Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

212 lines
7.9 KiB

  1. /*++
  2. Copyright (C) 1998-1999 Microsoft Corporation
  3. Module Name:
  4. common.h
  5. Abstract:
  6. SMONLOG common definitions
  7. --*/
  8. #ifndef _SMONLOG_COMMON_H_
  9. #define _SMONLOG_COMMON_H_
  10. #include <wtypes.h>
  11. #define _CONFIG_DLL_NAME_W_ L"SmLogCfg.dll"
  12. #define _SERVICE_EXE_NAME_W_ L"SmLogSvc.exe"
  13. // Communication between smlogcfg and smlogsvc
  14. #define SERVICE_CONTROL_SYNCHRONIZE 128
  15. #define SLQ_QUERY_STOPPED ((DWORD)0x00000000)
  16. #define SLQ_QUERY_RUNNING ((DWORD)0x00000001)
  17. #define SLQ_QUERY_START_PENDING ((DWORD)0x00000002)
  18. #define SLQ_NEW_LOG ((DWORD)0xFFFFFFFF)
  19. #define SLQ_FIRST_LOG_TYPE ((DWORD)0x00000000)
  20. #define SLQ_COUNTER_LOG ((DWORD)0x00000000)
  21. #define SLQ_TRACE_LOG ((DWORD)0x00000001)
  22. #define SLQ_ALERT ((DWORD)0x00000002)
  23. #define SLQ_LAST_LOG_TYPE ((DWORD)0x00000002)
  24. #define SLQ_NUM_LOG_TYPES ((DWORD)0x00000003)
  25. #define SLQ_DEFAULT_SYS_QUERY ((DWORD)(0x00000001))
  26. // Sysmon log output file configuration definitions
  27. #define SLF_FIRST_FILE_TYPE ((DWORD)0x00000000)
  28. #define SLF_CSV_FILE ((DWORD)0x00000000)
  29. #define SLF_TSV_FILE ((DWORD)0x00000001)
  30. #define SLF_BIN_FILE ((DWORD)0x00000002)
  31. #define SLF_BIN_CIRC_FILE ((DWORD)0x00000003)
  32. #define SLF_CIRC_TRACE_FILE ((DWORD)0x00000004)
  33. #define SLF_SEQ_TRACE_FILE ((DWORD)0x00000005)
  34. #define SLF_SQL_LOG ((DWORD)0x00000006)
  35. #define SLF_NUM_FILE_TYPES ((DWORD)0x00000007)
  36. #define SLF_FILE_OVERWRITE ((DWORD)0x00010000) // Obsolete after Whistler Beta 2
  37. #define SLF_FILE_APPEND ((DWORD)0x00020000) // Obsolete after Whistler Beta 2
  38. #define SLF_NAME_NONE ((DWORD)0xFFFFFFFF)
  39. #define SLF_NAME_FIRST_AUTO ((DWORD)0x00000000)
  40. #define SLF_NAME_MMDDHH ((DWORD)0x00000000)
  41. #define SLF_NAME_NNNNNN ((DWORD)0x00000001)
  42. #define SLF_NAME_YYYYDDD ((DWORD)0x00000002)
  43. #define SLF_NAME_YYYYMM ((DWORD)0x00000003)
  44. #define SLF_NAME_YYYYMMDD ((DWORD)0x00000004)
  45. #define SLF_NAME_YYYYMMDDHH ((DWORD)0x00000005)
  46. #define SLF_NAME_MMDDHHMM ((DWORD)0x00000006)
  47. #define SLF_NUM_AUTO_NAME_TYPES ((DWORD)0x00000007)
  48. #define SLQ_MAX_AUTO_NAME_LEN ((DWORD)0x0000000B)
  49. #define SLQ_MAX_BASE_NAME_LEN ((DWORD)(_MAX_FNAME - SLQ_MAX_AUTO_NAME_LEN - 1))
  50. #define SLQ_MAX_LOG_NAME_LEN SLQ_MAX_BASE_NAME_LEN
  51. #define SLQ_MAX_LOG_SET_NAME_LEN ((DWORD)0x000000FF)
  52. #define SLF_DATA_STORE_APPEND_MASK ((DWORD)0x000000F)
  53. #define SLF_DATA_STORE_OVERWRITE ((DWORD)0x0000001)
  54. #define SLF_DATA_STORE_APPEND ((DWORD)0x0000002)
  55. #define SLF_DATA_STORE_SIZE_MASK ((DWORD)0x00000F0)
  56. #define SLF_DATA_STORE_SIZE_ONE_RECORD ((DWORD)0x0000010)
  57. #define SLF_DATA_STORE_SIZE_ONE_KB ((DWORD)0x0000020)
  58. #define SLF_DATA_STORE_SIZE_ONE_MB ((DWORD)0x0000040)
  59. #define ONE_MB ((DWORD)0x00100000)
  60. #define ONE_KB ((DWORD)0x00000400)
  61. #define ONE_RECORD ((DWORD)0x00000001)
  62. // Constants
  63. #define SLQ_DISK_MAX_SIZE ((DWORD)-1)
  64. #define SLQ_TLI_ENABLE_BUFFER_FLUSH ((DWORD)0x00000001)
  65. #define SLQ_TLI_ENABLE_KERNEL_TRACE ((DWORD)0x00000002)
  66. #define SLQ_TLI_ENABLE_MEMMAN_TRACE ((DWORD)0x00000004)
  67. #define SLQ_TLI_ENABLE_FILEIO_TRACE ((DWORD)0x00000008)
  68. #define SLQ_TLI_ENABLE_PROCESS_TRACE ((DWORD)0x00000010)
  69. #define SLQ_TLI_ENABLE_THREAD_TRACE ((DWORD)0x00000020)
  70. #define SLQ_TLI_ENABLE_DISKIO_TRACE ((DWORD)0x00000040)
  71. #define SLQ_TLI_ENABLE_NETWORK_TCPIP_TRACE ((DWORD)0x00000080)
  72. #define SLQ_TLI_ENABLE_MASK ((DWORD)0x000000FF)
  73. #define SLQ_TLI_ENABLE_KERNEL_MASK ((DWORD)0x000000FE)
  74. // dwMode values
  75. #define SLQ_AUTO_MODE_NONE ((DWORD)0x00000000) // Manual
  76. #define SLQ_AUTO_MODE_SIZE ((DWORD)0x00000001) // Size
  77. #define SLQ_AUTO_MODE_AT ((DWORD)0x00000002) // Time
  78. #define SLQ_AUTO_MODE_AFTER ((DWORD)0x00000003) // Value & unit type
  79. #define SLQ_AUTO_MODE_CALENDAR ((DWORD)0x00000004) // Value & unit type
  80. // wDataType values
  81. #define SLQ_TT_DTYPE_DATETIME ((WORD)0x0001)
  82. #define SLQ_TT_DTYPE_UNITS ((WORD)0x0002)
  83. // wTimeType values
  84. #define SLQ_TT_TTYPE_START ((WORD)0x0001)
  85. #define SLQ_TT_TTYPE_STOP ((WORD)0x0002)
  86. #define SLQ_TT_TTYPE_RESTART ((WORD)0x0003)
  87. #define SLQ_TT_TTYPE_SAMPLE ((WORD)0x0004)
  88. #define SLQ_TT_TTYPE_LAST_MODIFIED ((WORD)0x0005)
  89. #define SLQ_TT_TTYPE_CREATE_NEW_FILE ((WORD)0x0006)
  90. #define SLQ_TT_TTYPE_REPEAT_SCHEDULE ((WORD)0x0007)
  91. #define SLQ_TT_TTYPE_REPEAT_START ((WORD)0x0008)
  92. #define SLQ_TT_TTYPE_REPEAT_STOP ((WORD)0x0009)
  93. // dwUnitType values
  94. #define SLQ_TT_UTYPE_SECONDS ((DWORD)0x00000001)
  95. #define SLQ_TT_UTYPE_MINUTES ((DWORD)0x00000002)
  96. #define SLQ_TT_UTYPE_HOURS ((DWORD)0x00000003)
  97. #define SLQ_TT_UTYPE_DAYS ((DWORD)0x00000004)
  98. #define SLQ_TT_UTYPE_DAYS_OF_WEEK ((DWORD)0x00000005)
  99. #pragma warning ( disable : 4201 )
  100. typedef struct _SLQ_TIME_INFO {
  101. WORD wDataType;
  102. WORD wTimeType;
  103. DWORD dwAutoMode;
  104. union {
  105. LONGLONG llDateTime; // filetime stored as a LONGLONG
  106. struct {
  107. DWORD dwValue;
  108. DWORD dwUnitType;
  109. };
  110. };
  111. } SLQ_TIME_INFO, *PSLQ_TIME_INFO;
  112. #pragma warning ( default : 4201 )
  113. // alert action flags
  114. #define ALRT_ACTION_LOG_EVENT ((DWORD)0x00000001)
  115. #define ALRT_ACTION_SEND_MSG ((DWORD)0x00000002)
  116. #define ALRT_ACTION_EXEC_CMD ((DWORD)0x00000004)
  117. #define ALRT_ACTION_START_LOG ((DWORD)0x00000008)
  118. #define ALRT_ACTION_MASK ((DWORD)0x0000000F)
  119. #define ALRT_CMD_LINE_SINGLE ((DWORD)0x00000100)
  120. #define ALRT_CMD_LINE_A_NAME ((DWORD)0x00000200)
  121. #define ALRT_CMD_LINE_C_NAME ((DWORD)0x00000400)
  122. #define ALRT_CMD_LINE_D_TIME ((DWORD)0x00000800)
  123. #define ALRT_CMD_LINE_L_VAL ((DWORD)0x00001000)
  124. #define ALRT_CMD_LINE_M_VAL ((DWORD)0x00002000)
  125. #define ALRT_CMD_LINE_U_TEXT ((DWORD)0x00004000)
  126. #define ALRT_CMD_LINE_MASK ((DWORD)0x00007F00)
  127. #define ALRT_DEFAULT_ACTION ((DWORD)0x00000001) // log event is default
  128. #define AIBF_UNDER 0L
  129. #define AIBF_OVER ((DWORD)0x00000001) // true when "over" limit is selected
  130. #define AIBF_SEEN ((DWORD)0x00000002) // set when the user has seen this value
  131. #define AIBF_SAVED ((DWORD)0x00000004) // true when user has saved this entry in an edit box
  132. #ifdef __cplusplus
  133. extern "C" {
  134. #endif
  135. typedef struct _ALERT_INFO_BLOCK {
  136. DWORD dwSize;
  137. LPTSTR szCounterPath;
  138. DWORD dwFlags;
  139. double dLimit;
  140. } ALERT_INFO_BLOCK, *PALERT_INFO_BLOCK;
  141. // Common constants
  142. #define FILETIME_TICS_PER_MILLISECOND ((DWORD)(10000))
  143. #define FILETIME_TICS_PER_SECOND ((DWORD)(FILETIME_TICS_PER_MILLISECOND*1000))
  144. #define ONE_MB ((DWORD)0x00100000)
  145. #define ONE_KB ((DWORD)0x00000400)
  146. #define ONE_RECORD ((DWORD)0x00000001)
  147. // Memory allocation for smlogsvc, pdhpla methods
  148. #define G_ALLOC(size) HeapAlloc (GetProcessHeap(), HEAP_ZERO_MEMORY, size)
  149. #define G_REALLOC(ptr, size) HeapReAlloc (GetProcessHeap(), (HEAP_ZERO_MEMORY), ptr, size)
  150. #define G_ZERO(ptr, size) ZeroMemory (ptr, size)
  151. #define G_FREE(ptr) if (ptr != NULL) HeapFree (GetProcessHeap(), 0, ptr)
  152. // functions found in utils.c
  153. void __stdcall ReplaceBlanksWithUnderscores ( LPWSTR szString);
  154. BOOL __stdcall MakeInfoFromString (LPCTSTR szBuffer, PALERT_INFO_BLOCK pInfo, LPDWORD pdwBufferSize);
  155. BOOL __stdcall MakeStringFromInfo (PALERT_INFO_BLOCK pInfo, LPTSTR szBuffer, LPDWORD pcchBufferLength);
  156. BOOL __stdcall GetLocalFileTime (LONGLONG *pFileTime );
  157. void __stdcall TimeInfoToMilliseconds ( SLQ_TIME_INFO* pTimeInfo, LONGLONG* pllmsecs );
  158. void __stdcall TimeInfoToTics ( SLQ_TIME_INFO* pTimeInfo, LONGLONG* plltics );
  159. DWORD __stdcall SmReadRegistryIndirectStringValue (
  160. HKEY hKey,
  161. LPCWSTR szValue,
  162. LPCWSTR szDefault,
  163. LPWSTR* pszBuffer,
  164. UINT* puiLength );
  165. #ifdef __cplusplus
  166. }
  167. #endif
  168. #endif //_SMONLOG_COMMON_H_