1 // Copyright © 2015-2017 winapi-rs developers 2 // Licensed under the Apache License, Version 2.0 3 // <LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license 4 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option. 5 // All files in the project carrying such notice may not be copied, modified, or distributed 6 // except according to those terms. 7 //! Windows Events API 8 use ctypes::{c_double, c_float}; 9 use shared::basetsd::{INT16, INT32, INT64, INT8, UINT16, UINT32, UINT64, UINT8}; 10 use shared::guiddef::GUID; 11 use shared::minwindef::{BOOL, DWORD, FILETIME, PBYTE, PDWORD}; 12 use um::minwinbase::SYSTEMTIME; 13 use um::winnt::{HANDLE, LCID, LONGLONG, LPCSTR, LPCWSTR, LPSTR, LPWSTR, PSID, PVOID, ULONGLONG}; 14 use vc::vcruntime::size_t; 15 pub type EVT_HANDLE = HANDLE; 16 pub type PEVT_HANDLE = *mut HANDLE; 17 ENUM!{enum EVT_VARIANT_TYPE { 18 EvtVarTypeNull = 0, 19 EvtVarTypeString = 1, 20 EvtVarTypeAnsiString = 2, 21 EvtVarTypeSByte = 3, 22 EvtVarTypeByte = 4, 23 EvtVarTypeInt16 = 5, 24 EvtVarTypeUInt16 = 6, 25 EvtVarTypeInt32 = 7, 26 EvtVarTypeUInt32 = 8, 27 EvtVarTypeInt64 = 9, 28 EvtVarTypeUInt64 = 10, 29 EvtVarTypeSingle = 11, 30 EvtVarTypeDouble = 12, 31 EvtVarTypeBoolean = 13, 32 EvtVarTypeBinary = 14, 33 EvtVarTypeGuid = 15, 34 EvtVarTypeSizeT = 16, 35 EvtVarTypeFileTime = 17, 36 EvtVarTypeSysTime = 18, 37 EvtVarTypeSid = 19, 38 EvtVarTypeHexInt32 = 20, 39 EvtVarTypeHexInt64 = 21, 40 EvtVarTypeEvtHandle = 32, 41 EvtVarTypeEvtXml = 35, 42 }} 43 pub const EVT_VARIANT_TYPE_MASK: DWORD = 0x7f; 44 pub const EVT_VARIANT_TYPE_ARRAY: DWORD = 128; 45 UNION!{union EVT_VARIANT_u { 46 [u64; 1], 47 BooleanVal BooleanVal_mut: BOOL, 48 SByteVal SByteVal_mut: INT8, 49 Int16Val Int16Val_mut: INT16, 50 Int32Val Int32Val_mut: INT32, 51 Int64Val Int64Val_mut: INT64, 52 ByteVal ByteVal_mut: UINT8, 53 UInt16Val UInt16Val_mut: UINT16, 54 UInt32Val UInt32Val_mut: UINT32, 55 UInt64Val UInt64Val_mut: UINT64, 56 SingleVal SingleVal_mut: c_float, 57 DoubleVal DoubleVal_mut: c_double, 58 FileTimeVal FileTimeVal_mut: ULONGLONG, 59 SysTimeVal SysTimeVal_mut: *mut SYSTEMTIME, 60 GuidVal GuidVal_mut: *mut GUID, 61 StringVal StringVal_mut: LPCWSTR, 62 AnsiStringVal AnsiStringVal_mut: LPCSTR, 63 BinaryVal BinaryVal_mut: PBYTE, 64 SidVal SidVal_mut: PSID, 65 SizeTVal SizeTVal_mut: size_t, 66 BooleanArr BooleanArr_mut: *mut BOOL, 67 SByteArr SByteArr_mut: *mut INT8, 68 Int16Arr Int16Arr_mut: *mut INT16, 69 Int32Arr Int32Arr_mut: *mut INT32, 70 Int64Arr Int64Arr_mut: *mut INT64, 71 ByteArr ByteArr_mut: *mut UINT8, 72 UInt16Arr UInt16Arr_mut: *mut UINT16, 73 UInt32Arr UInt32Arr_mut: *mut UINT32, 74 UInt64Arr UInt64Arr_mut: *mut UINT64, 75 SingleArr SingleArr_mut: *mut c_float, 76 DoubleArr DoubleArr_mut: *mut c_double, 77 FileTimeArr FileTimeArr_mut: *mut FILETIME, 78 SysTimeArr SysTimeArr_mut: *mut SYSTEMTIME, 79 GuidArr GuidArr_mut: *mut GUID, 80 StringArr StringArr_mut: *mut LPWSTR, 81 AnsiStringArr AnsiStringArr_mut: *mut LPSTR, 82 SidArr SidArr_mut: *mut PSID, 83 SizeTArr SizeTArr_mut: *mut size_t, 84 EvtHandleVal EvtHandleVal_mut: EVT_HANDLE, 85 XmlVal XmlVal_mut: LPCWSTR, 86 XmlValArr XmlValArr_mut: *mut LPCWSTR, 87 }} 88 STRUCT!{struct EVT_VARIANT { 89 u: EVT_VARIANT_u, 90 Count: DWORD, 91 Type: DWORD, 92 }} 93 pub type PEVT_VARIANT = *mut EVT_VARIANT; 94 ENUM!{enum EVT_LOGIN_CLASS { 95 EvtRpcLogin = 1, 96 }} 97 ENUM!{enum EVT_RPC_LOGIN_FLAGS { 98 EvtRpcLoginAuthDefault = 0, 99 EvtRpcLoginAuthNegotiate, 100 EvtRpcLoginAuthKerberos, 101 EvtRpcLoginAuthNTLM, 102 }} 103 STRUCT!{struct EVT_RPC_LOGIN { 104 Server: LPWSTR, 105 User: LPWSTR, 106 Domain: LPWSTR, 107 Password: LPWSTR, 108 Flags: DWORD, 109 }} 110 extern "system" { EvtOpenSession( LoginClass: EVT_LOGIN_CLASS, Login: PVOID, Timeout: DWORD, Flags: DWORD, ) -> EVT_HANDLE111 pub fn EvtOpenSession( 112 LoginClass: EVT_LOGIN_CLASS, 113 Login: PVOID, 114 Timeout: DWORD, 115 Flags: DWORD, 116 ) -> EVT_HANDLE; EvtClose( Object: EVT_HANDLE, ) -> BOOL117 pub fn EvtClose( 118 Object: EVT_HANDLE, 119 ) -> BOOL; EvtCancel( Object: EVT_HANDLE, ) -> BOOL120 pub fn EvtCancel( 121 Object: EVT_HANDLE, 122 ) -> BOOL; EvtGetExtendedStatus( BufferSize: DWORD, Buffer: LPWSTR, BufferUsed: PDWORD, ) -> DWORD123 pub fn EvtGetExtendedStatus( 124 BufferSize: DWORD, 125 Buffer: LPWSTR, 126 BufferUsed: PDWORD, 127 ) -> DWORD; 128 } 129 ENUM!{enum EVT_QUERY_FLAGS { 130 EvtQueryChannelPath = 0x1, 131 EvtQueryFilePath = 0x2, 132 EvtQueryForwardDirection = 0x100, 133 EvtQueryReverseDirection = 0x200, 134 EvtQueryTolerateQueryErrors = 0x1000, 135 }} 136 ENUM!{enum EVT_SEEK_FLAGS { 137 EvtSeekRelativeToFirst = 1, 138 EvtSeekRelativeToLast = 2, 139 EvtSeekRelativeToCurrent = 3, 140 EvtSeekRelativeToBookmark = 4, 141 EvtSeekOriginMask = 7, 142 EvtSeekStrict = 0x10000, 143 }} 144 extern "system" { EvtQuery( Session: EVT_HANDLE, Path: LPCWSTR, Query: LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE145 pub fn EvtQuery( 146 Session: EVT_HANDLE, 147 Path: LPCWSTR, 148 Query: LPCWSTR, 149 Flags: DWORD, 150 ) -> EVT_HANDLE; EvtNext( ResultSet: EVT_HANDLE, EventsSize: DWORD, Events: PEVT_HANDLE, Timeout: DWORD, Flags: DWORD, Returned: PDWORD, ) -> BOOL151 pub fn EvtNext( 152 ResultSet: EVT_HANDLE, 153 EventsSize: DWORD, 154 Events: PEVT_HANDLE, 155 Timeout: DWORD, 156 Flags: DWORD, 157 Returned: PDWORD, 158 ) -> BOOL; EvtSeek( ResultSet: EVT_HANDLE, Position: LONGLONG, Bookmark: EVT_HANDLE, Timeout: DWORD, Flags: DWORD, ) -> BOOL159 pub fn EvtSeek( 160 ResultSet: EVT_HANDLE, 161 Position: LONGLONG, 162 Bookmark: EVT_HANDLE, 163 Timeout: DWORD, 164 Flags: DWORD, 165 ) -> BOOL; 166 } 167 ENUM!{enum EVT_SUBSCRIBE_FLAGS { 168 EvtSubscribeToFutureEvents = 1, 169 EvtSubscribeStartAtOldestRecord = 2, 170 EvtSubscribeStartAfterBookmark = 3, 171 EvtSubscribeOriginMask = 3, 172 EvtSubscribeTolerateQueryErrors = 0x1000, 173 EvtSubscribeStrict = 0x10000, 174 }} 175 ENUM!{enum EVT_SUBSCRIBE_NOTIFY_ACTION { 176 EvtSubscribeActionError = 0, 177 EvtSubscribeActionDeliver, 178 }} 179 FN!{stdcall EVT_SUBSCRIBE_CALLBACK( 180 Action: EVT_SUBSCRIBE_NOTIFY_ACTION, 181 UserContext: PVOID, 182 Event: EVT_HANDLE, 183 ) -> DWORD} 184 extern "system" { EvtSubscribe( Session: EVT_HANDLE, SignalEvent: HANDLE, ChannelPath: LPCWSTR, Query: LPCWSTR, Bookmark: EVT_HANDLE, Context: PVOID, Callback: EVT_SUBSCRIBE_CALLBACK, Flags: DWORD, ) -> EVT_HANDLE185 pub fn EvtSubscribe( 186 Session: EVT_HANDLE, 187 SignalEvent: HANDLE, 188 ChannelPath: LPCWSTR, 189 Query: LPCWSTR, 190 Bookmark: EVT_HANDLE, 191 Context: PVOID, 192 Callback: EVT_SUBSCRIBE_CALLBACK, 193 Flags: DWORD, 194 ) -> EVT_HANDLE; 195 } 196 ENUM!{enum EVT_SYSTEM_PROPERTY_ID { 197 EvtSystemProviderName = 0, 198 EvtSystemProviderGuid, 199 EvtSystemEventID, 200 EvtSystemQualifiers, 201 EvtSystemLevel, 202 EvtSystemTask, 203 EvtSystemOpcode, 204 EvtSystemKeywords, 205 EvtSystemTimeCreated, 206 EvtSystemEventRecordId, 207 EvtSystemActivityID, 208 EvtSystemRelatedActivityID, 209 EvtSystemProcessID, 210 EvtSystemThreadID, 211 EvtSystemChannel, 212 EvtSystemComputer, 213 EvtSystemUserID, 214 EvtSystemVersion, 215 EvtSystemPropertyIdEND, 216 }} 217 ENUM!{enum EVT_RENDER_CONTEXT_FLAGS { 218 EvtRenderContextValues = 0, 219 EvtRenderContextSystem, 220 EvtRenderContextUser, 221 }} 222 ENUM!{enum EVT_RENDER_FLAGS { 223 EvtRenderEventValues = 0, 224 EvtRenderEventXml, 225 EvtRenderBookmark, 226 }} 227 extern "system" { EvtCreateRenderContext( ValuePathsCount: DWORD, ValuePaths: *mut LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE228 pub fn EvtCreateRenderContext( 229 ValuePathsCount: DWORD, 230 ValuePaths: *mut LPCWSTR, 231 Flags: DWORD, 232 ) -> EVT_HANDLE; EvtRender( Context: EVT_HANDLE, Fragment: EVT_HANDLE, Flags: DWORD, BufferSize: DWORD, Buffer: PVOID, BufferUsed: PDWORD, PropertyCount: PDWORD, ) -> BOOL233 pub fn EvtRender( 234 Context: EVT_HANDLE, 235 Fragment: EVT_HANDLE, 236 Flags: DWORD, 237 BufferSize: DWORD, 238 Buffer: PVOID, 239 BufferUsed: PDWORD, 240 PropertyCount: PDWORD, 241 ) -> BOOL; 242 } 243 ENUM!{enum EVT_FORMAT_MESSAGE_FLAGS { 244 EvtFormatMessageEvent = 1, 245 EvtFormatMessageLevel, 246 EvtFormatMessageTask, 247 EvtFormatMessageOpcode, 248 EvtFormatMessageKeyword, 249 EvtFormatMessageChannel, 250 EvtFormatMessageProvider, 251 EvtFormatMessageId, 252 EvtFormatMessageXml, 253 }} 254 extern "system" { EvtFormatMessage( PublisherMetadata: EVT_HANDLE, Event: EVT_HANDLE, MessageId: DWORD, ValueCount: DWORD, Values: PEVT_VARIANT, Flags: DWORD, BufferSize: DWORD, Buffer: LPWSTR, BufferUsed: PDWORD, ) -> BOOL255 pub fn EvtFormatMessage( 256 PublisherMetadata: EVT_HANDLE, 257 Event: EVT_HANDLE, 258 MessageId: DWORD, 259 ValueCount: DWORD, 260 Values: PEVT_VARIANT, 261 Flags: DWORD, 262 BufferSize: DWORD, 263 Buffer: LPWSTR, 264 BufferUsed: PDWORD, 265 ) -> BOOL; 266 } 267 ENUM!{enum EVT_OPEN_LOG_FLAGS { 268 EvtOpenChannelPath = 0x1, 269 EvtOpenFilePath = 0x2, 270 }} 271 ENUM!{enum EVT_LOG_PROPERTY_ID { 272 EvtLogCreationTime = 0, 273 EvtLogLastAccessTime, 274 EvtLogLastWriteTime, 275 EvtLogFileSize, 276 EvtLogAttributes, 277 EvtLogNumberOfLogRecords, 278 EvtLogOldestRecordNumber, 279 EvtLogFull, 280 }} 281 extern "system" { EvtOpenLog( Session: EVT_HANDLE, Path: LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE282 pub fn EvtOpenLog( 283 Session: EVT_HANDLE, 284 Path: LPCWSTR, 285 Flags: DWORD, 286 ) -> EVT_HANDLE; EvtGetLogInfo( Log: EVT_HANDLE, PropertyId: EVT_LOG_PROPERTY_ID, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL287 pub fn EvtGetLogInfo( 288 Log: EVT_HANDLE, 289 PropertyId: EVT_LOG_PROPERTY_ID, 290 PropertyValueBufferSize: DWORD, 291 PropertyValueBuffer: PEVT_VARIANT, 292 PropertyValueBufferUsed: PDWORD, 293 ) -> BOOL; EvtClearLog( Session: EVT_HANDLE, ChannelPath: LPCWSTR, TargetFilePath: LPCWSTR, Flags: DWORD, ) -> BOOL294 pub fn EvtClearLog( 295 Session: EVT_HANDLE, 296 ChannelPath: LPCWSTR, 297 TargetFilePath: LPCWSTR, 298 Flags: DWORD, 299 ) -> BOOL; 300 } 301 ENUM!{enum EVT_EXPORTLOG_FLAGS { 302 EvtExportLogChannelPath = 0x1, 303 EvtExportLogFilePath = 0x2, 304 EvtExportLogTolerateQueryErrors = 0x1000, 305 EvtExportLogOverwrite = 0x2000, 306 }} 307 extern "system" { EvtExportLog( Session: EVT_HANDLE, Path: LPCWSTR, Query: LPCWSTR, TargetFilePath: LPCWSTR, Flags: DWORD, ) -> BOOL308 pub fn EvtExportLog( 309 Session: EVT_HANDLE, 310 Path: LPCWSTR, 311 Query: LPCWSTR, 312 TargetFilePath: LPCWSTR, 313 Flags: DWORD, 314 ) -> BOOL; EvtArchiveExportedLog( Session: EVT_HANDLE, LogFilePath: LPCWSTR, Locale: LCID, Flags: DWORD, ) -> BOOL315 pub fn EvtArchiveExportedLog( 316 Session: EVT_HANDLE, 317 LogFilePath: LPCWSTR, 318 Locale: LCID, 319 Flags: DWORD, 320 ) -> BOOL; 321 } 322 ENUM!{enum EVT_CHANNEL_CONFIG_PROPERTY_ID { 323 EvtChannelConfigEnabled = 0, 324 EvtChannelConfigIsolation, 325 EvtChannelConfigType, 326 EvtChannelConfigOwningPublisher, 327 EvtChannelConfigClassicEventlog, 328 EvtChannelConfigAccess, 329 EvtChannelLoggingConfigRetention, 330 EvtChannelLoggingConfigAutoBackup, 331 EvtChannelLoggingConfigMaxSize, 332 EvtChannelLoggingConfigLogFilePath, 333 EvtChannelPublishingConfigLevel, 334 EvtChannelPublishingConfigKeywords, 335 EvtChannelPublishingConfigControlGuid, 336 EvtChannelPublishingConfigBufferSize, 337 EvtChannelPublishingConfigMinBuffers, 338 EvtChannelPublishingConfigMaxBuffers, 339 EvtChannelPublishingConfigLatency, 340 EvtChannelPublishingConfigClockType, 341 EvtChannelPublishingConfigSidType, 342 EvtChannelPublisherList, 343 EvtChannelPublishingConfigFileMax, 344 EvtChannelConfigPropertyIdEND, 345 }} 346 ENUM!{enum EVT_CHANNEL_TYPE { 347 EvtChannelTypeAdmin = 0, 348 EvtChannelTypeOperational, 349 EvtChannelTypeAnalytic, 350 EvtChannelTypeDebug, 351 }} 352 ENUM!{enum EVT_CHANNEL_ISOLATION_TYPE { 353 EvtChannelIsolationTypeApplication = 0, 354 EvtChannelIsolationTypeSystem, 355 EvtChannelIsolationTypeCustom, 356 }} 357 ENUM!{enum EVT_CHANNEL_CLOCK_TYPE { 358 EvtChannelClockTypeSystemTime = 0, 359 EvtChannelClockTypeQPC, 360 }} 361 ENUM!{enum EVT_CHANNEL_SID_TYPE { 362 EvtChannelSidTypeNone = 0, 363 EvtChannelSidTypePublishing, 364 }} 365 extern "system" { EvtOpenChannelEnum( Session: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE366 pub fn EvtOpenChannelEnum( 367 Session: EVT_HANDLE, 368 Flags: DWORD, 369 ) -> EVT_HANDLE; EvtNextChannelPath( ChannelEnum: EVT_HANDLE, ChannelPathBufferSize: DWORD, ChannelPathBuffer: LPWSTR, ChannelPathBufferUsed: PDWORD, ) -> BOOL370 pub fn EvtNextChannelPath( 371 ChannelEnum: EVT_HANDLE, 372 ChannelPathBufferSize: DWORD, 373 ChannelPathBuffer: LPWSTR, 374 ChannelPathBufferUsed: PDWORD, 375 ) -> BOOL; EvtOpenChannelConfig( Session: EVT_HANDLE, ChannelPath: LPCWSTR, Flags: DWORD, ) -> EVT_HANDLE376 pub fn EvtOpenChannelConfig( 377 Session: EVT_HANDLE, 378 ChannelPath: LPCWSTR, 379 Flags: DWORD, 380 ) -> EVT_HANDLE; EvtSaveChannelConfig( ChannelConfig: EVT_HANDLE, Flags: DWORD, ) -> BOOL381 pub fn EvtSaveChannelConfig( 382 ChannelConfig: EVT_HANDLE, 383 Flags: DWORD, 384 ) -> BOOL; EvtSetChannelConfigProperty( ChannelConfig: EVT_HANDLE, PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, Flags: DWORD, PropertyValue: PEVT_VARIANT, ) -> BOOL385 pub fn EvtSetChannelConfigProperty( 386 ChannelConfig: EVT_HANDLE, 387 PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, 388 Flags: DWORD, 389 PropertyValue: PEVT_VARIANT, 390 ) -> BOOL; EvtGetChannelConfigProperty( ChannelConfig: EVT_HANDLE, PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, Flags: DWORD, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL391 pub fn EvtGetChannelConfigProperty( 392 ChannelConfig: EVT_HANDLE, 393 PropertyId: EVT_CHANNEL_CONFIG_PROPERTY_ID, 394 Flags: DWORD, 395 PropertyValueBufferSize: DWORD, 396 PropertyValueBuffer: PEVT_VARIANT, 397 PropertyValueBufferUsed: PDWORD, 398 ) -> BOOL; 399 } 400 ENUM!{enum EVT_CHANNEL_REFERENCE_FLAGS { 401 EvtChannelReferenceImported = 0x1, 402 }} 403 ENUM!{enum EVT_PUBLISHER_METADATA_PROPERTY_ID { 404 EvtPublisherMetadataPublisherGuid = 0, 405 EvtPublisherMetadataResourceFilePath, 406 EvtPublisherMetadataParameterFilePath, 407 EvtPublisherMetadataMessageFilePath, 408 EvtPublisherMetadataHelpLink, 409 EvtPublisherMetadataPublisherMessageID, 410 EvtPublisherMetadataChannelReferences, 411 EvtPublisherMetadataChannelReferencePath, 412 EvtPublisherMetadataChannelReferenceIndex, 413 EvtPublisherMetadataChannelReferenceID, 414 EvtPublisherMetadataChannelReferenceFlags, 415 EvtPublisherMetadataChannelReferenceMessageID, 416 EvtPublisherMetadataLevels, 417 EvtPublisherMetadataLevelName, 418 EvtPublisherMetadataLevelValue, 419 EvtPublisherMetadataLevelMessageID, 420 EvtPublisherMetadataTasks, 421 EvtPublisherMetadataTaskName, 422 EvtPublisherMetadataTaskEventGuid, 423 EvtPublisherMetadataTaskValue, 424 EvtPublisherMetadataTaskMessageID, 425 EvtPublisherMetadataOpcodes, 426 EvtPublisherMetadataOpcodeName, 427 EvtPublisherMetadataOpcodeValue, 428 EvtPublisherMetadataOpcodeMessageID, 429 EvtPublisherMetadataKeywords, 430 EvtPublisherMetadataKeywordName, 431 EvtPublisherMetadataKeywordValue, 432 EvtPublisherMetadataKeywordMessageID, 433 EvtPublisherMetadataPropertyIdEND, 434 }} 435 extern "system" { EvtOpenPublisherEnum( Session: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE436 pub fn EvtOpenPublisherEnum( 437 Session: EVT_HANDLE, 438 Flags: DWORD, 439 ) -> EVT_HANDLE; EvtNextPublisherId( PublisherEnum: EVT_HANDLE, PublisherIdBufferSize: DWORD, PublisherIdBuffer: LPWSTR, PublisherIdBufferUsed: PDWORD, ) -> BOOL440 pub fn EvtNextPublisherId( 441 PublisherEnum: EVT_HANDLE, 442 PublisherIdBufferSize: DWORD, 443 PublisherIdBuffer: LPWSTR, 444 PublisherIdBufferUsed: PDWORD, 445 ) -> BOOL; EvtOpenPublisherMetadata( Session: EVT_HANDLE, PublisherId: LPCWSTR, LogFilePath: LPCWSTR, Locale: LCID, Flags: DWORD, ) -> EVT_HANDLE446 pub fn EvtOpenPublisherMetadata( 447 Session: EVT_HANDLE, 448 PublisherId: LPCWSTR, 449 LogFilePath: LPCWSTR, 450 Locale: LCID, 451 Flags: DWORD, 452 ) -> EVT_HANDLE; EvtGetPublisherMetadataProperty( PublisherMetadata: EVT_HANDLE, PropertyId: EVT_PUBLISHER_METADATA_PROPERTY_ID, Flags: DWORD, PublisherMetadataPropertyBufferSize: DWORD, PublisherMetadataPropertyBuffer: PEVT_VARIANT, PublisherMetadataPropertyBufferUsed: PDWORD, ) -> BOOL453 pub fn EvtGetPublisherMetadataProperty( 454 PublisherMetadata: EVT_HANDLE, 455 PropertyId: EVT_PUBLISHER_METADATA_PROPERTY_ID, 456 Flags: DWORD, 457 PublisherMetadataPropertyBufferSize: DWORD, 458 PublisherMetadataPropertyBuffer: PEVT_VARIANT, 459 PublisherMetadataPropertyBufferUsed: PDWORD, 460 ) -> BOOL; 461 } 462 ENUM!{enum EVT_EVENT_METADATA_PROPERTY_ID { 463 EventMetadataEventID, 464 EventMetadataEventVersion, 465 EventMetadataEventChannel, 466 EventMetadataEventLevel, 467 EventMetadataEventOpcode, 468 EventMetadataEventTask, 469 EventMetadataEventKeyword, 470 EventMetadataEventMessageID, 471 EventMetadataEventTemplate, 472 EvtEventMetadataPropertyIdEND, 473 }} 474 extern "system" { EvtOpenEventMetadataEnum( PublisherMetadata: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE475 pub fn EvtOpenEventMetadataEnum( 476 PublisherMetadata: EVT_HANDLE, 477 Flags: DWORD, 478 ) -> EVT_HANDLE; EvtNextEventMetadata( EventMetadataEnum: EVT_HANDLE, Flags: DWORD, ) -> EVT_HANDLE479 pub fn EvtNextEventMetadata( 480 EventMetadataEnum: EVT_HANDLE, 481 Flags: DWORD, 482 ) -> EVT_HANDLE; EvtGetEventMetadataProperty( EventMetadata: EVT_HANDLE, PropertyId: EVT_EVENT_METADATA_PROPERTY_ID, Flags: DWORD, EventMetadataPropertyBufferSize: DWORD, EventMetadataPropertyBuffer: PEVT_VARIANT, EventMetadataPropertyBufferUsed: PDWORD, ) -> BOOL483 pub fn EvtGetEventMetadataProperty( 484 EventMetadata: EVT_HANDLE, 485 PropertyId: EVT_EVENT_METADATA_PROPERTY_ID, 486 Flags: DWORD, 487 EventMetadataPropertyBufferSize: DWORD, 488 EventMetadataPropertyBuffer: PEVT_VARIANT, 489 EventMetadataPropertyBufferUsed: PDWORD, 490 ) -> BOOL; 491 } 492 pub type EVT_OBJECT_ARRAY_PROPERTY_HANDLE = HANDLE; 493 extern "system" { EvtGetObjectArraySize( ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, ObjectArraySize: PDWORD, ) -> BOOL494 pub fn EvtGetObjectArraySize( 495 ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, 496 ObjectArraySize: PDWORD, 497 ) -> BOOL; EvtGetObjectArrayProperty( ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, PropertyId: DWORD, ArrayIndex: DWORD, Flags: DWORD, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL498 pub fn EvtGetObjectArrayProperty( 499 ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, 500 PropertyId: DWORD, 501 ArrayIndex: DWORD, 502 Flags: DWORD, 503 PropertyValueBufferSize: DWORD, 504 PropertyValueBuffer: PEVT_VARIANT, 505 PropertyValueBufferUsed: PDWORD, 506 ) -> BOOL; 507 } 508 ENUM!{enum EVT_QUERY_PROPERTY_ID { 509 EvtQueryNames, 510 EvtQueryStatuses, 511 EvtQueryPropertyIdEND, 512 }} 513 ENUM!{enum EVT_EVENT_PROPERTY_ID { 514 EvtEventQueryIDs = 0, 515 EvtEventPath, 516 EvtEventPropertyIdEND, 517 }} 518 extern "system" { EvtGetQueryInfo( QueryOrSubscription: EVT_HANDLE, PropertyId: EVT_QUERY_PROPERTY_ID, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL519 pub fn EvtGetQueryInfo( 520 QueryOrSubscription: EVT_HANDLE, 521 PropertyId: EVT_QUERY_PROPERTY_ID, 522 PropertyValueBufferSize: DWORD, 523 PropertyValueBuffer: PEVT_VARIANT, 524 PropertyValueBufferUsed: PDWORD, 525 ) -> BOOL; EvtCreateBookmark( BookmarkXml: LPCWSTR, ) -> EVT_HANDLE526 pub fn EvtCreateBookmark( 527 BookmarkXml: LPCWSTR, 528 ) -> EVT_HANDLE; EvtUpdateBookmark( Bookmark: EVT_HANDLE, Event: EVT_HANDLE, ) -> BOOL529 pub fn EvtUpdateBookmark( 530 Bookmark: EVT_HANDLE, 531 Event: EVT_HANDLE, 532 ) -> BOOL; EvtGetEventInfo( Event: EVT_HANDLE, PropertyId: EVT_EVENT_PROPERTY_ID, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT, PropertyValueBufferUsed: PDWORD, ) -> BOOL533 pub fn EvtGetEventInfo( 534 Event: EVT_HANDLE, 535 PropertyId: EVT_EVENT_PROPERTY_ID, 536 PropertyValueBufferSize: DWORD, 537 PropertyValueBuffer: PEVT_VARIANT, 538 PropertyValueBufferUsed: PDWORD, 539 ) -> BOOL; 540 } 541 pub const EVT_READ_ACCESS: DWORD = 0x1; 542 pub const EVT_WRITE_ACCESS: DWORD = 0x2; 543 pub const EVT_CLEAR_ACCESS: DWORD = 0x4; 544 pub const EVT_ALL_ACCESS: DWORD = 0x7; 545