Headers diff for tdh.dll between 6.1.7600.16385-Windows_7.0 and 6.3.9600.17415-Windows_8.1 versions



 tdh.h (6.1.7600.16385-Windows_7.0)   tdh.h (6.3.9600.17415-Windows_8.1) 
skipping to change at line 17 skipping to change at line 17
Tdh.h Tdh.h
Abstract: Abstract:
ETW Event payload parsing API && ETW trace providers browsing API. ETW Event payload parsing API && ETW trace providers browsing API.
--*/ --*/
#ifndef __TDH_H__ #ifndef __TDH_H__
#define __TDH_H__ #define __TDH_H__
#include <winapifamily.h>
#pragma region Desktop Family
#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#include <wmistr.h> #include <wmistr.h>
#include <evntrace.h> #include <evntrace.h>
#include <evntcons.h> #include <evntcons.h>
#pragma warning(push) #pragma warning(push)
#pragma warning (disable:4201) // nameless struct/union. #pragma warning (disable:4201) // nameless struct/union.
#pragma warning (disable:4214) // bit field types other than int
typedef __success(return == ERROR_SUCCESS) ULONG TDHSTATUS; typedef _Return_type_success_(return == ERROR_SUCCESS) ULONG TDHSTATUS;
#define TDHAPI TDHSTATUS __stdcall #define TDHAPI TDHSTATUS __stdcall
typedef HANDLE TDH_HANDLE, *PTDH_HANDLE;
typedef struct _EVENT_MAP_ENTRY { typedef struct _EVENT_MAP_ENTRY {
ULONG OutputOffset; ULONG OutputOffset;
union { union {
ULONG Value; // For ULONG value (valuemap and bitmap). ULONG Value; // For ULONG value (valuemap and bitmap).
ULONG InputOffset; // For String value (patternmap or valuemap in WBEM) . ULONG InputOffset; // For String value (patternmap or valuemap in WBEM) .
}; };
} EVENT_MAP_ENTRY; } EVENT_MAP_ENTRY;
typedef EVENT_MAP_ENTRY *PEVENT_MAP_ENTRY; typedef EVENT_MAP_ENTRY *PEVENT_MAP_ENTRY;
typedef enum _MAP_FLAGS { typedef enum _MAP_FLAGS {
skipping to change at line 64 skipping to change at line 71
} MAP_VALUETYPE; } MAP_VALUETYPE;
typedef struct _EVENT_MAP_INFO { typedef struct _EVENT_MAP_INFO {
ULONG NameOffset; ULONG NameOffset;
MAP_FLAGS Flag; MAP_FLAGS Flag;
ULONG EntryCount; ULONG EntryCount;
union { union {
MAP_VALUETYPE MapEntryValueType; MAP_VALUETYPE MapEntryValueType;
ULONG FormatStringOffset; ULONG FormatStringOffset;
}; };
__field_ecount(EntryCount) EVENT_MAP_ENTRY MapEntryArray[ANYSIZE_ARRAY]; _Field_size_(EntryCount) EVENT_MAP_ENTRY MapEntryArray[ANYSIZE_ARRAY];
} EVENT_MAP_INFO; } EVENT_MAP_INFO;
typedef EVENT_MAP_INFO *PEVENT_MAP_INFO; typedef EVENT_MAP_INFO *PEVENT_MAP_INFO;
// Intypes and outtypes are defined in winmeta.xml. // Intypes and outtypes are defined in winmeta.xml.
enum _TDH_IN_TYPE { enum _TDH_IN_TYPE {
TDH_INTYPE_NULL, TDH_INTYPE_NULL,
TDH_INTYPE_UNICODESTRING, TDH_INTYPE_UNICODESTRING,
TDH_INTYPE_ANSISTRING, TDH_INTYPE_ANSISTRING,
TDH_INTYPE_INT8, TDH_INTYPE_INT8,
skipping to change at line 141 skipping to change at line 148
TDH_OUTTYPE_IPV6, TDH_OUTTYPE_IPV6,
TDH_OUTTYPE_SOCKETADDRESS, TDH_OUTTYPE_SOCKETADDRESS,
TDH_OUTTYPE_CIMDATETIME, TDH_OUTTYPE_CIMDATETIME,
TDH_OUTTYPE_ETWTIME, TDH_OUTTYPE_ETWTIME,
TDH_OUTTYPE_XML, TDH_OUTTYPE_XML,
TDH_OUTTYPE_ERRORCODE, TDH_OUTTYPE_ERRORCODE,
TDH_OUTTYPE_WIN32ERROR, TDH_OUTTYPE_WIN32ERROR,
TDH_OUTTYPE_NTSTATUS, TDH_OUTTYPE_NTSTATUS,
TDH_OUTTYPE_HRESULT, // End of winmeta outtypes. TDH_OUTTYPE_HRESULT, // End of winmeta outtypes.
TDH_OUTTYPE_CULTURE_INSENSITIVE_DATETIME, //Culture neutral datetime string. TDH_OUTTYPE_CULTURE_INSENSITIVE_DATETIME, //Culture neutral datetime string.
TDH_OUTTYPE_JSON,
TDH_OUTTYPE_REDUCEDSTRING = 300, // Start of TDH outtypes for WBEM. TDH_OUTTYPE_REDUCEDSTRING = 300, // Start of TDH outtypes for WBEM.
TDH_OUTTYPE_NOPRINT TDH_OUTTYPE_NOPRINT
}; };
#define TDH_OUTYTPE_ERRORCODE TDH_OUTTYPE_ERRORCODE #define TDH_OUTYTPE_ERRORCODE TDH_OUTTYPE_ERRORCODE
typedef enum _PROPERTY_FLAGS typedef enum _PROPERTY_FLAGS
{ {
PropertyStruct = 0x1, // Type is struct. PropertyStruct = 0x1, // Type is struct.
PropertyParamLength = 0x2, // Length field is index of param with leng th. PropertyParamLength = 0x2, // Length field is index of param with leng th.
PropertyParamCount = 0x4, // Count file is index of param with count. PropertyParamCount = 0x4, // Count file is index of param with count.
PropertyWBEMXmlFragment = 0x8, // WBEM extension flag for property. PropertyWBEMXmlFragment = 0x8, // WBEM extension flag for property.
PropertyParamFixedLength = 0x10 // Length of the parameter is fixed. PropertyParamFixedLength = 0x10, // Length of the parameter is fixed.
PropertyParamFixedCount = 0x20, // Count of the parameter is fixed.
PropertyHasTags = 0x40 // The Tags field has been initialized.
} PROPERTY_FLAGS; } PROPERTY_FLAGS;
typedef struct _EVENT_PROPERTY_INFO { typedef struct _EVENT_PROPERTY_INFO {
PROPERTY_FLAGS Flags; PROPERTY_FLAGS Flags;
ULONG NameOffset; ULONG NameOffset;
union { union {
struct _nonStructType { struct _nonStructType {
USHORT InType; USHORT InType;
USHORT OutType; USHORT OutType;
ULONG MapNameOffset; ULONG MapNameOffset;
skipping to change at line 179 skipping to change at line 189
} structType; } structType;
}; };
union { union {
USHORT count; USHORT count;
USHORT countPropertyIndex; USHORT countPropertyIndex;
}; };
union { union {
USHORT length; USHORT length;
USHORT lengthPropertyIndex; USHORT lengthPropertyIndex;
}; };
ULONG Reserved; union {
ULONG Reserved;
struct {
ULONG Tags : 28;
};
};
} EVENT_PROPERTY_INFO; } EVENT_PROPERTY_INFO;
typedef EVENT_PROPERTY_INFO *PEVENT_PROPERTY_INFO; typedef EVENT_PROPERTY_INFO *PEVENT_PROPERTY_INFO;
typedef enum _DECODING_SOURCE { typedef enum _DECODING_SOURCE {
DecodingSourceXMLFile, DecodingSourceXMLFile,
DecodingSourceWbem, DecodingSourceWbem,
DecodingSourceWPP DecodingSourceWPP,
DecodingSourceTlg,
DecodingSourceMax
} DECODING_SOURCE; } DECODING_SOURCE;
// Copy from Binres.h // Copy from Binres.h
typedef enum _TEMPLATE_FLAGS typedef enum _TEMPLATE_FLAGS
{ {
TEMPLATE_EVENT_DATA = 1, // Used when custom xml is not specified. TEMPLATE_EVENT_DATA = 1, // Used when custom xml is not specified.
TEMPLATE_USER_DATA = 2 // Used when custom xml is specified. TEMPLATE_USER_DATA = 2 // Used when custom xml is specified.
} TEMPLATE_FLAGS; } TEMPLATE_FLAGS;
typedef struct _TRACE_EVENT_INFO { typedef struct _TRACE_EVENT_INFO {
skipping to change at line 215 skipping to change at line 232
ULONG TaskNameOffset; ULONG TaskNameOffset;
ULONG OpcodeNameOffset; ULONG OpcodeNameOffset;
ULONG EventMessageOffset; ULONG EventMessageOffset;
ULONG ProviderMessageOffset; ULONG ProviderMessageOffset;
ULONG BinaryXMLOffset; ULONG BinaryXMLOffset;
ULONG BinaryXMLSize; ULONG BinaryXMLSize;
ULONG ActivityIDNameOffset; ULONG ActivityIDNameOffset;
ULONG RelatedActivityIDNameOffset; ULONG RelatedActivityIDNameOffset;
ULONG PropertyCount; ULONG PropertyCount;
ULONG TopLevelPropertyCount; ULONG TopLevelPropertyCount;
TEMPLATE_FLAGS Flags; union {
__field_ecount(PropertyCount) EVENT_PROPERTY_INFO EventPropertyInfoArray[ANY TEMPLATE_FLAGS Flags;
SIZE_ARRAY]; struct {
ULONG Reserved : 4; // TEMPLATE_FLAGS values
ULONG Tags : 28;
};
};
_Field_size_(PropertyCount) EVENT_PROPERTY_INFO EventPropertyInfoArray[ANYSI
ZE_ARRAY];
} TRACE_EVENT_INFO; } TRACE_EVENT_INFO;
typedef TRACE_EVENT_INFO *PTRACE_EVENT_INFO; typedef TRACE_EVENT_INFO *PTRACE_EVENT_INFO;
typedef struct _PROPERTY_DATA_DESCRIPTOR { typedef struct _PROPERTY_DATA_DESCRIPTOR {
ULONGLONG PropertyName; // Pointer to property name. ULONGLONG PropertyName; // Pointer to property name.
ULONG ArrayIndex; // Array Index. ULONG ArrayIndex; // Array Index.
ULONG Reserved; ULONG Reserved;
} PROPERTY_DATA_DESCRIPTOR; } PROPERTY_DATA_DESCRIPTOR;
typedef PROPERTY_DATA_DESCRIPTOR *PPROPERTY_DATA_DESCRIPTOR; typedef PROPERTY_DATA_DESCRIPTOR *PPROPERTY_DATA_DESCRIPTOR;
// //
// ETW Payload Filtering Tdh support
//
//
// Payload filtering definitions
//
//
// TDH_PAYLOADFIELD_OPERATORs are used to build Payload filters.
//
// BETWEEN uses a closed interval: [LowerBound <= FieldValue <= UpperBound].
// Floating-point comparisons are not supported.
// String comparisons are case-sensitive.
// Values are converted based on the manifest field type.
//
typedef enum _PAYLOAD_OPERATOR {
//
// For integers, comparison can be one of:
//
PAYLOADFIELD_EQ = 0,
PAYLOADFIELD_NE = 1,
PAYLOADFIELD_LE = 2,
PAYLOADFIELD_GT = 3,
PAYLOADFIELD_LT = 4,
PAYLOADFIELD_GE = 5,
PAYLOADFIELD_BETWEEN = 6, // Two values: lower/upper bounds
PAYLOADFIELD_NOTBETWEEN = 7, // Two values: lower/upper bounds
PAYLOADFIELD_MODULO = 8, // For periodically sampling a field
//
// For strings:
//
PAYLOADFIELD_CONTAINS = 20, // Substring identical to Value
PAYLOADFIELD_DOESNTCONTAIN = 21, // No substring identical to Value
//
// For strings or other non-integer values
//
PAYLOADFIELD_IS = 30, // Field is identical to Value
PAYLOADFIELD_ISNOT = 31, // Field is NOT identical to Value
PAYLOADFIELD_INVALID = 32
} PAYLOAD_OPERATOR;
typedef struct _PAYLOAD_FILTER_PREDICATE {
LPWSTR FieldName;
USHORT CompareOp; // PAYLOAD_OPERATOR
LPWSTR Value; // One or two values (i.e., two for BETWEEN operations)
} PAYLOAD_FILTER_PREDICATE, *PPAYLOAD_FILTER_PREDICATE;
#define MAX_PAYLOAD_PREDICATES 8
#if (WINVER >= _WIN32_WINNT_WINBLUE)
TDHAPI
TdhCreatePayloadFilter(
_In_ LPCGUID ProviderGuid,
_In_ PCEVENT_DESCRIPTOR EventDescriptor,
_In_ BOOLEAN EventMatchANY,
_In_ ULONG PayloadPredicateCount,
_In_reads_(PayloadPredicateCount)
PPAYLOAD_FILTER_PREDICATE PayloadPredicates,
_Outptr_result_maybenull_ PVOID *PayloadFilter
);
TDHAPI
TdhDeletePayloadFilter(
_Inout_ PVOID *PayloadFilter
);
TDHAPI
TdhAggregatePayloadFilters(
_In_ ULONG PayloadFilterCount,
_In_reads_(PayloadFilterCount) PVOID *PayloadFilterPtrs,
_In_reads_opt_(PayloadFilterCount) PBOOLEAN EventMatchALLFlags,
_Out_ PEVENT_FILTER_DESCRIPTOR EventFilterDescriptor
);
TDHAPI
TdhCleanupPayloadEventFilterDescriptor(
_Inout_ PEVENT_FILTER_DESCRIPTOR EventFilterDescriptor
);
#endif // WINVER
//
// Provider-side filters. // Provider-side filters.
// //
typedef struct _PROVIDER_FILTER_INFO { typedef struct _PROVIDER_FILTER_INFO {
UCHAR Id; UCHAR Id;
UCHAR Version; UCHAR Version;
ULONG MessageOffset; ULONG MessageOffset;
ULONG Reserved; ULONG Reserved;
ULONG PropertyCount; ULONG PropertyCount;
__field_ecount(PropertyCount) EVENT_PROPERTY_INFO EventPropertyInfoArray[ANY SIZE_ARRAY]; _Field_size_(PropertyCount) EVENT_PROPERTY_INFO EventPropertyInfoArray[ANYSI ZE_ARRAY];
} PROVIDER_FILTER_INFO, *PPROVIDER_FILTER_INFO; } PROVIDER_FILTER_INFO, *PPROVIDER_FILTER_INFO;
// Provider Enumeration. // Provider Enumeration.
typedef enum _EVENT_FIELD_TYPE { typedef enum _EVENT_FIELD_TYPE {
EventKeywordInformation = 0, EventKeywordInformation = 0,
EventLevelInformation, EventLevelInformation,
EventChannelInformation, EventChannelInformation,
EventTaskInformation, EventTaskInformation,
EventOpcodeInformation, EventOpcodeInformation,
skipping to change at line 275 skipping to change at line 388
typedef struct _TRACE_PROVIDER_INFO { typedef struct _TRACE_PROVIDER_INFO {
GUID ProviderGuid; GUID ProviderGuid;
ULONG SchemaSource; ULONG SchemaSource;
ULONG ProviderNameOffset; ULONG ProviderNameOffset;
} TRACE_PROVIDER_INFO; } TRACE_PROVIDER_INFO;
typedef TRACE_PROVIDER_INFO *PTRACE_PROVIDER_INFO; typedef TRACE_PROVIDER_INFO *PTRACE_PROVIDER_INFO;
typedef struct _PROVIDER_ENUMERATION_INFO { typedef struct _PROVIDER_ENUMERATION_INFO {
ULONG NumberOfProviders; ULONG NumberOfProviders;
ULONG Reserved; ULONG Reserved;
__field_ecount(NumberOfProviders) TRACE_PROVIDER_INFO TraceProviderInfoArray [ANYSIZE_ARRAY]; _Field_size_(NumberOfProviders) TRACE_PROVIDER_INFO TraceProviderInfoArray[A NYSIZE_ARRAY];
} PROVIDER_ENUMERATION_INFO; } PROVIDER_ENUMERATION_INFO;
typedef PROVIDER_ENUMERATION_INFO *PPROVIDER_ENUMERATION_INFO; typedef PROVIDER_ENUMERATION_INFO *PPROVIDER_ENUMERATION_INFO;
typedef struct _PROVIDER_EVENT_INFO {
ULONG NumberOfEvents;
ULONG Reserved;
_Field_size_(NumberOfEvents) EVENT_DESCRIPTOR EventDescriptorsArray[ANYSIZE_
ARRAY];
} PROVIDER_EVENT_INFO;
typedef PROVIDER_EVENT_INFO *PPROVIDER_EVENT_INFO;
typedef enum _TDH_CONTEXT_TYPE { typedef enum _TDH_CONTEXT_TYPE {
TDH_CONTEXT_WPP_TMFFILE = 0, TDH_CONTEXT_WPP_TMFFILE = 0,
TDH_CONTEXT_WPP_TMFSEARCHPATH, TDH_CONTEXT_WPP_TMFSEARCHPATH,
TDH_CONTEXT_WPP_GMT, TDH_CONTEXT_WPP_GMT,
TDH_CONTEXT_POINTERSIZE, TDH_CONTEXT_POINTERSIZE,
TDH_CONTEXT_PDB_PATH,
TDH_CONTEXT_MAXIMUM TDH_CONTEXT_MAXIMUM
} TDH_CONTEXT_TYPE; } TDH_CONTEXT_TYPE;
typedef struct _TDH_CONTEXT { typedef struct _TDH_CONTEXT {
ULONGLONG ParameterValue; // Pointer to Data. ULONGLONG ParameterValue; // Pointer to Data.
TDH_CONTEXT_TYPE ParameterType; TDH_CONTEXT_TYPE ParameterType;
ULONG ParameterSize; ULONG ParameterSize;
} TDH_CONTEXT; } TDH_CONTEXT;
typedef TDH_CONTEXT *PTDH_CONTEXT; typedef TDH_CONTEXT *PTDH_CONTEXT;
TDHAPI TDHAPI
TdhGetEventInformation( TdhGetEventInformation(
__in PEVENT_RECORD Event, _In_ PEVENT_RECORD Event,
__in ULONG TdhContextCount, _In_ ULONG TdhContextCount,
__in_ecount_opt(TdhContextCount) PTDH_CONTEXT TdhContext, _In_reads_opt_(TdhContextCount) PTDH_CONTEXT TdhContext,
__out_bcount_opt(*BufferSize) PTRACE_EVENT_INFO Buffer, _Out_writes_bytes_opt_(*BufferSize) PTRACE_EVENT_INFO Buffer,
__inout PULONG BufferSize _Inout_ PULONG BufferSize
); );
TDHAPI TDHAPI
TdhGetEventMapInformation( TdhGetEventMapInformation(
__in PEVENT_RECORD pEvent, _In_ PEVENT_RECORD pEvent,
__in PWSTR pMapName, _In_ PWSTR pMapName,
__out_bcount_opt(*pBufferSize) PEVENT_MAP_INFO pBuffer, _Out_writes_bytes_opt_(*pBufferSize) PEVENT_MAP_INFO pBuffer,
__inout ULONG *pBufferSize _Inout_ ULONG *pBufferSize
); );
TDHAPI TDHAPI
TdhGetPropertySize( TdhGetPropertySize(
__in PEVENT_RECORD pEvent, _In_ PEVENT_RECORD pEvent,
__in ULONG TdhContextCount, _In_ ULONG TdhContextCount,
__in_ecount_opt(TdhContextCount) PTDH_CONTEXT pTdhContext, _In_reads_opt_(TdhContextCount) PTDH_CONTEXT pTdhContext,
__in ULONG PropertyDataCount, _In_ ULONG PropertyDataCount,
__in_ecount(PropertyDataCount) PPROPERTY_DATA_DESCRIPTOR pPropertyData, _In_reads_(PropertyDataCount) PPROPERTY_DATA_DESCRIPTOR pPropertyData,
__out ULONG *pPropertySize _Out_ ULONG *pPropertySize
); );
TDHAPI TDHAPI
TdhGetProperty( TdhGetProperty(
__in PEVENT_RECORD pEvent, _In_ PEVENT_RECORD pEvent,
__in ULONG TdhContextCount, _In_ ULONG TdhContextCount,
__in_ecount_opt(TdhContextCount) PTDH_CONTEXT pTdhContext, _In_reads_opt_(TdhContextCount) PTDH_CONTEXT pTdhContext,
__in ULONG PropertyDataCount, _In_ ULONG PropertyDataCount,
__in_ecount(PropertyDataCount) PPROPERTY_DATA_DESCRIPTOR pPropertyData, _In_reads_(PropertyDataCount) PPROPERTY_DATA_DESCRIPTOR pPropertyData,
__in ULONG BufferSize, _In_ ULONG BufferSize,
__out_bcount(BufferSize) PBYTE pBuffer _Out_writes_bytes_(BufferSize) PBYTE pBuffer
); );
TDHAPI TDHAPI
TdhEnumerateProviders( TdhEnumerateProviders(
__out_bcount_opt(*pBufferSize) PPROVIDER_ENUMERATION_INFO pBuffer, _Out_writes_bytes_opt_(*pBufferSize) PPROVIDER_ENUMERATION_INFO pBuffer,
__inout ULONG *pBufferSize _Inout_ ULONG *pBufferSize
); );
TDHAPI TDHAPI
TdhQueryProviderFieldInformation( TdhQueryProviderFieldInformation(
__in LPGUID pGuid, _In_ LPGUID pGuid,
__in ULONGLONG EventFieldValue, _In_ ULONGLONG EventFieldValue,
__in EVENT_FIELD_TYPE EventFieldType, _In_ EVENT_FIELD_TYPE EventFieldType,
__out_bcount_opt(*pBufferSize) PPROVIDER_FIELD_INFOARRAY pBuffer, _Out_writes_bytes_opt_(*pBufferSize) PPROVIDER_FIELD_INFOARRAY pBuffer,
__inout ULONG *pBufferSize _Inout_ ULONG *pBufferSize
); );
TDHAPI TDHAPI
TdhEnumerateProviderFieldInformation( TdhEnumerateProviderFieldInformation(
__in LPGUID pGuid, _In_ LPGUID pGuid,
__in EVENT_FIELD_TYPE EventFieldType, _In_ EVENT_FIELD_TYPE EventFieldType,
__out_bcount_opt(*pBufferSize) PPROVIDER_FIELD_INFOARRAY pBuffer, _Out_writes_bytes_opt_(*pBufferSize) PPROVIDER_FIELD_INFOARRAY pBuffer,
__inout ULONG *pBufferSize _Inout_ ULONG *pBufferSize
); );
#if (WINVER >= _WIN32_WINNT_WIN7) #if (WINVER >= _WIN32_WINNT_WIN7)
TDHAPI TDHAPI
TdhEnumerateProviderFilters( TdhEnumerateProviderFilters(
__in LPGUID Guid, _In_ LPGUID Guid,
__in ULONG TdhContextCount, _In_ ULONG TdhContextCount,
__in_ecount_opt(TdhContextCount) PTDH_CONTEXT TdhContext, _In_reads_opt_(TdhContextCount) PTDH_CONTEXT TdhContext,
__out ULONG *FilterCount, _Out_ ULONG *FilterCount,
__out_bcount_opt(*BufferSize) PPROVIDER_FILTER_INFO *Buffer, _Out_writes_bytes_opt_(*BufferSize) PPROVIDER_FILTER_INFO *Buffer,
__inout ULONG *BufferSize _Inout_ ULONG *BufferSize
); );
#endif #endif
#if (WINVER >= _WIN32_WINNT_WIN7) #if (WINVER >= _WIN32_WINNT_WIN7)
TDHAPI TDHAPI
TdhLoadManifest( TdhLoadManifest(
__in PWSTR Manifest _In_ PWSTR Manifest
); );
#endif #endif
#if (WINVER >= _WIN32_WINNT_WIN7) #if (WINVER >= _WIN32_WINNT_WIN7)
TDHAPI TDHAPI
TdhUnloadManifest( TdhUnloadManifest(
__in PWSTR Manifest _In_ PWSTR Manifest
); );
#endif #endif
#if (WINVER >= _WIN32_WINNT_WIN7) #if (WINVER >= _WIN32_WINNT_WIN7)
TDHAPI TDHAPI
TdhFormatProperty( TdhFormatProperty(
__in PTRACE_EVENT_INFO EventInfo, _In_ PTRACE_EVENT_INFO EventInfo,
__in_opt PEVENT_MAP_INFO MapInfo, _In_opt_ PEVENT_MAP_INFO MapInfo,
__in ULONG PointerSize, _In_ ULONG PointerSize,
__in USHORT PropertyInType, _In_ USHORT PropertyInType,
__in USHORT PropertyOutType, _In_ USHORT PropertyOutType,
__in USHORT PropertyLength, _In_ USHORT PropertyLength,
__in USHORT UserDataLength, _In_ USHORT UserDataLength,
__in_bcount(UserDataLength) PBYTE UserData, _In_reads_bytes_(UserDataLength) PBYTE UserData,
__inout PULONG BufferSize, _Inout_ PULONG BufferSize,
__out_bcount_opt(*BufferSize) PWCHAR Buffer, _Out_writes_bytes_opt_(*BufferSize) PWCHAR Buffer,
__out PUSHORT UserDataConsumed _Out_ PUSHORT UserDataConsumed
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhOpenDecodingHandle(
_Out_ PTDH_HANDLE Handle
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhSetDecodingParameter(
_In_ TDH_HANDLE Handle,
_In_ PTDH_CONTEXT TdhContext
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhGetDecodingParameter(
_In_ TDH_HANDLE Handle,
_Inout_ PTDH_CONTEXT TdhContext
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhGetWppProperty(
_In_ TDH_HANDLE Handle,
_In_ PEVENT_RECORD EventRecord,
_In_ PWSTR PropertyName,
_Inout_ PULONG BufferSize,
_Out_writes_bytes_(*BufferSize) PBYTE Buffer
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhGetWppMessage(
_In_ TDH_HANDLE Handle,
_In_ PEVENT_RECORD EventRecord,
_Inout_ PULONG BufferSize,
_Out_writes_bytes_(*BufferSize) PBYTE Buffer
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhCloseDecodingHandle(
_In_ TDH_HANDLE Handle
);
#endif
#if (WINVER >= _WIN32_WINNT_WIN8)
TDHAPI
TdhLoadManifestFromBinary(
_In_ PWSTR BinaryPath
);
#endif
#if (WINVER >= _WIN32_WINNT_WINBLUE)
TDHAPI
TdhEnumerateManifestProviderEvents (
_In_ LPGUID ProviderGuid,
_Out_writes_bytes_opt_(*BufferSize) PPROVIDER_EVENT_INFO Buffer,
_Inout_ ULONG *BufferSize
);
#endif
#if (WINVER >= _WIN32_WINNT_WINBLUE)
TDHAPI
TdhGetManifestEventInformation (
_In_ LPGUID ProviderGuid,
_In_ PEVENT_DESCRIPTOR EventDescriptor,
_Out_writes_bytes_opt_(*BufferSize) PTRACE_EVENT_INFO Buffer,
_Inout_ ULONG *BufferSize
); );
#endif #endif
// //
// Helper macros to access strings from variable length Tdh structures. // Helper macros to access strings from variable length Tdh structures.
// //
FORCEINLINE FORCEINLINE
PWSTR PWSTR
EMI_MAP_NAME( EMI_MAP_NAME(
__in PEVENT_MAP_INFO MapInfo _In_ PEVENT_MAP_INFO MapInfo
) )
{ {
return (MapInfo->NameOffset == 0) ? return (MapInfo->NameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)MapInfo + MapInfo->NameOffset); (PWSTR)((PBYTE)MapInfo + MapInfo->NameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
EMI_MAP_FORMAT( EMI_MAP_FORMAT(
__in PEVENT_MAP_INFO MapInfo _In_ PEVENT_MAP_INFO MapInfo
) )
{ {
if ((MapInfo->Flag & EVENTMAP_INFO_FLAG_MANIFEST_PATTERNMAP) && if ((MapInfo->Flag & EVENTMAP_INFO_FLAG_MANIFEST_PATTERNMAP) &&
(MapInfo->FormatStringOffset)) { (MapInfo->FormatStringOffset)) {
return (PWSTR)((PBYTE)MapInfo + MapInfo->FormatStringOffset); return (PWSTR)((PBYTE)MapInfo + MapInfo->FormatStringOffset);
} else { } else {
return NULL; return NULL;
} }
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
EMI_MAP_OUTPUT( EMI_MAP_OUTPUT(
__in PEVENT_MAP_INFO MapInfo, _In_ PEVENT_MAP_INFO MapInfo,
__in PEVENT_MAP_ENTRY Map _In_ PEVENT_MAP_ENTRY Map
) )
{ {
return (Map->OutputOffset == 0) ? return (Map->OutputOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)MapInfo + Map->OutputOffset); (PWSTR)((PBYTE)MapInfo + Map->OutputOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
EMI_MAP_INPUT( EMI_MAP_INPUT(
__in PEVENT_MAP_INFO MapInfo, _In_ PEVENT_MAP_INFO MapInfo,
__in PEVENT_MAP_ENTRY Map _In_ PEVENT_MAP_ENTRY Map
) )
{ {
if ((MapInfo->Flag & EVENTMAP_INFO_FLAG_MANIFEST_PATTERNMAP) && if ((MapInfo->Flag & EVENTMAP_INFO_FLAG_MANIFEST_PATTERNMAP) &&
(Map->InputOffset != 0)) { (Map->InputOffset != 0)) {
return (PWSTR)((PBYTE)MapInfo + Map->InputOffset); return (PWSTR)((PBYTE)MapInfo + Map->InputOffset);
} else { } else {
return NULL; return NULL;
} }
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_MAP_NAME( TEI_MAP_NAME(
__in PTRACE_EVENT_INFO EventInfo, _In_ PTRACE_EVENT_INFO EventInfo,
__in PEVENT_PROPERTY_INFO Property _In_ PEVENT_PROPERTY_INFO Property
) )
{ {
return (Property->nonStructType.MapNameOffset == 0) ? return (Property->nonStructType.MapNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + Property->nonStructType.MapNameOffset); (PWSTR)((PBYTE)EventInfo + Property->nonStructType.MapNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_PROPERTY_NAME( TEI_PROPERTY_NAME(
__in PTRACE_EVENT_INFO EventInfo, _In_ PTRACE_EVENT_INFO EventInfo,
__in PEVENT_PROPERTY_INFO Property _In_ PEVENT_PROPERTY_INFO Property
) )
{ {
return (Property->NameOffset == 0) ? return (Property->NameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + Property->NameOffset); (PWSTR)((PBYTE)EventInfo + Property->NameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_PROVIDER_NAME( TEI_PROVIDER_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->ProviderNameOffset == 0) ? return (EventInfo->ProviderNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->ProviderNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->ProviderNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_LEVEL_NAME( TEI_LEVEL_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->LevelNameOffset == 0) ? return (EventInfo->LevelNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->LevelNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->LevelNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_CHANNEL_NAME( TEI_CHANNEL_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->ChannelNameOffset == 0) ? return (EventInfo->ChannelNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->ChannelNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->ChannelNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_KEYWORDS_NAME( TEI_KEYWORDS_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->KeywordsNameOffset == 0) ? return (EventInfo->KeywordsNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->KeywordsNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->KeywordsNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_TASK_NAME( TEI_TASK_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->TaskNameOffset == 0) ? return (EventInfo->TaskNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->TaskNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->TaskNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_OPCODE_NAME( TEI_OPCODE_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->OpcodeNameOffset == 0) ? return (EventInfo->OpcodeNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->OpcodeNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->OpcodeNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_EVENT_MESSAGE( TEI_EVENT_MESSAGE(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->EventMessageOffset == 0) ? return (EventInfo->EventMessageOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->EventMessageOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->EventMessageOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_PROVIDER_MESSAGE( TEI_PROVIDER_MESSAGE(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->ProviderMessageOffset == 0) ? return (EventInfo->ProviderMessageOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->ProviderMessageOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->ProviderMessageOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_ACTIVITYID_NAME( TEI_ACTIVITYID_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->ActivityIDNameOffset == 0) ? return (EventInfo->ActivityIDNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->ActivityIDNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->ActivityIDNameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
TEI_RELATEDACTIVITYID_NAME( TEI_RELATEDACTIVITYID_NAME(
__in PTRACE_EVENT_INFO EventInfo _In_ PTRACE_EVENT_INFO EventInfo
) )
{ {
return (EventInfo->RelatedActivityIDNameOffset == 0) ? return (EventInfo->RelatedActivityIDNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)EventInfo + EventInfo->RelatedActivityIDNameOffset); (PWSTR)((PBYTE)EventInfo + EventInfo->RelatedActivityIDNameOffset);
} }
#if (WINVER >= _WIN32_WINNT_WIN7) #if (WINVER >= _WIN32_WINNT_WIN7)
FORCEINLINE FORCEINLINE
PWSTR PWSTR
PFI_FILTER_MESSAGE( PFI_FILTER_MESSAGE(
__in PPROVIDER_FILTER_INFO FilterInfo _In_ PPROVIDER_FILTER_INFO FilterInfo
) )
{ {
return (FilterInfo->MessageOffset == 0) ? return (FilterInfo->MessageOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)FilterInfo + FilterInfo->MessageOffset); (PWSTR)((PBYTE)FilterInfo + FilterInfo->MessageOffset);
} }
#endif #endif
#if (WINVER >= _WIN32_WINNT_WIN7) #if (WINVER >= _WIN32_WINNT_WIN7)
FORCEINLINE FORCEINLINE
PWSTR PWSTR
PFI_PROPERTY_NAME( PFI_PROPERTY_NAME(
__in PPROVIDER_FILTER_INFO FilterInfo, _In_ PPROVIDER_FILTER_INFO FilterInfo,
__in PEVENT_PROPERTY_INFO Property _In_ PEVENT_PROPERTY_INFO Property
) )
{ {
return (Property->NameOffset == 0) ? return (Property->NameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)FilterInfo + Property->NameOffset); (PWSTR)((PBYTE)FilterInfo + Property->NameOffset);
} }
#endif #endif
FORCEINLINE FORCEINLINE
PWSTR PWSTR
PFI_FIELD_NAME( PFI_FIELD_NAME(
__in PPROVIDER_FIELD_INFOARRAY FieldInfoArray, _In_ PPROVIDER_FIELD_INFOARRAY FieldInfoArray,
__in PPROVIDER_FIELD_INFO FieldInfo _In_ PPROVIDER_FIELD_INFO FieldInfo
) )
{ {
return (FieldInfo->NameOffset == 0) ? return (FieldInfo->NameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)FieldInfoArray + FieldInfo->NameOffset); (PWSTR)((PBYTE)FieldInfoArray + FieldInfo->NameOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
PFI_FIELD_MESSAGE( PFI_FIELD_MESSAGE(
__in PPROVIDER_FIELD_INFOARRAY FieldInfoArray, _In_ PPROVIDER_FIELD_INFOARRAY FieldInfoArray,
__in PPROVIDER_FIELD_INFO FieldInfo _In_ PPROVIDER_FIELD_INFO FieldInfo
) )
{ {
return (FieldInfo->DescriptionOffset == 0) ? return (FieldInfo->DescriptionOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)FieldInfoArray + FieldInfo->DescriptionOffset); (PWSTR)((PBYTE)FieldInfoArray + FieldInfo->DescriptionOffset);
} }
FORCEINLINE FORCEINLINE
PWSTR PWSTR
PEI_PROVIDER_NAME( PEI_PROVIDER_NAME(
__in PPROVIDER_ENUMERATION_INFO ProviderEnum, _In_ PPROVIDER_ENUMERATION_INFO ProviderEnum,
__in PTRACE_PROVIDER_INFO ProviderInfo _In_ PTRACE_PROVIDER_INFO ProviderInfo
) )
{ {
return (ProviderInfo->ProviderNameOffset == 0) ? return (ProviderInfo->ProviderNameOffset == 0) ?
NULL : NULL :
(PWSTR)((PBYTE)ProviderEnum + ProviderInfo->ProviderNameOffset); (PWSTR)((PBYTE)ProviderEnum + ProviderInfo->ProviderNameOffset);
} }
#pragma warning(pop) #pragma warning(pop)
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) */
#pragma endregion
#endif // __TDH_H__ #endif // __TDH_H__
 End of changes. 48 change blocks. 
91 lines changed or deleted 293 lines changed or added

This html diff was produced by rfcdiff 1.41.