1/* 2 * Event Log RPC interface definition 3 */ 4 5#include <ms-dtyp.idl> 6 7cpp_quote("#if !defined(__EVENTLOG_H__) && !defined(__ADVAPI32_H)") 8typedef long NTSTATUS; 9cpp_quote("#endif") 10 11#define MAX_STRINGS 0x00000100 12#define MAX_SINGLE_EVENT 0x0003FFFF // On Vista+ this is reduced to 0x0000F000 13#define MAX_BATCH_BUFF 0x0007FFFF 14 15typedef [range(0, MAX_BATCH_BUFF)] unsigned long RULONG; 16typedef struct _RPC_STRING { 17 USHORT Length; 18 USHORT MaximumLength; 19 [size_is(MaximumLength), length_is(Length)] LPSTR Buffer; 20} RPC_STRING, *PRPC_STRING; 21 22typedef [context_handle] PVOID IELF_HANDLE; 23typedef IELF_HANDLE *PIELF_HANDLE; 24typedef [handle, unique] LPWSTR EVENTLOG_HANDLE_W; 25typedef [handle, unique] LPSTR EVENTLOG_HANDLE_A; 26 27typedef struct _RPC_CLIENT_ID { 28 ULONG UniqueProcess; 29 ULONG UniqueThread; 30} RPC_CLIENT_ID, *PRPC_CLIENT_ID; 31 32[ 33 uuid(82273FDC-E32A-18C3-3F78-827929DC23EA), 34 version(0.0), 35 pointer_default(unique), 36 endpoint("ncacn_np:[\\pipe\\EventLog]") 37#ifndef __midl 38 ,explicit_handle 39#endif 40] 41 42interface eventlog 43{ 44 /* Function 0 */ 45 NTSTATUS 46 __stdcall 47 ElfrClearELFW( 48 [in] IELF_HANDLE LogHandle, 49 [in, unique] PRPC_UNICODE_STRING BackupFileName); 50 51 /* Function 1 */ 52 NTSTATUS 53 __stdcall 54 ElfrBackupELFW( 55 [in] IELF_HANDLE LogHandle, 56 [in, unique] PRPC_UNICODE_STRING BackupFileName); 57 58 /* Function 2 */ 59 NTSTATUS 60 __stdcall 61 ElfrCloseEL( 62 [in, out] PIELF_HANDLE LogHandle); 63 64 /* Function 3 */ 65 NTSTATUS 66 __stdcall 67 ElfrDeregisterEventSource( 68 [in, out] PIELF_HANDLE LogHandle); 69 70 /* Function 4 */ 71 NTSTATUS 72 __stdcall 73 ElfrNumberOfRecords( 74 [in] IELF_HANDLE LogHandle, 75 [out] PULONG NumberOfRecords); 76 77 /* Function 5 */ 78 NTSTATUS 79 __stdcall 80 ElfrOldestRecord( 81 [in] IELF_HANDLE LogHandle, 82 [out] PULONG OldestRecordNumber); 83 84 /* Function 6 */ 85 NTSTATUS 86 __stdcall 87 ElfrChangeNotify( 88 [in] IELF_HANDLE LogHandle, 89 [in] RPC_CLIENT_ID ClientId, 90 [in] ULONG Event); 91 92 /* Function 7 */ 93 NTSTATUS 94 __stdcall 95 ElfrOpenELW( 96 [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */ 97 [in] PRPC_UNICODE_STRING ModuleName, 98 [in] PRPC_UNICODE_STRING RegModuleName, 99 [in] ULONG MajorVersion, 100 [in] ULONG MinorVersion, 101 [out] PIELF_HANDLE LogHandle); 102 103 /* Function 8 */ 104 NTSTATUS 105 __stdcall 106 ElfrRegisterEventSourceW( 107 [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */ 108 [in] PRPC_UNICODE_STRING ModuleName, 109 [in] PRPC_UNICODE_STRING RegModuleName, 110 [in] ULONG MajorVersion, 111 [in] ULONG MinorVersion, 112 [out] PIELF_HANDLE LogHandle); 113 114 /* Function 9 */ 115 NTSTATUS 116 __stdcall 117 ElfrOpenBELW( 118 [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */ 119 [in] PRPC_UNICODE_STRING BackupFileName, 120 [in] ULONG MajorVersion, 121 [in] ULONG MinorVersion, 122 [out] PIELF_HANDLE LogHandle); 123 124 /* Function 10 */ 125 NTSTATUS 126 __stdcall 127 ElfrReadELW( 128 [in] IELF_HANDLE LogHandle, 129 [in] ULONG ReadFlags, 130 [in] ULONG RecordOffset, 131 [in] RULONG NumberOfBytesToRead, 132 [out, size_is(NumberOfBytesToRead)] PBYTE Buffer, 133 [out] PULONG NumberOfBytesRead, 134 [out] PULONG MinNumberOfBytesNeeded); 135 136 /* Function 11 */ 137 NTSTATUS 138 __stdcall 139 ElfrReportEventW( 140 [in] IELF_HANDLE LogHandle, 141 [in] ULONG Time, 142 [in] USHORT EventType, 143 [in] USHORT EventCategory, 144 [in] ULONG EventID, 145 [in, range(0, MAX_STRINGS)] USHORT NumStrings, 146 [in, range(0, MAX_SINGLE_EVENT)] ULONG DataSize, 147 [in] PRPC_UNICODE_STRING ComputerName, 148 [in, unique] PRPC_SID UserSID, 149 [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], 150 [in, size_is(DataSize), unique] PBYTE Data, 151 [in] USHORT Flags, 152 [in, out, unique] PULONG RecordNumber, 153 [in, out, unique] PULONG TimeWritten); 154 155 /* Function 12 */ 156 NTSTATUS 157 __stdcall 158 ElfrClearELFA( 159 [in] IELF_HANDLE LogHandle, 160 [in, unique] PRPC_STRING BackupFileName); 161 162 /* Function 13 */ 163 NTSTATUS 164 __stdcall 165 ElfrBackupELFA( 166 [in] IELF_HANDLE LogHandle, 167 [in, unique] PRPC_STRING BackupFileName); 168 169 /* Function 14 */ 170 NTSTATUS 171 __stdcall 172 ElfrOpenELA( 173 [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */ 174 [in] PRPC_STRING ModuleName, 175 [in] PRPC_STRING RegModuleName, 176 [in] ULONG MajorVersion, 177 [in] ULONG MinorVersion, 178 [out] PIELF_HANDLE LogHandle); 179 180 /* Function 15 */ 181 NTSTATUS 182 __stdcall 183 ElfrRegisterEventSourceA( 184 [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */ 185 [in] PRPC_STRING ModuleName, 186 [in] PRPC_STRING RegModuleName, 187 [in] ULONG MajorVersion, 188 [in] ULONG MinorVersion, 189 [out] PIELF_HANDLE LogHandle); 190 191 /* Function 16 */ 192 NTSTATUS 193 __stdcall 194 ElfrOpenBELA( 195 [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */ 196 [in] PRPC_STRING BackupFileName, 197 [in] ULONG MajorVersion, 198 [in] ULONG MinorVersion, 199 [out] PIELF_HANDLE LogHandle); 200 201 /* Function 17 */ 202 NTSTATUS 203 __stdcall 204 ElfrReadELA( 205 [in] IELF_HANDLE LogHandle, 206 [in] ULONG ReadFlags, 207 [in] ULONG RecordOffset, 208 [in] RULONG NumberOfBytesToRead, 209 [out, size_is(NumberOfBytesToRead)] PBYTE Buffer, 210 [out] PULONG NumberOfBytesRead, 211 [out] PULONG MinNumberOfBytesNeeded); 212 213 /* Function 18 */ 214 NTSTATUS 215 __stdcall 216 ElfrReportEventA( 217 [in] IELF_HANDLE LogHandle, 218 [in] ULONG Time, 219 [in] USHORT EventType, 220 [in] USHORT EventCategory, 221 [in] ULONG EventID, 222 [in, range(0, MAX_STRINGS)] USHORT NumStrings, 223 [in, range(0, MAX_SINGLE_EVENT)] ULONG DataSize, 224 [in] PRPC_STRING ComputerName, 225 [in, unique] PRPC_SID UserSID, 226 [in, size_is(NumStrings), unique] PRPC_STRING Strings[*], 227 [in, size_is(DataSize), unique] PBYTE Data, 228 [in] USHORT Flags, 229 [in, out, unique] PULONG RecordNumber, 230 [in, out, unique] PULONG TimeWritten); 231 232 /* Function 19 */ 233 NTSTATUS 234 __stdcall 235 ElfrRegisterClusterSvc( 236 [in] handle_t BindingHandle); 237 238 /* Function 20 */ 239 NTSTATUS 240 __stdcall 241 ElfrDeregisterClusterSvc( 242 [in] handle_t BindingHandle); 243 244 /* Function 21 */ 245 NTSTATUS 246 __stdcall 247 ElfrWriteClusterEvents( 248 [in] handle_t BindingHandle); 249 250 /* Function 22 */ 251 NTSTATUS 252 __stdcall 253 ElfrGetLogInformation( 254 [in] IELF_HANDLE LogHandle, 255 [in] ULONG InfoLevel, 256 [out, size_is(cbBufSize)] PBYTE Buffer, 257 [in, range(0, 1024)] ULONG cbBufSize, 258 [out] PULONG pcbBytesNeeded); 259 260 /* Function 23 */ 261 NTSTATUS 262 __stdcall 263 ElfrFlushEL( 264 [in] IELF_HANDLE LogHandle); 265 266 /* Function 24 */ 267 NTSTATUS 268 __stdcall 269 ElfrReportEventAndSourceW( 270 [in] IELF_HANDLE LogHandle, 271 [in] ULONG Time, 272 [in] USHORT EventType, 273 [in] USHORT EventCategory, 274 [in] ULONG EventID, 275 [in] PRPC_UNICODE_STRING SourceName, 276 [in, range(0, MAX_STRINGS)] USHORT NumStrings, 277 [in, range(0, MAX_SINGLE_EVENT)] ULONG DataSize, 278 [in] PRPC_UNICODE_STRING ComputerName, 279 [in, unique] PRPC_SID UserSID, 280 [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], 281 [in, size_is(DataSize), unique] PBYTE Data, 282 [in] USHORT Flags, 283 [in, out, unique] PULONG RecordNumber, 284 [in, out, unique] PULONG TimeWritten); 285} 286