Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1539 lines
67 KiB

  1. /*++
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3. Module Name:
  4. ntwmi.h
  5. Abstract:
  6. definitions for WMI Flags and Event Id's
  7. Author:
  8. Stephen Hsiao
  9. Environment:
  10. Kernel and User modes
  11. Revision History:
  12. --*/
  13. #ifndef _NTWMI_
  14. #define _NTWMI_
  15. #ifndef ETW_WOW6432
  16. #include <evntrace.h>
  17. // Alignment macros
  18. #define DEFAULT_TRACE_ALIGNMENT 8 // 8 byte alignment
  19. #define ALIGN_TO_POWER2( x, n ) (((ULONG)(x) + ((n)-1)) & ~((ULONG)(n)-1))
  20. //
  21. // Important:
  22. // This flag will go into evntrace.h later in longhorn.
  23. // This is a new flag for LogFileMode. Do not overlord this
  24. // flag when adding a new mode flag.
  25. //
  26. #define EVENT_TRACE_USE_KBYTES_FOR_SIZE 0x00002000 // Use KBytes as file size unit
  27. //
  28. // The predefined event groups or families for NT subsystems
  29. //
  30. #define EVENT_TRACE_GROUP_HEADER 0x0000
  31. #define EVENT_TRACE_GROUP_IO 0x0100
  32. #define EVENT_TRACE_GROUP_MEMORY 0x0200
  33. #define EVENT_TRACE_GROUP_PROCESS 0x0300
  34. #define EVENT_TRACE_GROUP_FILE 0x0400
  35. #define EVENT_TRACE_GROUP_THREAD 0x0500
  36. #define EVENT_TRACE_GROUP_TCPIP 0x0600
  37. #define EVENT_TRACE_GROUP_IPXSPX 0x0700
  38. #define EVENT_TRACE_GROUP_UDPIP 0x0800
  39. #define EVENT_TRACE_GROUP_REGISTRY 0x0900
  40. #define EVENT_TRACE_GROUP_DBGPRINT 0x0A00
  41. #define EVENT_TRACE_GROUP_CONFIG 0x0B00
  42. #define EVENT_TRACE_GROUP_POOL 0x0E00
  43. #define EVENT_TRACE_GROUP_PERFINFO 0x0F00
  44. #define EVENT_TRACE_GROUP_HEAP 0x1000
  45. #define EVENT_TRACE_GROUP_OBJECT 0x1100
  46. #define EVENT_TRACE_GROUP_POWER 0x1200
  47. #define EVENT_TRACE_GROUP_MODBOUND 0x1300
  48. #define EVENT_TRACE_GROUP_TBD 0x1400
  49. #define EVENT_TRACE_GROUP_DPC 0x1500
  50. #define EVENT_TRACE_GROUP_GDI 0x1600
  51. #define EVENT_TRACE_GROUP_CRITSEC 0x1700
  52. //
  53. // If you add any new groups, you must bump up MAX_KERNEL_TRACE_EVENTS
  54. // and make sure post processing is fixed up.
  55. //
  56. #define MAX_KERNEL_TRACE_EVENTS 22
  57. //
  58. // The highest order bit of a data block is set if trace, WNODE otherwise
  59. //
  60. #define TRACE_HEADER_FLAG 0x80000000
  61. // Header type for tracing messages
  62. // | Marker(8) | Reserved(8) | Size(16) | MessageNumber(16) | Flags(16)
  63. #define TRACE_MESSAGE 0x10000000
  64. // | MARKER(16) | SIZE (16) | ULONG32 |
  65. #define TRACE_HEADER_ULONG32 0xA0000000
  66. // | MARKER(16) | SIZE (16) | ULONG 32 | TIME_STAMP ...
  67. #define TRACE_HEADER_ULONG32_TIME 0xB0000000
  68. //
  69. // The second bit is set if the trace is used by PM & CP (fixed headers)
  70. // If not, the data block is used by for finer data for performance analysis
  71. //
  72. #define TRACE_HEADER_EVENT_TRACE 0x40000000
  73. //
  74. // If set, the data block is SYSTEM_TRACE_HEADER
  75. //
  76. #define TRACE_HEADER_ENUM_MASK 0x00FF0000
  77. //
  78. // The following are various header type
  79. //
  80. #define TRACE_HEADER_TYPE_SYSTEM32 1
  81. #define TRACE_HEADER_TYPE_SYSTEM64 2
  82. #define TRACE_HEADER_TYPE_FULL_HEADER 10
  83. #define TRACE_HEADER_TYPE_INSTANCE 11
  84. #define TRACE_HEADER_TYPE_TIMED 12
  85. #define TRACE_HEADER_TYPE_ULONG32 13
  86. #define TRACE_HEADER_TYPE_WNODE_HEADER 14
  87. #define TRACE_HEADER_TYPE_MESSAGE 15
  88. #define TRACE_HEADER_TYPE_PERFINFO32 16
  89. #define TRACE_HEADER_TYPE_PERFINFO64 17
  90. #define SYSTEM_TRACE_VERSION 1
  91. //
  92. // The following two are used for defining LogFile layout version
  93. //
  94. #define TRACE_VERSION_MAJOR 1
  95. #define TRACE_VERSION_MINOR 2
  96. #ifdef _WIN64
  97. #define PERFINFO_TRACE_MARKER TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE \
  98. | (TRACE_HEADER_TYPE_PERFINFO64 << 16) | SYSTEM_TRACE_VERSION
  99. #define SYSTEM_TRACE_MARKER TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE \
  100. | (TRACE_HEADER_TYPE_SYSTEM64 << 16) | SYSTEM_TRACE_VERSION
  101. #else
  102. #define PERFINFO_TRACE_MARKER TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE \
  103. | (TRACE_HEADER_TYPE_PERFINFO32 << 16) | SYSTEM_TRACE_VERSION
  104. #define SYSTEM_TRACE_MARKER TRACE_HEADER_FLAG | TRACE_HEADER_EVENT_TRACE \
  105. | (TRACE_HEADER_TYPE_SYSTEM32 << 16) | SYSTEM_TRACE_VERSION
  106. #endif
  107. //
  108. // Support a maximum of 64 logger instances. One is reserved for the kernel.
  109. #define MAXLOGGERS 64
  110. // Support maximum buffer size of 1024 KBytes (1 MB)
  111. #define MAX_ETW_BUFFERSIZE 1024
  112. //
  113. // Set of Internal Flags passed to the Logger via ClientContext during StartTrace
  114. //
  115. #define EVENT_TRACE_CLOCK_RAW 0x00000000 // Use Raw timestamp
  116. #define EVENT_TRACE_CLOCK_PERFCOUNTER 0x00000001 // Use HighPerfClock (Default)
  117. #define EVENT_TRACE_CLOCK_SYSTEMTIME 0x00000002 // Use SystemTime
  118. #define EVENT_TRACE_CLOCK_CPUCYCLE 0x00000003 // Use CPU cycle counter
  119. // begin_wmikm
  120. //
  121. // Public routines to break down the Loggerhandle
  122. //
  123. #define KERNEL_LOGGER_ID 0xFFFF // USHORT only
  124. typedef struct _TRACE_ENABLE_CONTEXT {
  125. USHORT LoggerId; // Actual Id of the logger
  126. UCHAR Level; // Enable level passed by control caller
  127. UCHAR InternalFlag; // Reserved
  128. ULONG EnableFlags; // Enable flags passed by control caller
  129. } TRACE_ENABLE_CONTEXT, *PTRACE_ENABLE_CONTEXT;
  130. #define WmiGetLoggerId(LoggerContext) \
  131. (((PTRACE_ENABLE_CONTEXT) (&LoggerContext))->LoggerId == \
  132. (USHORT)KERNEL_LOGGER_ID) ? \
  133. KERNEL_LOGGER_ID : \
  134. ((PTRACE_ENABLE_CONTEXT) (&LoggerContext))->LoggerId
  135. #define WmiGetLoggerEnableFlags(LoggerContext) \
  136. ((PTRACE_ENABLE_CONTEXT) (&LoggerContext))->EnableFlags
  137. #define WmiGetLoggerEnableLevel(LoggerContext) \
  138. ((PTRACE_ENABLE_CONTEXT) (&LoggerContext))->Level
  139. #define WmiSetLoggerId(Id, Context) \
  140. (((PTRACE_ENABLE_CONTEXT)Context)->LoggerId = (USHORT) (Id ? \
  141. (USHORT)Id: (USHORT)KERNEL_LOGGER_ID));
  142. // end_wmikm
  143. //
  144. // NOTE: The following should not overlap with other bits in the LogFileMode
  145. // or LoggerMode defined in evntrace.h. Placed here since it is for internal
  146. // use only.
  147. //
  148. #define EVENT_TRACE_KD_FILTER_MODE 0x00080000 // KD_FILTER
  149. #define EVENT_TRACE_FILE_MODE_CIRCULAR_PERSIST 0x00000012 // Circular Persist
  150. //
  151. // see evntrace.h for pre-defined generic event types (0-10)
  152. //
  153. typedef struct _WMI_TRACE_PACKET { // must be ULONG!!
  154. USHORT Size;
  155. union{
  156. USHORT HookId;
  157. struct {
  158. UCHAR Type;
  159. UCHAR Group;
  160. };
  161. };
  162. } WMI_TRACE_PACKET, *PWMI_TRACE_PACKET;
  163. typedef struct _WMI_CLIENT_CONTEXT {
  164. UCHAR ProcessorNumber;
  165. UCHAR Alignment;
  166. USHORT LoggerId;
  167. } WMI_CLIENT_CONTEXT, *PWMI_CLIENT_CONTEXT;
  168. // New struct that replaces EVENT_INSTANCE_GUID_HEADER. It is basically
  169. // EVENT_INSTANCE_HEADER + 2 Guids.
  170. // For XP, we will not publish this struct and hide it from users.
  171. // TRACE_VERSION in LOG_FILE_HEADER will tell the consumer APIs to use
  172. // this strcut instead of EVENT_INSTANCE_HEADER.
  173. typedef struct _EVENT_INSTANCE_GUID_HEADER {
  174. USHORT Size; // Size of entire record
  175. union {
  176. USHORT FieldTypeFlags; // Indicates valid fields
  177. struct {
  178. UCHAR HeaderType; // Header type - internal use only
  179. UCHAR MarkerFlags; // Marker - internal use only
  180. };
  181. };
  182. union {
  183. ULONG Version;
  184. struct {
  185. UCHAR Type; // event type
  186. UCHAR Level; // trace instrumentation level
  187. USHORT Version; // version of trace record
  188. } Class;
  189. };
  190. ULONG ThreadId; // Thread Id
  191. ULONG ProcessId; // Process Id
  192. LARGE_INTEGER TimeStamp; // time when event happens
  193. union {
  194. GUID Guid; // Guid that identifies event
  195. ULONGLONG GuidPtr; // use with WNODE_FLAG_USE_GUID_PTR
  196. };
  197. union {
  198. struct {
  199. ULONG ClientContext; // Reserved
  200. ULONG Flags; // Flags for header
  201. };
  202. struct {
  203. ULONG KernelTime; // Kernel Mode CPU ticks
  204. ULONG UserTime; // User mode CPU ticks
  205. };
  206. ULONG64 ProcessorTime; // Processor Clock
  207. };
  208. ULONG InstanceId;
  209. ULONG ParentInstanceId;
  210. GUID ParentGuid; // Guid that identifies event
  211. } EVENT_INSTANCE_GUID_HEADER, *PEVENT_INSTANCE_GUID_HEADER;
  212. typedef ULONGLONG PERFINFO_TIMESTAMP;
  213. typedef struct _PERFINFO_TRACE_HEADER PERFINFO_TRACE_ENTRY, *PPERFINFO_TRACE_ENTRY;
  214. //
  215. // 64-bit Trace header for NTPERF events
  216. //
  217. // Note. The field "Version" will temporary be used to log CPU Id when log to PerfMem.
  218. // This will be removed after we change the buffer management to be the same as WMI.
  219. // i.e., Each CPU will allocate a block of memory for logging and CPU id is in the header
  220. // of each block.
  221. //
  222. typedef struct _PERFINFO_TRACE_HEADER {
  223. union {
  224. ULONG Marker;
  225. struct {
  226. USHORT Version;
  227. UCHAR HeaderType;
  228. UCHAR Flags; //WMI uses this flag to identify event types
  229. };
  230. };
  231. union {
  232. ULONG Header; // both sizes must be the same!
  233. WMI_TRACE_PACKET Packet;
  234. };
  235. union {
  236. PERFINFO_TIMESTAMP TS;
  237. LARGE_INTEGER SystemTime;
  238. };
  239. UCHAR Data[1];
  240. } PERFINFO_TRACE_HEADER, *PPERFINFO_TRACE_HEADER;
  241. //
  242. // 64-bit Trace header for kernel events
  243. //
  244. typedef struct _SYSTEM_TRACE_HEADER {
  245. union {
  246. ULONG Marker;
  247. struct {
  248. USHORT Version;
  249. UCHAR HeaderType;
  250. UCHAR Flags;
  251. };
  252. };
  253. union {
  254. ULONG Header; // both sizes must be the same!
  255. WMI_TRACE_PACKET Packet;
  256. };
  257. ULONG ThreadId;
  258. ULONG ProcessId;
  259. LARGE_INTEGER SystemTime;
  260. ULONG KernelTime;
  261. ULONG UserTime;
  262. } SYSTEM_TRACE_HEADER, *PSYSTEM_TRACE_HEADER;
  263. //
  264. // 64-bit Trace Header for Tracing Messages
  265. //
  266. typedef struct _WMI_TRACE_MESSAGE_PACKET { // must be ULONG!!
  267. USHORT MessageNumber; // The message Number, index of messages by GUID
  268. // Or ComponentID
  269. USHORT OptionFlags ; // Flags associated with the message
  270. } WMI_TRACE_MESSAGE_PACKET, *PWMI_TRACE_MESSAGE_PACKET;
  271. typedef struct _MESSAGE_TRACE_HEADER {
  272. union {
  273. ULONG Marker;
  274. struct {
  275. USHORT Size; // Total Size of the message including header
  276. UCHAR Reserved; // Unused and reserved
  277. UCHAR Version; // The message structure type (TRACE_MESSAGE_FLAG)
  278. };
  279. };
  280. union {
  281. ULONG Header; // both sizes must be the same!
  282. WMI_TRACE_MESSAGE_PACKET Packet;
  283. };
  284. } MESSAGE_TRACE_HEADER, *PMESSAGE_TRACE_HEADER;
  285. typedef struct _MESSAGE_TRACE {
  286. MESSAGE_TRACE_HEADER MessageHeader ;
  287. UCHAR Data ;
  288. } MESSAGE_TRACE, *PMESSAGE_TRACE ;
  289. //
  290. // Structure used to pass user log messages to the kernel
  291. //
  292. typedef struct _MESSAGE_TRACE_USER {
  293. MESSAGE_TRACE_HEADER MessageHeader ;
  294. ULONG MessageFlags ;
  295. ULONG64 LoggerHandle ;
  296. GUID MessageGuid ;
  297. ULONG DataSize ;
  298. UCHAR Data ;
  299. } MESSAGE_TRACE_USER, *PMESSAGE_TRACE_USER ;
  300. #ifndef MEMPHIS
  301. //
  302. // Logger configuration and running statistics. This structure is used
  303. // by WMI.DLL to convert to UNICODE_STRING
  304. //
  305. // begin_wmikm
  306. typedef struct _WMI_LOGGER_INFORMATION {
  307. WNODE_HEADER Wnode; // Had to do this since wmium.h comes later
  308. //
  309. // data provider by caller
  310. ULONG BufferSize; // buffer size for logging (in kbytes)
  311. ULONG MinimumBuffers; // minimum to preallocate
  312. ULONG MaximumBuffers; // maximum buffers allowed
  313. ULONG MaximumFileSize; // maximum logfile size (in MBytes)
  314. ULONG LogFileMode; // sequential, circular
  315. ULONG FlushTimer; // buffer flush timer, in seconds
  316. ULONG EnableFlags; // trace enable flags
  317. LONG AgeLimit; // aging decay time, in minutes
  318. ULONG Wow; // TRUE if the logger started under WOW64
  319. union {
  320. HANDLE LogFileHandle; // handle to logfile
  321. ULONG64 LogFileHandle64;
  322. };
  323. // data returned to caller
  324. // end_wmikm
  325. union {
  326. // begin_wmikm
  327. ULONG NumberOfBuffers; // no of buffers in use
  328. // end_wmikm
  329. ULONG InstanceCount; // Number of Provider Instances
  330. };
  331. union {
  332. // begin_wmikm
  333. ULONG FreeBuffers; // no of buffers free
  334. // end_wmikm
  335. ULONG InstanceId; // Current Provider's Id for UmLogger
  336. };
  337. union {
  338. // begin_wmikm
  339. ULONG EventsLost; // event records lost
  340. // end_wmikm
  341. ULONG NumberOfProcessors; // Passed on to UmLogger
  342. };
  343. // begin_wmikm
  344. ULONG BuffersWritten; // no of buffers written to file
  345. ULONG LogBuffersLost; // no of logfile write failures
  346. ULONG RealTimeBuffersLost; // no of rt delivery failures
  347. union {
  348. HANDLE LoggerThreadId; // thread id of Logger
  349. ULONG64 LoggerThreadId64; // thread is of Logger
  350. };
  351. union {
  352. UNICODE_STRING LogFileName; // used only in WIN64
  353. UNICODE_STRING64 LogFileName64; // Logfile name: only in WIN32
  354. };
  355. // mandatory data provided by caller
  356. union {
  357. UNICODE_STRING LoggerName; // Logger instance name in WIN64
  358. UNICODE_STRING64 LoggerName64; // Logger Instance name in WIN32
  359. };
  360. // private
  361. union {
  362. PVOID Checksum;
  363. ULONG64 Checksum64;
  364. };
  365. union {
  366. PVOID LoggerExtension;
  367. ULONG64 LoggerExtension64;
  368. };
  369. } WMI_LOGGER_INFORMATION, *PWMI_LOGGER_INFORMATION;
  370. //
  371. // structure for NTDLL tracing
  372. //
  373. typedef struct
  374. {
  375. BOOLEAN IsGet;
  376. PWMI_LOGGER_INFORMATION LoggerInfo;
  377. } WMINTDLLLOGGERINFO, *PWMINTDLLLOGGERINFO;
  378. typedef struct _TIMED_TRACE_HEADER {
  379. USHORT Size;
  380. USHORT Marker;
  381. ULONG32 EventId;
  382. union {
  383. LARGE_INTEGER TimeStamp;
  384. ULONG64 LoggerId;
  385. };
  386. } TIMED_TRACE_HEADER, *PTIMED_TRACE_HEADER;
  387. // end_wmikm
  388. // the circular buffer pool, using forward linked list
  389. #endif //!MEMPHIS
  390. typedef struct _WMI_BUFFER_STATE {
  391. ULONG Free:1;
  392. ULONG InUse:1;
  393. ULONG Flush:1;
  394. ULONG Unused:29;
  395. } WMI_BUFFER_STATE, *PWMI_BUFFER_STATE;
  396. #define WNODE_FLAG_THREAD_BUFFER 0x00800000
  397. #define WMI_BUFFER_TYPE_GENERIC 0
  398. #define WMI_BUFFER_TYPE_RUNDOWN 1
  399. #define WMI_BUFFER_TYPE_CTX_SWAP 2
  400. #define WMI_BUFFER_TYPE_MAXIMUM 0xffff
  401. #define WMI_BUFFER_FLAG_NORMAL 0x0000
  402. #define WMI_BUFFER_FLAG_FLUSH_MARKER 0x0001
  403. typedef struct _WMI_BUFFER_HEADER {
  404. union {
  405. WNODE_HEADER Wnode;
  406. struct {
  407. ULONG64 Reserved1;
  408. ULONG64 Reserved2;
  409. LARGE_INTEGER Reserved3;
  410. union{
  411. struct {
  412. PVOID Alignment;
  413. //
  414. // Note: SlistEntry is actually used as SLIST_ENTRY, however
  415. // because of its alignment characteristics, using that type would
  416. // unnecessarily add padding to this structure.
  417. //
  418. SINGLE_LIST_ENTRY SlistEntry;
  419. };
  420. LIST_ENTRY Entry;
  421. };
  422. };
  423. struct {
  424. LONG ReferenceCount; // Buffer reference count
  425. ULONG SavedOffset; // Temp saved offset
  426. ULONG CurrentOffset; // Current offset
  427. ULONG UsePerfClock; // UsePerfClock flag
  428. LARGE_INTEGER TimeStamp;
  429. GUID Guid;
  430. WMI_CLIENT_CONTEXT ClientContext;
  431. union {
  432. WMI_BUFFER_STATE State;
  433. ULONG Flags;
  434. };
  435. };
  436. };
  437. ULONG Offset;
  438. USHORT BufferFlag;
  439. USHORT BufferType;
  440. union {
  441. GUID InstanceGuid;
  442. struct {
  443. PVOID LoggerContext;
  444. //
  445. // Note: GlobalEntry is actually used as SLIST_ENTRY, however
  446. // because of its alignment characteristics, using that type would
  447. // unnecessarily add padding to this structure.
  448. //
  449. // We need to Make sure that this field is not modified through
  450. // the life time of the buffer, during logging.
  451. //
  452. SINGLE_LIST_ENTRY GlobalEntry;
  453. };
  454. };
  455. } WMI_BUFFER_HEADER, *PWMI_BUFFER_HEADER;
  456. typedef struct _TRACE_ENABLE_FLAG_EXTENSION {
  457. USHORT Offset; // Offset to the flag array in structure
  458. UCHAR Length; // Length of flag array in ULONGs
  459. UCHAR Flag; // Must be set to EVENT_TRACE_FLAG_EXTENSION
  460. } TRACE_ENABLE_FLAG_EXTENSION, *PTRACE_ENABLE_FLAG_EXTENSION;
  461. typedef struct _WMI_SET_MARK_INFORMATION {
  462. ULONG Flag;
  463. WCHAR Mark[1];
  464. } WMI_SET_MARK_INFORMATION, *PWMI_SET_MARK_INFORMATION;
  465. #define WMI_SET_MARK_WITH_FLUSH 0x00000001
  466. typedef struct _WMI_SWITCH_BUFFER_INFORMATION {
  467. PWMI_BUFFER_HEADER Buffer;
  468. ULONG ProcessorId;
  469. } WMI_SWITCH_BUFFER_INFORMATION, *PWMI_SWITCH_BUFFER_INFORMATION;
  470. // Public Enable flags are defined in envtrace.h.
  471. //
  472. // This section contains extended enable flags whcih are private.
  473. //
  474. // Each PerfMacros Hook Contains a GlobalMask and a Hook Id.
  475. // The Global Mask is Used For Grouping Hooks by logical type
  476. // - I/O related Hooks are Grouped together under
  477. // PERF_FILE_IO or PERF_DISK_IO
  478. // - Loader related Hooks are grouped together
  479. // under PERF_LOADER,
  480. // - etc
  481. // The data for a particular hook will only be logged
  482. // if the Global Mask of the particular Hook is set.
  483. //
  484. // WHEN YOU ADD NEW GROUPS, UPDATE THE NAME TABLE in perfgroups.c:
  485. // PerfGroupNames Note: If you modify numeric value of a group, update
  486. // PerfKnownFlags table
  487. //
  488. // we have a set of 8 global masks available. the highest 3 bits in
  489. // PERF_MASK_INDEX region determine to which set a particular
  490. // global group belongs. if PERF_MASK_INDEX is 0xe0000000
  491. // all of the following can be unique groups that can be
  492. // turned on or of individually and used when logging data:
  493. //
  494. // #define PERF_GROUP1 0x00400000 in the 0th set
  495. // #define PERF_GROUP2 0x20400000 in the 1st set
  496. // #define PERF_GROUP3 0x40400000 in the 2nd set
  497. // ...
  498. // #define PERF_GROUP2 0xe0400000 in the 7th set
  499. //
  500. // See ntperf.h for the manupulation of flags
  501. //
  502. //
  503. // Currently, no GlobalMask change is supported.
  504. //
  505. // Merging logging with WMI, we will use the first global mask for flags used
  506. // by both PERF and WMI
  507. //
  508. // GlobalMask 0: ALL masks used in WMI defined in evntrace.h.
  509. // These PERF_xxx are going away after we merge with WMI completely.
  510. //
  511. #define PERF_REGISTRY EVENT_TRACE_FLAG_REGISTRY
  512. #define PERF_FILE_IO EVENT_TRACE_FLAG_MEMORY_HARD_FAULTS
  513. #define PERF_PROC_THREAD EVENT_TRACE_FLAG_PROCESS | EVENT_TRACE_FLAG_THREAD
  514. #define PERF_DISK_IO EVENT_TRACE_FLAG_DISK_FILE_IO | EVENT_TRACE_FLAG_DISK_IO
  515. #define PERF_LOADER EVENT_TRACE_FLAG_IMAGE_LOAD
  516. #define PERF_ALL_FAULTS EVENT_TRACE_FLAG_MEMORY_PAGE_FAULTS
  517. #define PERF_FILENAME EVENT_TRACE_FLAG_DISK_FILE_IO
  518. #define PERF_NETWORK EVENT_TRACE_FLAG_NETWORK_TCPIP
  519. //
  520. // GlobalMask 1: The candidates to be checked into retails
  521. //
  522. #define PERF_MEMORY 0x20000001 // High level WS manager activities, PFN changes
  523. #define PERF_PROFILE 0x20000002 // Sysprof
  524. #define PERF_CONTEXT_SWITCH 0x20000004 // Context Switch
  525. #define PERF_FOOTPRINT 0x20000008 // Flush WS on every mark_with_flush
  526. #define PERF_DRIVERS 0x20000010
  527. #define PERF_ADDTOWS 0x20000020
  528. #define PERF_VERSION 0x20000040
  529. #define PERF_DPC 0x20000080
  530. #define PERF_SHUTDOWN 0x20000100
  531. #define PERF_HIBER 0x20000200
  532. #define PERF_RESUME 0x20000400
  533. #define PERF_EXCEPTION 0x20000800
  534. #define PERF_FILENAME_ALL 0x20001000
  535. // reserved 0x20002000
  536. #define PERF_INTERRUPT 0x20004000
  537. //
  538. // GlobalMask 2: The candidate to remain in NTPERF
  539. //
  540. #define PERF_UNDEFINED 0x40000001
  541. #define PERF_POOL 0x40000002
  542. #define PERF_FOOTPRINT_PROC 0x40000004 // Get details WS count or pfn
  543. #define PERF_WS_DETAIL 0x40000008 //
  544. #define PERF_WS_ENTRY 0x40000010 //
  545. #define PERF_HEAP 0x40000020
  546. #define PERF_SYSCALL 0x40000040
  547. #define PERF_WMI_TRACE 0x40000080 // Indicate to log all WMI events
  548. #define PERF_BACKTRACE 0x40000100
  549. #define PERF_VULCAN 0x40000200
  550. #define PERF_OBJECTS 0x40000400
  551. #define PERF_EVENTS 0x40000800
  552. #define PERF_FULLTRACE 0x40001000
  553. #define PERF_FAILED_STKDUMP 0x40002000
  554. #define PERF_PREFETCH 0x40004000
  555. #define PERF_FONTS 0x40008000
  556. //
  557. // GlobalMask 3: The candidate to be removed soon
  558. //
  559. #define PERF_SERVICES 0x80000002
  560. #define PERF_MASK_CHANGE 0x80000004
  561. #define PERF_DLL_INFO 0x80000008
  562. #define PERF_DLL_FLUSH_WS 0x80000010
  563. #define PERF_CLEARWS 0x80000020
  564. #define PERF_MEMORY_SNAPSHOT 0x80000040
  565. #define PERF_NO_MASK_CHANGE 0x80000080
  566. #define PERF_DATA_ACCESS 0x80000100
  567. #define PERF_MISC 0x80000200
  568. #define PERF_READYQUEUE 0x80000400
  569. #define PERF_MULTIMEDIA 0x80000800
  570. #define PERF_PROC_ATTACH 0x80001000
  571. #define PERF_DSHOW_DETAILED 0x80002000
  572. #define PERF_DSHOW_SAMPLES 0x80004000
  573. #define PERF_POWER 0x80008000
  574. #define PERF_SOFT_TRIM 0x80010000
  575. #define PERF_DLL_THREAD_ATTACH_FLUSH_WS 0x80020000
  576. #define PERF_DLL_THREAD_DETACH_FLUSH_WS 0x80040000
  577. //
  578. // GlobalMask 7: The mark is a control mask. All flags that changes system
  579. // behaviors go here.
  580. //
  581. #define PERF_CLUSTER_OFF 0xe0000001
  582. #define PERF_BIGFOOT 0xe0000002
  583. //
  584. // Converting old PERF hooks into WMI format. More clean up to be done.
  585. //
  586. // WHEN YOU ADD NEW TYPES UPDATE THE NAME TABLE in perfgroups.c:
  587. // PerfLogTypeNames ALSO UPDATE VERIFICATION TABLE IN PERFPOSTTBLS.C
  588. //
  589. //
  590. // Event for header
  591. //
  592. #define WMI_LOG_TYPE_HEADER (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_INFO)
  593. #define WMI_LOG_TYPE_HEADER_EXTENSION (EVENT_TRACE_GROUP_HEADER | EVENT_TRACE_TYPE_EXTENSION)
  594. //
  595. // Event for system config
  596. //
  597. #define WMI_LOG_TYPE_CONFIG_CPU (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_CPU)
  598. #define WMI_LOG_TYPE_CONFIG_PHYSICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_PHYSICALDISK)
  599. #define WMI_LOG_TYPE_CONFIG_LOGICALDISK (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_LOGICALDISK)
  600. #define WMI_LOG_TYPE_CONFIG_NIC (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_NIC)
  601. #define WMI_LOG_TYPE_CONFIG_VIDEO (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_VIDEO)
  602. #define WMI_LOG_TYPE_CONFIG_SERVICES (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_SERVICES)
  603. #define WMI_LOG_TYPE_CONFIG_POWER (EVENT_TRACE_GROUP_CONFIG | EVENT_TRACE_TYPE_CONFIG_POWER)
  604. //
  605. //Event for Image and File Name
  606. //
  607. #define PERFINFO_LOG_TYPE_FILENAME (EVENT_TRACE_GROUP_FILE | EVENT_TRACE_TYPE_INFO)
  608. #define PERFINFO_LOG_TYPE_FILENAME_CREATE (EVENT_TRACE_GROUP_FILE | 0x20)
  609. #define PERFINFO_LOG_TYPE_FILENAME_SECTION1 (EVENT_TRACE_GROUP_FILE | 0x21)
  610. //
  611. //Event types for Process
  612. //
  613. #define WMI_LOG_TYPE_PROCESS_CREATE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_START)
  614. #define WMI_LOG_TYPE_PROCESS_DELETE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_END)
  615. #define WMI_LOG_TYPE_PROCESS_DC_START (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_START)
  616. #define WMI_LOG_TYPE_PROCESS_DC_END (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_DC_END)
  617. #define WMI_LOG_TYPE_PROCESS_LOAD_IMAGE (EVENT_TRACE_GROUP_PROCESS | EVENT_TRACE_TYPE_LOAD)
  618. #define PERFINFO_LOG_TYPE_PROCESSNAME (EVENT_TRACE_GROUP_PROCESS | 0x20) // To be replaced with WMI hooks
  619. #define PERFINFO_LOG_TYPE_DIEDPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x21) // To be replaced with WMI hooks
  620. #define PERFINFO_LOG_TYPE_OUTSWAPPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x22) // going away
  621. #define PERFINFO_LOG_TYPE_INSWAPPROCESS (EVENT_TRACE_GROUP_PROCESS | 0x23)
  622. #define PERFINFO_LOG_TYPE_IMAGELOAD (EVENT_TRACE_GROUP_PROCESS | 0x24) // To be replaced with WMI hooks
  623. #define PERFINFO_LOG_TYPE_IMAGEUNLOAD (EVENT_TRACE_GROUP_PROCESS | 0x25)
  624. #define PERFINFO_LOG_TYPE_BOOT_PHASE_START (EVENT_TRACE_GROUP_PROCESS | 0x26)
  625. //
  626. //Event types for Thread
  627. //
  628. #define WMI_LOG_TYPE_THREAD_CREATE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_START)
  629. #define WMI_LOG_TYPE_THREAD_DELETE (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_END)
  630. #define WMI_LOG_TYPE_THREAD_DC_START (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_START)
  631. #define WMI_LOG_TYPE_THREAD_DC_END (EVENT_TRACE_GROUP_THREAD | EVENT_TRACE_TYPE_DC_END)
  632. #define PERFINFO_LOG_TYPE_CREATETHREAD (EVENT_TRACE_GROUP_THREAD | 0x20) // To be replaced with WMI hooks
  633. #define PERFINFO_LOG_TYPE_TERMINATETHREAD (EVENT_TRACE_GROUP_THREAD | 0x21) // To be replaced with WMI hooks
  634. #define PERFINFO_LOG_TYPE_GROWKERNELSTACK (EVENT_TRACE_GROUP_THREAD | 0x22)
  635. #define PERFINFO_LOG_TYPE_CONVERTTOGUITHREAD (EVENT_TRACE_GROUP_THREAD | 0x23)
  636. #define PERFINFO_LOG_TYPE_CONTEXTSWAP (EVENT_TRACE_GROUP_THREAD | 0x24) // new context swap struct
  637. #define PERFINFO_LOG_TYPE_THREAD_RESERVED1 (EVENT_TRACE_GROUP_THREAD | 0x25)
  638. #define PERFINFO_LOG_TYPE_THREAD_RESERVED2 (EVENT_TRACE_GROUP_THREAD | 0x26)
  639. #define PERFINFO_LOG_TYPE_OUTSWAPSTACK (EVENT_TRACE_GROUP_THREAD | 0x27) // going away
  640. #define PERFINFO_LOG_TYPE_INSWAPSTACK (EVENT_TRACE_GROUP_THREAD | 0x28) // going away
  641. //
  642. // Event types for IO subsystem
  643. //
  644. #define WMI_LOG_TYPE_TCPIP_SEND (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_SEND)
  645. #define WMI_LOG_TYPE_TCPIP_RECEIVE (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RECEIVE)
  646. #define WMI_LOG_TYPE_TCPIP_CONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_CONNECT)
  647. #define WMI_LOG_TYPE_TCPIP_DISCONNECT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_DISCONNECT)
  648. #define WMI_LOG_TYPE_TCPIP_RETRANSMIT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_RETRANSMIT)
  649. #define WMI_LOG_TYPE_TCPIP_ACCEPT (EVENT_TRACE_GROUP_TCPIP | EVENT_TRACE_TYPE_ACCEPT)
  650. #define WMI_LOG_TYPE_UDP_SEND (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_SEND)
  651. #define WMI_LOG_TYPE_UDP_RECEIVE (EVENT_TRACE_GROUP_UDPIP | EVENT_TRACE_TYPE_RECEIVE)
  652. #define WMI_LOG_TYPE_IO_READ (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_READ)
  653. #define WMI_LOG_TYPE_IO_WRITE (EVENT_TRACE_GROUP_IO | EVENT_TRACE_TYPE_IO_WRITE)
  654. #define PERFINFO_LOG_TYPE_DRIVER_INIT (EVENT_TRACE_GROUP_IO | 0x20)
  655. #define PERFINFO_LOG_TYPE_DRIVER_INIT_COMPLETE (EVENT_TRACE_GROUP_IO | 0x21)
  656. #define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_CALL (EVENT_TRACE_GROUP_IO | 0x22)
  657. #define PERFINFO_LOG_TYPE_DRIVER_MAJORFUNCTION_RETURN (EVENT_TRACE_GROUP_IO | 0x23)
  658. #define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_CALL (EVENT_TRACE_GROUP_IO | 0x24)
  659. #define PERFINFO_LOG_TYPE_DRIVER_COMPLETIONROUTINE_RETURN (EVENT_TRACE_GROUP_IO | 0x25)
  660. #define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_CALL (EVENT_TRACE_GROUP_IO | 0x26)
  661. #define PERFINFO_LOG_TYPE_DRIVER_ADD_DEVICE_RETURN (EVENT_TRACE_GROUP_IO | 0x27)
  662. #define PERFINFO_LOG_TYPE_DRIVER_STARTIO_CALL (EVENT_TRACE_GROUP_IO | 0x28)
  663. #define PERFINFO_LOG_TYPE_DRIVER_STARTIO_RETURN (EVENT_TRACE_GROUP_IO | 0x29)
  664. #define PERFINFO_LOG_TYPE_WMI_DISKPERF_READ (EVENT_TRACE_GROUP_IO | 0x2a) // To be replaced with WMI hooks
  665. #define PERFINFO_LOG_TYPE_WMI_DISKPERF_WRITE (EVENT_TRACE_GROUP_IO | 0x2b) // To be replaced with WMI hooks
  666. #define PERFINFO_LOG_TYPE_WMI_DISKPERF_READ_COMPLETE (EVENT_TRACE_GROUP_IO | 0x2c) // To be replaced with WMI hooks
  667. #define PERFINFO_LOG_TYPE_WMI_DISKPERF_WRITE_COMPLETE (EVENT_TRACE_GROUP_IO | 0x2d) // To be replaced with WMI hooks
  668. #define PERFINFO_LOG_TYPE_WMI_DISKPERF_CACHED_READ_COMPLETE (EVENT_TRACE_GROUP_IO | 0x2e)
  669. #define PERFINFO_LOG_TYPE_WMI_DISKPERF_CACHE_WARM_COMPLETE (EVENT_TRACE_GROUP_IO | 0x2f)
  670. #define PERFINFO_LOG_TYPE_PREFETCH_ACTION (EVENT_TRACE_GROUP_IO | 0x30)
  671. #define PERFINFO_LOG_TYPE_PREFETCH_REQUEST (EVENT_TRACE_GROUP_IO | 0x31)
  672. #define PERFINFO_LOG_TYPE_PREFETCH_READLIST (EVENT_TRACE_GROUP_IO | 0x32)
  673. #define PERFINFO_LOG_TYPE_PREFETCH_READ (EVENT_TRACE_GROUP_IO | 0x33)
  674. #define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST (EVENT_TRACE_GROUP_IO | 0x34)
  675. #define PERFINFO_LOG_TYPE_DRIVER_COMPLETE_REQUEST_RETURN (EVENT_TRACE_GROUP_IO | 0x35)
  676. #define PERFINFO_LOG_TYPE_BOOT_PREFETCH_INFORMATION (EVENT_TRACE_GROUP_IO | 0x36)
  677. //
  678. // Event types for Memory subsystem
  679. //
  680. #define WMI_LOG_TYPE_PAGE_FAULT_TRANSITION (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_TF)
  681. #define WMI_LOG_TYPE_PAGE_FAULT_DEMAND_ZERO (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_DZF)
  682. #define WMI_LOG_TYPE_PAGE_FAULT_COPY_ON_WRITE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_COW)
  683. #define WMI_LOG_TYPE_PAGE_FAULT_GUARD_PAGE (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_GPF)
  684. #define WMI_LOG_TYPE_PAGE_FAULT_HARD_PAGE_FAULT (EVENT_TRACE_GROUP_MEMORY | EVENT_TRACE_TYPE_MM_HPF)
  685. #define PERFINFO_LOG_TYPE_HARDFAULT (EVENT_TRACE_GROUP_MEMORY | 0x20)
  686. #define PERFINFO_LOG_TYPE_REMOVEPAGEBYCOLOR (EVENT_TRACE_GROUP_MEMORY | 0x21)
  687. #define PERFINFO_LOG_TYPE_REMOVEPAGEFROMLIST (EVENT_TRACE_GROUP_MEMORY | 0x22)
  688. #define PERFINFO_LOG_TYPE_PAGEINMEMORY (EVENT_TRACE_GROUP_MEMORY | 0x23)
  689. #define PERFINFO_LOG_TYPE_INSERTINFREELIST (EVENT_TRACE_GROUP_MEMORY | 0x24)
  690. #define PERFINFO_LOG_TYPE_SECTIONREMOVED (EVENT_TRACE_GROUP_MEMORY | 0x25)
  691. #define PERFINFO_LOG_TYPE_INSERTINLIST (EVENT_TRACE_GROUP_MEMORY | 0x26)
  692. #define PERFINFO_LOG_TYPE_INSERTATFRONT (EVENT_TRACE_GROUP_MEMORY | 0x28)
  693. #define PERFINFO_LOG_TYPE_UNLINKFROMSTANDBY (EVENT_TRACE_GROUP_MEMORY | 0x29)
  694. #define PERFINFO_LOG_TYPE_UNLINKFFREEORZERO (EVENT_TRACE_GROUP_MEMORY | 0x2a)
  695. #define PERFINFO_LOG_TYPE_WORKINGSETMANAGER (EVENT_TRACE_GROUP_MEMORY | 0x2b)
  696. #define PERFINFO_LOG_TYPE_TRIMPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x2c)
  697. #define PERFINFO_LOG_TYPE_MEMORYSNAP (EVENT_TRACE_GROUP_MEMORY | 0x2d)
  698. #define PERFINFO_LOG_TYPE_ZEROSHARECOUNT (EVENT_TRACE_GROUP_MEMORY | 0x2e)
  699. #define PERFINFO_LOG_TYPE_TRANSITIONFAULT (EVENT_TRACE_GROUP_MEMORY | 0x2f)
  700. #define PERFINFO_LOG_TYPE_DEMANDZEROFAULT (EVENT_TRACE_GROUP_MEMORY | 0x30)
  701. #define PERFINFO_LOG_TYPE_ADDVALIDPAGETOWS (EVENT_TRACE_GROUP_MEMORY | 0x31)
  702. #define PERFINFO_LOG_TYPE_OUTWS_REPLACEUSED (EVENT_TRACE_GROUP_MEMORY | 0x32)
  703. #define PERFINFO_LOG_TYPE_OUTWS_REPLACEUNUSED (EVENT_TRACE_GROUP_MEMORY | 0x33)
  704. #define PERFINFO_LOG_TYPE_OUTWS_VOLUNTRIM (EVENT_TRACE_GROUP_MEMORY | 0x34)
  705. #define PERFINFO_LOG_TYPE_OUTWS_FORCETRIM (EVENT_TRACE_GROUP_MEMORY | 0x35)
  706. #define PERFINFO_LOG_TYPE_OUTWS_ADJUSTWS (EVENT_TRACE_GROUP_MEMORY | 0x36)
  707. #define PERFINFO_LOG_TYPE_OUTWS_EMPTYQ (EVENT_TRACE_GROUP_MEMORY | 0x37)
  708. #define PERFINFO_LOG_TYPE_WORKINGSETSNAP (EVENT_TRACE_GROUP_MEMORY | 0x38)
  709. #define PERFINFO_LOG_TYPE_DECREFCNT (EVENT_TRACE_GROUP_MEMORY | 0x39)
  710. #define PERFINFO_LOG_TYPE_DECSHARCNT (EVENT_TRACE_GROUP_MEMORY | 0x3a)
  711. #define PERFINFO_LOG_TYPE_ZEROREFCOUNT (EVENT_TRACE_GROUP_MEMORY | 0x3b)
  712. #define PERFINFO_LOG_TYPE_WSINFOPROCESS (EVENT_TRACE_GROUP_MEMORY | 0x3c)
  713. #define PERFINFO_LOG_TYPE_ADDTOWORKINGSET (EVENT_TRACE_GROUP_MEMORY | 0x3d)
  714. #define PERFINFO_LOG_TYPE_DELETEKERNELSTACK (EVENT_TRACE_GROUP_MEMORY | 0x3e)
  715. #define PERFINFO_LOG_TYPE_PROTOPTEFAULT (EVENT_TRACE_GROUP_MEMORY | 0x3f)
  716. #define PERFINFO_LOG_TYPE_ADDTOWS (EVENT_TRACE_GROUP_MEMORY | 0x40)
  717. #define PERFINFO_LOG_TYPE_OUTWS_HASHFULL (EVENT_TRACE_GROUP_MEMORY | 0x41)
  718. #define PERFINFO_LOG_TYPE_MOD_PAGE_WRITER1 (EVENT_TRACE_GROUP_MEMORY | 0x42)
  719. #define PERFINFO_LOG_TYPE_MOD_PAGE_WRITER2 (EVENT_TRACE_GROUP_MEMORY | 0x43)
  720. #define PERFINFO_LOG_TYPE_MOD_PAGE_WRITER3 (EVENT_TRACE_GROUP_MEMORY | 0x44)
  721. #define PERFINFO_LOG_TYPE_FAULTADDR_WITH_IP (EVENT_TRACE_GROUP_MEMORY | 0x45)
  722. #define PERFINFO_LOG_TYPE_TRIMSESSION (EVENT_TRACE_GROUP_MEMORY | 0x46)
  723. #define PERFINFO_LOG_TYPE_MEMORYSNAPLITE (EVENT_TRACE_GROUP_MEMORY | 0x47)
  724. #define PERFINFO_LOG_TYPE_WS_SESSION (EVENT_TRACE_GROUP_MEMORY | 0x48)
  725. // (EVENT_TRACE_GROUP_POOL
  726. //
  727. //
  728. // Event types for Registry subsystem
  729. //
  730. #define WMI_LOG_TYPE_REG_CREATE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGCREATE)
  731. #define WMI_LOG_TYPE_REG_OPEN (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGOPEN)
  732. #define WMI_LOG_TYPE_REG_DELETE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGDELETE)
  733. #define WMI_LOG_TYPE_REG_QUERY (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGQUERY)
  734. #define WMI_LOG_TYPE_REG_SET_VALUE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGSETVALUE)
  735. #define WMI_LOG_TYPE_REG_DELETE_VALUE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGDELETEVALUE)
  736. #define WMI_LOG_TYPE_REG_QUERY_VALUE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGQUERYVALUE)
  737. #define WMI_LOG_TYPE_REG_ENUM_KEY (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGENUMERATEKEY)
  738. #define WMI_LOG_TYPE_REG_ENUM_VALUE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGENUMERATEVALUEKEY)
  739. #define WMI_LOG_TYPE_REG_QUERY_MULTIVALUE (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGQUERYMULTIPLEVALUE)
  740. #define WMI_LOG_TYPE_REG_SET_INFO (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGSETINFORMATION)
  741. #define WMI_LOG_TYPE_REG_FLUSH (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGFLUSH)
  742. #define WMI_LOG_TYPE_REG_RUNDOWN (EVENT_TRACE_GROUP_REGISTRY | EVENT_TRACE_TYPE_REGKCBDMP)
  743. #define PERFINFO_LOG_TYPE_CMCELLREFERRED (EVENT_TRACE_GROUP_REGISTRY | 0x20)
  744. #define PERFINFO_LOG_TYPE_REG_KCB_KEYNAME (EVENT_TRACE_GROUP_REGISTRY | 0x21)
  745. #define PERFINFO_LOG_TYPE_REG_KCB_CREATE (EVENT_TRACE_GROUP_REGISTRY | 0x22)
  746. #define PERFINFO_LOG_TYPE_REG_PARSEKEY_START (EVENT_TRACE_GROUP_REGISTRY | 0x23)
  747. #define PERFINFO_LOG_TYPE_REG_PARSEKEY_END (EVENT_TRACE_GROUP_REGISTRY | 0x24)
  748. #define PERFINFO_LOG_TYPE_REG_DELETE_KEY (EVENT_TRACE_GROUP_REGISTRY | 0x25)
  749. #define PERFINFO_LOG_TYPE_REG_DELETE_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x26)
  750. #define PERFINFO_LOG_TYPE_REG_ENUM_KEY (EVENT_TRACE_GROUP_REGISTRY | 0x27)
  751. #define PERFINFO_LOG_TYPE_REG_ENUM_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x28)
  752. #define PERFINFO_LOG_TYPE_REG_QUERY_KEY (EVENT_TRACE_GROUP_REGISTRY | 0x29)
  753. #define PERFINFO_LOG_TYPE_REG_QUERY_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x2a)
  754. #define PERFINFO_LOG_TYPE_REG_QUERY_MULTIVALUE (EVENT_TRACE_GROUP_REGISTRY | 0x2b)
  755. #define PERFINFO_LOG_TYPE_REG_SET_VALUE (EVENT_TRACE_GROUP_REGISTRY | 0x2c)
  756. #define PERFINFO_LOG_TYPE_REG_NOTIFY_POST (EVENT_TRACE_GROUP_REGISTRY | 0x2d)
  757. #define PERFINFO_LOG_TYPE_REG_NOTIFY_KCB (EVENT_TRACE_GROUP_REGISTRY | 0x2e)
  758. //
  759. // Event types for PERF tracing specific subsystem
  760. //
  761. #define PERFINFO_LOG_TYPE_PERFFREQUENCY (EVENT_TRACE_GROUP_PERFINFO | 0x20)
  762. #define PERFINFO_LOG_TYPE_PERFCOUNTERSTART (EVENT_TRACE_GROUP_PERFINFO | 0x21)
  763. #define PERFINFO_LOG_TYPE_MARK (EVENT_TRACE_GROUP_PERFINFO | 0x22)
  764. #define PERFINFO_LOG_TYPE_VERSION (EVENT_TRACE_GROUP_PERFINFO | 0x23)
  765. #define PERFINFO_LOG_TYPE_ASYNCMARK (EVENT_TRACE_GROUP_PERFINFO | 0x24)
  766. #define PERFINFO_LOG_TYPE_FILENAMEBUFFER (EVENT_TRACE_GROUP_PERFINFO | 0x25) // to be cleaned up
  767. #define PERFINFO_LOG_TYPE_IMAGENAME (EVENT_TRACE_GROUP_PERFINFO | 0x26)
  768. #define PERFINFO_LOG_TYPE_RESERVED1 (EVENT_TRACE_GROUP_PERFINFO | 0x27)
  769. #define PERFINFO_LOG_TYPE_RESERVED2 (EVENT_TRACE_GROUP_PERFINFO | 0x28)
  770. #define PERFINFO_LOG_TYPE_RESERVED3 (EVENT_TRACE_GROUP_PERFINFO | 0x29)
  771. #define PERFINFO_LOG_TYPE_WMI_TRACE_IO (EVENT_TRACE_GROUP_PERFINFO | 0x2a)
  772. #define PERFINFO_LOG_TYPE_WMI_TRACE_FILENAME_EVENT (EVENT_TRACE_GROUP_PERFINFO | 0x2b)
  773. #define PERFINFO_LOG_TYPE_GLOBAL_MASK_CHANGE (EVENT_TRACE_GROUP_PERFINFO | 0x2c)
  774. #define PERFINFO_LOG_TYPE_TRACEINFO (EVENT_TRACE_GROUP_PERFINFO | 0x2d) // go away
  775. #define PERFINFO_LOG_TYPE_SAMPLED_PROFILE (EVENT_TRACE_GROUP_PERFINFO | 0x2e)
  776. #define PERFINFO_LOG_TYPE_RESERVED_PERFINFO_2F (EVENT_TRACE_GROUP_PERFINFO | 0x2f)
  777. #define PERFINFO_LOG_TYPE_RESERVED_PERFINFO_30 (EVENT_TRACE_GROUP_PERFINFO | 0x30)
  778. #define PERFINFO_LOG_TYPE_RESERVED_PERFINFO_31 (EVENT_TRACE_GROUP_PERFINFO | 0x31)
  779. #define PERFINFO_LOG_TYPE_RESERVED_PERFINFO_32 (EVENT_TRACE_GROUP_PERFINFO | 0x32)
  780. #define PERFINFO_LOG_TYPE_SYSCALL_ENTER (EVENT_TRACE_GROUP_PERFINFO | 0x33)
  781. #define PERFINFO_LOG_TYPE_SYSCALL_EXIT (EVENT_TRACE_GROUP_PERFINFO | 0x34)
  782. #define PERFINFO_LOG_TYPE_BACKTRACE (EVENT_TRACE_GROUP_PERFINFO | 0x35)
  783. #define PERFINFO_LOG_TYPE_BACKTRACE_USERSTACK (EVENT_TRACE_GROUP_PERFINFO | 0x36)
  784. #define PERFINFO_LOG_TYPE_SAMPLED_PROFILE_CACHE (EVENT_TRACE_GROUP_PERFINFO | 0x37)
  785. #define PERFINFO_LOG_TYPE_EXCEPTION_STACK (EVENT_TRACE_GROUP_PERFINFO | 0x38)
  786. #define PERFINFO_LOG_TYPE_BRANCH_TRACE (EVENT_TRACE_GROUP_PERFINFO | 0x39)
  787. #define PERFINFO_LOG_TYPE_BRANCH_TRACE_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x40)
  788. #define PERFINFO_LOG_TYPE_BRANCH_ADDRESS_DEBUG (EVENT_TRACE_GROUP_PERFINFO | 0x41)
  789. #define PERFINFO_LOG_TYPE_INTERRUPT (EVENT_TRACE_GROUP_PERFINFO | 0x43)
  790. #define PERFINFO_LOG_TYPE_DPC (EVENT_TRACE_GROUP_PERFINFO | 0x44)
  791. #define PERFINFO_LOG_TYPE_TIMERDPC (EVENT_TRACE_GROUP_PERFINFO | 0x45)
  792. //
  793. // Event types for Pool subsystem
  794. //
  795. #define PERFINFO_LOG_TYPE_ALLOCATEPOOL (EVENT_TRACE_GROUP_POOL | 0x20)
  796. #define PERFINFO_LOG_TYPE_FREEPOOL (EVENT_TRACE_GROUP_POOL | 0x21)
  797. #define PERFINFO_LOG_TYPE_POOLSTAT (EVENT_TRACE_GROUP_POOL | 0x22)
  798. #define PERFINFO_LOG_TYPE_ADDPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x23)
  799. #define PERFINFO_LOG_TYPE_FREEPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x24)
  800. #define PERFINFO_LOG_TYPE_BIGPOOLPAGE (EVENT_TRACE_GROUP_POOL | 0x25)
  801. #define PERFINFO_LOG_TYPE_POOLSNAP (EVENT_TRACE_GROUP_POOL | 0x26)
  802. //
  803. // Event types for Heap subsystem
  804. //
  805. #define PERFINFO_LOG_TYPE_HEAP_CREATE (EVENT_TRACE_GROUP_HEAP | 0x20)
  806. #define PERFINFO_LOG_TYPE_HEAP_ALLOC (EVENT_TRACE_GROUP_HEAP | 0x21)
  807. #define PERFINFO_LOG_TYPE_HEAP_REALLOC (EVENT_TRACE_GROUP_HEAP | 0x22)
  808. #define PERFINFO_LOG_TYPE_HEAP_DESTROY (EVENT_TRACE_GROUP_HEAP | 0x23)
  809. #define PERFINFO_LOG_TYPE_HEAP_FREE (EVENT_TRACE_GROUP_HEAP | 0x24)
  810. #define PERFINFO_LOG_TYPE_HEAP_EXTEND (EVENT_TRACE_GROUP_HEAP | 0x25)
  811. #define PERFINFO_LOG_TYPE_HEAP_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x26)
  812. #define PERFINFO_LOG_TYPE_HEAP_CREATE_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x27)
  813. #define PERFINFO_LOG_TYPE_HEAP_DESTROY_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x28)
  814. #define PERFINFO_LOG_TYPE_HEAP_EXTEND_SNAPSHOT (EVENT_TRACE_GROUP_HEAP | 0x29)
  815. #define PERFINFO_LOG_TYPE_HEAP_CONTRACT (EVENT_TRACE_GROUP_HEAP | 0x2a)
  816. #define PERFINFO_LOG_TYPE_HEAP_LOCK (EVENT_TRACE_GROUP_HEAP | 0x2b)
  817. #define PERFINFO_LOG_TYPE_HEAP_UNLOCK (EVENT_TRACE_GROUP_HEAP | 0x2c)
  818. #define PERFINFO_LOG_TYPE_HEAP_VALIDATE (EVENT_TRACE_GROUP_HEAP | 0x2d)
  819. #define PERFINFO_LOG_TYPE_HEAP_WALK (EVENT_TRACE_GROUP_HEAP | 0x2e)
  820. //
  821. // Event Types for Critical Section Subsystem
  822. //
  823. #define PERFINFO_LOG_TYPE_CRITSEC_ENTER (EVENT_TRACE_GROUP_CRITSEC | 0x20)
  824. #define PERFINFO_LOG_TYPE_CRITSEC_LEAVE (EVENT_TRACE_GROUP_CRITSEC | 0x21)
  825. #define PERFINFO_LOG_TYPE_CRITSEC_COLLISION (EVENT_TRACE_GROUP_CRITSEC | 0x22)
  826. #define PERFINFO_LOG_TYPE_CRITSEC_INITIALIZE (EVENT_TRACE_GROUP_CRITSEC | 0x23)
  827. //
  828. // Event types for Object subsystem
  829. //
  830. #define PERFINFO_LOG_TYPE_DECLARE_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x20)
  831. #define PERFINFO_LOG_TYPE_WAIT_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x21)
  832. #define PERFINFO_LOG_TYPE_UNWAIT_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x22)
  833. #define PERFINFO_LOG_TYPE_SIGNAL_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x23)
  834. #define PERFINFO_LOG_TYPE_CLEAR_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x24)
  835. #define PERFINFO_LOG_TYPE_UNWAIT_SIGNALED_OBJECT (EVENT_TRACE_GROUP_OBJECT | 0x25)
  836. //
  837. // Event types for Power subsystem
  838. //
  839. #define PERFINFO_LOG_TYPE_BATTERY_LIFE_INFO (EVENT_TRACE_GROUP_POWER | 0x20)
  840. #define PERFINFO_LOG_TYPE_IDLE_STATE_CHANGE (EVENT_TRACE_GROUP_POWER | 0x21)
  841. #define PERFINFO_LOG_TYPE_SET_POWER_ACTION (EVENT_TRACE_GROUP_POWER | 0x22)
  842. #define PERFINFO_LOG_TYPE_SET_POWER_ACTION_RET (EVENT_TRACE_GROUP_POWER | 0x23)
  843. #define PERFINFO_LOG_TYPE_SET_DEVICES_STATE (EVENT_TRACE_GROUP_POWER | 0x24)
  844. #define PERFINFO_LOG_TYPE_SET_DEVICES_STATE_RET (EVENT_TRACE_GROUP_POWER | 0x25)
  845. #define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE (EVENT_TRACE_GROUP_POWER | 0x26)
  846. #define PERFINFO_LOG_TYPE_PO_NOTIFY_DEVICE_COMPLETE (EVENT_TRACE_GROUP_POWER | 0x27)
  847. #define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT (EVENT_TRACE_GROUP_POWER | 0x28)
  848. #define PERFINFO_LOG_TYPE_PO_SESSION_CALLOUT_RET (EVENT_TRACE_GROUP_POWER | 0x29)
  849. #define PERFINFO_LOG_TYPE_PO_PRESLEEP (EVENT_TRACE_GROUP_POWER | 0x30)
  850. #define PERFINFO_LOG_TYPE_PO_POSTSLEEP (EVENT_TRACE_GROUP_POWER | 0x31)
  851. //
  852. // Event types for MODBound subsystem
  853. //
  854. #define PERFINFO_LOG_TYPE_MODULEBOUND_ENT (EVENT_TRACE_GROUP_MODBOUND | 0x20)
  855. #define PERFINFO_LOG_TYPE_MODULEBOUND_JUMP (EVENT_TRACE_GROUP_MODBOUND | 0x21)
  856. #define PERFINFO_LOG_TYPE_MODULEBOUND_RET (EVENT_TRACE_GROUP_MODBOUND | 0x22)
  857. #define PERFINFO_LOG_TYPE_MODULEBOUND_CALL (EVENT_TRACE_GROUP_MODBOUND | 0x23)
  858. #define PERFINFO_LOG_TYPE_MODULEBOUND_CALLRET (EVENT_TRACE_GROUP_MODBOUND | 0x24)
  859. #define PERFINFO_LOG_TYPE_MODULEBOUND_INT2E (EVENT_TRACE_GROUP_MODBOUND | 0x25)
  860. #define PERFINFO_LOG_TYPE_MODULEBOUND_INT2B (EVENT_TRACE_GROUP_MODBOUND | 0x26)
  861. #define PERFINFO_LOG_TYPE_MODULEBOUND_FULLTRACE (EVENT_TRACE_GROUP_MODBOUND | 0x27)
  862. //
  863. // Event types for gdi subsystem
  864. #define PERFINFO_LOG_TYPE_FONT_REALIZE (EVENT_TRACE_GROUP_GDI | 0x20)
  865. #define PERFINFO_LOG_TYPE_FONT_DELETE (EVENT_TRACE_GROUP_GDI | 0x21)
  866. #define PERFINFO_LOG_TYPE_FONT_ACTIVATE (EVENT_TRACE_GROUP_GDI | 0x22)
  867. #define PERFINFO_LOG_TYPE_FONT_FLUSH (EVENT_TRACE_GROUP_GDI | 0x23)
  868. //
  869. // Event types To be Decided if they are still needed?
  870. //
  871. #define PERFINFO_LOG_TYPE_DISPATCHMSG (EVENT_TRACE_GROUP_TBD | 0x00)
  872. #define PERFINFO_LOG_TYPE_GLYPHCACHE (EVENT_TRACE_GROUP_TBD | 0x01)
  873. #define PERFINFO_LOG_TYPE_GLYPHS (EVENT_TRACE_GROUP_TBD | 0x02)
  874. #define PERFINFO_LOG_TYPE_READWRITE (EVENT_TRACE_GROUP_TBD | 0x03)
  875. #define PERFINFO_LOG_TYPE_EXPLICIT_LOAD (EVENT_TRACE_GROUP_TBD | 0x04)
  876. #define PERFINFO_LOG_TYPE_IMPLICIT_LOAD (EVENT_TRACE_GROUP_TBD | 0x05)
  877. #define PERFINFO_LOG_TYPE_CHECKSUM (EVENT_TRACE_GROUP_TBD | 0x06)
  878. #define PERFINFO_LOG_TYPE_DLL_INIT (EVENT_TRACE_GROUP_TBD | 0x07)
  879. #define PERFINFO_LOG_TYPE_SERVICE_DD_START_INIT (EVENT_TRACE_GROUP_TBD | 0x08)
  880. #define PERFINFO_LOG_TYPE_SERVICE_DD_DONE_INIT (EVENT_TRACE_GROUP_TBD | 0x09)
  881. #define PERFINFO_LOG_TYPE_SERVICE_START_INIT (EVENT_TRACE_GROUP_TBD | 0x0a)
  882. #define PERFINFO_LOG_TYPE_SERVICE_DONE_INIT (EVENT_TRACE_GROUP_TBD | 0x0b)
  883. #define PERFINFO_LOG_TYPE_SERVICE_NAME (EVENT_TRACE_GROUP_TBD | 0x0c)
  884. #define PERFINFO_LOG_TYPE_WSINFOSESSION (EVENT_TRACE_GROUP_TBD | 0x0d)
  885. #define PERFINFO_LOG_TIMED_ENTER_ROUTINE (EVENT_TRACE_GROUP_TBD | 0x0e)
  886. #define PERFINFO_LOG_TIMED_EXIT_ROUTINE (EVENT_TRACE_GROUP_TBD | 0x0f)
  887. #define PERFINFO_LOG_TYPE_CTIME_STATS (EVENT_TRACE_GROUP_TBD | 0x10)
  888. #define PERFINFO_LOG_TYPE_MARKED_DIRTY (EVENT_TRACE_GROUP_TBD | 0x11)
  889. #define PERFINFO_LOG_TYPE_MARKED_CELL_DIRTY (EVENT_TRACE_GROUP_TBD | 0x12)
  890. #define PERFINFO_LOG_TYPE_HIVE_WRITE_DIRTY (EVENT_TRACE_GROUP_TBD | 0x13)
  891. #define PERFINFO_LOG_TYPE_DUMP_HIVECELL (EVENT_TRACE_GROUP_TBD | 0x14)
  892. #define PERFINFO_LOG_TYPE_HIVE_STAT (EVENT_TRACE_GROUP_TBD | 0x16)
  893. #define PERFINFO_LOG_TYPE_CLOCKREF (EVENT_TRACE_GROUP_TBD | 0x17)
  894. #define PERFINFO_LOG_TYPE_COWHEADER (EVENT_TRACE_GROUP_TBD | 0x18)
  895. #define PERFINFO_LOG_TYPE_COWBLOB (EVENT_TRACE_GROUP_TBD | 0x19)
  896. #define PERFINFO_LOG_TYPE_COWBLOB_CLOSED (EVENT_TRACE_GROUP_TBD | 0x1a)
  897. #define PERFINFO_LOG_TYPE_WMIPERFFREQUENCY (EVENT_TRACE_GROUP_TBD | 0x1d)
  898. #define PERFINFO_LOG_TYPE_CDROM_READ (EVENT_TRACE_GROUP_TBD | 0x1e)
  899. #define PERFINFO_LOG_TYPE_CDROM_READ_COMPLETE (EVENT_TRACE_GROUP_TBD | 0x1f)
  900. #define PERFINFO_LOG_TYPE_KE_SET_EVENT (EVENT_TRACE_GROUP_TBD | 0x20)
  901. #define PERFINFO_LOG_TYPE_REG_PARSEKEY (EVENT_TRACE_GROUP_TBD | 0x21)
  902. #define PERFINFO_LOG_TYPE_REG_PARSEKEYEND (EVENT_TRACE_GROUP_TBD | 0x22)
  903. #define PERFINFO_LOG_TYPE_ATTACH_PROCESS (EVENT_TRACE_GROUP_TBD | 0x24)
  904. #define PERFINFO_LOG_TYPE_DETACH_PROCESS (EVENT_TRACE_GROUP_TBD | 0x25)
  905. #define PERFINFO_LOG_TYPE_DATA_ACCESS (EVENT_TRACE_GROUP_TBD | 0x26)
  906. #define PERFINFO_LOG_TYPE_KDHELP (EVENT_TRACE_GROUP_TBD | 0x27)
  907. #define PERFINFO_LOG_TYPE_BOOT_OPTIONS (EVENT_TRACE_GROUP_TBD | 0x28)
  908. #define PERFINFO_LOG_TYPE_FAILED_STKDUMP (EVENT_TRACE_GROUP_TBD | 0x2c)
  909. #define PERFINFO_LOG_TYPE_SYSTEM_TIME (EVENT_TRACE_GROUP_TBD | 0x2f)
  910. #define PERFINFO_LOG_TYPE_READYQUEUE (EVENT_TRACE_GROUP_TBD | 0x30)
  911. //
  912. // KMIXER hooks are in audio\filters\kmixer\pins.c
  913. //
  914. #define PERFINFO_LOG_TYPE_KMIXER_DRIVER_ENTRY (EVENT_TRACE_GROUP_TBD | 0x31)
  915. #define PERFINFO_LOG_TYPE_KMIXER_DSOUND_STARVATION (EVENT_TRACE_GROUP_TBD | 0x32)
  916. #define PERFINFO_LOG_TYPE_KMIXER_DPC_STARVATION (EVENT_TRACE_GROUP_TBD | 0x33)
  917. #define PERFINFO_LOG_TYPE_KMIXER_WAVE_TOP_STARVATION (EVENT_TRACE_GROUP_TBD | 0x34)
  918. #define PERFINFO_LOG_TYPE_OVERLAY_QUALITY (EVENT_TRACE_GROUP_TBD | 0x35)
  919. // in amovie\filters\mixer\ovmixer\ominpin.cpp
  920. #define PERFINFO_LOG_TYPE_DVD_RENDER_SAMPLE (EVENT_TRACE_GROUP_TBD | 0x36)
  921. #define PERFINFO_LOG_TYPE_CDVD_SET_DISCONTINUITY (EVENT_TRACE_GROUP_TBD | 0x37)
  922. // in amovie\filters\dvdnav\dvdnav\dvd.cpp
  923. #define PERFINFO_LOG_TYPE_CSPLITTER_SET_DISCONTINUITY (EVENT_TRACE_GROUP_TBD | 0x38)
  924. // in amovie\filters\dvdnav\base\splitter.cpp
  925. // following hooks are in amovie\sdk\classes\base
  926. #define PERFINFO_LOG_TYPE_DSHOW_CTOR (EVENT_TRACE_GROUP_TBD | 0x39)
  927. #define PERFINFO_LOG_TYPE_DSHOW_DTOR (EVENT_TRACE_GROUP_TBD | 0x3a)
  928. #define PERFINFO_LOG_TYPE_DSHOW_DELIVER (EVENT_TRACE_GROUP_TBD | 0x3b)
  929. #define PERFINFO_LOG_TYPE_DSHOW_RECEIVE (EVENT_TRACE_GROUP_TBD | 0x3c)
  930. #define PERFINFO_LOG_TYPE_DSHOW_RUN (EVENT_TRACE_GROUP_TBD | 0x3d)
  931. #define PERFINFO_LOG_TYPE_DSHOW_PAUSE (EVENT_TRACE_GROUP_TBD | 0x3e)
  932. #define PERFINFO_LOG_TYPE_DSHOW_STOP (EVENT_TRACE_GROUP_TBD | 0x3f)
  933. #define PERFINFO_LOG_TYPE_DSHOW_JOINGRAPH (EVENT_TRACE_GROUP_TBD | 0x40)
  934. #define PERFINFO_LOG_TYPE_DSHOW_GETBUFFER (EVENT_TRACE_GROUP_TBD | 0x41)
  935. #define PERFINFO_LOG_TYPE_DSHOW_RELBUFFER (EVENT_TRACE_GROUP_TBD | 0x42)
  936. #define PERFINFO_LOG_TYPE_DSHOW_CONNECT (EVENT_TRACE_GROUP_TBD | 0x43)
  937. #define PERFINFO_LOG_TYPE_DSHOW_RXCONNECT (EVENT_TRACE_GROUP_TBD | 0x44)
  938. #define PERFINFO_LOG_TYPE_DSHOW_DISCONNECT (EVENT_TRACE_GROUP_TBD | 0x45)
  939. #define PERFINFO_LOG_TYPE_DSHOW_GETTIME (EVENT_TRACE_GROUP_TBD | 0x46)
  940. #define PERFINFO_LOG_TYPE_DSHOW_AUDIOREND (EVENT_TRACE_GROUP_TBD | 0x47)
  941. #define PERFINFO_LOG_TYPE_DSHOW_VIDEOREND (EVENT_TRACE_GROUP_TBD | 0x48)
  942. #define PERFINFO_LOG_TYPE_DSHOW_FRAMEDROP (EVENT_TRACE_GROUP_TBD | 0x49)
  943. #define PERFINFO_LOG_TYPE_DSHOW_AUDIOBREAK (EVENT_TRACE_GROUP_TBD | 0x4a)
  944. #define PERFINFO_LOG_TYPE_DSHOW_SAMPLE_DATADISCONTINUITY (EVENT_TRACE_GROUP_TBD | 0x4b)
  945. #define PERFINFO_LOG_TYPE_DSHOW_MEDIASAMPLE_SET_DISCONTINUITY (EVENT_TRACE_GROUP_TBD | 0x4c)
  946. #define PERFINFO_LOG_TYPE_DSHOW_TRANSFORM_INITSAMPLE_SET_DISCONTINUITY (EVENT_TRACE_GROUP_TBD | 0x4d)
  947. #define PERFINFO_LOG_TYPE_DSHOW_TRANSFORM_COPY_SET_DISCONTINUITY (EVENT_TRACE_GROUP_TBD | 0x4e)
  948. #define PERFINFO_LOG_TYPE_DSHOW_SYNCOBJ_ADVICE_FRAME_SKIP (EVENT_TRACE_GROUP_TBD | 0x4f)
  949. #define PERFINFO_LOG_TYPE_WMI_REFLECT_DISK_IO_READ (EVENT_TRACE_GROUP_TBD | 0x50)
  950. #define PERFINFO_LOG_TYPE_WMI_REFLECT_DISK_IO_WRITE (EVENT_TRACE_GROUP_TBD | 0x51)
  951. #if 0
  952. //
  953. // 2000-2199 reserved for SQL Server
  954. //
  955. #define PERFINFO_LOG_TYPE_SQLSERVER_FIRST (2000)
  956. #define PERFINFO_LOG_TYPE_SQLSERVER_LAST (PERFINFO_LOG_TYPE_SQLSERVER_FIRST + 199)
  957. //
  958. // 2200-2299 reserved for reflection of WMI events
  959. //
  960. #define PERFINFO_LOG_TYPE_WMI_REFLECT_FIRST (2200)
  961. #define PERFINFO_LOG_TYPE_WMI_REFLECT_LAST (PERFINFO_LOG_TYPE_WMI_REFLECT_FIRST + 199)
  962. #endif //0
  963. //
  964. // Data structure used for WMI Kernel Events
  965. //
  966. // **NB** the hardware events are described in software traceing, if they
  967. // change in layout please update sdktools\trace\tracefmt\default.tmf
  968. #define MAX_DEVICE_ID_LENGTH 256
  969. #define CONFIG_MAX_DOMAIN_NAME_LEN 132
  970. typedef struct _CPU_CONFIG_RECORD {
  971. ULONG ProcessorSpeed;
  972. ULONG NumberOfProcessors;
  973. ULONG MemorySize; // in MBytes
  974. ULONG PageSize; // in Bytes
  975. ULONG AllocationGranularity; // in Bytes
  976. WCHAR ComputerName[MAX_DEVICE_ID_LENGTH];
  977. WCHAR DomainName[CONFIG_MAX_DOMAIN_NAME_LEN];
  978. } CPU_CONFIG_RECORD, *PCPU_CONFIG_RECORD;
  979. #define CONFIG_WRITE_CACHE_ENABLED 0x00000001
  980. #define CONFIG_FS_NAME_LEN 16
  981. #define CONFIG_BOOT_DRIVE_LEN 3
  982. typedef struct _PHYSICAL_DISK_RECORD {
  983. ULONG DiskNumber;
  984. ULONG BytesPerSector;
  985. ULONG SectorsPerTrack;
  986. ULONG TracksPerCylinder;
  987. ULONGLONG Cylinders;
  988. ULONG SCSIPortNumber;
  989. ULONG SCSIPathId;
  990. ULONG SCSITargetId;
  991. ULONG SCSILun;
  992. WCHAR Manufacturer[MAX_DEVICE_ID_LENGTH];
  993. ULONG PartitionCount;
  994. BOOLEAN WriteCacheEnabled;
  995. WCHAR BootDriveLetter[CONFIG_BOOT_DRIVE_LEN];
  996. } PHYSICAL_DISK_RECORD, *PPHYSICAL_DISK_RECORD;
  997. //
  998. // Types of logical drive
  999. //
  1000. #define CONFIG_DRIVE_PARTITION 0x00000001
  1001. #define CONFIG_DRIVE_VOLUME 0x00000002
  1002. #define CONFIG_DRIVE_EXTENT 0x00000004
  1003. #define CONFIG_DRIVE_LETTER_LEN 4
  1004. typedef struct _LOGICAL_DISK_EXTENTS {
  1005. ULONGLONG StartingOffset;
  1006. ULONGLONG PartitionSize;
  1007. ULONG DiskNumber; // The physical disk number where the logical drive resides
  1008. ULONG Size; // The size in bytes of the structure.
  1009. ULONG DriveType; // Logical drive type partition/volume/extend-partition
  1010. WCHAR DriveLetterString[CONFIG_DRIVE_LETTER_LEN];
  1011. ULONG Pad;
  1012. ULONG PartitionNumber; // The partition number where the logical drive resides
  1013. ULONG SectorsPerCluster;
  1014. ULONG BytesPerSector;
  1015. LONGLONG NumberOfFreeClusters;
  1016. LONGLONG TotalNumberOfClusters;
  1017. WCHAR FileSystemType[CONFIG_FS_NAME_LEN];
  1018. ULONG VolumeExt; // Offset to VOLUME_DISK_EXTENTS structure
  1019. } LOGICAL_DISK_EXTENTS, *PLOGICAL_DISK_EXTENTS;
  1020. #define CONFIG_MAX_DNS_SERVER 4
  1021. #define CONFIG_MAX_ADAPTER_ADDRESS_LENGTH 8
  1022. //
  1023. // Note: Data is an array of structures of type IP_ADDRESS_STRING defined in iptypes.h
  1024. //
  1025. typedef struct _NIC_RECORD {
  1026. WCHAR NICName[MAX_DEVICE_ID_LENGTH];
  1027. ULONG Index;
  1028. ULONG PhysicalAddrLen;
  1029. WCHAR PhysicalAddr[CONFIG_MAX_ADAPTER_ADDRESS_LENGTH];
  1030. ULONG Size; // Size of the Data
  1031. LONG IpAddress; // IP Address offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1032. LONG SubnetMask; // subnet mask offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1033. LONG DhcpServer; // dhcp server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1034. LONG Gateway; // gateway offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1035. LONG PrimaryWinsServer; // primary wins server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1036. LONG SecondaryWinsServer;// secondary wins server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1037. LONG DnsServer[CONFIG_MAX_DNS_SERVER]; // dns server offset. Copy bytes = sizeof(IP_ADDRESS_STRING)
  1038. ULONG Data; // Offset to an array of IP_ADDRESS_STRING
  1039. } NIC_RECORD, *PNIC_RECORD;
  1040. typedef struct _VIDEO_RECORD {
  1041. ULONG MemorySize;
  1042. ULONG XResolution;
  1043. ULONG YResolution;
  1044. ULONG BitsPerPixel;
  1045. ULONG VRefresh;
  1046. WCHAR ChipType[MAX_DEVICE_ID_LENGTH];
  1047. WCHAR DACType[MAX_DEVICE_ID_LENGTH];
  1048. WCHAR AdapterString[MAX_DEVICE_ID_LENGTH];
  1049. WCHAR BiosString[MAX_DEVICE_ID_LENGTH];
  1050. WCHAR DeviceId[MAX_DEVICE_ID_LENGTH];
  1051. ULONG StateFlags;
  1052. } VIDEO_RECORD, *PVIDEO_RECORD;
  1053. #define CONFIG_MAX_NAME_LENGTH 34
  1054. #define CONFIG_MAX_DISPLAY_NAME 256
  1055. typedef struct _WMI_SERVICE_INFO {
  1056. WCHAR ServiceName[CONFIG_MAX_NAME_LENGTH];
  1057. WCHAR DisplayName[CONFIG_MAX_DISPLAY_NAME];
  1058. WCHAR ProcessName[CONFIG_MAX_NAME_LENGTH];
  1059. ULONG ProcessId;
  1060. }WMI_SERVICE_INFO, *PWMI_SERVICE_INFO;
  1061. //
  1062. // Stores the ACPI Power Information
  1063. //
  1064. typedef struct _WMI_POWER_RECORD {
  1065. BOOLEAN SystemS1;
  1066. BOOLEAN SystemS2;
  1067. BOOLEAN SystemS3;
  1068. BOOLEAN SystemS4; // hibernate
  1069. BOOLEAN SystemS5; // off
  1070. CHAR Pad1;
  1071. CHAR Pad2;
  1072. CHAR Pad3;
  1073. } WMI_POWER_RECORD, *PWMI_POWER_RECORD;
  1074. typedef struct _WMI_PROCESS_INFORMATION {
  1075. ULONG_PTR PageDirectoryBase;
  1076. ULONG ProcessId;
  1077. ULONG ParentId;
  1078. ULONG SessionId;
  1079. NTSTATUS ExitStatus;
  1080. ULONG Sid;
  1081. // Filename is added at the ned of the structure.
  1082. // Since Sid is variable length field,
  1083. // FileName is not defined in the structure.
  1084. } WMI_PROCESS_INFORMATION, *PWMI_PROCESS_INFORMATION;
  1085. typedef struct _WMI_PROCESS_INFORMATION64 {
  1086. ULONG64 PageDirectoryBase64;
  1087. ULONG ProcessId;
  1088. ULONG ParentId;
  1089. ULONG SessionId;
  1090. NTSTATUS ExitStatus;
  1091. ULONG Sid;
  1092. // Filename is added at the ned of the structure.
  1093. // Since Sid is variable length field,
  1094. // FileName is not defined in the structure.
  1095. } WMI_PROCESS_INFORMATION64, *PWMI_PROCESS_INFORMATION64;
  1096. typedef struct _WMI_THREAD_INFORMATION {
  1097. ULONG ProcessId;
  1098. ULONG ThreadId;
  1099. } WMI_THREAD_INFORMATION, *PWMI_THREAD_INFORMATION;
  1100. typedef struct _WMI_EXTENDED_THREAD_INFORMATION {
  1101. ULONG ProcessId;
  1102. ULONG ThreadId;
  1103. PVOID StackBase;
  1104. PVOID StackLimit;
  1105. PVOID UserStackBase;
  1106. PVOID UserStackLimit;
  1107. PVOID StartAddr;
  1108. PVOID Win32StartAddr;
  1109. CHAR WaitMode;
  1110. } WMI_EXTENDED_THREAD_INFORMATION, *PWMI_EXTENDED_THREAD_INFORMATION;
  1111. typedef struct _WMI_EXTENDED_THREAD_INFORMATION64 {
  1112. ULONG ProcessId;
  1113. ULONG ThreadId;
  1114. ULONG64 StackBase64;
  1115. ULONG64 StackLimit64;
  1116. ULONG64 UserStackBase64;
  1117. ULONG64 UserStackLimit64;
  1118. ULONG64 StartAddr64;
  1119. ULONG64 Win32StartAddr64;
  1120. CHAR WaitMode;
  1121. } WMI_EXTENDED_THREAD_INFORMATION64, *PWMI_EXTENDED_THREAD_INFORMATION64;
  1122. typedef struct _WMI_IMAGELOAD_INFORMATION {
  1123. PVOID ImageBase;
  1124. SIZE_T ImageSize;
  1125. ULONG ProcessId;
  1126. WCHAR FileName[1];
  1127. } WMI_IMAGELOAD_INFORMATION, *PWMI_IMAGELOAD_INFORMATION;
  1128. typedef struct _WMI_IMAGELOAD_INFORMATION64 {
  1129. ULONG64 ImageBase64;
  1130. ULONG64 ImageSize64;
  1131. ULONG ProcessId;
  1132. WCHAR FileName[1];
  1133. } WMI_IMAGELOAD_INFORMATION64, *PWMI_IMAGELOAD_INFORMATION64;
  1134. typedef struct _WMI_DISKIO_READWRITE {
  1135. ULONG DiskNumber;
  1136. ULONG IrpFlags;
  1137. ULONG Size;
  1138. ULONG ResponseTime;
  1139. ULONGLONG ByteOffset;
  1140. PVOID FileObject;
  1141. ULONGLONG HighResResponseTime;
  1142. } WMI_DISKIO_READWRITE, *PWMI_DISKIO_READWRITE;
  1143. typedef struct _WMI_REGISTRY {
  1144. ULONG_PTR Status;
  1145. PVOID Kcb;
  1146. LONGLONG ElapsedTime;
  1147. union{
  1148. ULONG Index;
  1149. ULONG InfoClass;
  1150. };
  1151. WCHAR Name[1];
  1152. } WMI_REGISTRY, *PWMI_REGISTRY;
  1153. typedef struct _WMI_FILE_IO {
  1154. PVOID FileObject;
  1155. WCHAR FileName[1];
  1156. } WMI_FILE_IO, *PWMI_FILE_IO;
  1157. typedef struct _WMI_TCPIP {
  1158. ULONG Context;
  1159. ULONG Size;
  1160. ULONG DestAddr;
  1161. ULONG SrcAddr;
  1162. USHORT DestPort;
  1163. USHORT SrcPort;
  1164. } WMI_TCPIP, *PWMI_TCPIP;
  1165. typedef struct _WMI_UDP {
  1166. ULONG PID;
  1167. USHORT Size;
  1168. ULONG DestAddr;
  1169. ULONG SrcAddr;
  1170. USHORT DestPort;
  1171. USHORT SrcPort;
  1172. }WMI_UDP, *PWMI_UDP;
  1173. typedef struct _WMI_PAGE_FAULT {
  1174. PVOID VirtualAddress;
  1175. PVOID ProgramCounter;
  1176. } WMI_PAGE_FAULT, *PWMI_PAGE_FAULT;
  1177. typedef struct _WMI_CONTEXTSWAP {
  1178. ULONG NewThreadId;
  1179. ULONG OldThreadId;
  1180. CHAR NewThreadPriority;
  1181. CHAR OldThreadPriority;
  1182. CHAR NewThreadQuantum;
  1183. CHAR OldThreadQuantum;
  1184. UCHAR OldThreadWaitReason;
  1185. CHAR OldThreadWaitMode;
  1186. UCHAR OldThreadState;
  1187. UCHAR OldThreadIdealProcessor;
  1188. } WMI_CONTEXTSWAP, *PWMI_CONTEXTSWAP;
  1189. typedef struct _HEAP_EVENT_ALLOC {
  1190. PVOID HeapHandle; //Handle of Heap
  1191. SIZE_T Size; //Size of allocation in bytes
  1192. PVOID Address; //Address of Allocation
  1193. ULONG Source; //Type ie Lookaside, Lowfrag or main path
  1194. }HEAP_EVENT_ALLOC, *PHEAP_EVENT_ALLOC;
  1195. typedef struct _HEAP_EVENT_FREE {
  1196. PVOID HeapHandle; //Handle of Heap
  1197. PVOID Address; //Address to free
  1198. ULONG Source; //Type ie Lookaside, Lowfrag or main path
  1199. }HEAP_EVENT_FREE, *PHEAP_EVENT_FREE;
  1200. typedef struct _HEAP_EVENT_REALLOC {
  1201. PVOID HeapHandle; //Handle of Heap
  1202. PVOID NewAddress; //New Address returned to user
  1203. PVOID OldAddress; //Old Address got from user
  1204. SIZE_T NewSize; //New Size in bytes
  1205. SIZE_T OldSize; //Old Size in bytes
  1206. ULONG Source; //Type ie Lookaside, Lowfrag or main path
  1207. }HEAP_EVENT_REALLOC, *PHEAP_EVENT_REALLOC;
  1208. typedef struct _HEAP_EVENT_EXPANSION {
  1209. PVOID HeapHandle; //Handle of Heap
  1210. SIZE_T CommittedSize; //Memory Size in bytes actually committed
  1211. PVOID Address; //Address of free block or segment
  1212. SIZE_T FreeSpace; //Total free Space in Heap
  1213. SIZE_T CommittedSpace; //Memory Committed
  1214. SIZE_T ReservedSpace; //Memory reserved
  1215. ULONG NoOfUCRs; //Number of UnCommitted Ranges
  1216. }HEAP_EVENT_EXPANSION, *PHEAP_EVENT_EXPANSION;
  1217. typedef struct _HEAP_EVENT_CONTRACTION {
  1218. PVOID HeapHandle; //Handle of Heap
  1219. SIZE_T DeCommitSize; //The size of DeCommitted Block
  1220. PVOID DeCommitAddress; //Address of the Decommitted block
  1221. SIZE_T FreeSpace; //Total free Space in Heap in bytes
  1222. SIZE_T CommittedSpace; //Memory Committed in bytes
  1223. SIZE_T ReservedSpace; //Memory reserved in bytes
  1224. ULONG NoOfUCRs; //Number of UnCommitted Ranges
  1225. }HEAP_EVENT_CONTRACTION, *PHEAP_EVENT_CONTRACTION;
  1226. typedef struct _HEAP_EVENT_CREATE {
  1227. PVOID HeapHandle; //Handle of Heap
  1228. ULONG Flags; //Flags passed while creating heap.
  1229. }HEAP_EVENT_CREATE, *PHEAP_EVENT_CREATE;
  1230. typedef struct _HEAP_EVENT_SNAPSHOT {
  1231. PVOID HeapHandle; //Handle of Heap
  1232. ULONG Flags; //Flags passed while creating heap.
  1233. SIZE_T FreeSpace; //Total free Space in Heap in bytes
  1234. SIZE_T CommittedSpace; //Memory Committed in bytes
  1235. SIZE_T ReservedSpace; //Memory reserved in bytes
  1236. }HEAP_EVENT_SNAPSHOT, *PHEAP_EVENT_SNAPSHOT;
  1237. typedef struct _CRIT_SEC_COLLISION_EVENT_DATA {
  1238. ULONG LockCount; //Lock Count
  1239. PVOID SpinCount; //Spin Count
  1240. PVOID OwningThread; //Thread having Lock
  1241. PVOID Address; //Adress of Critical Section
  1242. }CRIT_SEC_COLLISION_EVENT_DATA, *PCRIT_SEC_COLLISION_EVENT_DATA;
  1243. typedef struct _CRIT_SEC_INITIALIZE_EVENT_DATA {
  1244. PVOID SpinCount; //Spin Count
  1245. PVOID Address; //Adress of Critical Section
  1246. }CRIT_SEC_INITIALIZE_EVENT_DATA, *PCRIT_SEC_INITIALIZE_EVENT_DATA;
  1247. //
  1248. // Additional Guid used for NTPERF
  1249. //
  1250. DEFINE_GUID( /* 0268a8b6-74fd-4302-9dd0-6e8f1795c0cf */
  1251. PoolGuid,
  1252. 0x0268a8b6,
  1253. 0x74fd,
  1254. 0x4302,
  1255. 0x9d, 0xd0, 0x6e, 0x8f, 0x17, 0x95, 0xc0, 0xcf
  1256. );
  1257. DEFINE_GUID( /* ce1dbfb4-137e-4da6-87b0-3f59aa102cbc */
  1258. PerfinfoGuid,
  1259. 0xce1dbfb4,
  1260. 0x137e,
  1261. 0x4da6,
  1262. 0x87, 0xb0, 0x3f, 0x59, 0xaa, 0x10, 0x2c, 0xbc
  1263. );
  1264. DEFINE_GUID( /* 222962ab-6180-4b88-a825-346b75f2a24a */
  1265. HeapGuid,
  1266. 0x222962ab,
  1267. 0x6180,
  1268. 0x4b88,
  1269. 0xa8, 0x25, 0x34, 0x6b, 0x75, 0xf2, 0xa2, 0x4a
  1270. );
  1271. DEFINE_GUID ( /* 3AC66736-CC59-4cff-8115-8DF50E39816B */
  1272. CritSecGuid,
  1273. 0x3ac66736,
  1274. 0xcc59,
  1275. 0x4cff,
  1276. 0x81, 0x15, 0x8d, 0xf5, 0xe, 0x39, 0x81, 0x6b
  1277. );
  1278. DEFINE_GUID ( /* E21D2142-DF90-4d93-BBD9-30E63D5A4AD6 */
  1279. NtdllTraceGuid,
  1280. 0xe21d2142,
  1281. 0xdf90,
  1282. 0x4d93,
  1283. 0xbb, 0xd9, 0x30, 0xe6, 0x3d, 0x5a, 0x4a, 0xd6
  1284. );
  1285. DEFINE_GUID( /* 89497f50-effe-4440-8cf2-ce6b1cdcaca7 */
  1286. ObjectGuid,
  1287. 0x89497f50,
  1288. 0xeffe,
  1289. 0x4440,
  1290. 0x8c, 0xf2, 0xce, 0x6b, 0x1c, 0xdc, 0xac, 0xa7
  1291. );
  1292. DEFINE_GUID( /* a9152f00-3f58-4bee-92a1-70c7d079d5dd */
  1293. ModBoundGuid,
  1294. 0xa9152f00,
  1295. 0x3f58,
  1296. 0x4bee,
  1297. 0x92, 0xa1, 0x70, 0xc7, 0xd0, 0x79, 0xd5, 0xdd
  1298. );
  1299. DEFINE_GUID ( /* E43445E0-0903-48c3-B878-FF0FCCEBDD04 */
  1300. PowerGuid,
  1301. 0xe43445e0,
  1302. 0x903,
  1303. 0x48c3,
  1304. 0xb8, 0x78, 0xff, 0xf, 0xcc, 0xeb, 0xdd, 0x4
  1305. );
  1306. DEFINE_GUID ( /* b2d14872-7c5b-463d-8419-ee9bf7d23e04 */
  1307. DpcGuid,
  1308. 0xb2d14872,
  1309. 0x7c5b,
  1310. 0x463d,
  1311. 0x84, 0x19, 0xee, 0x9b, 0xf7, 0xd2, 0x3e, 0x04
  1312. );
  1313. #endif // ifndef ETW_WOW6432
  1314. //
  1315. // The following flags denotes what Fields actually contains
  1316. //
  1317. #define ETW_NT_FLAGS_TRACE_HEADER 0X00000001 // Contiguous Event Trace Header
  1318. #define ETW_NT_FLAGS_TRACE_MESSAGE 0X00000002 // Trace Message
  1319. NTSYSCALLAPI
  1320. NTSTATUS
  1321. NTAPI
  1322. NtTraceEvent(
  1323. IN HANDLE TraceHandle,
  1324. IN ULONG Flags,
  1325. IN ULONG FieldSize,
  1326. IN PVOID Fields
  1327. );
  1328. #endif // _NTWMI_