1 // Licensed under the Apache License, Version 2.0 2 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 3 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. 4 // All files in the project carrying such notice may not be copied, modified, or distributed 5 // except according to those terms. 6 //! Windows Events API 7 use ctypes::{c_double, c_float}; 8 use shared::basetsd::{INT16, INT32, INT64, INT8, UINT16, UINT32, UINT64, UINT8}; 9 use shared::guiddef::GUID; 10 use shared::minwindef::{BOOL, DWORD, FILETIME, PBYTE, PDWORD}; 11 use um::minwinbase::SYSTEMTIME; 12 use um::winnt::{HANDLE, LCID, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR, PSID, PVOID, ULONGLONG}; 13 use vc::vcruntime::size_t; 14 pub type EVT_HANDLE = HANDLE; 15 pub type PEVT_HANDLE = *mut HANDLE; 16 ENUM!{enum EVT_VARIANT_TYPE { 17 EvtVarTypeNull = 0, 18 EvtVarTypeString = 1, 19 EvtVarTypeAnsiString = 2, 20 EvtVarTypeSByte = 3, 21 EvtVarTypeByte = 4, 22 EvtVarTypeInt16 = 5, 23 EvtVarTypeUInt16 = 6, 24 EvtVarTypeInt32 = 7, 25 EvtVarTypeUInt32 = 8, 26 EvtVarTypeInt64 = 9, 27 EvtVarTypeUInt64 = 10, 28 EvtVarTypeSingle = 11, 29 EvtVarTypeDouble = 12, 30 EvtVarTypeBoolean = 13, 31 EvtVarTypeBinary = 14, 32 EvtVarTypeGuid = 15, 33 EvtVarTypeSizeT = 16, 34 EvtVarTypeFileTime = 17, 35 EvtVarTypeSysTime = 18, 36 EvtVarTypeSid = 19, 37 EvtVarTypeHexInt32 = 20, 38 EvtVarTypeHexInt64 = 21, 39 EvtVarTypeEvtHandle = 32, 40 EvtVarTypeEvtXml = 35, 41 }} 42 pub const EVT_VARIANT_TYPE_MASK: DWORD = 0x7f; 43 pub const EVT_VARIANT_TYPE_ARRAY: DWORD = 128; 44 UNION!{union EVT_VARIANT_u { 45 [u64; 1], 46 BooleanVal BooleanVal_mut: BOOL, 47 SByteVal SByteVal_mut: INT8, 48 Int16Val Int16Val_mut: INT16, 49 Int32Val Int32Val_mut: INT32, 50 Int64Val Int64Val_mut: INT64, 51 ByteVal ByteVal_mut: UINT8, 52 UInt16Val UInt16Val_mut: UINT16, 53 UInt32Val UInt32Val_mut: UINT32, 54 UInt64Val UInt64Val_mut: UINT64, 55 SingleVal SingleVal_mut: c_float, 56 DoubleVal DoubleVal_mut: c_double, 57 FileTimeVal FileTimeVal_mut: ULONGLONG, 58 SysTimeVal SysTimeVal_mut: *mut SYSTEMTIME, 59 GuidVal GuidVal_mut: *mut GUID, 60 StringVal StringVal_mut: LPCWSTR, 61 AnsiStringVal AnsiStringVal_mut: LPCSTR, 62 BinaryVal BinaryVal_mut: PBYTE, 63 SidVal SidVal_mut: PSID, 64 SizeTVal SizeTVal_mut: size_t, 65 BooleanArr BooleanArr_mut: *mut BOOL, 66 SByteArr SByteArr_mut: *mut INT8, 67 Int16Arr Int16Arr_mut: *mut INT16, 68 Int32Arr Int32Arr_mut: *mut INT32, 69 Int64Arr Int64Arr_mut: *mut INT64, 70 ByteArr ByteArr_mut: *mut UINT8, 71 UInt16Arr UInt16Arr_mut: *mut UINT16, 72 UInt32Arr UInt32Arr_mut: *mut UINT32, 73 UInt64Arr UInt64Arr_mut: *mut UINT64, 74 SingleArr SingleArr_mut: *mut c_float, 75 DoubleArr DoubleArr_mut: *mut c_double, 76 FileTimeArr FileTimeArr_mut: *mut FILETIME, 77 SysTimeArr SysTimeArr_mut: *mut SYSTEMTIME, 78 GuidArr GuidArr_mut: *mut GUID, 79 StringArr StringArr_mut: *mut LPWSTR, 80 AnsiStringArr AnsiStringArr_mut: *mut LPSTR, 81 SidArr SidArr_mut: *mut PSID, 82 SizeTArr SizeTArr_mut: *mut size_t, 83 EvtHandleVal EvtHandleVal_mut: EVT_HANDLE, 84 XmlVal XmlVal_mut: LPCWSTR, 85 XmlValArr XmlValArr_mut: *mut LPCWSTR, 86 }} 87 STRUCT!{struct EVT_VARIANT { 88 u: EVT_VARIANT_u, 89 Count: DWORD, 90 Type: DWORD, 91 }} 92 pub type PEVT_VARIANT = *mut EVT_VARIANT; 93 ENUM!{enum EVT_LOGIN_CLASS { 94 EvtRpcLogin = 1, 95 }} 96 ENUM!{enum EVT_RPC_LOGIN_FLAGS { 97 EvtRpcLoginAuthDefault = 0, 98 EvtRpcLoginAuthNegotiate, 99 EvtRpcLoginAuthKerberos, 100 EvtRpcLoginAuthNTLM, 101 }} 102 STRUCT!{struct EVT_RPC_LOGIN { 103 Server: LPWSTR, 104 User: LPWSTR, 105 Domain: LPWSTR, 106 Password: LPWSTR, 107 Flags: DWORD, 108 }} 109 extern "system" { EvtOpenSession( LoginClass: EVT_LOGIN_CLASS, Login: PVOID, Timeout: DWORD, Flags: DWORD, ) -> EVT_HANDLE110 pub fn EvtOpenSession( 111 LoginClass: EVT_LOGIN_CLASS, 112 Login: PVOID, 113 Timeout: DWORD, 114 Flags: DWORD, 115 ) -> EVT_HANDLE; EvtClose( Object: EVT_HANDLE, ) -> BOOL116 pub fn EvtClose( 117 Object: EVT_HANDLE, 118 ) -> BOOL; EvtCancel( Object: EVT_HANDLE, ) -> BOOL119 pub fn EvtCancel( 120 Object: EVT_HANDLE, 121 ) -> BOOL; EvtGetExtendedStatus( BufferSize: DWORD, Buffer: LPWSTR, BufferUsed: PDWORD, ) -> DWORD122 pub fn EvtGetExtendedStatus( 123 BufferSize: DWORD, 124 Buffer: LPWSTR, 125 BufferUsed: PDWORD, 126 ) -> DWORD; 127 } 128 ENUM!{enum EVT_QUERY_FLAGS { 129 EvtQueryChannelPath = 0x1, 130 EvtQueryFilePath = 0x2, 131 EvtQueryForwardDirection = 0x100, 132 EvtQueryReverseDirection = 0x200, 133 EvtQueryTolerateQueryErrors = 0x1000, 134 }} 135 ENUM!{enum EVT_SEEK_FLAGS { 136 EvtSeekRelativeToFirst = 1, 137 EvtSeekRelativeToLast = 2, 138 EvtSeekRelativeToCurrent = 3, 139 EvtSeekRelativeToBookmark = 4, 140 EvtSeekOriginMask = 7, 141 EvtSeekStrict = 0x10000, 142 }} 143 extern "system" { EvtQuery( Session: EVT_HANDLE, Path: LPCWSTR, Query: LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE144 pub fn EvtQuery( 145 Session: EVT_HANDLE, 146 Path: LPCWSTR, 147 Query: LPCWSTR, 148 Flags: DWORD, 149 ) -> EVT_HANDLE; EvtNext( ResultSet: EVT_HANDLE, EventsSize: DWORD, Events: PEVT_HANDLE, Timeout: DWORD, Flags: DWORD, Returned: PDWORD, ) -> BOOL150 pub fn EvtNext( 151 ResultSet: EVT_HANDLE, 152 EventsSize: DWORD, 153 Events: PEVT_HANDLE, 154 Timeout: DWORD, 155 Flags: DWORD, 156 Returned: PDWORD, 157 ) -> BOOL; EvtSeek( ResultSet: EVT_HANDLE, Position: LONGLONG, Bookmark: EVT_HANDLE, Timeout: DWORD, Flags: DWORD, ) -> BOOL158 pub fn EvtSeek( 159 ResultSet: EVT_HANDLE, 160 Position: LONGLONG, 161 Bookmark: EVT_HANDLE, 162 Timeout: DWORD, 163 Flags: DWORD, 164 ) -> BOOL; 165 } 166 ENUM!{enum EVT_SUBSCRIBE_FLAGS { 167 EvtSubscribeToFutureEvents = 1, 168 EvtSubscribeStartAtOldestRecord = 2, 169 EvtSubscribeStartAfterBookmark = 3, 170 EvtSubscribeOriginMask = 3, 171 EvtSubscribeTolerateQueryErrors = 0x1000, 172 EvtSubscribeStrict = 0x10000, 173 }} 174 ENUM!{enum EVT_SUBSCRIBE_NOTIFY_ACTION { 175 EvtSubscribeActionError = 0, 176 EvtSubscribeActionDeliver, 177 }} 178 FN!{stdcall EVT_SUBSCRIBE_CALLBACK( 179 Action: EVT_SUBSCRIBE_NOTIFY_ACTION, 180 UserContext: PVOID, 181 Event: EVT_HANDLE, 182 ) -> DWORD} 183 extern "system" { EvtSubscribe( Session: EVT_HANDLE, SignalEvent: HANDLE, ChannelPath: LPCWSTR, Query: LPCWSTR, Bookmark: EVT_HANDLE, Context: PVOID, Callback: EVT_SUBSCRIBE_CALLBACK, Flags: DWORD, ) -> EVT_HANDLE184 pub fn EvtSubscribe( 185 Session: EVT_HANDLE, 186 SignalEvent: HANDLE, 187 ChannelPath: LPCWSTR, 188 Query: LPCWSTR, 189 Bookmark: EVT_HANDLE, 190 Context: PVOID, 191 Callback: EVT_SUBSCRIBE_CALLBACK, 192 Flags: DWORD, 193 ) -> EVT_HANDLE; 194 } 195 ENUM!{enum EVT_SYSTEM_PROPERTY_ID { 196 EvtSystemProviderName = 0, 197 EvtSystemProviderGuid, 198 EvtSystemEventID, 199 EvtSystemQualifiers, 200 EvtSystemLevel, 201 EvtSystemTask, 202 EvtSystemOpcode, 203 EvtSystemKeywords, 204 EvtSystemTimeCreated, 205 EvtSystemEventRecordId, 206 EvtSystemActivityID, 207 EvtSystemRelatedActivityID, 208 EvtSystemProcessID, 209 EvtSystemThreadID, 210 EvtSystemChannel, 211 EvtSystemComputer, 212 EvtSystemUserID, 213 EvtSystemVersion, 214 EvtSystemPropertyIdEND, 215 }} 216 ENUM!{enum EVT_RENDER_CONTEXT_FLAGS { 217 EvtRenderContextValues = 0, 218 EvtRenderContextSystem, 219 EvtRenderContextUser, 220 }} 221 ENUM!{enum EVT_RENDER_FLAGS { 222 EvtRenderEventValues = 0, 223 EvtRenderEventXml, 224 EvtRenderBookmark, 225 }} 226 extern "system" { EvtCreateRenderContext( ValuePathsCount: DWORD, ValuePaths: *mut LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE227 pub fn EvtCreateRenderContext( 228 ValuePathsCount: DWORD, 229 ValuePaths: *mut LPCWSTR, 230 Flags: DWORD, 231 ) -> EVT_HANDLE; EvtRender( Context: EVT_HANDLE, Fragment: EVT_HANDLE, Flags: DWORD, BufferSize: DWORD, Buffer: PVOID, BufferUsed: PDWORD, PropertyCount: PDWORD, ) -> BOOL232 pub fn EvtRender( 233 Context: EVT_HANDLE, 234 Fragment: EVT_HANDLE, 235 Flags: DWORD, 236 BufferSize: DWORD, 237 Buffer: PVOID, 238 BufferUsed: PDWORD, 239 PropertyCount: PDWORD, 240 ) -> BOOL; 241 } 242 ENUM!{enum EVT_FORMAT_MESSAGE_FLAGS { 243 EvtFormatMessageEvent = 1, 244 EvtFormatMessageLevel, 245 EvtFormatMessageTask, 246 EvtFormatMessageOpcode, 247 EvtFormatMessageKeyword, 248 EvtFormatMessageChannel, 249 EvtFormatMessageProvider, 250 EvtFormatMessageId, 251 EvtFormatMessageXml, 252 }} 253 extern "system" { EvtFormatMessage( PublisherMetadata: EVT_HANDLE, Event: EVT_HANDLE, MessageId: DWORD, ValueCount: DWORD, Values: PEVT_VARIANT, Flags: DWORD, BufferSize: DWORD, Buffer: LPWSTR, BufferUsed: PDWORD, ) -> BOOL254 pub fn EvtFormatMessage( 255 PublisherMetadata: EVT_HANDLE, 256 Event: EVT_HANDLE, 257 MessageId: DWORD, 258 ValueCount: DWORD, 259 Values: PEVT_VARIANT, 260 Flags: DWORD, 261 BufferSize: DWORD, 262 Buffer: LPWSTR, 263 BufferUsed: PDWORD, 264 ) -> BOOL; 265 } 266 ENUM!{enum EVT_OPEN_LOG_FLAGS { 267 EvtOpenChannelPath = 0x1, 268 EvtOpenFilePath = 0x2, 269 }} 270 ENUM!{enum EVT_LOG_PROPERTY_ID { 271 EvtLogCreationTime = 0, 272 EvtLogLastAccessTime, 273 EvtLogLastWriteTime, 274 EvtLogFileSize, 275 EvtLogAttributes, 276 EvtLogNumberOfLogRecords, 277 EvtLogOldestRecordNumber, 278 EvtLogFull, 279 }} 280 extern "system" { EvtOpenLog( Session: EVT_HANDLE, Path: LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE281 pub fn EvtOpenLog( 282 Session: EVT_HANDLE, 283 Path: LPCWSTR, 284 Flags: DWORD, 285 ) -> EVT_HANDLE; EvtGetLogInfo( Log: EVT_HANDLE, PropertyId: EVT_LOG_PROPERTY_ID, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL286 pub fn EvtGetLogInfo( 287 Log: EVT_HANDLE, 288 PropertyId: EVT_LOG_PROPERTY_ID, 289 PropertyValueBufferSize: DWORD, 290 PropertyValueBuffer: PEVT_VARIANT, 291 PropertyValueBufferUsed: PDWORD, 292 ) -> BOOL; EvtClearLog( Session: EVT_HANDLE, ChannelPath: LPCWSTR, TargetFilePath: LPCWSTR, Flags: DWORD, ) -> BOOL293 pub fn EvtClearLog( 294 Session: EVT_HANDLE, 295 ChannelPath: LPCWSTR, 296 TargetFilePath: LPCWSTR, 297 Flags: DWORD, 298 ) -> BOOL; 299 } 300 ENUM!{enum EVT_EXPORTLOG_FLAGS { 301 EvtExportLogChannelPath = 0x1, 302 EvtExportLogFilePath = 0x2, 303 EvtExportLogTolerateQueryErrors = 0x1000, 304 EvtExportLogOverwrite = 0x2000, 305 }} 306 extern "system" { EvtExportLog( Session: EVT_HANDLE, Path: LPCWSTR, Query: LPCWSTR, TargetFilePath: LPCWSTR, Flags: DWORD, ) -> BOOL307 pub fn EvtExportLog( 308 Session: EVT_HANDLE, 309 Path: LPCWSTR, 310 Query: LPCWSTR, 311 TargetFilePath: LPCWSTR, 312 Flags: DWORD, 313 ) -> BOOL; EvtArchiveExportedLog( Session: EVT_HANDLE, LogFilePath: LPCWSTR, Locale: LCID, Flags: DWORD, ) -> BOOL314 pub fn EvtArchiveExportedLog( 315 Session: EVT_HANDLE, 316 LogFilePath: LPCWSTR, 317 Locale: LCID, 318 Flags: DWORD, 319 ) -> BOOL; 320 } 321 ENUM!{enum EVT_CHANNEL_CONFIG_PROPERTY_ID { 322 EvtChannelConfigEnabled = 0, 323 EvtChannelConfigIsolation, 324 EvtChannelConfigType, 325 EvtChannelConfigOwningPublisher, 326 EvtChannelConfigClassicEventlog, 327 EvtChannelConfigAccess, 328 EvtChannelLoggingConfigRetention, 329 EvtChannelLoggingConfigAutoBackup, 330 EvtChannelLoggingConfigMaxSize, 331 EvtChannelLoggingConfigLogFilePath, 332 EvtChannelPublishingConfigLevel, 333 EvtChannelPublishingConfigKeywords, 334 EvtChannelPublishingConfigControlGuid, 335 EvtChannelPublishingConfigBufferSize, 336 EvtChannelPublishingConfigMinBuffers, 337 EvtChannelPublishingConfigMaxBuffers, 338 EvtChannelPublishingConfigLatency, 339 EvtChannelPublishingConfigClockType, 340 EvtChannelPublishingConfigSidType, 341 EvtChannelPublisherList, 342 EvtChannelPublishingConfigFileMax, 343 EvtChannelConfigPropertyIdEND, 344 }} 345 ENUM!{enum EVT_CHANNEL_TYPE { 346 EvtChannelTypeAdmin = 0, 347 EvtChannelTypeOperational, 348 EvtChannelTypeAnalytic, 349 EvtChannelTypeDebug, 350 }} 351 ENUM!{enum EVT_CHANNEL_ISOLATION_TYPE { 352 EvtChannelIsolationTypeApplication = 0, 353 EvtChannelIsolationTypeSystem, 354 EvtChannelIsolationTypeCustom, 355 }} 356 ENUM!{enum EVT_CHANNEL_CLOCK_TYPE { 357 EvtChannelClockTypeSystemTime = 0, 358 EvtChannelClockTypeQPC, 359 }} 360 ENUM!{enum EVT_CHANNEL_SID_TYPE { 361 EvtChannelSidTypeNone = 0, 362 EvtChannelSidTypePublishing, 363 }} 364 extern "system" { EvtOpenChannelEnum( Session: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE365 pub fn EvtOpenChannelEnum( 366 Session: EVT_HANDLE, 367 Flags: DWORD, 368 ) -> EVT_HANDLE; EvtNextChannelPath( ChannelEnum: EVT_HANDLE, ChannelPathBufferSize: DWORD, ChannelPathBuffer: LPWSTR, ChannelPathBufferUsed: PDWORD, ) -> BOOL369 pub fn EvtNextChannelPath( 370 ChannelEnum: EVT_HANDLE, 371 ChannelPathBufferSize: DWORD, 372 ChannelPathBuffer: LPWSTR, 373 ChannelPathBufferUsed: PDWORD, 374 ) -> BOOL; EvtOpenChannelConfig( Session: EVT_HANDLE, ChannelPath: LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE375 pub fn EvtOpenChannelConfig( 376 Session: EVT_HANDLE, 377 ChannelPath: LPCWSTR, 378 Flags: DWORD, 379 ) -> EVT_HANDLE; EvtSaveChannelConfig( ChannelConfig: EVT_HANDLE, Flags: DWORD, ) -> BOOL380 pub fn EvtSaveChannelConfig( 381 ChannelConfig: EVT_HANDLE, 382 Flags: DWORD, 383 ) -> BOOL; EvtSetChannelConfigProperty( ChannelConfig: EVT_HANDLE, PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, Flags: DWORD, PropertyValue: PEVT_VARIANT, ) -> BOOL384 pub fn EvtSetChannelConfigProperty( 385 ChannelConfig: EVT_HANDLE, 386 PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, 387 Flags: DWORD, 388 PropertyValue: PEVT_VARIANT, 389 ) -> BOOL; EvtGetChannelConfigProperty( ChannelConfig: EVT_HANDLE, PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, Flags: DWORD, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL390 pub fn EvtGetChannelConfigProperty( 391 ChannelConfig: EVT_HANDLE, 392 PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, 393 Flags: DWORD, 394 PropertyValueBufferSize: DWORD, 395 PropertyValueBuffer: PEVT_VARIANT, 396 PropertyValueBufferUsed: PDWORD, 397 ) -> BOOL; 398 } 399 ENUM!{enum EVT_CHANNEL_REFERENCE_FLAGS { 400 EvtChannelReferenceImported = 0x1, 401 }} 402 ENUM!{enum EVT_PUBLISHER_METADATA_PROPERTY_ID { 403 EvtPublisherMetadataPublisherGuid = 0, 404 EvtPublisherMetadataResourceFilePath, 405 EvtPublisherMetadataParameterFilePath, 406 EvtPublisherMetadataMessageFilePath, 407 EvtPublisherMetadataHelpLink, 408 EvtPublisherMetadataPublisherMessageID, 409 EvtPublisherMetadataChannelReferences, 410 EvtPublisherMetadataChannelReferencePath, 411 EvtPublisherMetadataChannelReferenceIndex, 412 EvtPublisherMetadataChannelReferenceID, 413 EvtPublisherMetadataChannelReferenceFlags, 414 EvtPublisherMetadataChannelReferenceMessageID, 415 EvtPublisherMetadataLevels, 416 EvtPublisherMetadataLevelName, 417 EvtPublisherMetadataLevelValue, 418 EvtPublisherMetadataLevelMessageID, 419 EvtPublisherMetadataTasks, 420 EvtPublisherMetadataTaskName, 421 EvtPublisherMetadataTaskEventGuid, 422 EvtPublisherMetadataTaskValue, 423 EvtPublisherMetadataTaskMessageID, 424 EvtPublisherMetadataOpcodes, 425 EvtPublisherMetadataOpcodeName, 426 EvtPublisherMetadataOpcodeValue, 427 EvtPublisherMetadataOpcodeMessageID, 428 EvtPublisherMetadataKeywords, 429 EvtPublisherMetadataKeywordName, 430 EvtPublisherMetadataKeywordValue, 431 EvtPublisherMetadataKeywordMessageID, 432 EvtPublisherMetadataPropertyIdEND, 433 }} 434 extern "system" { EvtOpenPublisherEnum( Session: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE435 pub fn EvtOpenPublisherEnum( 436 Session: EVT_HANDLE, 437 Flags: DWORD, 438 ) -> EVT_HANDLE; EvtNextPublisherId( PublisherEnum: EVT_HANDLE, PublisherIdBufferSize: DWORD, PublisherIdBuffer: LPWSTR, PublisherIdBufferUsed: PDWORD, ) -> BOOL439 pub fn EvtNextPublisherId( 440 PublisherEnum: EVT_HANDLE, 441 PublisherIdBufferSize: DWORD, 442 PublisherIdBuffer: LPWSTR, 443 PublisherIdBufferUsed: PDWORD, 444 ) -> BOOL; EvtOpenPublisherMetadata( Session: EVT_HANDLE, PublisherId: LPCWSTR, LogFilePath: LPCWSTR, Locale: LCID, Flags: DWORD, ) -> EVT_HANDLE445 pub fn EvtOpenPublisherMetadata( 446 Session: EVT_HANDLE, 447 PublisherId: LPCWSTR, 448 LogFilePath: LPCWSTR, 449 Locale: LCID, 450 Flags: DWORD, 451 ) -> EVT_HANDLE; EvtGetPublisherMetadataProperty( PublisherMetadata: EVT_HANDLE, PropertyId: EVT_PUBLISHER_METADATA_PROPERTY_ID, Flags: DWORD, PublisherMetadataPropertyBufferSize: DWORD, PublisherMetadataPropertyBuffer: PEVT_VARIANT, PublisherMetadataPropertyBufferUsed: PDWORD, ) -> BOOL452 pub fn EvtGetPublisherMetadataProperty( 453 PublisherMetadata: EVT_HANDLE, 454 PropertyId: EVT_PUBLISHER_METADATA_PROPERTY_ID, 455 Flags: DWORD, 456 PublisherMetadataPropertyBufferSize: DWORD, 457 PublisherMetadataPropertyBuffer: PEVT_VARIANT, 458 PublisherMetadataPropertyBufferUsed: PDWORD, 459 ) -> BOOL; 460 } 461 ENUM!{enum EVT_EVENT_METADATA_PROPERTY_ID { 462 EventMetadataEventID, 463 EventMetadataEventVersion, 464 EventMetadataEventChannel, 465 EventMetadataEventLevel, 466 EventMetadataEventOpcode, 467 EventMetadataEventTask, 468 EventMetadataEventKeyword, 469 EventMetadataEventMessageID, 470 EventMetadataEventTemplate, 471 EvtEventMetadataPropertyIdEND, 472 }} 473 extern "system" { EvtOpenEventMetadataEnum( PublisherMetadata: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE474 pub fn EvtOpenEventMetadataEnum( 475 PublisherMetadata: EVT_HANDLE, 476 Flags: DWORD, 477 ) -> EVT_HANDLE; EvtNextEventMetadata( EventMetadataEnum: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE478 pub fn EvtNextEventMetadata( 479 EventMetadataEnum: EVT_HANDLE, 480 Flags: DWORD, 481 ) -> EVT_HANDLE; EvtGetEventMetadataProperty( EventMetadata: EVT_HANDLE, PropertyId: EVT_EVENT_METADATA_PROPERTY_ID, Flags: DWORD, EventMetadataPropertyBufferSize: DWORD, EventMetadataPropertyBuffer: PEVT_VARIANT, EventMetadataPropertyBufferUsed: PDWORD, ) -> BOOL482 pub fn EvtGetEventMetadataProperty( 483 EventMetadata: EVT_HANDLE, 484 PropertyId: EVT_EVENT_METADATA_PROPERTY_ID, 485 Flags: DWORD, 486 EventMetadataPropertyBufferSize: DWORD, 487 EventMetadataPropertyBuffer: PEVT_VARIANT, 488 EventMetadataPropertyBufferUsed: PDWORD, 489 ) -> BOOL; 490 } 491 pub type EVT_OBJECT_ARRAY_PROPERTY_HANDLE = HANDLE; 492 extern "system" { EvtGetObjectArraySize( ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, ObjectArraySize: PDWORD, ) -> BOOL493 pub fn EvtGetObjectArraySize( 494 ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, 495 ObjectArraySize: PDWORD, 496 ) -> BOOL; EvtGetObjectArrayProperty( ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, PropertyId: DWORD, ArrayIndex: DWORD, Flags: DWORD, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL497 pub fn EvtGetObjectArrayProperty( 498 ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, 499 PropertyId: DWORD, 500 ArrayIndex: DWORD, 501 Flags: DWORD, 502 PropertyValueBufferSize: DWORD, 503 PropertyValueBuffer: PEVT_VARIANT, 504 PropertyValueBufferUsed: PDWORD, 505 ) -> BOOL; 506 } 507 ENUM!{enum EVT_QUERY_PROPERTY_ID { 508 EvtQueryNames, 509 EvtQueryStatuses, 510 EvtQueryPropertyIdEND, 511 }} 512 ENUM!{enum EVT_EVENT_PROPERTY_ID { 513 EvtEventQueryIDs = 0, 514 EvtEventPath, 515 EvtEventPropertyIdEND, 516 }} 517 extern "system" { EvtGetQueryInfo( QueryOrSubscription: EVT_HANDLE, PropertyId: EVT_QUERY_PROPERTY_ID, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL518 pub fn EvtGetQueryInfo( 519 QueryOrSubscription: EVT_HANDLE, 520 PropertyId: EVT_QUERY_PROPERTY_ID, 521 PropertyValueBufferSize: DWORD, 522 PropertyValueBuffer: PEVT_VARIANT, 523 PropertyValueBufferUsed: PDWORD, 524 ) -> BOOL; EvtCreateBookmark( BookmarkXml: LPCWSTR, ) -> EVT_HANDLE525 pub fn EvtCreateBookmark( 526 BookmarkXml: LPCWSTR, 527 ) -> EVT_HANDLE; EvtUpdateBookmark( Bookmark: EVT_HANDLE, Event: EVT_HANDLE, ) -> BOOL528 pub fn EvtUpdateBookmark( 529 Bookmark: EVT_HANDLE, 530 Event: EVT_HANDLE, 531 ) -> BOOL; EvtGetEventInfo( Event: EVT_HANDLE, PropertyId: EVT_EVENT_PROPERTY_ID, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL532 pub fn EvtGetEventInfo( 533 Event: EVT_HANDLE, 534 PropertyId: EVT_EVENT_PROPERTY_ID, 535 PropertyValueBufferSize: DWORD, 536 PropertyValueBuffer: PEVT_VARIANT, 537 PropertyValueBufferUsed: PDWORD, 538 ) -> BOOL; 539 } 540 pub const EVT_READ_ACCESS: DWORD = 0x1; 541 pub const EVT_WRITE_ACCESS: DWORD = 0x2; 542 pub const EVT_CLEAR_ACCESS: DWORD = 0x4; 543 pub const EVT_ALL_ACCESS: DWORD = 0x7; 544