const EVENT_TRACE_FLAG_IMAGE_LOAD: DWORD = 0x00000004; 156 pub const EVENT_TRACE_FLAG_DISK_IO: DWORD = 0x00000100; 157 pub const EVENT_TRACE_FLAG_DISK_FILE_IO: DWORD = 0x00000200; 158 pub const EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS: DWORD = 0x00001000; 159 pub const EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS: DWORD = 0x00002000; 160 pub const EVENT_TRACE_FLAG_NETWORK_TCPIP: DWORD = 0x00010000; 161 pub const EVENT_TRACE_FLAG_REGISTRY: DWORD = 0x00020000; 162 pub const EVENT_TRACE_FLAG_DBGPRINT: DWORD = 0x00040000; 163 pub const EVENT_TRACE_FLAG_PROCESS_COUNTERS: DWORD = 0x00000008; 164 pub const EVENT_TRACE_FLAG_CSWITCH: DWORD = 0x00000010; 165 pub const EVENT_TRACE_FLAG_DPC: DWORD = 0x00000020; 166 pub const EVENT_TRACE_FLAG_INTERRUPT: DWORD = 0x00000040; 167 pub const EVENT_TRACE_FLAG_SYSTEMCALL: DWORD = 0x00000080; 168 pub const EVENT_TRACE_FLAG_DISK_IO_INIT: DWORD = 0x00000400; 169 pub const EVENT_TRACE_FLAG_ALPC: DWORD = 0x00100000; 170 pub const EVENT_TRACE_FLAG_SPLIT_IO: DWORD = 0x00200000; 171 pub const EVENT_TRACE_FLAG_DRIVER: DWORD = 0x00800000; 172 pub const EVENT_TRACE_FLAG_PROFILE: DWORD = 0x01000000; 173 pub const EVENT_TRACE_FLAG_FILE_IO: DWORD = 0x02000000; 174 pub const EVENT_TRACE_FLAG_FILE_IO_INIT: DWORD = 0x04000000; 175 pub const EVENT_TRACE_FLAG_DISPATCHER: DWORD = 0x00000800; 176 pub const EVENT_TRACE_FLAG_VIRTUAL_ALLOC: DWORD = 0x00004000; 177 pub const EVENT_TRACE_FLAG_VAMAP: DWORD = 0x00008000; 178 pub const EVENT_TRACE_FLAG_NO_SYSCONFIG: DWORD = 0x10000000; 179 pub const EVENT_TRACE_FLAG_JOB: DWORD = 0x00080000; 180 pub const EVENT_TRACE_FLAG_DEBUG_EVENTS: DWORD = 0x00400000; 181 pub const EVENT_TRACE_FLAG_EXTENSION: DWORD = 0x80000000; 182 pub const EVENT_TRACE_FLAG_FORWARD_WMI: DWORD = 0x40000000; 183 pub const EVENT_TRACE_FLAG_ENABLE_RESERVE: DWORD = 0x20000000; 184 pub const EVENT_TRACE_FILE_MODE_NONE: DWORD = 0x00000000; 185 pub const EVENT_TRACE_FILE_MODE_SEQUENTIAL: DWORD = 0x00000001; 186 pub const EVENT_TRACE_FILE_MODE_CIRCULAR: DWORD = 0x00000002; 187 pub const EVENT_TRACE_FILE_MODE_APPEND: DWORD = 0x00000004; 188 pub const EVENT_TRACE_REAL_TIME_MODE: DWORD = 0x00000100; 189 pub const EVENT_TRACE_DELAY_OPEN_FILE_MODE: DWORD = 0x00000200; 190 pub const EVENT_TRACE_BUFFERING_MODE: DWORD = 0x00000400; 191 pub const EVENT_TRACE_PRIVATE_LOGGER_MODE: DWORD = 0x00000800; 192 pub const EVENT_TRACE_ADD_HEADER_MODE: DWORD = 0x00001000; 193 pub const EVENT_TRACE_USE_GLOBAL_SEQUENCE: DWORD = 0x00004000; 194 pub const EVENT_TRACE_USE_LOCAL_SEQUENCE: DWORD = 0x00008000; 195 pub const EVENT_TRACE_RELOG_MODE: DWORD = 0x00010000; 196 pub const EVENT_TRACE_USE_PAGED_MEMORY: DWORD = 0x01000000; 197 pub const EVENT_TRACE_FILE_MODE_NEWFILE: DWORD = 0x00000008; 198 pub const EVENT_TRACE_FILE_MODE_PREALLOCATE: DWORD = 0x00000020; 199 pub const EVENT_TRACE_NONSTOPPABLE_MODE: DWORD = 0x00000040; 200 pub const EVENT_TRACE_SECURE_MODE: DWORD = 0x00000080; 201 pub const EVENT_TRACE_USE_KBYTES_FOR_SIZE: DWORD = 0x00002000; 202 pub const EVENT_TRACE_PRIVATE_IN_PROC: DWORD = 0x00020000; 203 pub const EVENT_TRACE_MODE_RESERVED: DWORD = 0x00100000; 204 pub const EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING: DWORD = 0x10000000; 205 pub const EVENT_TRACE_SYSTEM_LOGGER_MODE: DWORD = 0x02000000; 206 pub const EVENT_TRACE_ADDTO_TRIAGE_DUMP: DWORD = 0x80000000; 207 pub const EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN: DWORD = 0x00400000; 208 pub const EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN: DWORD = 0x00800000; 209 pub const EVENT_TRACE_INDEPENDENT_SESSION_MODE: DWORD = 0x08000000; 210 pub const EVENT_TRACE_COMPRESSED_MODE: DWORD = 0x04000000; 211 pub const EVENT_TRACE_CONTROL_QUERY: DWORD = 0; 212 pub const EVENT_TRACE_CONTROL_STOP: DWORD = 1; 213 pub const EVENT_TRACE_CONTROL_UPDATE: DWORD = 2; 214 pub const EVENT_TRACE_CONTROL_FLUSH: DWORD = 3; 215 pub const TRACE_MESSAGE_SEQUENCE: DWORD = 1; 216 pub const TRACE_MESSAGE_GUID: DWORD = 2; 217 pub const TRACE_MESSAGE_COMPONENTID: DWORD = 4; 218 pub const TRACE_MESSAGE_TIMESTAMP: DWORD = 8; 219 pub const TRACE_MESSAGE_PERFORMANCE_TIMESTAMP: DWORD = 16; 220 pub const TRACE_MESSAGE_SYSTEMINFO: DWORD = 32; 221 pub const TRACE_MESSAGE_POINTER32: DWORD = 0x0040; 222 pub const TRACE_MESSAGE_POINTER64: DWORD = 0x0080; 223 pub const TRACE_MESSAGE_FLAG_MASK: DWORD = 0xFFFF; 224 pub const TRACE_MESSAGE_MAXIMUM_SIZE: SIZE_T = 64 * 1024; 225 pub const EVENT_TRACE_USE_PROCTIME: DWORD = 0x0001; 226 pub const EVENT_TRACE_USE_NOCPUTIME: DWORD = 0x0002; 227 pub const TRACE_HEADER_FLAG_USE_TIMESTAMP: DWORD = 0x00000200; 228 pub const TRACE_HEADER_FLAG_TRACED_GUID: DWORD = 0x00020000; 229 pub const TRACE_HEADER_FLAG_LOG_WNODE: DWORD = 0x00040000; 230 pub const TRACE_HEADER_FLAG_USE_GUID_PTR: DWORD = 0x00080000; 231 pub const TRACE_HEADER_FLAG_USE_MOF_PTR: DWORD = 0x00100000; 232 ENUM!{enum ETW_COMPRESSION_RESUMPTION_MODE { 233 EtwCompressionModeRestart = 0, 234 EtwCompressionModeNoDisable = 1, 235 EtwCompressionModeNoRestart = 2, 236 }} 237 STRUCT!{struct EVENT_TRACE_HEADER_u1_s { 238 HeaderType: UCHAR, 239 MarkerFlags: UCHAR, 240 }} 241 UNION!{union EVENT_TRACE_HEADER_u1 { 242 [u16; 1], 243 FieldTypeFlags FieldTypeFlags_mut: USHORT, 244 s s_mut: EVENT_TRACE_HEADER_u1_s, 245 }} 246 STRUCT!{struct EVENT_TRACE_HEADER_u2_CLASS { 247 Type: UCHAR, 248 Level: UCHAR, 249 Version: USHORT, 250 }} 251 UNION!{union EVENT_TRACE_HEADER_u2 { 252 [u32; 1], 253 Version Version_mut: ULONG, 254 Class Class_mut: EVENT_TRACE_HEADER_u2_CLASS, 255 }} 256 UNION!{union EVENT_TRACE_HEADER_u3 { 257 [u64; 2], 258 Guid Guid_mut: GUID, 259 GuidPtr GuidPtr_mut: ULONGLONG, 260 }} 261 STRUCT!{struct EVENT_TRACE_HEADER_u4_s1 { 262 ClientContext: ULONG, 263 Flags: ULONG, 264 }} 265 STRUCT!{struct EVENT_TRACE_HEADER_u4_s2 { 266 KernelTime: ULONG, 267 UserTime: ULONG, 268 }} 269 UNION!{union EVENT_TRACE_HEADER_u4 { 270 [u64; 1], 271 s1 s1_mut: EVENT_TRACE_HEADER_u4_s1, 272 s2 s2_mut: EVENT_TRACE_HEADER_u4_s2, 273 ProcessorTime ProcessorTime_mut: ULONG64, 274 }} 275 STRUCT!{struct EVENT_TRACE_HEADER { 276 Size: USHORT, 277 u1: EVENT_TRACE_HEADER_u1, 278 u2: EVENT_TRACE_HEADER_u2, 279 ThreadId: ULONG, 280 ProcessId: ULONG, 281 TimeStamp: LARGE_INTEGER, 282 u3: EVENT_TRACE_HEADER_u3, 283 u4: EVENT_TRACE_HEADER_u4, 284 }} 285 pub type PEVENT_TRACE_HEADER = *mut EVENT_TRACE_HEADER; 286 STRUCT!{struct EVENT_INSTANCE_HEADER_u1_s { 287 HeaderType: UCHAR, 288 MarkerFlags: UCHAR, 289 }} 290 UNION!{union EVENT_INSTANCE_HEADER_u1 { 291 [u16; 1], 292 FieldTypeFlags FieldTypeFlags_mut: USHORT, 293 s s_mut: EVENT_INSTANCE_HEADER_u1_s, 294 }} 295 STRUCT!{struct EVENT_INSTANCE_HEADER_u2_CLASS { 296 Type: UCHAR, 297 Level: UCHAR, 298 Version: USHORT, 299 }} 300 UNION!{union EVENT_INSTANCE_HEADER_u2 { 301 [u32; 1], 302 Version Version_mut: ULONG, 303 Class Class_mut: EVENT_INSTANCE_HEADER_u2_CLASS, 304 }} 305 STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s1 { 306 KernelTime: ULONG, 307 UserTime: ULONG, 308 }} 309 STRUCT!{struct EVENT_INSTANCE_HEADER_u3_s2 { 310 EventId: ULONG, 311 Flags: ULONG, 312 }} 313 UNION!{union EVENT_INSTANCE_HEADER_u3 { 314 [u64; 1], 315 s1 s1_mut: EVENT_INSTANCE_HEADER_u3_s1, 316 ProcessorTime ProcessorTime_mut: ULONG64, 317 s2 s2_mut: EVENT_INSTANCE_HEADER_u3_s2, 318 }} 319 STRUCT!{struct EVENT_INSTANCE_HEADER { 320 Size: USHORT, 321 u1: EVENT_INSTANCE_HEADER_u1, 322 u2: EVENT_INSTANCE_HEADER_u2, 323 ThreadId: ULONG, 324 ProcessId: ULONG, 325 TimeStamp: LARGE_INTEGER, 326 RegHandle: ULONGLONG, 327 InstanceId: ULONG, 328 ParentInstanceId: ULONG, 329 u3: EVENT_INSTANCE_HEADER_u3, 330 ParentRegHandle: ULONGLONG, 331 }} 332 pub type PEVENT_INSTANCE_HEADER = *mut EVENT_INSTANCE_HEADER; 333 pub const ETW_NULL_TYPE_VALUE: ULONG = 0; 334 pub const ETW_OBJECT_TYPE_VALUE: ULONG = 1; 335 pub const ETW_STRING_TYPE_VALUE: ULONG = 2; 336 pub const ETW_SBYTE_TYPE_VALUE: ULONG = 3; 337 pub const ETW_BYTE_TYPE_VALUE: ULONG = 4; 338 pub const ETW_INT16_TYPE_VALUE: ULONG = 5; 339 pub const ETW_UINT16_TYPE_VALUE: ULONG = 6; 340 pub const ETW_INT32_TYPE_VALUE: ULONG = 7; 341 pub const ETW_UINT32_TYPE_VALUE: ULONG = 8; 342 pub const ETW_INT64_TYPE_VALUE: ULONG = 9; 343 pub const ETW_UINT64_TYPE_VALUE: ULONG = 10; 344 pub const ETW_CHAR_TYPE_VALUE: ULONG = 11; 345 pub const ETW_SINGLE_TYPE_VALUE: ULONG = 12; 346 pub const ETW_DOUBLE_TYPE_VALUE: ULONG = 13; 347 pub const ETW_BOOLEAN_TYPE_VALUE: ULONG = 14; 348 pub const ETW_DECIMAL_TYPE_VALUE: ULONG = 15; 349 pub const ETW_GUID_TYPE_VALUE: ULONG = 101; 350 pub const ETW_ASCIICHAR_TYPE_VALUE: ULONG = 102; 351 pub const ETW_ASCIISTRING_TYPE_VALUE: ULONG = 103; 352 pub const ETW_COUNTED_STRING_TYPE_VALUE: ULONG = 104; 353 pub const ETW_POINTER_TYPE_VALUE: ULONG = 105; 354 pub const ETW_SIZET_TYPE_VALUE: ULONG = 106; 355 pub const ETW_HIDDEN_TYPE_VALUE: ULONG = 107; 356 pub const ETW_BOOL_TYPE_VALUE: ULONG = 108; 357 pub const ETW_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 109; 358 pub const ETW_REVERSED_COUNTED_STRING_TYPE_VALUE: ULONG = 110; 359 pub const ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE: ULONG = 111; 360 pub const ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE: ULONG = 112; 361 pub const ETW_REDUCED_ANSISTRING_TYPE_VALUE: ULONG = 113; 362 pub const ETW_REDUCED_STRING_TYPE_VALUE: ULONG = 114; 363 pub const ETW_SID_TYPE_VALUE: ULONG = 115; 364 pub const ETW_VARIANT_TYPE_VALUE: ULONG = 116; 365 pub const ETW_PTVECTOR_TYPE_VALUE: ULONG = 117; 366 pub const ETW_WMITIME_TYPE_VALUE: ULONG = 118; 367 pub const ETW_DATETIME_TYPE_VALUE: ULONG = 119; 368 pub const ETW_REFRENCE_TYPE_VALUE: ULONG = 120; 369 // TODO: DEFINE_TRACE_MOF_FIELD 370 STRUCT!{struct MOF_FIELD{ 371 DataPtr: ULONG64, 372 Length: ULONG, 373 DataType: ULONG, 374 }} 375 pub type PMOF_FIELD = *mut MOF_FIELD; 376 STRUCT!{struct TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL { 377 MajorVersion: UCHAR, 378 MinorVersion: UCHAR, 379 SubVersion: UCHAR, 380 SubMinorVersion: UCHAR, 381 }} 382 UNION!{union TRACE_LOGFILE_HEADER_u1 { 383 [u32; 1], 384 Version Version_mut: ULONG, 385 VersionDetail VersionDetail_mut: TRACE_LOGFILE_HEADER_u1_VERSIONDETAIL, 386 }} 387 STRUCT!{struct TRACE_LOGFILE_HEADER_u2_s { 388 StartBuffers: ULONG, 389 PointerSize: ULONG, 390 EventsLost: ULONG, 391 CpuSpeedInMHz: ULONG, 392 }} 393 UNION!{union TRACE_LOGFILE_HEADER_u2 { 394 [u32; 4], 395 LogInstanceGuid LogInstanceGuid_mut: GUID, 396 s s_mut: TRACE_LOGFILE_HEADER_u2_s, 397 }} 398 STRUCT!{struct TRACE_LOGFILE_HEADER { 399 BufferSize: ULONG, 400 u1: TRACE_LOGFILE_HEADER_u1, 401 ProviderVersion: ULONG, 402 NumberOfProcessors: ULONG, 403 EndTime: LARGE_INTEGER, 404 TimerResolution: ULONG, 405 MaximumFileSize: ULONG, 406 LogFileMode: ULONG, 407 BuffersWritten: ULONG, 408 u2: TRACE_LOGFILE_HEADER_u2, 409 LoggerName: LPWSTR, 410 LogFileName: LPWSTR, 411 TimeZone: TIME_ZONE_INFORMATION, 412 BootTime: LARGE_INTEGER, 413 PrefFreq: LARGE_INTEGER, 414 StartTime: LARGE_INTEGER, 415 ReservedFlags: ULONG, 416 BuffersLost: ULONG, 417 }} 418 pub type PTRACE_LOGFILE_HEADER = *mut TRACE_LOGFILE_HEADER; 419 STRUCT!{struct TRACE_LOGFILE_HEADER32 { 420 BufferSize: ULONG, 421 u1: TRACE_LOGFILE_HEADER_u1, 422 ProviderVersion: ULONG, 423 NumberOfProcessors: ULONG, 424 EndTime: LARGE_INTEGER, 425 TimerResolution: ULONG, 426 MaximumFileSize: ULONG, 427 LogFileMode: ULONG, 428 BuffersWritten: ULONG, 429 u2: TRACE_LOGFILE_HEADER_u2, 430 LoggerName: ULONG32, 431 LogFileName: ULONG32, 432 TimeZone: TIME_ZONE_INFORMATION, 433 BootTime: LARGE_INTEGER, 434 PrefFreq: LARGE_INTEGER, 435 StartTime: LARGE_INTEGER, 436 ReservedFlags: ULONG, 437 BuffersLost: ULONG, 438 }} 439 pub type PTRACE_LOGFILE_HEADER32 = *mut TRACE_LOGFILE_HEADER32; 440 STRUCT!{struct TRACE_LOGFILE_HEADER64 { 441 BufferSize: ULONG, 442 u1: TRACE_LOGFILE_HEADER_u1, 443 ProviderVersion: ULONG, 444 NumberOfProcessors: ULONG, 445 EndTime: LARGE_INTEGER, 446 TimerResolution: ULONG, 447 MaximumFileSize: ULONG, 448 LogFileMode: ULONG, 449 BuffersWritten: ULONG, 450 u2: TRACE_LOGFILE_HEADER_u2, 451 LoggerName: ULONG64, 452 LogFileName: ULONG64, 453 TimeZone: TIME_ZONE_INFORMATION, 454 BootTime: LARGE_INTEGER, 455 PrefFreq: LARGE_INTEGER, 456 StartTime: LARGE_INTEGER, 457 ReservedFlags: ULONG, 458 BuffersLost: ULONG, 459 }} 460 pub type PTRACE_LOGFILE_HEADER64 = *mut TRACE_LOGFILE_HEADER64; 461 STRUCT!{struct EVENT_INSTANCE_INFO { 462 RegHandle: HANDLE, 463 InstanceId: ULONG, 464 }} 465 pub type PEVENT_INSTANCE_INFO = *mut EVENT_INSTANCE_INFO; 466 UNION!{union EVENT_TRACE_PROPERTIES_u { 467 [u32; 1], 468 AgeLimit AgeLimit_mut: LONG, 469 FlushThreshold FlushThreshold_mut: LONG, 470 }} 471 STRUCT!{struct EVENT_TRACE_PROPERTIES { 472 Wnode: WNODE_HEADER, 473 BufferSize: ULONG, 474 MinimumBuffers: ULONG, 475 MaximumBuffers: ULONG, 476 MaximumFileSize: ULONG, 477 LogFileMode: ULONG, 478 FlushTimer: ULONG, 479 EnableFlags: ULONG, 480 u: EVENT_TRACE_PROPERTIES_u, 481 NumberOfBuffers: ULONG, 482 FreeBuffers: ULONG, 483 EventsLost: ULONG, 484 BuffersWritten: ULONG, 485 LogBuffersLost: ULONG, 486 RealTimeBuffersLost: ULONG, 487 LoggerThreadId: HANDLE, 488 LogFileNameOffset: ULONG, 489 LoggerNameOffset: ULONG, 490 }} 491 pub type PEVENT_TRACE_PROPERTIES = *mut EVENT_TRACE_PROPERTIES; 492 UNION!{union EVENT_TRACE_PROPERTIES_V2_u1 { 493 [u32; 1], 494 AgeLimit AgeLimit_mut: LONG, 495 FlushThreshold FlushThreshold_mut: LONG, 496 }} 497 STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u2_s { 498 bitfield: ULONG, 499 }} 500 BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u2_s bitfield: ULONG [ 501 VersionNumber set_VersionNumber[0..8], 502 ]} 503 UNION!{union EVENT_TRACE_PROPERTIES_V2_u2 { 504 [u32; 1], 505 s s_mut: EVENT_TRACE_PROPERTIES_V2_u2_s, 506 V2Control V2Control_mut: ULONG, 507 }} 508 STRUCT!{struct EVENT_TRACE_PROPERTIES_V2_u3_s { 509 bitfield: ULONG, 510 }} 511 BITFIELD!{EVENT_TRACE_PROPERTIES_V2_u3_s bitfield: ULONG [ 512 Wow set_Wow[0..1], 513 ]} 514 UNION!{union EVENT_TRACE_PROPERTIES_V2_u3 { 515 [u64; 1], 516 s s_mut: EVENT_TRACE_PROPERTIES_V2_u3_s, 517 V2Options V2Options_mut: ULONG64, 518 }} 519 STRUCT!{struct EVENT_TRACE_PROPERTIES_V2 { 520 Wnode: WNODE_HEADER, 521 BufferSize: ULONG, 522 MinimumBuffers: ULONG, 523 MaximumBuffers: ULONG, 524 MaximumFileSize: ULONG, 525 LogFileMode: ULONG, 526 FlushTimer: ULONG, 527 EnableFlags: ULONG, 528 u1: EVENT_TRACE_PROPERTIES_u, 529 NumberOfBuffers: ULONG, 530 FreeBuffers: ULONG, 531 EventsLost: ULONG, 532 BuffersWritten: ULONG, 533 LogBuffersLost: ULONG, 534 RealTimeBuffersLost: ULONG, 535 LoggerThreadId: HANDLE, 536 LogFileNameOffset: ULONG, 537 LoggerNameOffset: ULONG, 538 u2: EVENT_TRACE_PROPERTIES_V2_u2, 539 FilterDescCount: ULONG, 540 FilterDesc: PEVENT_FILTER_DESCRIPTOR, 541 u3: EVENT_TRACE_PROPERTIES_V2_u3, 542 }} 543 pub type PEVENT_TRACE_PROPERTIES_V2 = *mut EVENT_TRACE_PROPERTIES_V2; 544 STRUCT!{struct TRACE_GUID_REGISTRATION { 545 Guid: LPCGUID, 546 RegHandle: HANDLE, 547 }} 548 pub type PTRACE_GUID_REGISTRATION = *mut TRACE_GUID_REGISTRATION; 549 STRUCT!{struct TRACE_GUID_PROPERTIES { 550 Guid: GUID, 551 GuidType: ULONG, 552 LoggerId: ULONG, 553 EnableLevel: ULONG, 554 EnableFlags: ULONG, 555 IsEnable: BOOLEAN, 556 }} 557 pub type PTRACE_GUID_PROPERTIES = *mut TRACE_GUID_PROPERTIES; 558 STRUCT!{struct ETW_BUFFER_CONTEXT_u_s { 559 ProcessorNumber: UCHAR, 560 Alignment: UCHAR, 561 }} 562 UNION!{union ETW_BUFFER_CONTEXT_u { 563 [u16; 1], 564 s s_mut: ETW_BUFFER_CONTEXT_u_s, 565 ProcessorIndex ProcessorIndex_mut: USHORT, 566 }} 567 STRUCT!{struct ETW_BUFFER_CONTEXT { 568 u: ETW_BUFFER_CONTEXT_u, 569 LoggerId: USHORT, 570 }} 571 pub type PETW_BUFFER_CONTEXT = *mut ETW_BUFFER_CONTEXT; 572 pub const TRACE_PROVIDER_FLAG_LEGACY: ULONG = 0x00000001; 573 pub const TRACE_PROVIDER_FLAG_PRE_ENABLE: ULONG = 0x00000002; 574 STRUCT!{struct TRACE_ENABLE_INFO { 575 IsEnabled: ULONG, 576 Level: UCHAR, 577 Reserved1: UCHAR, 578 LoggerId: USHORT, 579 EnabledProperty: ULONG, 580 Reserved2: ULONG, 581 MatchAnyKeyword: ULONGLONG, 582 MatchAllKeyword: ULONGLONG, 583 }} 584 pub type PTRACE_ENABLE_INFO = *mut TRACE_ENABLE_INFO; 585 STRUCT!{struct TRACE_PROVIDER_INSTANCE_INFO { 586 NameOffset: ULONG, 587 EnableCount: ULONG, 588 Pid: ULONG, 589 Flags: ULONG, 590 }} 591 pub type PTRACE_PROVIDER_INSTANCE_INFO = *mut TRACE_PROVIDER_INSTANCE_INFO; 592 STRUCT!{struct TRACE_GUID_INFO { 593 InstanceCount: ULONG, 594 Reserved: ULONG, 595 }} 596 pub type PTRACE_GUID_INFO = *mut TRACE_GUID_INFO; 597 STRUCT!{struct PROFILE_SOURCE_INFO { 598 NextEntryOffset: ULONG, 599 Source: ULONG, 600 MinInterval: ULONG, 601 MaxInterval: ULONG, 602 Reserved: ULONG64, 603 Description: [WCHAR; ANYSIZE_ARRAY], 604 }} 605 pub type PPROFILE_SOURCE_INFO = *mut PROFILE_SOURCE_INFO; 606 UNION!{union EVENT_TRACE_u { 607 [u32; 1], 608 ClientContext ClientContext_mut: ULONG, 609 BufferContext BufferContext_mut: ETW_BUFFER_CONTEXT, 610 }} 611 STRUCT!{struct EVENT_TRACE { 612 Header: EVENT_TRACE_HEADER, 613 InstanceId: ULONG, 614 ParentInstanceId: ULONG, 615 ParentGuid: GUID, 616 MofData: PVOID, 617 MofLength: ULONG, 618 u: EVENT_TRACE_u, 619 }} 620 pub type PEVENT_TRACE = *mut EVENT_TRACE; 621 pub const EVENT_CONTROL_CODE_DISABLE_PROVIDER: ULONG = 0; 622 pub const EVENT_CONTROL_CODE_ENABLE_PROVIDER: ULONG = 1; 623 pub const EVENT_CONTROL_CODE_CAPTURE_STATE: ULONG = 2; 624 FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKW( 625 PEVENT_TRACE_LOGFILEW, 626 ) -> ULONG} 627 FN!{stdcall PEVENT_TRACE_BUFFER_CALLBACKA( 628 PEVENT_TRACE_LOGFILEA, 629 ) -> ULONG} 630 FN!{stdcall PEVENT_CALLBACK( 631 pEvent: PEVENT_TRACE, 632 ) -> ()} 633 FN!{stdcall PEVENT_RECORD_CALLBACK( 634 EventRecord: PEVENT_RECORD, 635 ) -> ()} 636 FN!{stdcall WMIDPREQUEST( 637 RequestCode: WMIDPREQUESTCODE, 638 RequestContext: PVOID, 639 BufferSize: *mut ULONG, 640 Buffer: PVOID, 641 ) -> ULONG} 642 UNION!{union EVENT_TRACE_LOGFILE_u1 { 643 [u32; 1], 644 LogFileMode LogFileMode_mut: ULONG, 645 ProcessTraceMode ProcessTraceMode_mut: ULONG, 646 }} 647 UNION!{union EVENT_TRACE_LOGFILE_u2 { 648 [u32; 1] [u64; 1], 649 EventCallback EventCallback_mut: PEVENT_CALLBACK, 650 EventRecordCallback EventRecordCallback_mut: PEVENT_RECORD_CALLBACK, 651 }} 652 STRUCT!{struct EVENT_TRACE_LOGFILEW { 653 LogFileName: LPWSTR, 654 LoggerName: LPWSTR, 655 CurrentTime: LONGLONG, 656 BuffersRead: ULONG, 657 u1: EVENT_TRACE_LOGFILE_u1, 658 CurrentEvent: EVENT_TRACE, 659 LogfileHeader: TRACE_LOGFILE_HEADER, 660 BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKW, 661 BufferSize: ULONG, 662 Filled: ULONG, 663 EventsLost: ULONG, 664 u2: EVENT_TRACE_LOGFILE_u2, 665 IsKernelTrace: ULONG, 666 Context: PVOID, 667 }} 668 pub type PEVENT_TRACE_LOGFILEW = *mut EVENT_TRACE_LOGFILEW; 669 STRUCT!{struct EVENT_TRACE_LOGFILEA { 670 LogFileName: LPSTR, 671 LoggerName: LPSTR, 672 CurrentTime: LONGLONG, 673 BuffersRead: ULONG, 674 u1: EVENT_TRACE_LOGFILE_u1, 675 CurrentEvent: EVENT_TRACE, 676 LogfileHeader: TRACE_LOGFILE_HEADER, 677 BufferCallback: PEVENT_TRACE_BUFFER_CALLBACKA, 678 BufferSize: ULONG, 679 Filled: ULONG, 680 EventsLost: ULONG, 681 u2: EVENT_TRACE_LOGFILE_u2, 682 IsKernelTrace: ULONG, 683 Context: PVOID, 684 }} 685 pub type PEVENT_TRACE_LOGFILEA = *mut EVENT_TRACE_LOGFILEA; 686 extern "system" { StartTraceW( SessionHandle: PTRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG687 pub fn StartTraceW( 688 SessionHandle: PTRACEHANDLE, 689 SessionName: LPCWSTR, 690 Properties: PEVENT_TRACE_PROPERTIES, 691 ) -> ULONG; StartTraceA( SessionHandle: PTRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG692 pub fn StartTraceA( 693 SessionHandle: PTRACEHANDLE, 694 SessionName: LPCSTR, 695 Properties: PEVENT_TRACE_PROPERTIES, 696 ) -> ULONG; StopTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG697 pub fn StopTraceW( 698 SessionHandle: TRACEHANDLE, 699 SessionName: LPCWSTR, 700 Properties: PEVENT_TRACE_PROPERTIES, 701 ) -> ULONG; StopTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG702 pub fn StopTraceA( 703 SessionHandle: TRACEHANDLE, 704 SessionName: LPCSTR, 705 Properties: PEVENT_TRACE_PROPERTIES, 706 ) -> ULONG; QueryTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG707 pub fn QueryTraceW( 708 SessionHandle: TRACEHANDLE, 709 SessionName: LPCWSTR, 710 Properties: PEVENT_TRACE_PROPERTIES, 711 ) -> ULONG; QueryTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG712 pub fn QueryTraceA( 713 SessionHandle: TRACEHANDLE, 714 SessionName: LPCSTR, 715 Properties: PEVENT_TRACE_PROPERTIES, 716 ) -> ULONG; UpdateTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG717 pub fn UpdateTraceW( 718 SessionHandle: TRACEHANDLE, 719 SessionName: LPCWSTR, 720 Properties: PEVENT_TRACE_PROPERTIES, 721 ) -> ULONG; UpdateTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG722 pub fn UpdateTraceA( 723 SessionHandle: TRACEHANDLE, 724 SessionName: LPCSTR, 725 Properties: PEVENT_TRACE_PROPERTIES, 726 ) -> ULONG; FlushTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG727 pub fn FlushTraceW( 728 SessionHandle: TRACEHANDLE, 729 SessionName: LPCWSTR, 730 Properties: PEVENT_TRACE_PROPERTIES, 731 ) -> ULONG; FlushTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ) -> ULONG732 pub fn FlushTraceA( 733 SessionHandle: TRACEHANDLE, 734 SessionName: LPCSTR, 735 Properties: PEVENT_TRACE_PROPERTIES, 736 ) -> ULONG; ControlTraceW( SessionHandle: TRACEHANDLE, SessionName: LPCWSTR, Properties: PEVENT_TRACE_PROPERTIES, ControlCode: ULONG, ) -> ULONG737 pub fn ControlTraceW( 738 SessionHandle: TRACEHANDLE, 739 SessionName: LPCWSTR, 740 Properties: PEVENT_TRACE_PROPERTIES, 741 ControlCode: ULONG, 742 ) -> ULONG; ControlTraceA( SessionHandle: TRACEHANDLE, SessionName: LPCSTR, Properties: PEVENT_TRACE_PROPERTIES, ControlCode: ULONG, ) -> ULONG743 pub fn ControlTraceA( 744 SessionHandle: TRACEHANDLE, 745 SessionName: LPCSTR, 746 Properties: PEVENT_TRACE_PROPERTIES, 747 ControlCode: ULONG, 748 ) -> ULONG; QueryAllTracesW( PropertyArray: *mut PEVENT_TRACE_PROPERTIES, PropertyArrayCount: ULONG, SessionCount: PULONG, ) -> ULONG749 pub fn QueryAllTracesW( 750 PropertyArray: *mut PEVENT_TRACE_PROPERTIES, 751 PropertyArrayCount: ULONG, 752 SessionCount: PULONG, 753 ) -> ULONG; QueryAllTracesA( PropertyArray: *mut PEVENT_TRACE_PROPERTIES, PropertyArrayCount: ULONG, SessionCount: PULONG, ) -> ULONG754 pub fn QueryAllTracesA( 755 PropertyArray: *mut PEVENT_TRACE_PROPERTIES, 756 PropertyArrayCount: ULONG, 757 SessionCount: PULONG, 758 ) -> ULONG; EnableTrace( Enable: ULONG, EnableFlag: ULONG, EnableLevel: ULONG, ControlGuid: LPCGUID, SessionHandle: TRACEHANDLE, ) -> ULONG759 pub fn EnableTrace( 760 Enable: ULONG, 761 EnableFlag: ULONG, 762 EnableLevel: ULONG, 763 ControlGuid: LPCGUID, 764 SessionHandle: TRACEHANDLE, 765 ) -> ULONG; EnableTraceEx( ProviderId: LPCGUID, SourceId: LPCGUID, TraceHandle: TRACEHANDLE, IsEnabled: ULONG, Level: UCHAR, MatchAnyKeyword: ULONGLONG, MatchAllKeyword: ULONGLONG, EnableProperty: ULONG, EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, ) -> ULONG766 pub fn EnableTraceEx( 767 ProviderId: LPCGUID, 768 SourceId: LPCGUID, 769 TraceHandle: TRACEHANDLE, 770 IsEnabled: ULONG, 771 Level: UCHAR, 772 MatchAnyKeyword: ULONGLONG, 773 MatchAllKeyword: ULONGLONG, 774 EnableProperty: ULONG, 775 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, 776 ) -> ULONG; 777 } 778 pub const ENABLE_TRACE_PARAMETERS_VERSION: ULONG = 1; 779 pub const ENABLE_TRACE_PARAMETERS_VERSION_2: ULONG = 2; 780 STRUCT!{struct ENABLE_TRACE_PARAMETERS_V1 { 781 Version: ULONG, 782 EnableProperty: ULONG, 783 ControlFlags: ULONG, 784 SourceId: GUID, 785 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, 786 }} 787 pub type PENABLE_TRACE_PARAMETERS_V1 = *mut ENABLE_TRACE_PARAMETERS_V1; 788 STRUCT!{struct ENABLE_TRACE_PARAMETERS { 789 Version: ULONG, 790 EnableProperty: ULONG, 791 ControlFlags: ULONG, 792 SourceId: GUID, 793 EnableFilterDesc: PEVENT_FILTER_DESCRIPTOR, 794 FilterDescCount: ULONG, 795 }} 796 pub type PENABLE_TRACE_PARAMETERS = *mut ENABLE_TRACE_PARAMETERS; 797 extern "system" { EnableTraceEx2( TraceHandle: TRACEHANDLE, ProviderId: LPCGUID, ControlCode: ULONG, Level: UCHAR, MatchAnyKeyword: ULONGLONG, MatchAllKeyword: ULONGLONG, Timeout: ULONG, EnableParameters: PENABLE_TRACE_PARAMETERS, ) -> ULONG798 pub fn EnableTraceEx2( 799 TraceHandle: TRACEHANDLE, 800 ProviderId: LPCGUID, 801 ControlCode: ULONG, 802 Level: UCHAR, 803 MatchAnyKeyword: ULONGLONG, 804 MatchAllKeyword: ULONGLONG, 805 Timeout: ULONG, 806 EnableParameters: PENABLE_TRACE_PARAMETERS, 807 ) -> ULONG; 808 } 809 ENUM!{enum TRACE_QUERY_INFO_CLASS { 810 TraceGuidQueryList, 811 TraceGuidQueryInfo, 812 TraceGuidQueryProcess, 813 TraceStackTracingInfo, 814 TraceSystemTraceEnableFlagsInfo, 815 TraceSampledProfileIntervalInfo, 816 TraceProfileSourceConfigInfo, 817 TraceProfileSourceListInfo, 818 TracePmcEventListInfo, 819 TracePmcCounterListInfo, 820 TraceSetDisallowList, 821 TraceVersionInfo, 822 TraceGroupQueryList, 823 TraceGroupQueryInfo, 824 TraceDisallowListQuery, 825 TraceCompressionInfo, 826 TracePeriodicCaptureStateListInfo, 827 TracePeriodicCaptureStateInfo, 828 TraceProviderBinaryTracking, 829 TraceMaxLoggersQuery, 830 MaxTraceSetInfoClass, 831 }} 832 pub type TRACE_INFO_CLASS = TRACE_QUERY_INFO_CLASS; 833 extern "system" { EnumerateTraceGuidsEx( TraceQueryInfoClass: TRACE_QUERY_INFO_CLASS, InBuffer: PVOID, InBufferSize: ULONG, OutBuffer: PVOID, OutBufferSize: ULONG, ReturnLength: PULONG, ) -> ULONG834 pub fn EnumerateTraceGuidsEx( 835 TraceQueryInfoClass: TRACE_QUERY_INFO_CLASS, 836 InBuffer: PVOID, 837 InBufferSize: ULONG, 838 OutBuffer: PVOID, 839 OutBufferSize: ULONG, 840 ReturnLength: PULONG, 841 ) -> ULONG; 842 } 843 STRUCT!{struct CLASSIC_EVENT_ID { 844 EventGuid: GUID, 845 Type: UCHAR, 846 Reserved: [UCHAR; 7], 847 }} 848 pub type PCLASSIC_EVENT_ID = *mut CLASSIC_EVENT_ID; 849 STRUCT!{struct TRACE_PROFILE_INTERVAL { 850 Source: ULONG, 851 Interval: ULONG, 852 }} 853 pub type PTRACE_PROFILE_INTERVAL = *mut TRACE_PROFILE_INTERVAL; 854 STRUCT!{struct TRACE_VERSION_INFO { 855 EtwTraceProcessingVersion: UINT, 856 Reserved: UINT, 857 }} 858 pub type PTRACE_VERSION_INFO = *mut TRACE_VERSION_INFO; 859 STRUCT!{struct TRACE_PERIODIC_CAPTURE_STATE_INFO { 860 CaptureStateFrequencyInSeconds: ULONG, 861 ProviderCount: USHORT, 862 Reserved: USHORT, 863 }} 864 pub type PTRACE_PERIODIC_CAPTURE_STATE_INFO = *mut TRACE_PERIODIC_CAPTURE_STATE_INFO; 865 extern "system" { TraceSetInformation( SessionHandle: TRACEHANDLE, InformationClass: TRACE_INFO_CLASS, TraceInformation: PVOID, InformationLength: ULONG, ) -> ULONG866 pub fn TraceSetInformation( 867 SessionHandle: TRACEHANDLE, 868 InformationClass: TRACE_INFO_CLASS, 869 TraceInformation: PVOID, 870 InformationLength: ULONG, 871 ) -> ULONG; TraceQueryInformation( SessionHandle: TRACEHANDLE, InformationClass: TRACE_QUERY_INFO_CLASS, TraceInformation: PVOID, InformationLength: ULONG, ReturnLength: PULONG, ) -> ULONG872 pub fn TraceQueryInformation( 873 SessionHandle: TRACEHANDLE, 874 InformationClass: TRACE_QUERY_INFO_CLASS, 875 TraceInformation: PVOID, 876 InformationLength: ULONG, 877 ReturnLength: PULONG, 878 ) -> ULONG; CreateTraceInstanceId( RegHandle: HANDLE, pInstInfo: PEVENT_INSTANCE_INFO, ) -> ULONG879 pub fn CreateTraceInstanceId( 880 RegHandle: HANDLE, 881 pInstInfo: PEVENT_INSTANCE_INFO, 882 ) -> ULONG; TraceEvent( SessionHandle: TRACEHANDLE, EventTrace: PEVENT_TRACE_HEADER, ) -> ULONG883 pub fn TraceEvent( 884 SessionHandle: TRACEHANDLE, 885 EventTrace: PEVENT_TRACE_HEADER, 886 ) -> ULONG; TraceEventInstance( SessionHandle: TRACEHANDLE, EventTrace: PEVENT_TRACE_HEADER, pInstInfo: PEVENT_INSTANCE_INFO, pParentInstInfo: PEVENT_INSTANCE_INFO, ) -> ULONG887 pub fn TraceEventInstance( 888 SessionHandle: TRACEHANDLE, 889 EventTrace: PEVENT_TRACE_HEADER, 890 pInstInfo: PEVENT_INSTANCE_INFO, 891 pParentInstInfo: PEVENT_INSTANCE_INFO, 892 ) -> ULONG; RegisterTraceGuidsW( RequestAddress: WMIDPREQUEST, RequestContext: PVOID, ControlGuid: LPCGUID, GuidCount: ULONG, TraceGuidReg: PTRACE_GUID_REGISTRATION, MofImagePath: LPCWSTR, MofResourceName: LPCWSTR, RegistrationHandle: PTRACEHANDLE, ) -> ULONG893 pub fn RegisterTraceGuidsW( 894 RequestAddress: WMIDPREQUEST, 895 RequestContext: PVOID, 896 ControlGuid: LPCGUID, 897 GuidCount: ULONG, 898 TraceGuidReg: PTRACE_GUID_REGISTRATION, 899 MofImagePath: LPCWSTR, 900 MofResourceName: LPCWSTR, 901 RegistrationHandle: PTRACEHANDLE, 902 ) -> ULONG; RegisterTraceGuidsA( RequestAddress: WMIDPREQUEST, RequestContext: PVOID, ControlGuid: LPCGUID, GuidCount: ULONG, TraceGuidReg: PTRACE_GUID_REGISTRATION, MofImagePath: LPCSTR, MofResourceName: LPCSTR, RegistrationHandle: PTRACEHANDLE, ) -> ULONG903 pub fn RegisterTraceGuidsA( 904 RequestAddress: WMIDPREQUEST, 905 RequestContext: PVOID, 906 ControlGuid: LPCGUID, 907 GuidCount: ULONG, 908 TraceGuidReg: PTRACE_GUID_REGISTRATION, 909 MofImagePath: LPCSTR, 910 MofResourceName: LPCSTR, 911 RegistrationHandle: PTRACEHANDLE, 912 ) -> ULONG; EnumerateTraceGuids( GuidPropertiesArray: *mut PTRACE_GUID_PROPERTIES, PropertyArrayCount: ULONG, GuidCount: PULONG, ) -> ULONG913 pub fn EnumerateTraceGuids( 914 GuidPropertiesArray: *mut PTRACE_GUID_PROPERTIES, 915 PropertyArrayCount: ULONG, 916 GuidCount: PULONG, 917 ) -> ULONG; UnregisterTraceGuids( RegistrationHandle: TRACEHANDLE, ) -> ULONG918 pub fn UnregisterTraceGuids( 919 RegistrationHandle: TRACEHANDLE, 920 ) -> ULONG; GetTraceLoggerHandle( Buffer: PVOID, ) -> TRACEHANDLE921 pub fn GetTraceLoggerHandle( 922 Buffer: PVOID, 923 ) -> TRACEHANDLE; GetTraceEnableLevel( SessionHandle: TRACEHANDLE, ) -> UCHAR924 pub fn GetTraceEnableLevel( 925 SessionHandle: TRACEHANDLE, 926 ) -> UCHAR; GetTraceEnableFlags( SessionHandle: TRACEHANDLE, ) -> ULONG927 pub fn GetTraceEnableFlags( 928 SessionHandle: TRACEHANDLE, 929 ) -> ULONG; OpenTraceW( Logfile: PEVENT_TRACE_LOGFILEW, ) -> TRACEHANDLE930 pub fn OpenTraceW( 931 Logfile: PEVENT_TRACE_LOGFILEW, 932 ) -> TRACEHANDLE; ProcessTrace( HandleArray: PTRACEHANDLE, HandleCount: ULONG, StartTime: LPFILETIME, EndTime: LPFILETIME, ) -> ULONG933 pub fn ProcessTrace( 934 HandleArray: PTRACEHANDLE, 935 HandleCount: ULONG, 936 StartTime: LPFILETIME, 937 EndTime: LPFILETIME, 938 ) -> ULONG; CloseTrace( TraceHandle: TRACEHANDLE, ) -> ULONG939 pub fn CloseTrace( 940 TraceHandle: TRACEHANDLE, 941 ) -> ULONG; 942 } 943 ENUM!{enum ETW_PROCESS_HANDLE_INFO_TYPE { 944 EtwQueryPartitionInformation = 1, 945 EtwQueryProcessHandleInfoMax, 946 }} 947 STRUCT!{struct ETW_TRACE_PARTITION_INFORMATION { 948 PartitionId: GUID, 949 ParentId: GUID, 950 Reserved: ULONG64, 951 PartitionType: ULONG, 952 }} 953 pub type PETW_TRACE_PARTITION_INFORMATION = *mut ETW_TRACE_PARTITION_INFORMATION; 954 extern "system" { QueryTraceProcessingHandle( ProcessingHandle: TRACEHANDLE, InformationClass: ETW_PROCESS_HANDLE_INFO_TYPE, InBuffer: PVOID, InBufferSize: ULONG, OutBuffer: PVOID, OutBufferSize: ULONG, ReturnLength: PULONG, ) -> ULONG955 pub fn QueryTraceProcessingHandle( 956 ProcessingHandle: TRACEHANDLE, 957 InformationClass: ETW_PROCESS_HANDLE_INFO_TYPE, 958 InBuffer: PVOID, 959 InBufferSize: ULONG, 960 OutBuffer: PVOID, 961 OutBufferSize: ULONG, 962 ReturnLength: PULONG, 963 ) -> ULONG; OpenTraceA( Logfile: PEVENT_TRACE_LOGFILEA, ) -> TRACEHANDLE964 pub fn OpenTraceA( 965 Logfile: PEVENT_TRACE_LOGFILEA, 966 ) -> TRACEHANDLE; SetTraceCallback( pGuid: LPCGUID, EventCallback: PEVENT_CALLBACK, ) -> ULONG967 pub fn SetTraceCallback( 968 pGuid: LPCGUID, 969 EventCallback: PEVENT_CALLBACK, 970 ) -> ULONG; RemoveTraceCallback( pGuid: LPCGUID, ) -> ULONG971 pub fn RemoveTraceCallback( 972 pGuid: LPCGUID, 973 ) -> ULONG; 974 } 975 extern "C" { TraceMessage( SessionHandle: TRACEHANDLE, MessageFlags: ULONG, MessageGuid: LPGUID, MessageNumber: USHORT, ... ) -> ULONG976 pub fn TraceMessage( 977 SessionHandle: TRACEHANDLE, 978 MessageFlags: ULONG, 979 MessageGuid: LPGUID, 980 MessageNumber: USHORT, 981 ... 982 ) -> ULONG; TraceMessageVa( SessionHandle: TRACEHANDLE, MessageFlags: ULONG, MessageGuid: LPGUID, MessageNumber: USHORT, MessageArgList: va_list, )983 pub fn TraceMessageVa( 984 SessionHandle: TRACEHANDLE, 985 MessageFlags: ULONG, 986 MessageGuid: LPGUID, 987 MessageNumber: USHORT, 988 MessageArgList: va_list, 989 ); 990 } 991 pub const INVALID_PROCESSTRACE_HANDLE: TRACEHANDLE = INVALID_HANDLE_VALUE as TRACEHANDLE; 992