|
|
/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
wmiump.h
Abstract:
Private headers for WMI user mode
Author:
16-Jan-1997 AlanWar
Revision History:
--*/
#define _WMI_SOURCE_
//
// Define this to track reference counts
//#define TRACK_REFERNECES
//
// Define this to get extra checks on heap validation
//#define HEAPVALIDATION
//
// Define this to get a trace of critical section
//#define CRITSECTTRACE
//
// Define this to compile WMI to run as a service under NT
#define RUN_AS_SERVICE
//
// Define this to include WMI user mode functionality. Note that if you enable
// this then you also need to fix the files: wmi\dll\sources and wmi\makefil0.
//#define WMI_USER_MODE
//
// Define this to track memory leaks
//#define TRACK_MEMORY_LEAKS
#ifndef MEMPHIS
#define UNICODE
#define _UNICODE
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#endif
#include <windows.h>
#include <ole2.h>
#include <tchar.h>
#include <stdio.h>
#ifndef MEMPHIS
#include "svcs.h"
#endif
#include <netevent.h>
#ifdef MEMPHIS
//
// CONSIDER: Is there a better place to get this stuff on MEMPHIS
//
// Doubly-linked list manipulation routines. Implemented as macros
// but logically these are procedures.
//
//
// VOID
// InitializeListHead(
// PLIST_ENTRY ListHead
// );
//
#define InitializeListHead(ListHead) (\
(ListHead)->Flink = (ListHead)->Blink = (ListHead))
//
// BOOLEAN
// IsListEmpty(
// PLIST_ENTRY ListHead
// );
//
#define IsListEmpty(ListHead) \
((ListHead)->Flink == (ListHead))
//
// PLIST_ENTRY
// RemoveHeadList(
// PLIST_ENTRY ListHead
// );
//
#define RemoveHeadList(ListHead) \
(ListHead)->Flink;\ {RemoveEntryList((ListHead)->Flink)}
//
// PLIST_ENTRY
// RemoveTailList(
// PLIST_ENTRY ListHead
// );
//
#define RemoveTailList(ListHead) \
(ListHead)->Blink;\ {RemoveEntryList((ListHead)->Blink)}
//
// VOID
// RemoveEntryList(
// PLIST_ENTRY Entry
// );
//
#define RemoveEntryList(Entry) {\
PLIST_ENTRY _EX_Blink;\ PLIST_ENTRY _EX_Flink;\ _EX_Flink = (Entry)->Flink;\ _EX_Blink = (Entry)->Blink;\ _EX_Blink->Flink = _EX_Flink;\ _EX_Flink->Blink = _EX_Blink;\ }
//
// VOID
// InsertTailList(
// PLIST_ENTRY ListHead,
// PLIST_ENTRY Entry
// );
//
#define InsertTailList(ListHead,Entry) {\
PLIST_ENTRY _EX_Blink;\ PLIST_ENTRY _EX_ListHead;\ _EX_ListHead = (ListHead);\ _EX_Blink = _EX_ListHead->Blink;\ (Entry)->Flink = _EX_ListHead;\ (Entry)->Blink = _EX_Blink;\ _EX_Blink->Flink = (Entry);\ _EX_ListHead->Blink = (Entry);\ }
//
// VOID
// InsertHeadList(
// PLIST_ENTRY ListHead,
// PLIST_ENTRY Entry
// );
//
#define InsertHeadList(ListHead,Entry) {\
PLIST_ENTRY _EX_Flink;\ PLIST_ENTRY _EX_ListHead;\ _EX_ListHead = (ListHead);\ _EX_Flink = _EX_ListHead->Flink;\ (Entry)->Flink = _EX_Flink;\ (Entry)->Blink = _EX_ListHead;\ _EX_Flink->Blink = (Entry);\ _EX_ListHead->Flink = (Entry);\ }
//
//
// PSINGLE_LIST_ENTRY
// PopEntryList(
// PSINGLE_LIST_ENTRY ListHead
// );
//
#define PopEntryList(ListHead) \
(ListHead)->Next;\ {\ PSINGLE_LIST_ENTRY FirstEntry;\ FirstEntry = (ListHead)->Next;\ if (FirstEntry != NULL) { \ (ListHead)->Next = FirstEntry->Next;\ } \ }
//
// VOID
// PushEntryList(
// PSINGLE_LIST_ENTRY ListHead,
// PSINGLE_LIST_ENTRY Entry
// );
//
#define PushEntryList(ListHead,Entry) \
(Entry)->Next = (ListHead)->Next; \ (ListHead)->Next = (Entry)
//
// Define the various device type values. Note that values used by Microsoft
// Corporation are in the range 0-32767, and 32768-65535 are reserved for use
// by customers.
//
#define DEVICE_TYPE ULONG
#define FILE_DEVICE_BEEP 0x00000001
#define FILE_DEVICE_CD_ROM 0x00000002
#define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
#define FILE_DEVICE_CONTROLLER 0x00000004
#define FILE_DEVICE_DATALINK 0x00000005
#define FILE_DEVICE_DFS 0x00000006
#define FILE_DEVICE_DISK 0x00000007
#define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
#define FILE_DEVICE_FILE_SYSTEM 0x00000009
#define FILE_DEVICE_INPORT_PORT 0x0000000a
#define FILE_DEVICE_KEYBOARD 0x0000000b
#define FILE_DEVICE_MAILSLOT 0x0000000c
#define FILE_DEVICE_MIDI_IN 0x0000000d
#define FILE_DEVICE_MIDI_OUT 0x0000000e
#define FILE_DEVICE_MOUSE 0x0000000f
#define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
#define FILE_DEVICE_NAMED_PIPE 0x00000011
#define FILE_DEVICE_NETWORK 0x00000012
#define FILE_DEVICE_NETWORK_BROWSER 0x00000013
#define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
#define FILE_DEVICE_NULL 0x00000015
#define FILE_DEVICE_PARALLEL_PORT 0x00000016
#define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
#define FILE_DEVICE_PRINTER 0x00000018
#define FILE_DEVICE_SCANNER 0x00000019
#define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
#define FILE_DEVICE_SERIAL_PORT 0x0000001b
#define FILE_DEVICE_SCREEN 0x0000001c
#define FILE_DEVICE_SOUND 0x0000001d
#define FILE_DEVICE_STREAMS 0x0000001e
#define FILE_DEVICE_TAPE 0x0000001f
#define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
#define FILE_DEVICE_TRANSPORT 0x00000021
#define FILE_DEVICE_UNKNOWN 0x00000022
#define FILE_DEVICE_VIDEO 0x00000023
#define FILE_DEVICE_VIRTUAL_DISK 0x00000024
#define FILE_DEVICE_WAVE_IN 0x00000025
#define FILE_DEVICE_WAVE_OUT 0x00000026
#define FILE_DEVICE_8042_PORT 0x00000027
#define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
#define FILE_DEVICE_BATTERY 0x00000029
#define FILE_DEVICE_BUS_EXTENDER 0x0000002a
#define FILE_DEVICE_MODEM 0x0000002b
#define FILE_DEVICE_VDM 0x0000002c
#define FILE_DEVICE_MASS_STORAGE 0x0000002d
#define FILE_DEVICE_SMB 0x0000002e
#define FILE_DEVICE_KS 0x0000002f
#define FILE_DEVICE_CHANGER 0x00000030
#define FILE_DEVICE_SMARTCARD 0x00000031
#define FILE_DEVICE_ACPI 0x00000032
#define FILE_DEVICE_DVD 0x00000033
//
// Macro definition for defining IOCTL and FSCTL function control codes. Note
// that function codes 0-2047 are reserved for Microsoft Corporation, and
// 2048-4095 are reserved for customers.
//
#define CTL_CODE( DeviceType, Function, Method, Access ) ( \
((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \)
//
// Define the method codes for how buffers are passed for I/O and FS controls
//
#define METHOD_BUFFERED 0
#define METHOD_IN_DIRECT 1
#define METHOD_OUT_DIRECT 2
#define METHOD_NEITHER 3
//
// Define the access check value for any access
//
//
// The FILE_READ_ACCESS and FILE_WRITE_ACCESS constants are also defined in
// ntioapi.h as FILE_READ_DATA and FILE_WRITE_DATA. The values for these
// constants *MUST* always be in sync.
//
#define FILE_ANY_ACCESS 0
#define FILE_READ_ACCESS ( 0x0001 ) // file & pipe
#define FILE_WRITE_ACCESS ( 0x0002 ) // file & pipe
typedef LONG NTSTATUS;typedef NTSTATUS (*PUSER_THREAD_START_ROUTINE)( PVOID ThreadParameter );
#include <stdio.h>
#endif
#include "wmium.h"
#include "wmiumkm.h"
#include "ntwmi.h"
#include "wmiguid.h"
#if DBG
#if defined(_NTDLLBUILD_)
#define EtwpAssert(x) if (! (x) ) { \
BOOLEAN OldLoggingEnabled = EtwpLoggingEnabled; \ EtwpLoggingEnabled = TRUE; \ EtwpDbgPrint(("WMI Assertion: "#x" at %s %d\n", __FILE__, __LINE__)); \ EtwpLoggingEnabled = OldLoggingEnabled; \ DbgBreakPoint(); }#else
#define EtwpAssert(x) if (! (x) ) { \
BOOLEAN OldLoggingEnabled = EtwpLoggingEnabled; \ EtwpLoggingEnabled = TRUE; \ EtwpDbgPrint(("WMI Assertion: "#x" at %s %d\n", __FILE__, __LINE__)); \ EtwpLoggingEnabled = OldLoggingEnabled; \ DebugBreak(); }#endif
#else
#define EtwpAssert(x)
#endif
#if DBG
extern BOOLEAN EtwpLoggingEnabled;#ifdef MEMPHIS
void __cdecl DebugOut(char *Format, ...);#define EtwpDebugPrint(_x_) { if (EtwpLoggingEnabled) DebugOut _x_; }
#define EtwpDbgPrint(_x_) { if (EtwpLoggingEnabled) DebugOut _x_; }
#else
#define EtwpDebugPrint(_x_) { if (EtwpLoggingEnabled) DbgPrint _x_; }
#define EtwpDbgPrint(_x_) { if (EtwpLoggingEnabled) DbgPrint _x_; }
#endif
#else
#define EtwpDebugPrint(_x_)
#define EtwpDbgPrint(_x_)
#endif
#define NULL_GUID {0x00000000, 0x0000, 0x0000, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}
//
// Registry based config options. Only available on checked builds
//
#define WmiRegKeyText TEXT("\\Registry\\Machine\\System\\CurrentControlSet\\Control\\WMI")
#define PumpTimeoutRegValueText TEXT("NotificationPumpTimeout")
#define LoggingEnableValueText TEXT("LoggingEnabled")
#define DEFAULT_ALLOC_SIZE 4096
//
// WMI RPC related definitions
typedef struct{ WNODE_HEADER WnodeHeader; BYTE Data[1];} WNODE_INTERNAL, *PWNODE_INTERNAL;
#define INTERNAL_PROVIDER_ID 1
//
// Size of initial buffer used to read notifications from kernel mode
#define STARTNOTIFICATIONBUFFERSIZE 4096
#ifdef MEMPHIS
#define WmiRpcProtocolSequence TEXT("ncalrpc")
#define WmiServiceRpcProtocolSequence TEXT("ncalrpc")
#define WmiServiceRpcEndpoint TEXT("WmiRpcEndpoint")
#else
//#define WmiRpcProtocolSequence TEXT("ncalrpc")
//#define WmiRpcEndpointPrefix TEXT("NT")
#define WmiRpcProtocolSequence TEXT("ncacn_np")
#define WmiRpcEndpointPrefix TEXT("\\pipe\\")
#define WmiServiceRpcProtocolSequence TEXT("ncacn_np")
#define WmiServiceRpcEndpoint SVCS_RPC_PIPE
#endif
#define MinRpcCalls 1
#define MaxRpcCalls RPC_C_PROTSEQ_MAX_REQS_DEFAULT
//
// Time to wait between retrying an RPC call that was too busy to complete
#define RPC_BUSY_WAIT_TIMER 500
//
// Number of times to retry an RPC call that was too busy to complete
#define RPC_BUSY_WAIT_RETRIES 5
//
// WMI RPC interface principle name
#define WMI_RPC_PRINC_NAME TEXT("WMI_RPC_PRINC_NAME")
//
// This macro will break CountedString into a pointer to the actual string
// and the actual length of the string excluding any trailing nul characters
#define EtwpBreakCountedString(CountedString, CountedStringLen) { \
CountedStringLen = *CountedString++; \ if (CountedString[(CountedStringLen-sizeof(WCHAR))/sizeof(WCHAR)] == UNICODE_NULL) \ { \ CountedStringLen -= sizeof(WCHAR); \ } \}
typedef struct{ HANDLE GuidHandle; PVOID DeliveryInfo; ULONG_PTR DeliveryContext; ULONG Flags;} NOTIFYEE, *PNOTIFYEE;
#define STATIC_NOTIFYEE_COUNT 2
typedef struct{ LIST_ENTRY GNList; GUID Guid; ULONG RefCount; ULONG NotifyeeCount; PNOTIFYEE Notifyee; NOTIFYEE StaticNotifyee[STATIC_NOTIFYEE_COUNT]; BOOLEAN bInProgress; } GUIDNOTIFICATION, *PGUIDNOTIFICATION;
#define EtwpAllocGNEntry() (PGUIDNOTIFICATION)EtwpAlloc(sizeof(GUIDNOTIFICATION))
#define EtwpFreeGNEntry(GNEntry) EtwpFree(GNEntry)
#define EtwpReferenceGNEntry(GNEntry) InterlockedIncrement(&GNEntry->RefCount);
//
// Notification Cookie data structures
//#if DBG
//#define NOTIFYCOOKIESPERCHUNK 2
//#else
//#define NOTIFYCOOKIESPERCHUNK 128
//#endif
/*
typedef struct{ PVOID DeliveryContext; PVOID DeliveryInfo; GUID Guid; BOOLEAN InUse;} NOTIFYCOOKIE, *PNOTIFYCOOKIE;
typedef struct{ LIST_ENTRY Next; // Next cookie chunk
ULONG BaseSlot; // Index of first slot number
USHORT FreeSlot; // Index to a free cookie
BOOLEAN Full; // TRUE if this chunk is full
NOTIFYCOOKIE Cookies[NOTIFYCOOKIESPERCHUNK];} NOTIFYCOOKIECHUNK, *PNOTIFYCOOKIECHUNK;*/
//
// Useful macro to establish a WNODE_HEADER quickly
#ifdef _WIN64
#define EtwpBuildWnodeHeader(Wnode, WnodeSize, FlagsUlong, Handle) { \
(Wnode)->Flags = FlagsUlong; \ (Wnode)->KernelHandle = Handle; \ (Wnode)->BufferSize = WnodeSize; \ (Wnode)->Linkage = 0; \}
#else
#define EtwpBuildWnodeHeader(Wnode, WnodeSize, FlagsUlong, Handle) { \
(Wnode)->Flags = FlagsUlong; \ *((PULONG64)(&((Wnode)->TimeStamp))) = (ULONG64)(IntToPtr(PtrToInt(Handle))); \ (Wnode)->BufferSize = WnodeSize; \ (Wnode)->Linkage = 0; \}
#endif
#ifdef MEMPHIS
extern HANDLE PMMutex;#define EtwpEnterPMCritSection() WaitForSingleObject(PMMutex, INFINITE)
#define EtwpLeavePMCritSection() ReleaseMutex(PMMutex)
#else
extern RTL_CRITICAL_SECTION PMCritSect;extern HANDLE EtwpCBInProgressEvent;#if DBG
#define EtwpEnterPMCritSection() \
EtwpAssert(NT_SUCCESS(RtlEnterCriticalSection(&PMCritSect)));
#define EtwpLeavePMCritSection() { \
EtwpAssert(PMCritSect.LockCount >= 0); \ EtwpAssert(NT_SUCCESS(RtlLeaveCriticalSection(&PMCritSect))); }
//
// Assumptions about EtwpLockCB and EtwpUnlockCB:
// 1. Called only by the Pump Thread
// 2. There can be only one callback in progress at any time with the
// Global event EtwpCBInProgressEvent unset and the corresponding GNEntry
// marked as InProgress.
// 3. Once the callback completes (successfully or not), the event is set
// and the GNEntry unlocked.
// 4. Unregistering threads remove the GNEntry first and then check to see
// whether to block for the PumpThread based on InProgressFlag.
// 5. No callbacks are permitted if the GNEntry is not found in the GNList.
//
#define EtwpLockCB(GNEntry) { \
EtwpDebugPrint(("WMI: Locking GNEntry 0x%x %s %d\n", GNEntry, __FILE__, __LINE__)); \ EtwpAssert( GNEntry->bInProgress == FALSE); \ GNEntry->bInProgress = TRUE; \ NtClearEvent (EtwpCBInProgressEvent); }
#define EtwpUnlockCB(GNEntry) { \
EtwpDebugPrint(("WMI: Unlocking GNEntry 0x%x %s %d\n", GNEntry, __FILE__, __LINE__)); \ EtwpAssert( GNEntry->bInProgress == TRUE); \ NtSetEvent(EtwpCBInProgressEvent, NULL); \ GNEntry->bInProgress = FALSE;}
#else
#define EtwpEnterPMCritSection() RtlEnterCriticalSection(&PMCritSect)
#define EtwpLeavePMCritSection() RtlLeaveCriticalSection(&PMCritSect)
#define EtwpLockCB(GNEntry) {\
GNEntry->bInProgress = TRUE; \ NtClearEvent (EtwpCBInProgressEvent);}#define EtwpUnlockCB(GNEntry) { \
NtSetEvent(EtwpCBInProgressEvent, NULL); \ GNEntry->bInProgress = FALSE; }
#endif // DBG
#endif // MEMPHIS
typedef struct{ NOTIFICATIONCALLBACK Callback; ULONG_PTR Context; PWNODE_HEADER Wnode; BYTE WnodeBuffer[1];} NOTIFDELIVERYCTX, *PNOTIFDELIVERYCTX;
// from handle.c
#define EtwpVerifyToken() \
{ \ ULONG VerifyStatus; \ VerifyStatus = EtwpCheckImpersonationTokenType(); \ if (VerifyStatus != ERROR_SUCCESS) \ { \ SetLastError(VerifyStatus); \ return(VerifyStatus); \ } \}
ULONG EtwpCheckImpersonationTokenType( void );
ULONG EtwpCopyStringToCountedUnicode( LPCWSTR String, PWCHAR CountedString, ULONG *BytesUsed, BOOLEAN ConvertFromAnsi );
ULONG EtwpCountedAnsiToCountedUnicode( PCHAR Ansi, PWCHAR Unicode );
ULONG EtwpCountedUnicodeToCountedAnsi( PWCHAR Unicode, PCHAR Ansi );
#ifndef MEMPHIS
ULONG EtwpCheckGuidAccess( LPGUID Guid, ACCESS_MASK DesiredAccess );
ULONG EtwpOpenKernelGuid( LPGUID Guid, ACCESS_MASK DesiredAccess, PHANDLE Handle, ULONG Ioctl );#endif
/*
ULONG EtwpAllocateCookie( PVOID DeliveryInfo, PVOID DeliveryContext, LPGUID Guid );
BOOLEAN EtwpLookupCookie( ULONG CookieSlot, LPGUID Guid, PVOID *DeliveryInfo, PVOID *DeliveryContext );
void EtwpGetGuidInCookie( ULONG CookieSlot, LPGUID Guid );
void EtwpFreeCookie( ULONG CookieSlot );*/
PGUIDNOTIFICATIONEtwpFindAndLockGuidNotification( LPGUID Guid, BOOLEAN bLock );
ULONGEtwpAddToGNList( LPGUID Guid, PVOID DeliveryInfo, ULONG_PTR DeliveryContext, ULONG Flags, HANDLE GuidHandle );
ULONGEtwpRemoveFromGNList( LPGUID Guid, PVOID DeliveryInfo );
BOOLEANEtwpDereferenceGNEntry( PGUIDNOTIFICATION GNEntry );
//PTCHAR GuidToString(
// PTCHAR s,
// LPGUID piid
// );
PCHAR GuidToStringA( PCHAR s, ULONG szBuf, LPGUID piid );
// from request.c
ULONG EtwpSendWmiRequest( ULONG ActionCode, PWNODE_HEADER Wnode, ULONG WnodeSize, PVOID OutBuffer, ULONG MaxBufferSize, ULONG *RetSize );
ULONG EtwpSendWmiKMRequest( HANDLE Handle, ULONG Ioctl, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG MaxBufferSize, ULONG *ReturnSize, LPOVERLAPPED Overlapped );
ULONG EtwpSendRegisterKMRequest( HANDLE DeviceHandle, ULONG Ioctl, PVOID InBuffer, ULONG InBufferSize, PVOID OutBuffer, ULONG MaxBufferSize, ULONG *ReturnSize, LPOVERLAPPED Overlapped );
ULONG EtwpConvertWADToAnsi( PWNODE_ALL_DATA Wnode );
ULONG EtwpConvertWADToUnicode( PWNODE_ALL_DATA WnodeAllData, ULONG *BufferSize );
ULONG EtwpRegisterGuids( IN LPGUID MasterGuid, IN LPGUID ControlGuid, IN LPCWSTR MofImagePath, IN LPCWSTR MofResourceName, OUT ULONG64 *LoggerContext, OUT HANDLE *RegistrationHandle );
//
// from intrnldp.c
ULONG EtwpInternalProvider( ULONG ActionCode, PWNODE_HEADER Wnode, ULONG MaxWnodeSize, PVOID OutBuffer, ULONG *RetSize );
ULONGEtwpEnumRegGuids( PWMIGUIDLISTINFO *pGuidInfo );
//
// from dcapi.c
ULONGEtwpNotificationRegistration( IN LPGUID InGuid, IN BOOLEAN Enable, IN PVOID DeliveryInfo, IN ULONG_PTR DeliveryContext, IN ULONG64 LoggerContext, IN ULONG Flags, IN BOOLEAN IsAnsi );
//
// from mofapi.c
//
void EtwpProcessLanguageAddRemoveEvent( IN PWNODE_SINGLE_INSTANCE WnodeSI, IN NOTIFICATIONCALLBACK Callback, IN ULONG_PTR DeliveryContext, IN BOOLEAN IsAnsi );
void EtwpProcessMofAddRemoveEvent( IN PWNODE_SINGLE_INSTANCE WnodeSI, IN NOTIFICATIONCALLBACK Callback, IN ULONG_PTR DeliveryContext, IN BOOLEAN IsAnsi );
//
// from notify.c
extern ULONG EtwpNotificationSinkIndex;#ifndef MEMPHIS
ULONG EtwpProcessUMRequest( PWMI_LOGGER_INFORMATION LoggerInfo, PVOID DeliveryContext, ULONG ReplyIndex );
#endif
ULONG EtwpAddHandleToEventPump( LPGUID Guid, PVOID DeliveryInfo, ULONG_PTR DeliveryContext, ULONG NotificationFlags, HANDLE GuidHandle );
void EtwpMakeEventCallbacks( IN PWNODE_HEADER Wnode, IN NOTIFICATIONCALLBACK Callback, IN ULONG_PTR DeliveryContext, IN BOOLEAN IsAnsi );
ULONGEtwpReceiveNotifications( IN ULONG HandleCount, IN HANDLE *HandleList, IN NOTIFICATIONCALLBACK Callback, IN ULONG_PTR DeliveryContext, IN BOOLEAN IsAnsi, IN ULONG Action, IN PUSER_THREAD_START_ROUTINE UserModeCallback, IN HANDLE ProcessHandle );
ULONG EtwpEventPump( PVOID Param );
voidEtwpEnableDisableGuid( PWNODE_HEADER Wnode, ULONG RequestCode, BOOLEAN bDelayEnable );
//
// from main.c
VOIDEtwpCreateHeap( VOID );
#ifndef IsEqualGUID
#define IsEqualGUID(guid1, guid2) \
(!memcmp((guid1), (guid2), sizeof(GUID)))#endif
//
// These define the dll and mof resource name for all of the builtin mof
// resources
#define WMICOREDLLNAME L"wmicore.dll"
#define WMICOREMOFRESOURCENAME L"MofResource"
//
// This defines the registry key under which security descriptors associated
// with the guids are stored.
#ifndef MEMPHIS
#define WMISECURITYREGISTRYKEY TEXT("System\\CurrentControlSet\\Control\\Wmi\\Security")
#endif
//
// This defines the initial value of the buffer passed to each data provider
// to retrieve the registration information
#if DBG
#define INITIALREGINFOSIZE sizeof(WNODE_TOO_SMALL)
#else
#define INITIALREGINFOSIZE 8192
#endif
//
// Chunk Management definitions
// All structures that rely upon the chunk allocator must be defined so that
// their members match that of ENTRYHEADER. These include DATASOURCE,
// GUIDENTRY, INSTANCESET, DCENTRY, NOTIFICATIONENTRY, MOFCLASS, MOFRESOURCE
// Also ENTRYHEADER reserves 0x80000000 for its own flag.
struct _CHUNKINFO;struct _ENTRYHEADER;
typedef void (*ENTRYCLEANUP)( struct _CHUNKINFO *, struct _ENTRYHEADER * );
typedef struct _CHUNKINFO{ LIST_ENTRY ChunkHead; // Head of list of chunks
ULONG EntrySize; // Size of a single entry
ULONG EntriesPerChunk; // Number of entries per chunk allocation
ENTRYCLEANUP EntryCleanup; // Entry cleanup routine
ULONG InitialFlags; // Initial flags for all entries
ULONG Signature;#if DBG
ULONG AllocCount; ULONG FreeCount;#endif
} CHUNKINFO, *PCHUNKINFO;
typedef struct{ LIST_ENTRY ChunkList; // Node in list of chunks
LIST_ENTRY FreeEntryHead; // Head of list of free entries in chunk
ULONG EntriesInUse; // Count of entries being used
} CHUNKHEADER, *PCHUNKHEADER;
typedef struct _ENTRYHEADER{ union { LIST_ENTRY FreeEntryList; // Node in list of free entries
LIST_ENTRY InUseEntryList; // Node in list ofin use entries
}; PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags; // Flags
ULONG RefCount; // Reference Count
ULONG Signature;} ENTRYHEADER, *PENTRYHEADER;
// Set if the entry is free
#define FLAG_ENTRY_ON_FREE_LIST 0x80000000
#define FLAG_ENTRY_ON_INUSE_LIST 0x40000000
#define FLAG_ENTRY_INVALID 0x20000000
#define FLAG_ENTRY_REMOVE_LIST 0x10000000
#define EtwpReferenceEntry(Entry) \
InterlockedIncrement(&((PENTRYHEADER)(Entry))->RefCount)
// chunk.c
#ifndef MEMPHIS
ULONG EtwpBuildGuidObjectAttributes( IN LPGUID Guid, OUT POBJECT_ATTRIBUTES ObjectAttributes, OUT PUNICODE_STRING GuidString, OUT PWCHAR GuidObjectName );#endif
ULONG EtwpUnreferenceEntry( PCHUNKINFO ChunkInfo, PENTRYHEADER Entry);
PENTRYHEADER EtwpAllocEntry( PCHUNKINFO ChunkInfo );
void EtwpFreeEntry( PCHUNKINFO ChunkInfo, PENTRYHEADER Entry );
//
// This is the guid that denotes non event notifications. WMICore
// automatically registers anyone opening a guid to
extern GUID RegChangeNotificationGuid;
extern CHUNKINFO DSChunkInfo;extern CHUNKINFO GEChunkInfo;extern CHUNKINFO ISChunkInfo;extern CHUNKINFO DCChunkInfo;extern CHUNKINFO NEChunkInfo;extern CHUNKINFO MRChunkInfo;
struct tagGUIDENTRY;typedef struct tagGUIDENTRY GUIDENTRY, *PGUIDENTRY, *PBGUIDENTRY;
struct tagDATASOURCE;
//
// An INSTANCESET contains the information a set of instances that is provided
// by a single data source. An instance set is part of two lists. One list is
// the set of instance sets for a particular guid. The other list is the list
// of instance sets supported by a data source.
//
//
// Instance names for an instance set registered with a base name and count
// are stored in a ISBASENAME structure. This structure is tracked by
// PDFISBASENAME in wmicore.idl.
typedef struct{ ULONG BaseIndex; // First index to append to base name
WCHAR BaseName[1]; // Actual base name
} ISBASENAME, *PISBASENAME, *PBISBASENAME;
//
// This defines the maximum number of characters that can be part of a suffix
// to a basename. The current value of 6 will allow up to 999999 instances
// of a guid with a static base name
#define MAXBASENAMESUFFIXSIZE 6
//
// Instance names for an instance set registerd with a set of static names
// are kept in a ISSTATICNAMES structure. This structure is tracked by
// PDFISSTATICNAMES defined in wmicore.idl
typedef struct{ PWCHAR StaticNamePtr[1]; // pointers to static names
// WCHAR StaticNames[1];
} ISSTATICENAMES, *PISSTATICNAMES, *PBISSTATICNAMES;
typedef struct tagInstanceSet{ union { // Entry in list of instances within a guid
LIST_ENTRY GuidISList;
// Entry in main list of free instances
LIST_ENTRY FreeISList; }; PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags;
// Reference count of number of guids using this instance set
ULONG RefCount;
// Signature to identify entry
ULONG Signature;
// Entry in list of instances within a data source
LIST_ENTRY DSISList;
// Back link to guid that this instance set is a member
PBGUIDENTRY GuidEntry;
// Back link to data source that this instance set is a member
struct tagDATASOURCE *DataSource;
// Count of instances in instance set
ULONG Count;
//
// If IS_INSTANCE_BASENAME is set then IsBaseName pointe at instance base
// name structure. Else if IS_INSTANCE_STATICNAME is set then
// IsStaticNames points to static instance name list. If
union { PBISBASENAME IsBaseName; PBISSTATICNAMES IsStaticNames; };
} INSTANCESET, *PINSTANCESET, *PBINSTANCESET;
#define IS_SIGNATURE 'nalA'
//
// Guid Map Entry List maintains the list of Guid and their maps.
// Only those Guids that are Unregistered while a logger session is in
// progress is kept in this list.
// It is also used as a placeholder for InstanceIds. Trace Guid Registration
// calls return a handle to a GUIDMAPENTRY which maintains the map and the
// Instance Ids.
//
typedef struct tagTRACE_REG_INFO{ BOOLEAN EnabledState; // Indicates if this GUID is Enabled or not.
PVOID NotifyRoutine; PVOID TraceCtxHandle; PVOID NotifyContext; ULONG64 LoggerContext;} TRACE_REG_INFO, *PTRACE_REG_INFO;
typedef struct{ ULONG InstanceId; ULONG Reserved; GUID Guid;} GUIDMAPENTRY, *PGUIDMAPENTRY;
#define IS_INSTANCE_BASENAME 0x00000001
#define IS_INSTANCE_STATICNAMES 0x00000002
#define IS_EXPENSIVE 0x00000004 // set if collection must be enabled
#define IS_COLLECTING 0x00000008 // set when collecting
#define IS_KM_PROVIDER 0x00000080 // KM data provider
#define IS_SM_PROVIDER 0x00000100 // Shared memory provider
#define IS_UM_PROVIDER 0x00000200 // User mode provider
#define IS_NEWLY_REGISTERED 0x00000800 // set if IS is registering
//
// Any traced guids are used for trace logging and not querying
#define IS_TRACED 0x00001000
// Set when events are enabled for instance set
#define IS_ENABLE_EVENT 0x00002000
// Set when events are enabled for instance set
#define IS_ENABLE_COLLECTION 0x00004000
// Set if guid is used only for firing events and not querying
#define IS_EVENT_ONLY 0x00008000
// Set if data provider for instance set is expecting ansi instsance names
#define IS_ANSI_INSTANCENAMES 0x00010000
// Set if instance names are originated from a PDO
#define IS_PDO_INSTANCENAME 0x00020000
// If set the data provider for the InstanceSet is internal to wmi.dll
#define IS_INTERNAL_PROVIDER 0x00040000
// Set if a Traced Guid is also a Trace Control Guid
#define IS_CONTROL_GUID 0x00080000
#define IS_ON_FREE_LIST 0x80000000
typedef struct tagGUIDENTRY{ union { // Entry in list of all guids registered with WMI
LIST_ENTRY MainGEList;
// Entry in list of free guid entry blocks
LIST_ENTRY FreeGEList; }; PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags;
// Count of number of data sources using this guid
ULONG RefCount;
// Signature to identify entry
ULONG Signature;
// Count of InstanceSets headed by this guid
ULONG ISCount;
// Head of list of all instances for guid
LIST_ENTRY ISHead;
// Guid that represents data block
GUID Guid;
} GUIDENTRY, *PGUIDENTRY, *PBGUIDENTRY;
#define GE_SIGNATURE 'diuG'
#define GE_ON_FREE_LIST 0x80000000
//
// When set this guid is an internally defined guid that has no data source
// attached to it.
#define GE_FLAG_INTERNAL 0x00000001
typedef struct{ union { // Entry in list of all DS
LIST_ENTRY MainMRList;
// Entry in list of free DS
LIST_ENTRY FreeMRList; }; PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags;
ULONG RefCount;
// Signature to identify entry
ULONG Signature;
PWCHAR MofImagePath; // Path to image file with resource
PWCHAR MofResourceName; // Name of resource containing mof data
#ifdef WMI_USER_MODE
LIST_ENTRY MRMCHead;#endif
} MOFRESOURCE, *PMOFRESOURCE;
#define MR_SIGNATURE 'yhsA'
#if DBG
#define AVGMOFRESOURCECOUNT 1
#else
#define AVGMOFRESOURCECOUNT 4
#endif
typedef struct tagDATASOURCE{ union { // Entry in list of all DS
LIST_ENTRY MainDSList;
// Entry in list of free DS
LIST_ENTRY FreeDSList; }; PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags;
ULONG RefCount;
ULONG Signature;
// Head of list of instances for this DS
LIST_ENTRY ISHead;
// Binding string and callback address for DS rpc server
PTCHAR BindingString; RPC_BINDING_HANDLE RpcBindingHandle; ULONG RequestAddress; ULONG RequestContext;
// Provider id of kernel mode driver
ULONG_PTR ProviderId;
// Path to registry holding ACLs
PTCHAR RegistryPath;
// Head of list of MofResources attached to data source
ULONG MofResourceCount; PMOFRESOURCE *MofResources; PMOFRESOURCE StaticMofResources[AVGMOFRESOURCECOUNT];};
#define DS_SIGNATURE ' naD'
#define VERIFY_DPCTXHANDLE(DsCtxHandle) \
( ((DsCtxHandle) == NULL) || \ (((PBDATASOURCE)(DsCtxHandle))->Signature == DS_SIGNATURE) ) typedef struct tagDATASOURCE DATASOURCE, *PDATASOURCE, *PBDATASOURCE;
#define DS_ALLOW_ALL_ACCESS 0x00000001
#define DS_KERNEL_MODE 0x00000002
//
// Set in the Internal WMI data source
#define DS_INTERNAL 0x00000004
#define DS_ON_FREE_LIST 0x80000000
//
// A list of enabled notifications is maintained by the wmi service to mange
// delivering events and to know when to send enable and disable event
// wmi requests to the data providers. Each NOTIFICATIONENTRY has an array of
// DCREF which is a reference to the data consumer who is interested in the
// event.
#define RPCOUTSTANDINGCALLLIMIT 128
typedef struct{ LIST_ENTRY MainDCList; // Node on global data consumer list
PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags; ULONG RefCount;
ULONG Signature; // Actual RPC binding handle
RPC_BINDING_HANDLE RpcBindingHandle;
PUCHAR EventData; // Buffer to hold events to be sent
ULONG LastEventOffset; // Offset in EventData to previous event
ULONG NextEventOffset; // Offset in EventData to write next event
ULONG EventDataSizeLeft; // Number of bytes left to use in EventData
ULONG RpcCallsOutstanding; // Number of rpc calls outstanding
#if DBG
PTCHAR BindingString; // Binding string for consumer
#endif
} DCENTRY, *PDCENTRY;
#define DC_SIGNATURE 'cirE'
// If the data consumer has had its context rundown routine then this flag
// is set. This indicates that the data consumer has gone away and no more
// events should be sent to him.
#define DC_FLAG_RUNDOWN 0x00000001
#define VERIFY_DCCTXHANDLE(DcCtxHandle) \
( ((DcCtxHandle) == NULL) || \ (((PDCENTRY)(DcCtxHandle))->Signature == DC_SIGNATURE) )
typedef struct{ PDCENTRY DcEntry; // points at data consumer interested in notification
// Number of times collect has been enabled by
// this DC.
ULONG CollectRefCount;
// Number of times collect has been enabled by
// this DC.
ULONG EventRefCount;
ULONG Flags; // Flags
ULONG LostEventCount;} DCREF, *PDCREF;
//
// _ENABLED flag set if DP already called to enable notification or collection
#define DCREF_FLAG_NOTIFICATION_ENABLED 0x00000001
#define DCREF_FLAG_COLLECTION_ENABLED 0x00000002
// if DCREF_FLAG_NO_EXTRA_THREAD set then WMI will not create a special thread
// to do the direct notification callback.
#define DCREF_FLAG_NO_EXTRA_THREAD 0x00000008
// If this flag is set then the notification callback is expecting an ANSI
// instance names.
#define DCREF_FLAG_ANSI 0x00000010
// NOTE: Other notification flags in wmium.h are:
// NOTIFICATION_TRACE_FLAG 0x00010000
//
// NOTIFICATION_FLAG_CALLBACK_DIRECT is set when NotifyAddress specifies
// a direct callback address for delivering the event.
//
// NOTIFICATION_FLAG_CALLBACK_DIRECT is set when NotifyAddress specifies
// a direct callback address for delivering the event.
//
#define NOTIFICATION_FLAG_CALLBACK_DIRECT 0x00020000
#define NOTIFICATION_FLAG_CALLBACK_QUEUED 0x00040000
#define NOTIFICATION_FLAG_WINDOW 0x00080000
#define NOTIFICATION_FLAG_BATCHED 0x00100000
//
// This flag is set for those guid handles that may be duplicated in
// the list. All Notifyee slots that have this flag are considered in a
// group and only one handle needs to be put on the list
//
#define NOTIFICATION_FLAG_GROUPED_EVENT 0x00200000
//
// This flag is set for those guid handles that are pending closure.
// Only the pump thread is allowed to close a handle; the main threads
// will set this flag to indicate that the handle should no longer be
// used. When the pump thread builds the list of handles and notices
// the flag it will close the handle.
//
#define NOTIFICATION_FLAG_PENDING_CLOSE 0x00400000
#define EtwpIsNotifyeePendingClose(Notifyee) \
(((Notifyee)->Flags & NOTIFICATION_FLAG_PENDING_CLOSE) == NOTIFICATION_FLAG_PENDING_CLOSE)
//
// These are the flags contained in DcRef->Flags that pertain to Notifications
#define NOTIFICATION_MASK_EVENT_FLAGS \
(NOTIFICATION_FLAG_CALLBACK_DIRECT | \ NOTIFICATION_FLAG_CALLBACK_QUEUED | \ NOTIFICATION_FLAG_WINDOW | \ DCREF_FLAG_NO_EXTRA_THREAD | \ DCREF_FLAG_ANSI)
//
// This defines the number of DC references a NOTIFICATIONENTRY can have
// in a single entry
// CONSIDER: Merging NOTIFICATIONENTRY with GUIDENTRY
#define DCREFPERNOTIFICATION 16
typedef struct _notificationentry{ LIST_ENTRY MainNotificationList; // Node in main notifications list
PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags; // flags
ULONG RefCount;
// Signature to identify entry
ULONG Signature;
GUID Guid; // guid representing notification
// If > DCREFPERNOTIFICATION DC have
// enabled this event then this points
// to another NOTIFICATIONENTRY which
// has another DCREF array
struct _notificationentry *Continuation; ULONG EventRefCount; // Global count of event enables
ULONG CollectRefCount; // Global count of collection enables
ULONG64 LoggerContext; // Logger context handle
HANDLE CollectInProgress; // Event set when all collect complete
DCREF DcRef[DCREFPERNOTIFICATION]; // DC that have enabled this event
} NOTIFICATIONENTRY, *PNOTIFICATIONENTRY;
#define NE_SIGNATURE 'eluJ'
// Set when a notification request is being processed by the data providers
#define NE_FLAG_NOTIFICATION_IN_PROGRESS 0x00000001
// Set when a collection request is being processed by the data providers
#define NE_FLAG_COLLECTION_IN_PROGRESS 0x00000002
// Set when a trace disable is being processed by a worker thread
#define NE_FLAG_TRACEDISABLE_IN_PROGRESS 0x00000004
#ifdef WMI_USER_MODE
//
// Valid MOF data types for qualifiers and properties (data items)
typedef enum{ MOFInt32 = 0, // 32bit integer
MOFUInt32 = 1, // 32bit unsigned integer
MOFInt64 = 2, // 64bit integer
MOFUInt64 = 3, // 32bit unsigned integer
MOFInt16 = 4, // 16bit integer
MOFUInt16 = 5, // 16bit unsigned integer
MOFChar = 6, // 8bit integer
MOFByte = 7, // 8bit unsigned integer
MOFWChar = 8, // Wide (16bit) character
MOFDate = 9, // Date field
MOFBoolean = 10, // 8bit Boolean value
MOFEmbedded = 11, // Embedded class
MOFString = 12, // Counted String type
MOFZTString = 13, // NULL terminated unicode string
MOFAnsiString = 14, // NULL terminated ansi string
MOFUnknown = 0xffffffff // Data type is not known
} MOFDATATYPE, *PMOFDATATYPE;
// Data items that are of type MOFString are stored in the data block as a
// counted unicode string. The text of the string is always preceeded by
// a USHORT which contains the count of bytes following that composes the
// string. The string may be NULL terminated and in that case the count must
// include the null termination bytes.
// Data items that are of type MOFDate are fixed length Unicode strings and
// not preceeded by a count value. It is in the following fixed format:
//
// yyyymmddhhmmss.mmmmmmsutc
//
// Where yyyy is a 4 digit year, mm is the month, dd is the day, hh is
// the hour (24-hour clock), mm is the minute, ss is the second, the
// mmmmmm is the number of microseconds (typically all zeros) and s is a
// "+" or "-" indicating the sign of the UTC (correction field, and utc
// is the offset from UTC in minutes (using the sign indicated by s).
// For example, Wednesday, May 25, 1994, at 1:30:15 PM EDT would be
// represented as:
//
// 19940525133015.0000000-300
//
// Values MUST be zero-padded so that the entire string is always the
// same 25-character length. Fields which are not significant MUST be
// replaced with asterisk characters. Similarly, intervals use the
// same format, except that the interpretation of the fields is based
// on elapsed time. For example, an elapsed time of 1 day, 13 hours,
// 23 minutes, and 12 seconds would be:
//
// 00000001132312.000000+000
//
// A UTC offset of zero is always used for interval properties.
struct _MOFCLASSINFOW;struct _MOFCLASSINFOA;
//
// Each class has one or more data items that are described by a MOFDATAITEM
// structure.
typedef struct{#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
Name; // Text name of data item
#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
Description; // Text description of data item
MOFDATATYPE DataType; // MOF data type
ULONG Version; // Version that this MOF is part of
ULONG SizeInBytes; // Size of data item in Blob
ULONG Flags; // Flags, See MOFDI_FLAG_*
GUID EmbeddedClassGuid; // Guid of data item's embedded class
ULONG FixedArrayElements; // Number of elements in fixed sized array
// Used when MOF_FLAG_FIXED_ARRAY is set
ULONG VariableArraySizeId; // MOF_FLAG_VARIABLE_ARRAY, Data id of
// variable containing number of elements
// in array
PVOID VarArrayTempPtr; PVOID EcTempPtr; ULONG_PTR PropertyQualifierHandle; ULONG MethodId; LPWSTR HeaderName;// Name of structure in generated header
struct _MOFCLASSINFOW *MethodClassInfo; ULONG MaxLen;} MOFDATAITEMW, *PMOFDATAITEMW;
typedef struct{ LPSTR Name; // Text name of data item
LPSTR Description; // Text description of data item
MOFDATATYPE DataType; // MOF data type
ULONG Version; // Version that this MOF is part of
ULONG SizeInBytes; // Size of data item in Blob
ULONG Flags; // Flags, See MOFDI_FLAG_*
GUID EmbeddedClassGuid; // Guid of data item's embedded class
ULONG FixedArrayElements; // Number of elements in fixed sized array
// Used when MOF_FLAG_FIXED_ARRAY is set
ULONG VariableArraySizeId; // MOF_FLAG_VARIABLE_ARRAY, Data id of
// variable containing number of elements
// in array
PVOID VarArrayTempPtr; PVOID EcTempPtr; ULONG_PTR PropertyQualifierHandle; ULONG MethodId; LPSTR HeaderName; // Name of structure in generated header
struct _MOFCLASSINFOA *MethodClassInfo; ULONG MaxLen;} MOFDATAITEMA, *PMOFDATAITEMA;
#ifdef UNICODE
typedef MOFDATAITEMW MOFDATAITEM;typedef PMOFDATAITEMW PMOFDATAITEM;#else
typedef MOFDATAITEMA MOFDATAITEM;typedef PMOFDATAITEMA PMOFDATAITEM;#endif
// Data item is actually a fixed sized array
#define MOFDI_FLAG_FIXED_ARRAY 0x00000001
// Data item is actually a variable length array
#define MOFDI_FLAG_VARIABLE_ARRAY 0x00000002
// Data item is actually an embedded class
#define MOFDI_FLAG_EMBEDDED_CLASS 0x00000004
// Data item is readable
#define MOFDI_FLAG_READABLE 0x00000008
// Data item is writable
#define MOFDI_FLAG_WRITEABLE 0x00000010
// Data item is an event
#define MOFDI_FLAG_EVENT 0x00000020
// Embedded class Guid is not set
#define MOFDI_FLAG_EC_GUID_NOT_SET 0x00000040
// Data item is really a method
#define MOFDI_FLAG_METHOD 0x00000080
// Data item is an input method parameter
#define MOFDI_FLAG_INPUT_METHOD 0x00000100
// Data item is an output method parameter
#define MOFDI_FLAG_OUTPUT_METHOD 0x00000200
//
// The MOFCLASSINFO structure describes the format of a data block
typedef struct _MOFCLASSINFOW{ GUID Guid; // Guid that represents class
#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
Name; // Text name of class
#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
Description;// Text description of class
#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
HeaderName;// Name of structure in generated header
#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
GuidName1;// Name of Guid in generated header
#ifdef MIDL_PASS
[string] PDFWCHAR#else
LPWSTR#endif
GuidName2;// Name of Guid in generated header
USHORT Language; // Language of MOF
USHORT Reserved; ULONG Flags; // Flags, see MOFGI_FLAG_*
ULONG Version; // Version of Guid
ULONG_PTR ClassQualifierHandle; // CBMOFObj, BMOF class qualifier ptr
ULONG DataItemCount; // Number of wmi data items (properties)
ULONG MethodCount; // Number of wmi data items (properties)
// Array of Property info
#ifdef MIDL_PASS
[size_is(DataItemCount)]#endif
MOFDATAITEMW *DataItems;#ifndef MIDL_PASS
UCHAR Tail[1];#endif
} MOFCLASSINFOW, *PMOFCLASSINFOW;
typedef struct _MOFCLASSINFOA{ GUID Guid; // Guid that represents class
LPSTR Name; // Text name of class
LPSTR Description;// Text description of class
LPSTR HeaderName;// Name of structure in generated header
LPSTR GuidName1;// Name of Guid in generated header
LPSTR GuidName2;// Name of Guid in generated header
USHORT Language; // Language of MOF
USHORT Reserved; ULONG Flags; // Flags, see MOFGI_FLAG_*
ULONG Version; // Version of Guid
ULONG_PTR ClassQualifierHandle; // CBMOFObj, BMOF class qualifier ptr
ULONG DataItemCount; // Number of wmi data items (properties)
ULONG MethodCount; // Number of wmi data items (properties)
// Array of Property info
MOFDATAITEMA *DataItems; UCHAR Tail[1];} MOFCLASSINFOA, *PMOFCLASSINFOA;
#ifdef UNICODE
typedef MOFCLASSINFOW MOFCLASSINFO;typedef PMOFCLASSINFOW PMOFCLASSINFO;#else
typedef MOFCLASSINFOA MOFCLASSINFO;typedef PMOFCLASSINFOA PMOFCLASSINFO;#endif
// 0x00000001 to 0x00000004 are not available
#define MOFCI_FLAG_EVENT 0x10000000
#define MOFCI_FLAG_EMBEDDED_CLASS 0x20000000
#define MOFCI_FLAG_READONLY 0x40000000
#define MOFCI_FLAG_METHOD_PARAMS 0x80000000
typedef struct{ union { // Entry in list of all DS
LIST_ENTRY MainMCList;
// Entry in list of free DS
LIST_ENTRY FreeMCList; }; PCHUNKHEADER Chunk; // Chunk in which entry is located
ULONG Flags;
ULONG RefCount;
PMOFCLASSINFOW MofClassInfo; // Actual class info data
LIST_ENTRY MCMRList; // Entry in list of MCs in a MR
LIST_ENTRY MCVersionList; // Head or entry in list of MCs with
// same guid, but possibly different versions
ULONG_PTR ClassObjectHandle; // CBMOFObj, BMOF class object ptr
PMOFRESOURCE MofResource; // Resource holding class info
} MOFCLASS, *PMOFCLASS;
// If this is set then the MOF class can never be replaced with a later version
#define MC_FLAG_NEVER_REPLACE 0x00000001
#endif
//
// AVGGUIDSPERDS defines a guess as to the number of guids that get registered
// by any data provider. It is used to allocate the buffer used to deliver
// registration change notifications.
#if DBG
#define AVGGUIDSPERDS 2
#else
#define AVGGUIDSPERDS 256
#endif
#define OffsetToPtr(Base, Offset) ((PBYTE)((PBYTE)(Base) + (Offset)))
//
// Guid and InstanceSet cache
#if DBG
#define PTRCACHEGROWSIZE 2
#else
#define PTRCACHEGROWSIZE 64
#endif
typedef struct{ LPGUID Guid; PBINSTANCESET InstanceSet;} PTRCACHE;
//
// Registration data structures
//
#ifdef MEMPHIS
extern HANDLE SMMutex;#define EtwpEnterSMCritSection() WaitForSingleObject(SMMutex, INFINITE)
#define EtwpLeaveSMCritSection() ReleaseMutex(SMMutex)
#else
extern RTL_CRITICAL_SECTION SMCritSect;#if DBG
#ifdef CRITSECTTRACE
#define EtwpEnterSMCritSection() { \
EtwpDebugPrint(("WMI: Enter SM Crit %s %d\n", __FILE__, __LINE__)); \ RtlEnterCriticalSection(&SMCritSect); }
#define EtwpLeaveSMCritSection() { \
EtwpDebugPrint(("WMI: Leave SM Crit %s %d\n", __FILE__, __LINE__)); \ RtlLeaveCriticalSection(&SMCritSect); }#else
#define EtwpEnterSMCritSection() \
EtwpAssert(NT_SUCCESS(RtlEnterCriticalSection(&SMCritSect)));#define EtwpLeaveSMCritSection() { \
EtwpAssert(SMCritSect.LockCount >= 0); \ EtwpAssert(NT_SUCCESS(RtlLeaveCriticalSection(&SMCritSect))); }#endif // CRITSECTTRACE
#else
#define EtwpEnterSMCritSection() RtlEnterCriticalSection(&SMCritSect)
#define EtwpLeaveSMCritSection() RtlLeaveCriticalSection(&SMCritSect)
#endif // DBG
#endif // MEMPHIS
#ifndef IsEqualGUID
#define IsEqualGUID(guid1, guid2) \
(!memcmp((guid1), (guid2), sizeof(GUID)))#endif
//
// WMI MOF result codes. Since they are never given to the caller they are
// defined in here
#define ERROR_WMIMOF_INCORRECT_DATA_TYPE -1 /* 0xffffffff */
#define ERROR_WMIMOF_NO_DATA -2 /* 0xfffffffe */
#define ERROR_WMIMOF_NOT_FOUND -3 /* 0xfffffffd */
#define ERROR_WMIMOF_UNUSED -4 /* 0xfffffffc */
// Property %ws in class %ws has no embedded class name
#define ERROR_WMIMOF_NO_EMBEDDED_CLASS_NAME -5 /* 0xfffffffb */
// Property %ws in class %ws has an unknown data type
#define ERROR_WMIMOF_UNKNOWN_DATA_TYPE -6 /* 0xfffffffa */
// Property %ws in class %ws has no syntax qualifier
#define ERROR_WMIMOF_NO_SYNTAX_QUALIFIER -7 /* 0xfffffff9 */
#define ERROR_WMIMOF_NO_CLASS_NAME -8 /* 0xfffffff8 */
#define ERROR_WMIMOF_BAD_DATA_FORMAT -9 /* 0xfffffff7 */
// Property %ws in class %ws has the same WmiDataId %d as property %ws
#define ERROR_WMIMOF_DUPLICATE_ID -10 /* 0xfffffff6 */
// Property %ws in class %ws has a WmiDataId of %d which is out of range
#define ERROR_WMIMOF_BAD_DATAITEM_ID -11 /* 0xfffffff5 */
#define ERROR_WMIMOF_MISSING_DATAITEM -12 /* 0xfffffff4 */
// Property for WmiDataId %d is not defined in class %ws
#define ERROR_WMIMOF_DATAITEM_NOT_FOUND -13 /* 0xfffffff3 */
// Embedded class %ws not defined for Property %ws in Class %ws
#define ERROR_WMIMOF_EMBEDDED_CLASS_NOT_FOUND -14 /* 0xfffffff2 */
// Property %ws in class %ws has an incorrect [WmiVersion] qualifier
#define ERROR_WMIMOF_INCONSISTENT_VERSIONING -15 /* 0xfffffff1 */
#define ERROR_WMIMOF_NO_PROPERTY_QUALIFERS -16 /* 0xfffffff0 */
// Class %ws has a badly formed or missing [guid] qualifier
#define ERROR_WMIMOF_BAD_OR_MISSING_GUID -17 /* 0xffffffef */
// Could not find property %ws which is the array size for property %ws in class %ws
#define ERROR_WMIMOF_VL_ARRAY_SIZE_NOT_FOUND -18 /* 0xffffffee */
// A class could not be parsed properly
#define ERROR_WMIMOF_CLASS_NOT_PARSED -19 /* 0xffffffed */
// Wmi class %ws requires the qualifiers [Dynamic, Provider("WmiProv")]
#define ERROR_WMIMOF_MISSING_HMOM_QUALIFIERS -20 /* 0xffffffec */
// Error accessing binary mof file %s
#define ERROR_WMIMOF_CANT_ACCESS_FILE -21 /* 0xffffffeb */
// Property InstanceName in class %ws must be type string and not %ws
#define ERROR_WMIMOF_INSTANCENAME_BAD_TYPE -22 /* 0xffffffea */
// Property Active in class %ws must be type bool and not %ws
#define ERROR_WMIMOF_ACTIVE_BAD_TYPE -23 /* 0xffffffe9 */
// Property %ws in class %ws does not have [WmiDataId()] qualifier
#define ERROR_WMIMOF_NO_WMIDATAID -24 /* 0xffffffe8 */
// Property InstanceName in class %ws must have [key] qualifier
#define ERROR_WMIMOF_INSTANCENAME_NOT_KEY -25 /* 0xffffffe7 */
// Class %ws does not have an InstanceName qualifier
#define ERROR_WMIMOF_NO_INSTANCENAME -26 /* 0xffffffe6 */
// Class %ws does not have an Active qualifier
#define ERROR_WMIMOF_NO_ACTIVE -27 /* 0xffffffe5 */
// Property %ws in class %ws is an array, but doesn't specify a dimension
#define ERROR_WMIMOF_MUST_DIM_ARRAY -28 /* 0xffffffe4 */
// The element count property %ws for the variable length array %ws in class %ws is not an integral type
#define ERROR_WMIMOF_BAD_VL_ARRAY_SIZE_TYPE -29 /* 0xdddddde4 */
// Property %ws in class %ws is both a fixed and variable length array
#define ERROR_WMIMOF_BOTH_FIXED_AND_VARIABLE_ARRAY -30 /* 0xffffffe3 */
// Embedded class %ws should not have InstaneName or Active properties
#define ERROR_WMIMOF_EMBEDDED_CLASS -31 /* 0xffffffe2 */
#define ERROR_WMIMOF_IMPLEMENTED_REQUIRED -32 /* 0xffffffe1 */
// TEXT("WmiMethodId for method %ws in class %ws must be unique")
#define ERROR_WMIMOF_DUPLICATE_METHODID -33 /* 0xffffffe0 */
// TEXT("WmiMethodId for method %ws in class %ws must be specified")
#define ERROR_WMIMOF_MISSING_METHODID -34 /* 0xffffffdf */
// TEXT("WmiMethodId for method %ws in class %ws must not be 0")
#define ERROR_WMIMOF_METHODID_ZERO -35 /* 0xffffffde */
// TEXT("Class %ws is derived from WmiEvent and may not be [abstract]")
#define ERROR_WMIMOF_WMIEVENT_ABSTRACT -36 /* 0xffffffdd */
// TEXT("The element count property for the variable length array
// %ws in class %ws is not a property of the class"),
#define ERROR_WMIMOF_VL_ARRAY_NOT_FOUND -37 /* 0xffffffdc */
// TEXT("An error occured resolving the variable length array
// property %ws in class %ws to element count property")
#define ERROR_WMIMOF_VL_ARRAY_NOT_RESOLVED -38 /* 0xffffffdb */
// TEXT("Method %ws in class %ws must return void\n")
#define ERROR_WMIMOF_METHOD_RETURN_NOT_VOID -39 /* 0xffffffda */
// TEXT("Embedded class %ws should not have any methods\n")
#define ERROR_WMIMOF_EMBEDDED_CLASS_HAS_METHODS -40 /* 0xffffffd9 */
#define ERROR_WMIMOF_COUNT 40
// This file is not a valid binary mof file
// ERROR_WMI_INVALID_MOF
// There was not enough memory to complete an operation
// ERROR_NOT_ENOUGH_MEMORY
//
// Function prototypes for private functions
//
// sharemem.c
ULONG EtwpEstablishSharedMemory( PBDATASOURCE DataSource, LPCTSTR SectionName, ULONG SectionSize );
//
// validate.c
BOOLEAN EtwpValidateCountedString( WCHAR *String );
BOOLEAN EtwpValidateGuid( LPGUID Guid );
BOOLEAN EtwpProbeForRead( PUCHAR Buffer, ULONG BufferSize );
//
// alloc.c
extern LIST_ENTRY GEHead;extern PLIST_ENTRY GEHeadPtr;extern CHUNKINFO GEChunkInfo;
extern LIST_ENTRY NEHead;extern PLIST_ENTRY NEHeadPtr;extern CHUNKINFO NEChunkInfo;
extern LIST_ENTRY DSHead;extern PLIST_ENTRY DSHeadPtr;extern CHUNKINFO DSChunkInfo;
extern LIST_ENTRY DCHead;extern PLIST_ENTRY DCHeadPtr;extern CHUNKINFO DCChunkInfo;
extern LIST_ENTRY MRHead;extern PLIST_ENTRY MRHeadPtr;extern CHUNKINFO MRChunkInfo;
extern CHUNKINFO ISChunkInfo;
extern LIST_ENTRY GMHead;extern PLIST_ENTRY GMHeadPtr;
#ifdef WMI_USER_MODE
extern LIST_ENTRY MCHead;extern PLIST_ENTRY MCHeadPtr;extern CHUNKINFO MCChunkInfo;#endif
#ifdef TRACK_REFERNECES
#define EtwpUnreferenceDS(DataSource) \
{ \ EtwpDebugPrint(("WMI: Unref DS %x at %s %d\n", DataSource, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&DSChunkInfo, (PENTRYHEADER)DataSource); \}
#define EtwpReferenceDS(DataSource) \
{ \ EtwpDebugPrint(("WMI: Ref DS %x at %s %d\n", DataSource, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)DataSource); \}
#define EtwpUnreferenceGE(GuidEntry) \
{ \ EtwpDebugPrint(("WMI: Unref GE %x at %s %d\n", GuidEntry, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&GEChunkInfo, (PENTRYHEADER)GuidEntry); \}
#define EtwpReferenceGE(GuidEntry) \
{ \ EtwpDebugPrint(("WMI: Ref GE %x at %s %d\n", GuidEntry, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)GuidEntry); \}
#define EtwpUnreferenceIS(InstanceSet) \
{ \ EtwpDebugPrint(("WMI: Unref IS %x at %s %d\n", InstanceSet, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&ISChunkInfo, (PENTRYHEADER)InstanceSet); \}
#define EtwpReferenceIS(InstanceSet) \
{ \ EtwpDebugPrint(("WMI: Ref IS %x at %s %d\n", InstanceSet, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)InstanceSet); \}
#define EtwpUnreferenceDC(DataConsumer) \
{ \ EtwpDebugPrint(("WMI: Unref DC %x at %s %d\n", DataConsumer, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&DCChunkInfo, (PENTRYHEADER)DataConsumer); \}
#define EtwpReferenceDC(DataConsumer) \
{ \ EtwpDebugPrint(("WMI: Ref DC %x at %s %d\n", DataConsumer, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)DataConsumer); \}
#define EtwpUnreferenceNE(NotificationEntry) \
{ \ EtwpDebugPrint(("WMI: Unref NE %x at %s %d\n", NotificationEntry, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&NEChunkInfo, (PENTRYHEADER)NotificationEntry); \}
#define EtwpReferenceNE(NotificationEntry) \
{ \ EtwpDebugPrint(("WMI: Ref NE %x at %s %d\n", NotificationEntry, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)NotificationEntry); \}
#define WmippUnreferenceMR(MofResource) \
{ \ EtwpDebugPrint(("WMI: Unref MR %x at %s %d\n", MofResource, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&MRChunkInfo, (PENTRYHEADER)MofResource); \}
#define WmipReferenceMR(MofResource) \
{ \ EtwpDebugPrint(("WMI: Ref MR %x at %s %d\n", MofResource, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)MofResource); \}
#ifdef WMI_USER_MODE
#define EtwpUnreferenceMC(MofClass) \
{ \ EtwpDebugPrint(("WMI: Unref MC %x at %s %d\n", MofClass, __FILE__, __LINE__)); \ EtwpUnreferenceEntry(&MCChunkInfo, (PENTRYHEADER)MofClass); \}
#define EtwpReferenceMC(MofClass) \
{ \ EtwpDebugPrint(("WMI: Ref MC %x at %s %d\n", MofClass, __FILE__, __LINE__)); \ EtwpReferenceEntry((PENTRYHEADER)MofClass); \}#endif
#else
#define EtwpUnreferenceDS(DataSource) \
EtwpUnreferenceEntry(&DSChunkInfo, (PENTRYHEADER)DataSource)
#define EtwpReferenceDS(DataSource) \
EtwpReferenceEntry((PENTRYHEADER)DataSource)
#define EtwpUnreferenceGE(GuidEntry) \
EtwpUnreferenceEntry(&GEChunkInfo, (PENTRYHEADER)GuidEntry)
#define EtwpReferenceGE(GuidEntry) \
EtwpReferenceEntry((PENTRYHEADER)GuidEntry)
#define EtwpUnreferenceIS(InstanceSet) \
EtwpUnreferenceEntry(&ISChunkInfo, (PENTRYHEADER)InstanceSet)
#define EtwpReferenceIS(InstanceSet) \
EtwpReferenceEntry((PENTRYHEADER)InstanceSet)
#define EtwpUnreferenceDC(DataConsumer) \
EtwpUnreferenceEntry(&DCChunkInfo, (PENTRYHEADER)DataConsumer)
#define EtwpReferenceDC(DataConsumer) \
EtwpReferenceEntry((PENTRYHEADER)DataConsumer)
#define EtwpUnreferenceNE(NotificationEntry) \
EtwpUnreferenceEntry(&NEChunkInfo, (PENTRYHEADER)NotificationEntry)
#define EtwpReferenceNE(NotificationEntry) \
EtwpReferenceEntry((PENTRYHEADER)NotificationEntry)
#define WmipUnreferenceMR(MofResource) \
EtwpUnreferenceEntry(&MRChunkInfo, (PENTRYHEADER)MofResource)
#define WmipReferenceMR(MofResource) \
EtwpReferenceEntry((PENTRYHEADER)MofResource)
#ifdef WMI_USER_MODE
#define EtwpUnreferenceMC(MofClass) \
EtwpUnreferenceEntry(&MCChunkInfo, (PENTRYHEADER)MofClass)
#define EtwpReferenceMC(MofClass) \
EtwpReferenceEntry((PENTRYHEADER)MofClass)#endif
#endif
PBDATASOURCE EtwpAllocDataSource( void );
PBGUIDENTRY EtwpAllocGuidEntry( void );
#define EtwpAllocInstanceSet() ((PBINSTANCESET)EtwpAllocEntry(&ISChunkInfo))
#define EtwpAllocDataConsumer() ((PDCENTRY)EtwpAllocEntry(&DCChunkInfo))
#define EtwpAllocNotificationEntry() ((PNOTIFICATIONENTRY)EtwpAllocEntry(&NEChunkInfo))
#define EtwpAllocMofResource() ((PMOFRESOURCE)EtwpAllocEntry(&MRChunkInfo))
#define WmipDebugPrint EtwpDebugPrint
#define WmipAlloc EtwpAlloc
#define WmipAssert EtwpAssert
#define WmipFree EtwpFree
#ifdef WMI_USER_MODE
#define EtwpAllocMofClass() ((PMOFCLASS)EtwpAllocEntry(&MCChunkInfo))
#endif
#define EtwpAllocString(Size) \
EtwpAlloc((Size)*sizeof(WCHAR))
#define EtwpFreeString(Ptr) \
EtwpFree(Ptr)
#ifdef MEMPHIS
#define EtwpAlloc(Size) \
malloc(Size)
#define EtwpFree(Ptr) \
free(Ptr) #define EtwpInitProcessHeap()
#else
//
// Reserve 1MB for WMI.DLL, but only commit 16K initially
#define DLLRESERVEDHEAPSIZE 1024 * 1024
#define DLLCOMMITHEAPSIZE 0 * 1024
//
// Reserve 1MB for WMI service, but only commit 16K initially
#define CORERESERVEDHEAPSIZE 1024 * 1024
#define CORECOMMITHEAPSIZE 16 * 1024
extern PVOID EtwpProcessHeap;
#define EtwpInitProcessHeap() \
{ \ if (EtwpProcessHeap == NULL) \ { \ EtwpCreateHeap(); \ } \}
#ifdef HEAPVALIDATION
PVOID EtwpAlloc( ULONG Size );
void EtwpFree( PVOID p );
#else
#if DBG
_inline PVOID EtwpAlloc(ULONG Size){ EtwpAssert(EtwpProcessHeap != NULL); return(RtlAllocateHeap(EtwpProcessHeap, 0, Size));}
_inline void EtwpFree(PVOID Ptr){ RtlFreeHeap(EtwpProcessHeap, 0, Ptr);}
#else
#define EtwpAlloc(Size) \
RtlAllocateHeap(EtwpProcessHeap, 0, Size)
#define EtwpFree(Ptr) \
RtlFreeHeap(EtwpProcessHeap, 0, Ptr)#endif
#endif
#endif
BOOLEAN EtwpRealloc( PVOID *Buffer, ULONG CurrentSize, ULONG NewSize, BOOLEAN FreeOriginalBuffer );
//
// datastr.c
extern GUID EtwpBinaryMofGuid;
void EtwpGenerateBinaryMofNotification( PBINSTANCESET BianryMofInstanceSet, LPCGUID Guid );
BOOLEAN EtwpEstablishInstanceSetRef( PBDATASOURCE DataSourceRef, LPGUID Guid, PBINSTANCESET InstanceSet );
ULONG EtwpAddDataSource( PTCHAR QueryBinding, ULONG RequestAddress, ULONG RequestContext, LPCTSTR ImagePath, PWMIREGINFOW RegistrationInfo, ULONG RegistrationInfoSize, ULONG_PTR *ProviderId, BOOLEAN IsAnsi );
ULONG EtwpUpdateAddGuid( PBDATASOURCE DataSource, PWMIREGGUID RegGuid, PWMIREGINFO RegistrationInfo, PBINSTANCESET *AddModInstanceSet );
ULONG EtwpUpdateModifyGuid( PBDATASOURCE DataSource, PWMIREGGUID RegGuid, PWMIREGINFO RegistrationInfo, PBINSTANCESET *AddModInstanceSet );
BOOLEAN EtwpUpdateRemoveGuid( PBDATASOURCE DataSource, PWMIREGGUID RegGuid, PBINSTANCESET *AddModInstanceSet );
void EtwpUpdateDataSource( ULONG_PTR ProviderId, PWMIREGINFOW RegistrationInfo, ULONG RetSize );
void EtwpRemoveDataSource( ULONG_PTR ProviderId );
void EtwpRemoveDataSourceByDS( PBDATASOURCE DataSource );
ULONG EtwpRegisterInternalDataSource( void );
PBGUIDENTRY EtwpFindGEByGuid( LPGUID Guid, BOOLEAN MakeTopOfList );
PBINSTANCESET EtwpFindISInDSByGuid( PBDATASOURCE DataSource, LPGUID Guid );
PNOTIFICATIONENTRY EtwpFindNEByGuid( GUID UNALIGNED *Guid, BOOLEAN MakeTopOfList );
PDCREF EtwpFindExistingAndFreeDCRefInNE( PNOTIFICATIONENTRY NotificationEntry, PDCENTRY DataConsumer, PDCREF *FreeDcRef );
PDCREF EtwpFindDCRefInNE( PNOTIFICATIONENTRY NotificationEntry, PDCENTRY DataConsumer );
PBDATASOURCE EtwpFindDSByProviderId( ULONG_PTR ProviderId );
PBINSTANCESET EtwpFindISByGuid( PBDATASOURCE DataSource, GUID UNALIGNED *Guid );
PMOFRESOURCE EtwpFindMRByNames( LPCWSTR ImagePath, LPCWSTR MofResourceName );
#ifdef WMI_USER_MODE
PMOFCLASS EtwpFindMCByGuid( LPGUID Guid );
PMOFCLASS EtwpFindMCByGuidAndBestLanguage( LPGUID Guid, WORD Language );
PMOFCLASS EtwpFindMCByGuidAndLanguage( LPGUID Guid, WORD Language );#endif
PBINSTANCESET EtwpFindISinGEbyName( PBGUIDENTRY GuidEntry, PWCHAR InstanceName, PULONG InstanceIndex );
PWNODE_HEADER EtwpGenerateRegistrationNotification( PBDATASOURCE DataSource, PWNODE_HEADER Wnode, ULONG GuidMax, ULONG NotificationCode );
BOOLEANEtwpIsControlGuid( PBGUIDENTRY GuidEntry );
void EtwpGenerateMofResourceNotification( LPWSTR ImagePath, LPWSTR ResourceName, LPCGUID Guid );
//
// wbem.c
ULONG EtwpBuildMofClassInfo( PBDATASOURCE DataSource, LPWSTR ImagePath, LPWSTR MofResourceName, PBOOLEAN NewMofResource );
ULONG EtwpReadBuiltinMof( void );
//
// from krnlmode.c
ULONG EtwpInitializeKM( HANDLE *WmiKMHandle );
void EtwpKMNonEventNotification( HANDLE WmiKMHandle, PWNODE_HEADER Wnode );
//
// main.c
extern HANDLE EtwpRestrictedToken;
NTSTATUS EtwpGetRegistryValue( TCHAR *ValueName, PULONG Value );
ULONG WmiRunService( ULONG Context#ifdef MEMPHIS
, HINSTANCE InstanceHandle#endif
);
ULONG EtwpInitializeAccess( PTCHAR *RpcStringBinding );
void WmiTerminateService( void );
ULONG WmiInitializeService( void);
void WmiDeinitializeService( void);
void EtwpEventNotification( PWNODE_HEADER Wnode, BOOLEAN SingleEvent, ULONG EventSizeGuess );
#define EtwpBuildRegistrationNotification(Wnode, WnodeSize, NotificationCode, GuidCount) { \
memset(Wnode, 0, sizeof(WNODE_HEADER)); \ memcpy(&Wnode->Guid, &RegChangeNotificationGuid, sizeof(GUID)); \ Wnode->BufferSize = WnodeSize; \ Wnode->Linkage = NotificationCode; \ Wnode->Version = GuidCount; \ Wnode->Flags = WNODE_FLAG_INTERNAL; \}
void EtwpSendQueuedEvents( void );
ULONG EtwpCleanupDataConsumer( PDCENTRY DataConsumer#if DBG
,BOOLEAN *NotificationsEnabled, BOOLEAN *CollectionsEnabled#endif
);//
// This defines the maximum number of replacement strings over all of the
// event messages.
#define MAX_MESSAGE_STRINGS 2
void __cdecl EtwpReportEventLog( ULONG MessageCode, WORD MessageType, WORD MessageCategory, DWORD RawDataSize, PVOID RawData, WORD StringCount, ... );
#ifdef MEMPHIS
long WINAPIDeviceNotificationWndProc(HWND hWnd, UINT Message, WPARAM wParam, LPARAM lParam);
void EtwpDestroyDeviceNotificationWindow( HINSTANCE InstanceHandle, HWND WindowHandle );
ULONG EtwpCreateDeviceNotificationWindow( HINSTANCE InstanceHandle, HWND *DeviceNotificationWindow );
#endif
//
// server.c
void EtwpRpcServerDeinitialize( void );
ULONG EtwpRpcServerInitialize( void );
ULONG EtwpDeliverWnodeToDS( ULONG ActionCode, PBDATASOURCE DataSource, PWNODE_HEADER Wnode);
ULONG EtwpDoDisableRequest( PNOTIFICATIONENTRY NotificationEntry, PBGUIDENTRY GuidEntry, BOOLEAN IsEvent, BOOLEAN IsTraceLog, ULONG64 LoggerContext, ULONG InProgressFlag );
ULONG CollectOrEventWorker( PDCENTRY DataConsumer, LPGUID Guid, BOOLEAN Enable, BOOLEAN IsEvent, ULONG *NotificationCookie, ULONG64 LoggerContext, ULONG NotificationFlags );
ULONG EtwpCreateRestrictedToken( HANDLE *RestrictedToken );
void EtwpShowPrivs( HANDLE TokenHandle );
#ifdef MEMPHIS
#define EtwpRestrictToken(Token) (ERROR_SUCCESS)
#define EtwpUnrestrictToken() (ERROR_SUCCESS)
#else
ULONG EtwpRestrictToken( HANDLE RestrictedToken );
ULONG EtwpUnrestrictToken( void );
ULONG EtwpServiceDisableTraceProviders( PWNODE_HEADER Wnode );
#endif
void EtwpReleaseCollectionEnabled( PNOTIFICATIONENTRY NotificationEntry );
//
// chunk.c
ULONG UnicodeToAnsi( LPCWSTR pszW, LPSTR * ppszA, ULONG *AnsiSizeInBytes OPTIONAL );
ULONG AnsiToUnicode( LPCSTR pszA, LPWSTR * ppszW );
ULONG AnsiSizeForUnicodeString( PWCHAR UnicodeString, ULONG *AnsiSizeInBytes );
ULONG UnicodeSizeForAnsiString( LPCSTR AnsiString, ULONG *UnicodeSizeInBytes );
//
// debug.c
#if DBG
void EtwpDumpIS( PBINSTANCESET IS, BOOLEAN RecurseGE, BOOLEAN RecurseDS );
void EtwpDumpGE( PBGUIDENTRY GE, BOOLEAN RecurseIS );
void EtwpDumpDS( PBDATASOURCE DS, BOOLEAN RecurseIS );
void EtwpDumpAllDS( void );
#endif
#ifndef MEMPHIS
typedef enum{ TRACELOG_START = 0, TRACELOG_STOP = 1, TRACELOG_QUERY = 2, TRACELOG_QUERYALL = 3, TRACELOG_QUERYENABLED = 4, TRACELOG_UPDATE = 5, TRACELOG_FLUSH = 6} TRACEREQUESTCODE;
typedef struct _WMI_REF_CLOCK { LARGE_INTEGER StartTime; LARGE_INTEGER StartPerfClock;} WMI_REF_CLOCK, *PWMI_REF_CLOCK;
//
// logsup.c
ULONGWmiUnregisterGuids( IN WMIHANDLE WMIHandle, IN LPGUID Guid, OUT ULONG64 *LoggerContext);
ULONGEtwpAddLogHeaderToLogFile( IN OUT PWMI_LOGGER_INFORMATION LoggerInfo, IN PWMI_REF_CLOCK RefClock, IN ULONG Update );
ULONGEtwpStartLogger( IN OUT PWMI_LOGGER_INFORMATION LoggerInfo );
ULONGEtwpStopLogger( IN OUT PWMI_LOGGER_INFORMATION LoggerInfo );
ULONGEtwpQueryLogger( IN OUT PWMI_LOGGER_INFORMATION LoggerInfo, IN ULONG Update );ULONGEtwpFlushLogger( IN OUT PWMI_LOGGER_INFORMATION LoggerInfo );
VOIDEtwpInitString( IN PVOID Destination, IN PVOID Buffer, IN ULONG Size );
ULONGEtwpGetTraceRegKeys( );
ULONGEtwpFinalizeLogFileHeader( IN PWMI_LOGGER_INFORMATION LoggerInfo );
ULONGEtwpRelogHeaderToLogFile( IN OUT PWMI_LOGGER_INFORMATION LoggerInfo , IN PSYSTEM_TRACE_HEADER RelogProp );
//
// umlog.c
BOOLEANFASTCALLEtwpIsPrivateLoggerOn();
ULONGEtwpSendUmLogRequest( IN WMITRACECODE RequestCode, IN OUT PWMI_LOGGER_INFORMATION LoggerInfo );
ULONGFASTCALLEtwpTraceUmEvent( IN PWNODE_HEADER Wnode );
NTSTATUSEtwpTraceUmMessage( IN ULONG Size, IN ULONG64 LoggerHandle, IN ULONG MessageFlags, IN LPGUID MessageGuid, IN USHORT MessageNumber, va_list MessageArgList);
#endif
|
