1/**
2 * This file is part of the mingw-w64 runtime package.
3 * No warranty is given; refer to the file DISCLAIMER within this package.
4 */
5
6#ifndef _EVNTCONS_H_
7#define _EVNTCONS_H_
8
9#include <winapifamily.h>
10
11#if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
12
13#include <wmistr.h>
14#include <evntrace.h>
15#include <evntprov.h>
16
17#ifdef __cplusplus
18extern "C" {
19#endif
20
21#define EVENT_HEADER_EXT_TYPE_RELATED_ACTIVITYID 0x0001
22#define EVENT_HEADER_EXT_TYPE_SID 0x0002
23#define EVENT_HEADER_EXT_TYPE_TS_ID 0x0003
24#define EVENT_HEADER_EXT_TYPE_INSTANCE_INFO 0x0004
25#define EVENT_HEADER_EXT_TYPE_STACK_TRACE32 0x0005
26#define EVENT_HEADER_EXT_TYPE_STACK_TRACE64 0x0006
27#define EVENT_HEADER_EXT_TYPE_PEBS_INDEX 0x0007
28#define EVENT_HEADER_EXT_TYPE_PMC_COUNTERS 0x0008
29#define EVENT_HEADER_EXT_TYPE_MAX 0x0009
30
31#define EVENT_HEADER_PROPERTY_XML 0x0001
32#define EVENT_HEADER_PROPERTY_FORWARDED_XML 0x0002
33#define EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG 0x0004
34
35#define EVENT_HEADER_FLAG_EXTENDED_INFO 0x0001
36#define EVENT_HEADER_FLAG_PRIVATE_SESSION 0x0002
37#define EVENT_HEADER_FLAG_STRING_ONLY 0x0004
38#define EVENT_HEADER_FLAG_TRACE_MESSAGE 0x0008
39#define EVENT_HEADER_FLAG_NO_CPUTIME 0x0010
40#define EVENT_HEADER_FLAG_32_BIT_HEADER 0x0020
41#define EVENT_HEADER_FLAG_64_BIT_HEADER 0x0040
42#define EVENT_HEADER_FLAG_CLASSIC_HEADER 0x0100
43#define EVENT_HEADER_FLAG_PROCESSOR_INDEX 0x0200
44
45#define EVENT_ENABLE_PROPERTY_SID 0x00000001
46#define EVENT_ENABLE_PROPERTY_TS_ID 0x00000002
47#define EVENT_ENABLE_PROPERTY_STACK_TRACE 0x00000004
48
49#define PROCESS_TRACE_MODE_REAL_TIME 0x00000100
50#define PROCESS_TRACE_MODE_RAW_TIMESTAMP 0x00001000
51#define PROCESS_TRACE_MODE_EVENT_RECORD 0x10000000
52
53  typedef enum {
54    EventSecuritySetDACL,
55    EventSecuritySetSACL,
56    EventSecurityAddDACL,
57    EventSecurityAddSACL,
58    EventSecurityMax
59  } EVENTSECURITYOPERATION;
60
61#ifndef EVENT_HEADER_EXTENDED_DATA_ITEM_DEF
62#define EVENT_HEADER_EXTENDED_DATA_ITEM_DEF
63  typedef struct _EVENT_HEADER_EXTENDED_DATA_ITEM {
64    USHORT Reserved1;
65    USHORT ExtType;
66    __C89_NAMELESS struct {
67      USHORT Linkage : 1;
68      USHORT Reserved2 : 15;
69    };
70    USHORT DataSize;
71    ULONGLONG DataPtr;
72  } EVENT_HEADER_EXTENDED_DATA_ITEM,*PEVENT_HEADER_EXTENDED_DATA_ITEM;
73#endif
74
75  typedef struct _EVENT_EXTENDED_ITEM_INSTANCE {
76    ULONG InstanceId;
77    ULONG ParentInstanceId;
78    GUID ParentGuid;
79  } EVENT_EXTENDED_ITEM_INSTANCE,*PEVENT_EXTENDED_ITEM_INSTANCE;
80
81  typedef struct _EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID {
82    GUID RelatedActivityId;
83  } EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID,*PEVENT_EXTENDED_ITEM_RELATED_ACTIVITYID;
84
85  typedef struct _EVENT_EXTENDED_ITEM_TS_ID {
86    ULONG SessionId;
87  } EVENT_EXTENDED_ITEM_TS_ID,*PEVENT_EXTENDED_ITEM_TS_ID;
88
89  typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE32 {
90    ULONG64 MatchId;
91    ULONG Address[ANYSIZE_ARRAY];
92  } EVENT_EXTENDED_ITEM_STACK_TRACE32,*PEVENT_EXTENDED_ITEM_STACK_TRACE32;
93
94  typedef struct _EVENT_EXTENDED_ITEM_STACK_TRACE64 {
95    ULONG64 MatchId;
96    ULONG64 Address[ANYSIZE_ARRAY];
97  } EVENT_EXTENDED_ITEM_STACK_TRACE64,*PEVENT_EXTENDED_ITEM_STACK_TRACE64;
98
99  typedef struct _EVENT_EXTENDED_ITEM_PEBS_INDEX {
100    ULONG64 PebsIndex;
101  } EVENT_EXTENDED_ITEM_PEBS_INDEX,*PEVENT_EXTENDED_ITEM_PEBS_INDEX;
102
103  typedef struct _EVENT_EXTENDED_ITEM_PMC_COUNTERS {
104    ULONG64 Counter[ANYSIZE_ARRAY];
105  } EVENT_EXTENDED_ITEM_PMC_COUNTERS,*PEVENT_EXTENDED_ITEM_PMC_COUNTERS;
106
107#ifndef EVENT_HEADER_DEF
108#define EVENT_HEADER_DEF
109  typedef struct _EVENT_HEADER {
110    USHORT Size;
111    USHORT HeaderType;
112    USHORT Flags;
113    USHORT EventProperty;
114    ULONG ThreadId;
115    ULONG ProcessId;
116    LARGE_INTEGER TimeStamp;
117    GUID ProviderId;
118    EVENT_DESCRIPTOR EventDescriptor;
119    __C89_NAMELESS union {
120      __C89_NAMELESS struct {
121	ULONG KernelTime;
122	ULONG UserTime;
123      } DUMMYSTRUCTNAME;
124      ULONG64 ProcessorTime;
125    } DUMMYUNIONNAME;
126    GUID ActivityId;
127  } EVENT_HEADER,*PEVENT_HEADER;
128#endif
129
130#ifndef EVENT_RECORD_DEF
131#define EVENT_RECORD_DEF
132  typedef struct _EVENT_RECORD {
133    EVENT_HEADER EventHeader;
134    ETW_BUFFER_CONTEXT BufferContext;
135    USHORT ExtendedDataCount;
136    USHORT UserDataLength;
137    PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData;
138    PVOID UserData;
139    PVOID UserContext;
140  } EVENT_RECORD,*PEVENT_RECORD;
141
142  typedef const EVENT_RECORD *PCEVENT_RECORD;
143#endif
144
145#if WINVER >= 0x0600
146  ULONG EVNTAPI EventAccessControl (LPGUID Guid, ULONG Operation, PSID Sid, ULONG Rights, BOOLEAN AllowOrDeny);
147  ULONG EVNTAPI EventAccessQuery (LPGUID Guid, PSECURITY_DESCRIPTOR Buffer, PULONG BufferSize);
148  ULONG EVNTAPI EventAccessRemove (LPGUID Guid);
149#endif
150
151  FORCEINLINE ULONG GetEventProcessorIndex (PCEVENT_RECORD er) {
152    return ((er->EventHeader.Flags & EVENT_HEADER_FLAG_PROCESSOR_INDEX) != 0 ? er->BufferContext.ProcessorIndex : er->BufferContext.ProcessorNumber);
153  }
154
155#ifdef __cplusplus
156}
157#endif
158
159#endif
160#endif
161