1/*
2 * Event Log RPC interface definition
3 */
4
5#include <ms-dtyp.idl>
6
7cpp_quote("#if !defined(__EVENTLOG_H__) && !defined(__ADVAPI32_H)")
8typedef long NTSTATUS;
9cpp_quote("#endif")
10
11#define MAX_STRINGS      0x00000100
12#define MAX_SINGLE_EVENT 0x0003FFFF // On Vista+ this is reduced to 0x0000F000
13#define MAX_BATCH_BUFF   0x0007FFFF
14
15typedef [range(0, MAX_BATCH_BUFF)] unsigned long RULONG;
16typedef struct _RPC_STRING {
17    USHORT Length;
18    USHORT MaximumLength;
19    [size_is(MaximumLength), length_is(Length)] LPSTR Buffer;
20} RPC_STRING, *PRPC_STRING;
21
22typedef [context_handle] PVOID IELF_HANDLE;
23typedef IELF_HANDLE *PIELF_HANDLE;
24typedef [handle, unique] LPWSTR EVENTLOG_HANDLE_W;
25typedef [handle, unique] LPSTR EVENTLOG_HANDLE_A;
26
27typedef struct _RPC_CLIENT_ID {
28    ULONG UniqueProcess;
29    ULONG UniqueThread;
30} RPC_CLIENT_ID, *PRPC_CLIENT_ID;
31
32[
33    uuid(82273FDC-E32A-18C3-3F78-827929DC23EA),
34    version(0.0),
35    pointer_default(unique),
36    endpoint("ncacn_np:[\\pipe\\EventLog]")
37#ifndef __midl
38    ,explicit_handle
39#endif
40]
41
42interface eventlog
43{
44    /* Function 0 */
45    NTSTATUS ElfrClearELFW(
46        [in] IELF_HANDLE LogHandle,
47        [in, unique] PRPC_UNICODE_STRING BackupFileName);
48
49    /* Function 1 */
50     NTSTATUS ElfrBackupELFW(
51        [in] IELF_HANDLE LogHandle,
52        [in, unique] PRPC_UNICODE_STRING BackupFileName);
53
54    /* Function 2 */
55    NTSTATUS ElfrCloseEL(
56        [in, out] PIELF_HANDLE LogHandle);
57
58    /* Function 3 */
59    NTSTATUS ElfrDeregisterEventSource(
60        [in, out] PIELF_HANDLE LogHandle);
61
62    /* Function 4 */
63    NTSTATUS ElfrNumberOfRecords(
64        [in] IELF_HANDLE LogHandle,
65        [out] PULONG NumberOfRecords);
66
67    /* Function 5 */
68    NTSTATUS ElfrOldestRecord(
69        [in] IELF_HANDLE LogHandle,
70        [out] PULONG OldestRecordNumber);
71
72    /* Function 6 */
73    NTSTATUS ElfrChangeNotify(
74        [in] IELF_HANDLE LogHandle,
75        [in] RPC_CLIENT_ID ClientId,
76        [in] ULONG Event);
77
78    /* Function 7 */
79    NTSTATUS ElfrOpenELW(
80        [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */
81        [in] PRPC_UNICODE_STRING ModuleName,
82        [in] PRPC_UNICODE_STRING RegModuleName,
83        [in] ULONG MajorVersion,
84        [in] ULONG MinorVersion,
85        [out] PIELF_HANDLE LogHandle);
86
87    /* Function 8 */
88    NTSTATUS ElfrRegisterEventSourceW(
89        [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */
90        [in] PRPC_UNICODE_STRING ModuleName,
91        [in] PRPC_UNICODE_STRING RegModuleName,
92        [in] ULONG MajorVersion,
93        [in] ULONG MinorVersion,
94        [out] PIELF_HANDLE LogHandle);
95
96    /* Function 9 */
97    NTSTATUS ElfrOpenBELW(
98        [in, unique] EVENTLOG_HANDLE_W UNCServerName, /* FIXME */
99        [in] PRPC_UNICODE_STRING BackupFileName,
100        [in] ULONG MajorVersion,
101        [in] ULONG MinorVersion,
102        [out] PIELF_HANDLE LogHandle);
103
104    /* Function 10 */
105    NTSTATUS ElfrReadELW(
106        [in] IELF_HANDLE LogHandle,
107        [in] ULONG ReadFlags,
108        [in] ULONG RecordOffset,
109        [in] RULONG NumberOfBytesToRead,
110        [out, size_is(NumberOfBytesToRead)] PBYTE Buffer,
111        [out] PULONG NumberOfBytesRead,
112        [out] PULONG MinNumberOfBytesNeeded);
113
114    /* Function 11 */
115    NTSTATUS ElfrReportEventW(
116        [in] IELF_HANDLE LogHandle,
117        [in] ULONG Time,
118        [in] USHORT EventType,
119        [in] USHORT EventCategory,
120        [in] ULONG EventID,
121        [in, range(0, MAX_STRINGS)] USHORT NumStrings,
122        [in, range(0, MAX_SINGLE_EVENT)] ULONG DataSize,
123        [in] PRPC_UNICODE_STRING ComputerName,
124        [in, unique] PRPC_SID UserSID,
125        [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
126        [in, size_is(DataSize), unique] PBYTE Data,
127        [in] USHORT Flags,
128        [in, out, unique] PULONG RecordNumber,
129        [in, out, unique] PULONG TimeWritten);
130
131    /* Function 12 */
132    NTSTATUS ElfrClearELFA(
133        [in] IELF_HANDLE LogHandle,
134        [in, unique] PRPC_STRING BackupFileName);
135
136    /* Function 13 */
137     NTSTATUS ElfrBackupELFA(
138        [in] IELF_HANDLE LogHandle,
139        [in, unique] PRPC_STRING BackupFileName);
140
141    /* Function 14 */
142    NTSTATUS ElfrOpenELA(
143        [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */
144        [in] PRPC_STRING ModuleName,
145        [in] PRPC_STRING RegModuleName,
146        [in] ULONG MajorVersion,
147        [in] ULONG MinorVersion,
148        [out] PIELF_HANDLE LogHandle);
149
150    /* Function 15 */
151    NTSTATUS ElfrRegisterEventSourceA(
152        [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */
153        [in] PRPC_STRING ModuleName,
154        [in] PRPC_STRING RegModuleName,
155        [in] ULONG MajorVersion,
156        [in] ULONG MinorVersion,
157        [out] PIELF_HANDLE LogHandle);
158
159    /* Function 16 */
160    NTSTATUS ElfrOpenBELA(
161        [in, unique] EVENTLOG_HANDLE_A UNCServerName, /* FIXME */
162        [in] PRPC_STRING BackupFileName,
163        [in] ULONG MajorVersion,
164        [in] ULONG MinorVersion,
165        [out] PIELF_HANDLE LogHandle);
166
167    /* Function 17 */
168    NTSTATUS ElfrReadELA(
169        [in] IELF_HANDLE LogHandle,
170        [in] ULONG ReadFlags,
171        [in] ULONG RecordOffset,
172        [in] RULONG NumberOfBytesToRead,
173        [out, size_is(NumberOfBytesToRead)] PBYTE Buffer,
174        [out] PULONG NumberOfBytesRead,
175        [out] PULONG MinNumberOfBytesNeeded);
176
177    /* Function 18 */
178    NTSTATUS ElfrReportEventA(
179        [in] IELF_HANDLE LogHandle,
180        [in] ULONG Time,
181        [in] USHORT EventType,
182        [in] USHORT EventCategory,
183        [in] ULONG EventID,
184        [in, range(0, MAX_STRINGS)] USHORT NumStrings,
185        [in, range(0, MAX_SINGLE_EVENT)] ULONG DataSize,
186        [in] PRPC_STRING ComputerName,
187        [in, unique] PRPC_SID UserSID,
188        [in, size_is(NumStrings), unique] PRPC_STRING Strings[*],
189        [in, size_is(DataSize), unique] PBYTE Data,
190        [in] USHORT Flags,
191        [in, out, unique] PULONG RecordNumber,
192        [in, out, unique] PULONG TimeWritten);
193
194    /* Function 19 */
195    NTSTATUS ElfrRegisterClusterSvc(
196        [in] handle_t BindingHandle);
197
198    /* Function 20 */
199    NTSTATUS ElfrDeregisterClusterSvc(
200        [in] handle_t BindingHandle);
201
202    /* Function 21 */
203    NTSTATUS ElfrWriteClusterEvents(
204        [in] handle_t BindingHandle);
205
206    /* Function 22 */
207    NTSTATUS ElfrGetLogInformation(
208        [in] IELF_HANDLE LogHandle,
209        [in] ULONG InfoLevel,
210        [out, size_is(cbBufSize)] PBYTE Buffer,
211        [in, range(0, 1024)] ULONG cbBufSize,
212        [out] PULONG pcbBytesNeeded);
213
214    /* Function 23 */
215    NTSTATUS ElfrFlushEL(
216        [in] IELF_HANDLE LogHandle);
217
218    /* Function 24 */
219    NTSTATUS ElfrReportEventAndSourceW(
220        [in] IELF_HANDLE LogHandle,
221        [in] ULONG Time,
222        [in] USHORT EventType,
223        [in] USHORT EventCategory,
224        [in] ULONG EventID,
225        [in] PRPC_UNICODE_STRING SourceName,
226        [in, range(0, MAX_STRINGS)] USHORT NumStrings,
227        [in, range(0, MAX_SINGLE_EVENT)] ULONG DataSize,
228        [in] PRPC_UNICODE_STRING ComputerName,
229        [in, unique] PRPC_SID UserSID,
230        [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*],
231        [in, size_is(DataSize), unique] PBYTE Data,
232        [in] USHORT Flags,
233        [in, out, unique] PULONG RecordNumber,
234        [in, out, unique] PULONG TimeWritten);
235}
236