1 /**
2  * This file is part of the mingw-w64 runtime package.
3  * No warranty is given; refer to the file DISCLAIMER within this package.
4  */
5 
6 #include <winapifamily.h>
7 
8 #ifndef _EVNTRACE_
9 #define _EVNTRACE_
10 
11 #if defined (_WINNT_) || defined (WINNT)
12 
13 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
14 
15 #if !defined (WMIAPI) && !defined (__WIDL__) && !defined (MIDL_PASS)
16 #ifdef _WMI_SOURCE_
17 #ifdef _ARM_
18 #define WMIAPI
19 #else
20 #define WMIAPI __stdcall
21 #endif
22 #else
23 #ifdef _ARM_
24 #define WMIAPI DECLSPEC_IMPORT
25 #else
26 #define WMIAPI DECLSPEC_IMPORT __stdcall
27 #endif
28 #endif
29 #endif
30 
31 #include <guiddef.h>
32 
33 #if defined (_NTDDK_) || defined (_NTIFS_) || defined (_WMIKM_)
34 #define _EVNTRACE_KERNEL_MODE
35 #endif
36 
37 #ifndef _EVNTRACE_KERNEL_MODE
38 #include <wmistr.h>
39 #endif
40 
41 DEFINE_GUID (EventTraceGuid, 0x68fdd900, 0x4a3e, 0x11d1, 0x84, 0xf4, 0x00, 0x00, 0xf8, 0x04, 0x64, 0xe3);
42 DEFINE_GUID (SystemTraceControlGuid, 0x9e814aad, 0x3204, 0x11d2, 0x9a, 0x82, 0x00, 0x60, 0x08, 0xa8, 0x69, 0x39);
43 DEFINE_GUID (EventTraceConfigGuid, 0x01853a65, 0x418f, 0x4f36, 0xae, 0xfc, 0xdc, 0x0f, 0x1d, 0x2f, 0xd2, 0x35);
44 DEFINE_GUID (DefaultTraceSecurityGuid, 0x0811c1af, 0x7a07, 0x4a06, 0x82, 0xed, 0x86, 0x94, 0x55, 0xcd, 0xf7, 0x13);
45 
46 #define KERNEL_LOGGER_NAMEW L"NT Kernel Logger"
47 #define GLOBAL_LOGGER_NAMEW L"GlobalLogger"
48 #define EVENT_LOGGER_NAMEW L"EventLog"
49 #define DIAG_LOGGER_NAMEW L"DiagLog"
50 
51 #define KERNEL_LOGGER_NAMEA "NT Kernel Logger"
52 #define GLOBAL_LOGGER_NAMEA "GlobalLogger"
53 #define EVENT_LOGGER_NAMEA "EventLog"
54 #define DIAG_LOGGER_NAMEA "DiagLog"
55 
56 #define MAX_MOF_FIELDS 16
57 
58 #ifndef _TRACEHANDLE_DEFINED
59 #define _TRACEHANDLE_DEFINED
60 typedef ULONG64 TRACEHANDLE,*PTRACEHANDLE;
61 #endif
62 
63 #define SYSTEM_EVENT_TYPE 1
64 
65 #define EVENT_TRACE_TYPE_INFO 0x00
66 #define EVENT_TRACE_TYPE_START 0x01
67 #define EVENT_TRACE_TYPE_END 0x02
68 #define EVENT_TRACE_TYPE_STOP 0x02
69 #define EVENT_TRACE_TYPE_DC_START 0x03
70 #define EVENT_TRACE_TYPE_DC_END 0x04
71 #define EVENT_TRACE_TYPE_EXTENSION 0x05
72 #define EVENT_TRACE_TYPE_REPLY 0x06
73 #define EVENT_TRACE_TYPE_DEQUEUE 0x07
74 #define EVENT_TRACE_TYPE_RESUME 0x07
75 #define EVENT_TRACE_TYPE_CHECKPOINT 0x08
76 #define EVENT_TRACE_TYPE_SUSPEND 0x08
77 #define EVENT_TRACE_TYPE_WINEVT_SEND 0x09
78 #define EVENT_TRACE_TYPE_WINEVT_RECEIVE 0xf0
79 
80 #define TRACE_LEVEL_NONE 0
81 #define TRACE_LEVEL_CRITICAL 1
82 #define TRACE_LEVEL_FATAL 1
83 #define TRACE_LEVEL_ERROR 2
84 #define TRACE_LEVEL_WARNING 3
85 #define TRACE_LEVEL_INFORMATION 4
86 #define TRACE_LEVEL_VERBOSE 5
87 #define TRACE_LEVEL_RESERVED6 6
88 #define TRACE_LEVEL_RESERVED7 7
89 #define TRACE_LEVEL_RESERVED8 8
90 #define TRACE_LEVEL_RESERVED9 9
91 
92 #define EVENT_TRACE_TYPE_LOAD 0x0a
93 #define EVENT_TRACE_TYPE_TERMINATE 0x0b
94 
95 #define EVENT_TRACE_TYPE_IO_READ 0x0a
96 #define EVENT_TRACE_TYPE_IO_WRITE 0x0b
97 #define EVENT_TRACE_TYPE_IO_READ_INIT 0x0c
98 #define EVENT_TRACE_TYPE_IO_WRITE_INIT 0x0d
99 #define EVENT_TRACE_TYPE_IO_FLUSH 0x0e
100 #define EVENT_TRACE_TYPE_IO_FLUSH_INIT 0x0f
101 
102 #define EVENT_TRACE_TYPE_MM_TF 0x0a
103 #define EVENT_TRACE_TYPE_MM_DZF 0x0b
104 #define EVENT_TRACE_TYPE_MM_COW 0x0c
105 #define EVENT_TRACE_TYPE_MM_GPF 0x0d
106 #define EVENT_TRACE_TYPE_MM_HPF 0x0e
107 #define EVENT_TRACE_TYPE_MM_AV 0x0f
108 
109 #define EVENT_TRACE_TYPE_SEND 0x0a
110 #define EVENT_TRACE_TYPE_RECEIVE 0x0b
111 #define EVENT_TRACE_TYPE_CONNECT 0x0c
112 #define EVENT_TRACE_TYPE_DISCONNECT 0x0d
113 #define EVENT_TRACE_TYPE_RETRANSMIT 0x0e
114 #define EVENT_TRACE_TYPE_ACCEPT 0x0f
115 #define EVENT_TRACE_TYPE_RECONNECT 0x10
116 #define EVENT_TRACE_TYPE_CONNFAIL 0x11
117 #define EVENT_TRACE_TYPE_COPY_TCP 0x12
118 #define EVENT_TRACE_TYPE_COPY_ARP 0x13
119 #define EVENT_TRACE_TYPE_ACKFULL 0x14
120 #define EVENT_TRACE_TYPE_ACKPART 0x15
121 #define EVENT_TRACE_TYPE_ACKDUP 0x16
122 
123 #define EVENT_TRACE_TYPE_GUIDMAP 0x0a
124 #define EVENT_TRACE_TYPE_CONFIG 0x0b
125 #define EVENT_TRACE_TYPE_SIDINFO 0x0c
126 #define EVENT_TRACE_TYPE_SECURITY 0x0d
127 #define EVENT_TRACE_TYPE_DBGID_RSDS 0x40
128 
129 #define EVENT_TRACE_TYPE_REGCREATE 0x0a
130 #define EVENT_TRACE_TYPE_REGOPEN 0x0b
131 #define EVENT_TRACE_TYPE_REGDELETE 0x0c
132 #define EVENT_TRACE_TYPE_REGQUERY 0x0d
133 #define EVENT_TRACE_TYPE_REGSETVALUE 0x0e
134 #define EVENT_TRACE_TYPE_REGDELETEVALUE 0x0f
135 #define EVENT_TRACE_TYPE_REGQUERYVALUE 0x10
136 #define EVENT_TRACE_TYPE_REGENUMERATEKEY 0x11
137 #define EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY 0x12
138 #define EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE 0x13
139 #define EVENT_TRACE_TYPE_REGSETINFORMATION 0x14
140 #define EVENT_TRACE_TYPE_REGFLUSH 0x15
141 #define EVENT_TRACE_TYPE_REGKCBCREATE 0x16
142 #define EVENT_TRACE_TYPE_REGKCBDELETE 0x17
143 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNBEGIN 0x18
144 #define EVENT_TRACE_TYPE_REGKCBRUNDOWNEND 0x19
145 #define EVENT_TRACE_TYPE_REGVIRTUALIZE 0x1a
146 #define EVENT_TRACE_TYPE_REGCLOSE 0x1b
147 #define EVENT_TRACE_TYPE_REGSETSECURITY 0x1c
148 #define EVENT_TRACE_TYPE_REGQUERYSECURITY 0x1d
149 #define EVENT_TRACE_TYPE_REGCOMMIT 0x1e
150 #define EVENT_TRACE_TYPE_REGPREPARE 0x1f
151 #define EVENT_TRACE_TYPE_REGROLLBACK 0x20
152 #define EVENT_TRACE_TYPE_REGMOUNTHIVE 0x21
153 
154 #define EVENT_TRACE_TYPE_CONFIG_CPU 0x0a
155 #define EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK 0x0b
156 #define EVENT_TRACE_TYPE_CONFIG_LOGICALDISK 0x0c
157 #define EVENT_TRACE_TYPE_CONFIG_NIC 0x0d
158 #define EVENT_TRACE_TYPE_CONFIG_VIDEO 0x0e
159 #define EVENT_TRACE_TYPE_CONFIG_SERVICES 0x0f
160 #define EVENT_TRACE_TYPE_CONFIG_POWER 0x10
161 #define EVENT_TRACE_TYPE_CONFIG_NETINFO 0x11
162 #define EVENT_TRACE_TYPE_CONFIG_OPTICALMEDIA 0x12
163 
164 #define EVENT_TRACE_TYPE_CONFIG_IRQ 0x15
165 #define EVENT_TRACE_TYPE_CONFIG_PNP 0x16
166 #define EVENT_TRACE_TYPE_CONFIG_IDECHANNEL 0x17
167 #define EVENT_TRACE_TYPE_CONFIG_NUMANODE 0x18
168 #define EVENT_TRACE_TYPE_CONFIG_PLATFORM 0x19
169 #define EVENT_TRACE_TYPE_CONFIG_PROCESSORGROUP 0x1a
170 #define EVENT_TRACE_TYPE_CONFIG_PROCESSORNUMBER 0x1b
171 #define EVENT_TRACE_TYPE_CONFIG_DPI 0x1c
172 #define EVENT_TRACE_TYPE_CONFIG_CI_INFO 0x1d
173 #define EVENT_TRACE_TYPE_CONFIG_MACHINEID 0x1e
174 #define EVENT_TRACE_TYPE_CONFIG_DEFRAG 0x1f
175 #define EVENT_TRACE_TYPE_CONFIG_MOBILEPLATFORM 0x20
176 #define EVENT_TRACE_TYPE_CONFIG_DEVICEFAMILY 0x21
177 #define EVENT_TRACE_TYPE_CONFIG_FLIGHTID 0x22
178 #define EVENT_TRACE_TYPE_CONFIG_PROCESSOR 0x23
179 
180 #define EVENT_TRACE_TYPE_OPTICAL_IO_READ 0x37
181 #define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE 0x38
182 #define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH 0x39
183 #define EVENT_TRACE_TYPE_OPTICAL_IO_READ_INIT 0x3a
184 #define EVENT_TRACE_TYPE_OPTICAL_IO_WRITE_INIT 0x3b
185 #define EVENT_TRACE_TYPE_OPTICAL_IO_FLUSH_INIT 0x3c
186 
187 #define EVENT_TRACE_TYPE_FLT_PREOP_INIT 0x60
188 #define EVENT_TRACE_TYPE_FLT_POSTOP_INIT 0x61
189 #define EVENT_TRACE_TYPE_FLT_PREOP_COMPLETION 0x62
190 #define EVENT_TRACE_TYPE_FLT_POSTOP_COMPLETION 0x63
191 #define EVENT_TRACE_TYPE_FLT_PREOP_FAILURE 0x64
192 #define EVENT_TRACE_TYPE_FLT_POSTOP_FAILURE 0x65
193 
194 #define EVENT_TRACE_FLAG_PROCESS 0x00000001
195 #define EVENT_TRACE_FLAG_THREAD 0x00000002
196 #define EVENT_TRACE_FLAG_IMAGE_LOAD 0x00000004
197 
198 #define EVENT_TRACE_FLAG_DISK_IO 0x00000100
199 #define EVENT_TRACE_FLAG_DISK_FILE_IO 0x00000200
200 
201 #define EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS 0x00001000
202 #define EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS 0x00002000
203 
204 #define EVENT_TRACE_FLAG_NETWORK_TCPIP 0x00010000
205 
206 #define EVENT_TRACE_FLAG_REGISTRY 0x00020000
207 #define EVENT_TRACE_FLAG_DBGPRINT 0x00040000
208 
209 #define EVENT_TRACE_FLAG_PROCESS_COUNTERS 0x00000008
210 #define EVENT_TRACE_FLAG_CSWITCH 0x00000010
211 #define EVENT_TRACE_FLAG_DPC 0x00000020
212 #define EVENT_TRACE_FLAG_INTERRUPT 0x00000040
213 #define EVENT_TRACE_FLAG_SYSTEMCALL 0x00000080
214 
215 #define EVENT_TRACE_FLAG_DISK_IO_INIT 0x00000400
216 #define EVENT_TRACE_FLAG_ALPC 0x00100000
217 #define EVENT_TRACE_FLAG_SPLIT_IO 0x00200000
218 
219 #define EVENT_TRACE_FLAG_DRIVER 0x00800000
220 #define EVENT_TRACE_FLAG_PROFILE 0x01000000
221 #define EVENT_TRACE_FLAG_FILE_IO 0x02000000
222 #define EVENT_TRACE_FLAG_FILE_IO_INIT 0x04000000
223 
224 #define EVENT_TRACE_FLAG_DISPATCHER 0x00000800
225 #define EVENT_TRACE_FLAG_VIRTUAL_ALLOC 0x00004000
226 
227 #define EVENT_TRACE_FLAG_VAMAP 0x00008000
228 #define EVENT_TRACE_FLAG_NO_SYSCONFIG 0x10000000
229 
230 #define EVENT_TRACE_FLAG_JOB 0x00080000
231 #define EVENT_TRACE_FLAG_DEBUG_EVENTS 0x00400000
232 
233 #define EVENT_TRACE_FLAG_EXTENSION 0x80000000
234 #define EVENT_TRACE_FLAG_FORWARD_WMI 0x40000000
235 #define EVENT_TRACE_FLAG_ENABLE_RESERVE 0x20000000
236 
237 #define EVENT_TRACE_FILE_MODE_NONE 0x00000000
238 #define EVENT_TRACE_FILE_MODE_SEQUENTIAL 0x00000001
239 #define EVENT_TRACE_FILE_MODE_CIRCULAR 0x00000002
240 #define EVENT_TRACE_FILE_MODE_APPEND 0x00000004
241 
242 #define EVENT_TRACE_REAL_TIME_MODE 0x00000100
243 #define EVENT_TRACE_DELAY_OPEN_FILE_MODE 0x00000200
244 #define EVENT_TRACE_BUFFERING_MODE 0x00000400
245 #define EVENT_TRACE_PRIVATE_LOGGER_MODE 0x00000800
246 #define EVENT_TRACE_ADD_HEADER_MODE 0x00001000
247 
248 #define EVENT_TRACE_USE_GLOBAL_SEQUENCE 0x00004000
249 #define EVENT_TRACE_USE_LOCAL_SEQUENCE 0x00008000
250 
251 #define EVENT_TRACE_RELOG_MODE 0x00010000
252 
253 #define EVENT_TRACE_USE_PAGED_MEMORY 0x01000000
254 
255 #define EVENT_TRACE_FILE_MODE_NEWFILE 0x00000008
256 #define EVENT_TRACE_FILE_MODE_PREALLOCATE 0x00000020
257 
258 #define EVENT_TRACE_NONSTOPPABLE_MODE 0x00000040
259 #define EVENT_TRACE_SECURE_MODE 0x00000080
260 #define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000
261 #define EVENT_TRACE_PRIVATE_IN_PROC 0x00020000
262 #define EVENT_TRACE_MODE_RESERVED 0x00100000
263 
264 #define EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING 0x10000000
265 
266 #define EVENT_TRACE_SYSTEM_LOGGER_MODE 0x02000000
267 #define EVENT_TRACE_ADDTO_TRIAGE_DUMP 0x80000000
268 #define EVENT_TRACE_STOP_ON_HYBRID_SHUTDOWN 0x00400000
269 #define EVENT_TRACE_PERSIST_ON_HYBRID_SHUTDOWN 0x00800000
270 
271 #define EVENT_TRACE_INDEPENDENT_SESSION_MODE 0x08000000
272 #define EVENT_TRACE_COMPRESSED_MODE 0x04000000
273 
274 #define EVENT_TRACE_CONTROL_QUERY 0
275 #define EVENT_TRACE_CONTROL_STOP 1
276 #define EVENT_TRACE_CONTROL_UPDATE 2
277 #define EVENT_TRACE_CONTROL_FLUSH 3
278 #define EVENT_TRACE_CONTROL_INCREMENT_FILE 4
279 
280 #define TRACE_MESSAGE_SEQUENCE 1
281 #define TRACE_MESSAGE_GUID 2
282 #define TRACE_MESSAGE_COMPONENTID 4
283 #define TRACE_MESSAGE_TIMESTAMP 8
284 #define TRACE_MESSAGE_PERFORMANCE_TIMESTAMP 16
285 #define TRACE_MESSAGE_SYSTEMINFO 32
286 
287 #define TRACE_MESSAGE_POINTER32 0x0040
288 #define TRACE_MESSAGE_POINTER64 0x0080
289 
290 #define TRACE_MESSAGE_FLAG_MASK 0xffff
291 
292 #define TRACE_MESSAGE_MAXIMUM_SIZE (64 * 1024)
293 
294 #define EVENT_TRACE_USE_PROCTIME 0x0001
295 #define EVENT_TRACE_USE_NOCPUTIME 0x0002
296 
297 #define TRACE_HEADER_FLAG_USE_TIMESTAMP 0x00000200
298 #define TRACE_HEADER_FLAG_TRACED_GUID 0x00020000
299 #define TRACE_HEADER_FLAG_LOG_WNODE 0x00040000
300 #define TRACE_HEADER_FLAG_USE_GUID_PTR 0x00080000
301 #define TRACE_HEADER_FLAG_USE_MOF_PTR 0x00100000
302 
303 typedef enum {
304   EtwCompressionModeRestart = 0,
305   EtwCompressionModeNoDisable = 1,
306   EtwCompressionModeNoRestart = 2
307 } ETW_COMPRESSION_RESUMPTION_MODE;
308 
309 typedef struct _EVENT_TRACE_HEADER {
310   USHORT Size;
311   __C89_NAMELESS union {
312     USHORT FieldTypeFlags;
313     __C89_NAMELESS struct {
314       UCHAR HeaderType;
315       UCHAR MarkerFlags;
316     } DUMMYSTRUCTNAME;
317   } DUMMYUNIONNAME;
318   __C89_NAMELESS union {
319     ULONG Version;
320     struct {
321       UCHAR Type;
322       UCHAR Level;
323       USHORT Version;
324     } Class;
325   } DUMMYUNIONNAME2;
326   ULONG ThreadId;
327   ULONG ProcessId;
328   LARGE_INTEGER TimeStamp;
329   __C89_NAMELESS union {
330     GUID Guid;
331     ULONGLONG GuidPtr;
332   } DUMMYUNIONNAME3;
333   __C89_NAMELESS union {
334     __C89_NAMELESS struct {
335       ULONG KernelTime;
336       ULONG UserTime;
337     } DUMMYSTRUCTNAME;
338     ULONG64 ProcessorTime;
339     __C89_NAMELESS struct {
340       ULONG ClientContext;
341       ULONG Flags;
342     } DUMMYSTRUCTNAME2;
343   } DUMMYUNIONNAME4;
344 } EVENT_TRACE_HEADER,*PEVENT_TRACE_HEADER;
345 
346 typedef struct _EVENT_INSTANCE_HEADER {
347   USHORT Size;
348   __C89_NAMELESS union {
349     USHORT FieldTypeFlags;
350     __C89_NAMELESS struct {
351       UCHAR HeaderType;
352       UCHAR MarkerFlags;
353     } DUMMYSTRUCTNAME;
354   } DUMMYUNIONNAME;
355   __C89_NAMELESS union {
356     ULONG Version;
357     struct {
358       UCHAR Type;
359       UCHAR Level;
360       USHORT Version;
361     } Class;
362   } DUMMYUNIONNAME2;
363   ULONG ThreadId;
364   ULONG ProcessId;
365   LARGE_INTEGER TimeStamp;
366   ULONGLONG RegHandle;
367   ULONG InstanceId;
368   ULONG ParentInstanceId;
369   __C89_NAMELESS union {
370     __C89_NAMELESS struct {
371       ULONG KernelTime;
372       ULONG UserTime;
373     } DUMMYSTRUCTNAME;
374     ULONG64 ProcessorTime;
375     __C89_NAMELESS struct {
376       ULONG EventId;
377       ULONG Flags;
378     } DUMMYSTRUCTNAME2;
379   } DUMMYUNIONNAME3;
380   ULONGLONG ParentRegHandle;
381 } EVENT_INSTANCE_HEADER,*PEVENT_INSTANCE_HEADER;
382 
383 #define ETW_NULL_TYPE_VALUE 0
384 #define ETW_OBJECT_TYPE_VALUE 1
385 #define ETW_STRING_TYPE_VALUE 2
386 #define ETW_SBYTE_TYPE_VALUE 3
387 #define ETW_BYTE_TYPE_VALUE 4
388 #define ETW_INT16_TYPE_VALUE 5
389 #define ETW_UINT16_TYPE_VALUE 6
390 #define ETW_INT32_TYPE_VALUE 7
391 #define ETW_UINT32_TYPE_VALUE 8
392 #define ETW_INT64_TYPE_VALUE 9
393 #define ETW_UINT64_TYPE_VALUE 10
394 #define ETW_CHAR_TYPE_VALUE 11
395 #define ETW_SINGLE_TYPE_VALUE 12
396 #define ETW_DOUBLE_TYPE_VALUE 13
397 #define ETW_BOOLEAN_TYPE_VALUE 14
398 #define ETW_DECIMAL_TYPE_VALUE 15
399 
400 #define ETW_GUID_TYPE_VALUE 101
401 #define ETW_ASCIICHAR_TYPE_VALUE 102
402 #define ETW_ASCIISTRING_TYPE_VALUE 103
403 #define ETW_COUNTED_STRING_TYPE_VALUE 104
404 #define ETW_POINTER_TYPE_VALUE 105
405 #define ETW_SIZET_TYPE_VALUE 106
406 #define ETW_HIDDEN_TYPE_VALUE 107
407 #define ETW_BOOL_TYPE_VALUE 108
408 #define ETW_COUNTED_ANSISTRING_TYPE_VALUE 109
409 #define ETW_REVERSED_COUNTED_STRING_TYPE_VALUE 110
410 #define ETW_REVERSED_COUNTED_ANSISTRING_TYPE_VALUE 111
411 #define ETW_NON_NULL_TERMINATED_STRING_TYPE_VALUE 112
412 #define ETW_REDUCED_ANSISTRING_TYPE_VALUE 113
413 #define ETW_REDUCED_STRING_TYPE_VALUE 114
414 #define ETW_SID_TYPE_VALUE 115
415 #define ETW_VARIANT_TYPE_VALUE 116
416 #define ETW_PTVECTOR_TYPE_VALUE 117
417 #define ETW_WMITIME_TYPE_VALUE 118
418 #define ETW_DATETIME_TYPE_VALUE 119
419 #define ETW_REFRENCE_TYPE_VALUE 120
420 
421 #define DEFINE_TRACE_MOF_FIELD(M, P, LEN, TYP) (M)->DataPtr = (ULONG64) (ULONG_PTR) P; (M)->Length = (ULONG) LEN; (M)->DataType = (ULONG) TYP;
422 
423 typedef struct _MOF_FIELD {
424   ULONG64 DataPtr;
425   ULONG Length;
426   ULONG DataType;
427 } MOF_FIELD,*PMOF_FIELD;
428 
429 #if !defined (_EVNTRACE_KERNEL_MODE) || defined (_WMIKM_)
430 typedef struct _TRACE_LOGFILE_HEADER {
431   ULONG BufferSize;
432   __C89_NAMELESS union {
433     ULONG Version;
434     struct {
435       UCHAR MajorVersion;
436       UCHAR MinorVersion;
437       UCHAR SubVersion;
438       UCHAR SubMinorVersion;
439     } VersionDetail;
440   } DUMMYUNIONNAME;
441   ULONG ProviderVersion;
442   ULONG NumberOfProcessors;
443   LARGE_INTEGER EndTime;
444   ULONG TimerResolution;
445   ULONG MaximumFileSize;
446   ULONG LogFileMode;
447   ULONG BuffersWritten;
448   __C89_NAMELESS union {
449     GUID LogInstanceGuid;
450     __C89_NAMELESS struct {
451       ULONG StartBuffers;
452       ULONG PointerSize;
453       ULONG EventsLost;
454       ULONG CpuSpeedInMHz;
455     } DUMMYSTRUCTNAME;
456   } DUMMYUNIONNAME2;
457 #if defined (_WMIKM_)
458   PWCHAR LoggerName;
459   PWCHAR LogFileName;
460   RTL_TIME_ZONE_INFORMATION TimeZone;
461 #else
462   LPWSTR LoggerName;
463   LPWSTR LogFileName;
464   TIME_ZONE_INFORMATION TimeZone;
465 #endif
466   LARGE_INTEGER BootTime;
467   LARGE_INTEGER PerfFreq;
468   LARGE_INTEGER StartTime;
469   ULONG ReservedFlags;
470   ULONG BuffersLost;
471 } TRACE_LOGFILE_HEADER,*PTRACE_LOGFILE_HEADER;
472 
473 typedef struct _TRACE_LOGFILE_HEADER32 {
474   ULONG BufferSize;
475   __C89_NAMELESS union {
476     ULONG Version;
477     struct {
478       UCHAR MajorVersion;
479       UCHAR MinorVersion;
480       UCHAR SubVersion;
481       UCHAR SubMinorVersion;
482     } VersionDetail;
483   };
484   ULONG ProviderVersion;
485   ULONG NumberOfProcessors;
486   LARGE_INTEGER EndTime;
487   ULONG TimerResolution;
488   ULONG MaximumFileSize;
489   ULONG LogFileMode;
490   ULONG BuffersWritten;
491   __C89_NAMELESS union {
492     GUID LogInstanceGuid;
493     __C89_NAMELESS struct {
494       ULONG StartBuffers;
495       ULONG PointerSize;
496       ULONG EventsLost;
497       ULONG CpuSpeedInMHz;
498     };
499   };
500   ULONG32 LoggerName;
501   ULONG32 LogFileName;
502 #if defined (_WMIKM_)
503   RTL_TIME_ZONE_INFORMATION TimeZone;
504 #else
505   TIME_ZONE_INFORMATION TimeZone;
506 #endif
507   LARGE_INTEGER BootTime;
508   LARGE_INTEGER PerfFreq;
509   LARGE_INTEGER StartTime;
510   ULONG ReservedFlags;
511   ULONG BuffersLost;
512 } TRACE_LOGFILE_HEADER32,*PTRACE_LOGFILE_HEADER32;
513 
514 typedef struct _TRACE_LOGFILE_HEADER64 {
515   ULONG BufferSize;
516   __C89_NAMELESS union {
517     ULONG Version;
518     __C89_NAMELESS struct {
519       UCHAR MajorVersion;
520       UCHAR MinorVersion;
521       UCHAR SubVersion;
522       UCHAR SubMinorVersion;
523     } VersionDetail;
524   };
525   ULONG ProviderVersion;
526   ULONG NumberOfProcessors;
527   LARGE_INTEGER EndTime;
528   ULONG TimerResolution;
529   ULONG MaximumFileSize;
530   ULONG LogFileMode;
531   ULONG BuffersWritten;
532   __C89_NAMELESS union {
533     GUID LogInstanceGuid;
534     __C89_NAMELESS struct {
535       ULONG StartBuffers;
536       ULONG PointerSize;
537       ULONG EventsLost;
538       ULONG CpuSpeedInMHz;
539     };
540   };
541   ULONG64 LoggerName;
542   ULONG64 LogFileName;
543 #if defined (_WMIKM_)
544   RTL_TIME_ZONE_INFORMATION TimeZone;
545 #else
546   TIME_ZONE_INFORMATION TimeZone;
547 #endif
548   LARGE_INTEGER BootTime;
549   LARGE_INTEGER PerfFreq;
550   LARGE_INTEGER StartTime;
551   ULONG ReservedFlags;
552   ULONG BuffersLost;
553 } TRACE_LOGFILE_HEADER64,*PTRACE_LOGFILE_HEADER64;
554 #endif
555 
556 typedef struct EVENT_INSTANCE_INFO {
557   HANDLE RegHandle;
558   ULONG InstanceId;
559 } EVENT_INSTANCE_INFO,*PEVENT_INSTANCE_INFO;
560 
561 #ifndef _EVNTRACE_KERNEL_MODE
562 
563 typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR;
564 
565 typedef struct _EVENT_TRACE_PROPERTIES {
566   WNODE_HEADER Wnode;
567   ULONG BufferSize;
568   ULONG MinimumBuffers;
569   ULONG MaximumBuffers;
570   ULONG MaximumFileSize;
571   ULONG LogFileMode;
572   ULONG FlushTimer;
573   ULONG EnableFlags;
574   LONG AgeLimit;
575   ULONG NumberOfBuffers;
576   ULONG FreeBuffers;
577   ULONG EventsLost;
578   ULONG BuffersWritten;
579   ULONG LogBuffersLost;
580   ULONG RealTimeBuffersLost;
581   HANDLE LoggerThreadId;
582   ULONG LogFileNameOffset;
583   ULONG LoggerNameOffset;
584 } EVENT_TRACE_PROPERTIES,*PEVENT_TRACE_PROPERTIES;
585 
586 typedef struct _EVENT_TRACE_PROPERTIES_V2 {
587   WNODE_HEADER Wnode;
588   ULONG BufferSize;
589   ULONG MinimumBuffers;
590   ULONG MaximumBuffers;
591   ULONG MaximumFileSize;
592   ULONG LogFileMode;
593   ULONG FlushTimer;
594   ULONG EnableFlags;
595   __C89_NAMELESS union {
596       LONG  AgeLimit;
597       LONG  FlushThreshold;
598   };
599   ULONG NumberOfBuffers;
600   ULONG FreeBuffers;
601   ULONG EventsLost;
602   ULONG BuffersWritten;
603   ULONG LogBuffersLost;
604   ULONG RealTimeBuffersLost;
605   HANDLE LoggerThreadId;
606   ULONG LogFileNameOffset;
607   ULONG LoggerNameOffset;
608   __C89_NAMELESS union {
609       __C89_NAMELESS struct {
610           ULONG VersionNumber : 8;
611       };
612       ULONG V2Control;
613   };
614   ULONG FilterDescCount;
615   PEVENT_FILTER_DESCRIPTOR FilterDesc;
616   __C89_NAMELESS union {
617       __C89_NAMELESS struct {
618           ULONG Wow : 1;
619           ULONG QpcDeltaTracking : 1;
620       };
621       ULONG64 V2Options;
622   };
623 } EVENT_TRACE_PROPERTIES_V2, *PEVENT_TRACE_PROPERTIES_V2;
624 
625 typedef struct _TRACE_GUID_REGISTRATION {
626   LPCGUID Guid;
627   HANDLE RegHandle;
628 } TRACE_GUID_REGISTRATION,*PTRACE_GUID_REGISTRATION;
629 #endif
630 
631 typedef struct _TRACE_GUID_PROPERTIES {
632   GUID Guid;
633   ULONG GuidType;
634   ULONG LoggerId;
635   ULONG EnableLevel;
636   ULONG EnableFlags;
637   BOOLEAN IsEnable;
638 } TRACE_GUID_PROPERTIES,*PTRACE_GUID_PROPERTIES;
639 
640 #ifndef ETW_BUFFER_CONTEXT_DEF
641 #define ETW_BUFFER_CONTEXT_DEF
642 
643 typedef struct _ETW_BUFFER_CONTEXT {
644   __C89_NAMELESS union {
645     __C89_NAMELESS struct {
646       UCHAR ProcessorNumber;
647       UCHAR Alignment;
648     } DUMMYSTRUCTNAME;
649     USHORT ProcessorIndex;
650   } DUMMYUNIONNAME;
651   USHORT LoggerId;
652 } ETW_BUFFER_CONTEXT,*PETW_BUFFER_CONTEXT;
653 #endif
654 
655 #define TRACE_PROVIDER_FLAG_LEGACY (0x00000001)
656 #define TRACE_PROVIDER_FLAG_PRE_ENABLE (0x00000002)
657 
658 typedef struct _TRACE_ENABLE_INFO {
659   ULONG IsEnabled;
660   UCHAR Level;
661   UCHAR Reserved1;
662   USHORT LoggerId;
663   ULONG EnableProperty;
664   ULONG Reserved2;
665   ULONGLONG MatchAnyKeyword;
666   ULONGLONG MatchAllKeyword;
667 } TRACE_ENABLE_INFO,*PTRACE_ENABLE_INFO;
668 
669 typedef struct _TRACE_PROVIDER_INSTANCE_INFO {
670   ULONG NextOffset;
671   ULONG EnableCount;
672   ULONG Pid;
673   ULONG Flags;
674 } TRACE_PROVIDER_INSTANCE_INFO,*PTRACE_PROVIDER_INSTANCE_INFO;
675 
676 typedef struct _TRACE_GUID_INFO {
677   ULONG InstanceCount;
678   ULONG Reserved;
679 } TRACE_GUID_INFO,*PTRACE_GUID_INFO;
680 
681 typedef struct _PROFILE_SOURCE_INFO {
682   ULONG NextEntryOffset;
683   ULONG Source;
684   ULONG MinInterval;
685   ULONG MaxInterval;
686   ULONG64 Reserved;
687   WCHAR Description[ANYSIZE_ARRAY];
688 } PROFILE_SOURCE_INFO,*PPROFILE_SOURCE_INFO;
689 
690 typedef struct _EVENT_TRACE {
691   EVENT_TRACE_HEADER Header;
692   ULONG InstanceId;
693   ULONG ParentInstanceId;
694   GUID ParentGuid;
695   PVOID MofData;
696   ULONG MofLength;
697   __C89_NAMELESS union {
698     ULONG ClientContext;
699     ETW_BUFFER_CONTEXT BufferContext;
700   } DUMMYUNIONNAME;
701 } EVENT_TRACE,*PEVENT_TRACE;
702 
703 #define EVENT_CONTROL_CODE_DISABLE_PROVIDER 0
704 #define EVENT_CONTROL_CODE_ENABLE_PROVIDER 1
705 #define EVENT_CONTROL_CODE_CAPTURE_STATE 2
706 #endif
707 
708 #ifndef _EVNTRACE_KERNEL_MODE
709 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
710 typedef struct _EVENT_RECORD EVENT_RECORD,*PEVENT_RECORD;
711 typedef struct _EVENT_TRACE_LOGFILEW EVENT_TRACE_LOGFILEW,*PEVENT_TRACE_LOGFILEW;
712 typedef struct _EVENT_TRACE_LOGFILEA EVENT_TRACE_LOGFILEA,*PEVENT_TRACE_LOGFILEA;
713 typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKW) (PEVENT_TRACE_LOGFILEW Logfile);
714 typedef ULONG (WINAPI *PEVENT_TRACE_BUFFER_CALLBACKA) (PEVENT_TRACE_LOGFILEA Logfile);
715 typedef VOID (WINAPI *PEVENT_CALLBACK) (PEVENT_TRACE pEvent);
716 typedef VOID (WINAPI *PEVENT_RECORD_CALLBACK) (PEVENT_RECORD EventRecord);
717 typedef ULONG (WINAPI *WMIDPREQUEST) (WMIDPREQUESTCODE RequestCode, PVOID RequestContext, ULONG *BufferSize, PVOID Buffer);
718 
719 struct _EVENT_TRACE_LOGFILEW {
720   LPWSTR LogFileName;
721   LPWSTR LoggerName;
722   LONGLONG CurrentTime;
723   ULONG BuffersRead;
724   __C89_NAMELESS union {
725     ULONG LogFileMode;
726     ULONG ProcessTraceMode;
727   } DUMMYUNIONNAME;
728   EVENT_TRACE CurrentEvent;
729   TRACE_LOGFILE_HEADER LogfileHeader;
730   PEVENT_TRACE_BUFFER_CALLBACKW BufferCallback;
731   ULONG BufferSize;
732   ULONG Filled;
733   ULONG EventsLost;
734   __C89_NAMELESS union {
735     PEVENT_CALLBACK EventCallback;
736     PEVENT_RECORD_CALLBACK EventRecordCallback;
737   } DUMMYUNIONNAME2;
738   ULONG IsKernelTrace;
739   PVOID Context;
740 };
741 
742 struct _EVENT_TRACE_LOGFILEA {
743   LPSTR LogFileName;
744   LPSTR LoggerName;
745   LONGLONG CurrentTime;
746   ULONG BuffersRead;
747   __C89_NAMELESS union {
748     ULONG LogFileMode;
749     ULONG ProcessTraceMode;
750   } DUMMYUNIONNAME;
751   EVENT_TRACE CurrentEvent;
752   TRACE_LOGFILE_HEADER LogfileHeader;
753   PEVENT_TRACE_BUFFER_CALLBACKA BufferCallback;
754   ULONG BufferSize;
755   ULONG Filled;
756   ULONG EventsLost;
757   __C89_NAMELESS union {
758     PEVENT_CALLBACK EventCallback;
759     PEVENT_RECORD_CALLBACK EventRecordCallback;
760   } DUMMYUNIONNAME2;
761   ULONG IsKernelTrace;
762   PVOID Context;
763 };
764 
765 #if defined (_UNICODE) || defined (UNICODE)
766 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKW
767 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEW
768 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEW
769 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEW
770 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEW
771 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEW
772 #else
773 #define PEVENT_TRACE_BUFFER_CALLBACK PEVENT_TRACE_BUFFER_CALLBACKA
774 #define EVENT_TRACE_LOGFILE EVENT_TRACE_LOGFILEA
775 #define PEVENT_TRACE_LOGFILE PEVENT_TRACE_LOGFILEA
776 #define KERNEL_LOGGER_NAME KERNEL_LOGGER_NAMEA
777 #define GLOBAL_LOGGER_NAME GLOBAL_LOGGER_NAMEA
778 #define EVENT_LOGGER_NAME EVENT_LOGGER_NAMEA
779 #endif
780 #endif
781 
782 #ifdef __cplusplus
783 extern "C" {
784 #endif
785 
786 #define ENABLE_TRACE_PARAMETERS_VERSION 1
787 #define ENABLE_TRACE_PARAMETERS_VERSION_2 2
788 
789 typedef enum _TRACE_QUERY_INFO_CLASS {
790     TraceGuidQueryList,
791     TraceGuidQueryInfo,
792     TraceGuidQueryProcess,
793     TraceStackTracingInfo,
794     TraceSystemTraceEnableFlagsInfo,
795     TraceSampledProfileIntervalInfo,
796     TraceProfileSourceConfigInfo,
797     TraceProfileSourceListInfo,
798     TracePmcEventListInfo,
799     TracePmcCounterListInfo,
800     TraceSetDisallowList,
801     TraceVersionInfo,
802     TraceGroupQueryList,
803     TraceGroupQueryInfo,
804     TraceDisallowListQuery,
805     TraceCompressionInfo,
806     TracePeriodicCaptureStateListInfo,
807     TracePeriodicCaptureStateInfo,
808     TraceProviderBinaryTracking,
809     TraceMaxLoggersQuery,
810     MaxTraceSetInfoClass
811 } TRACE_QUERY_INFO_CLASS, TRACE_INFO_CLASS;
812 
813 typedef struct _EVENT_FILTER_DESCRIPTOR EVENT_FILTER_DESCRIPTOR,*PEVENT_FILTER_DESCRIPTOR;
814 
815 typedef struct _ENABLE_TRACE_PARAMETERS_V1 {
816     ULONG                    Version;
817     ULONG                    EnableProperty;
818     ULONG                    ControlFlags;
819     GUID                     SourceId;
820     PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
821 } ENABLE_TRACE_PARAMETERS_V1, *PENABLE_TRACE_PARAMETERS_V1;
822 
823 typedef struct _ENABLE_TRACE_PARAMETERS {
824     ULONG                    Version;
825     ULONG                    EnableProperty;
826     ULONG                    ControlFlags;
827     GUID                     SourceId;
828     PEVENT_FILTER_DESCRIPTOR EnableFilterDesc;
829     ULONG                    FilterDescCount;
830 } ENABLE_TRACE_PARAMETERS, *PENABLE_TRACE_PARAMETERS;
831 
832 /*To enable the read event type for disk IO events, set GUID to 3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c and Type to 10.*/
833 typedef struct _CLASSIC_EVENT_ID {
834     GUID  EventGuid;
835     UCHAR Type;
836     UCHAR Reserved[7];
837 } CLASSIC_EVENT_ID, *PCLASSIC_EVENT_ID;
838 
839 typedef struct _TRACE_PROFILE_INTERVAL {
840     ULONG Source;
841     ULONG Interval;
842 } TRACE_PROFILE_INTERVAL, *PTRACE_PROFILE_INTERVAL;
843 
844 typedef struct _TRACE_VERSION_INFO {
845     UINT EtwTraceProcessingVersion;
846     UINT Reserved;
847 } TRACE_VERSION_INFO, *PTRACE_VERSION_INFO;
848 
849 typedef struct _TRACE_PERIODIC_CAPTURE_STATE_INFO {
850     ULONG CaptureStateFrequencyInSeconds;
851     USHORT ProviderCount;
852     USHORT Reserved;
853 } TRACE_PERIODIC_CAPTURE_STATE_INFO, *PTRACE_PERIODIC_CAPTURE_STATE_INFO;
854 
855 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
856   EXTERN_C ULONG WMIAPI ControlTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode);
857   EXTERN_C ULONG WMIAPI FlushTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);  EXTERN_C ULONG WMIAPI QueryTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);  EXTERN_C ULONG WMIAPI StartTraceA (PTRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
858   EXTERN_C ULONG WMIAPI StopTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
859   EXTERN_C ULONG WMIAPI RegisterTraceGuidsA (WMIDPREQUEST RequestAddress, PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount, PTRACE_GUID_REGISTRATION TraceGuidReg, LPCSTR MofImagePath, LPCSTR MofResourceName, PTRACEHANDLE RegistrationHandle);
860   EXTERN_C TRACEHANDLE WMIAPI OpenTraceA (PEVENT_TRACE_LOGFILEA Logfile);
861   EXTERN_C ULONG WMIAPI CloseTrace (TRACEHANDLE TraceHandle);
862   EXTERN_C ULONG WMIAPI ProcessTrace (PTRACEHANDLE HandleArray, ULONG HandleCount, LPFILETIME StartTime, LPFILETIME EndTime);
863 #endif
864 
865 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
866   EXTERN_C ULONG WMIAPI UpdateTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
867   EXTERN_C ULONG WMIAPI UpdateTraceA (TRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
868   EXTERN_C ULONG WMIAPI QueryAllTracesW (PEVENT_TRACE_PROPERTIES *PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount);
869   EXTERN_C ULONG WMIAPI QueryAllTracesA (PEVENT_TRACE_PROPERTIES *PropertyArray, ULONG PropertyArrayCount, PULONG LoggerCount);
870   EXTERN_C ULONG WMIAPI CreateTraceInstanceId (HANDLE RegHandle, PEVENT_INSTANCE_INFO InstInfo);
871   EXTERN_C ULONG WMIAPI TraceEvent (TRACEHANDLE TraceHandle, PEVENT_TRACE_HEADER EventTrace);
872   EXTERN_C ULONG WMIAPI TraceEventInstance (TRACEHANDLE TraceHandle, PEVENT_INSTANCE_HEADER EventTrace, PEVENT_INSTANCE_INFO InstInfo, PEVENT_INSTANCE_INFO ParentInstInfo);
873   EXTERN_C ULONG WMIAPI EnumerateTraceGuids (PTRACE_GUID_PROPERTIES *GuidPropertiesArray, ULONG PropertyArrayCount, PULONG GuidCount);
874   EXTERN_C ULONG WMIAPI SetTraceCallback (LPCGUID pGuid, PEVENT_CALLBACK EventCallback);
875   EXTERN_C ULONG WMIAPI RemoveTraceCallback (LPCGUID pGuid);
876   EXTERN_C ULONG TraceMessageVa (TRACEHANDLE LoggerHandle, ULONG MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber, va_list MessageArgList);
877 #if WINVER >= 0x0601
878   EXTERN_C ULONG WMIAPI TraceSetInformation (TRACEHANDLE SessionHandle, TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG InformationLength);
879 #endif
880 #if WINVER >= 0x0602
881   EXTERN_C ULONG WMIAPI TraceQueryInformation (TRACEHANDLE SessionHandle, TRACE_INFO_CLASS InformationClass, PVOID TraceInformation, ULONG InformationLength, PULONG ReturnLength);
882 #endif
883 #endif /* WINAPI_PARTITION_DESKTOP */
884 
885 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
886 
887 typedef enum _ETW_PROCESS_HANDLE_INFO_TYPE {
888     EtwQueryPartitionInformation = 1,
889     EtwQueryProcessHandleInfoMax
890 } ETW_PROCESS_HANDLE_INFO_TYPE;
891 
892 typedef struct _ETW_TRACE_PARTITION_INFORMATION {
893     GUID PartitionId;
894     GUID ParentId;
895     LONG64 QpcOffsetFromRoot;
896     ULONG PartitionType;
897 } ETW_TRACE_PARTITION_INFORMATION, *PETW_TRACE_PARTITION_INFORMATION;
898 
899   EXTERN_C TRACEHANDLE WMIAPI OpenTraceW (PEVENT_TRACE_LOGFILEW Logfile);
900 #if WINVER >= 0x0600
901   EXTERN_C ULONG WMIAPI EnableTraceEx (LPCGUID ProviderId, LPCGUID SourceId, TRACEHANDLE TraceHandle, ULONG IsEnabled, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG EnableProperty, PEVENT_FILTER_DESCRIPTOR EnableFilterDesc);
902   EXTERN_C ULONG WMIAPI EnumerateTraceGuidsEx (TRACE_QUERY_INFO_CLASS TraceQueryInfoClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG OutBufferSize, PULONG ReturnLength);
903 #endif
904 #if WINVER >= 0x0601
905   EXTERN_C ULONG WMIAPI EnableTraceEx2 (TRACEHANDLE TraceHandle, LPCGUID ProviderId, ULONG ControlCode, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG Timeout, PENABLE_TRACE_PARAMETERS EnableParameters);
906 #endif
907   EXTERN_C ULONG WMIAPI StartTraceA (PTRACEHANDLE TraceHandle, LPCSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
908   EXTERN_C ULONG WMIAPI StartTraceW (PTRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
909   EXTERN_C ULONG WMIAPI StopTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
910   EXTERN_C ULONG WMIAPI QueryTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
911   EXTERN_C ULONG WMIAPI FlushTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties);
912   EXTERN_C ULONG WMIAPI ControlTraceW (TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode);
913   EXTERN_C ULONG WMIAPI EnableTrace (ULONG Enable, ULONG EnableFlag, ULONG EnableLevel, LPCGUID ControlGuid, TRACEHANDLE TraceHandle);
914   EXTERN_C ULONG WMIAPI RegisterTraceGuidsW (WMIDPREQUEST RequestAddress, PVOID RequestContext, LPCGUID ControlGuid, ULONG GuidCount, PTRACE_GUID_REGISTRATION TraceGuidReg, LPCWSTR MofImagePath, LPCWSTR MofResourceName, PTRACEHANDLE RegistrationHandle);
915   EXTERN_C ULONG WMIAPI UnregisterTraceGuids (TRACEHANDLE RegistrationHandle);
916   EXTERN_C TRACEHANDLE WMIAPI GetTraceLoggerHandle (PVOID Buffer);
917   EXTERN_C UCHAR WMIAPI GetTraceEnableLevel (TRACEHANDLE TraceHandle);
918   EXTERN_C ULONG WMIAPI GetTraceEnableFlags (TRACEHANDLE TraceHandle);
919   EXTERN_C ULONG __cdecl TraceMessage (TRACEHANDLE LoggerHandle, ULONG MessageFlags, LPCGUID MessageGuid, USHORT MessageNumber,...);
920   EXTERN_C ULONG WMIAPI QueryTraceProcessingHandle (TRACEHANDLE ProcessingHandle, ETW_PROCESS_HANDLE_INFO_TYPE InformationClass, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG OutBufferSize, PULONG ReturnLength);
921 #endif /* WINAPI_PARTITION_APP */
922 
923 #ifdef __cplusplus
924 }
925 #endif
926 
927 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
928 #define INVALID_PROCESSTRACE_HANDLE ((TRACEHANDLE)INVALID_HANDLE_VALUE)
929 #endif
930 
931 #if defined (UNICODE) || defined (_UNICODE)
932 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
933 #define RegisterTraceGuids RegisterTraceGuidsW
934 #define StartTrace StartTraceW
935 #define ControlTrace ControlTraceW
936 
937 #ifdef __TRACE_W2K_COMPATIBLE
938 #define StopTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
939 #define QueryTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
940 #define UpdateTrace(a, b, c) ControlTraceW ((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
941 #else
942 #define StopTrace StopTraceW
943 #define QueryTrace QueryTraceW
944 #define UpdateTrace UpdateTraceW
945 #endif
946 
947 #define FlushTrace FlushTraceW
948 #define QueryAllTraces QueryAllTracesW
949 #define OpenTrace OpenTraceW
950 #endif
951 #else
952 
953 #if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_APP)
954 #define RegisterTraceGuids RegisterTraceGuidsA
955 #define StartTrace StartTraceA
956 #define ControlTrace ControlTraceA
957 
958 #ifdef __TRACE_W2K_COMPATIBLE
959 #define StopTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_STOP)
960 #define QueryTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_QUERY)
961 #define UpdateTrace(a, b, c) ControlTraceA ((a),(b),(c), EVENT_TRACE_CONTROL_UPDATE)
962 #else
963 #define StopTrace StopTraceA
964 #define QueryTrace QueryTraceA
965 #define UpdateTrace UpdateTraceA
966 #endif
967 
968 #define FlushTrace FlushTraceA
969 #define QueryAllTraces QueryAllTracesA
970 #define OpenTrace OpenTraceA
971 #endif
972 #endif
973 #endif
974 #endif
975 #endif
976