Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

366 lines
8.2 KiB

  1. /*++
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3. Module Name:
  4. ntelfapi.h
  5. Abstract:
  6. This file contains the prototypes for the user-level Elf APIs.
  7. Author:
  8. Rajen Shah (rajens) 30-Jul-1991
  9. Revision History:
  10. --*/
  11. #ifndef _NTELFAPI_
  12. #define _NTELFAPI_
  13. #if _MSC_VER > 1000
  14. #pragma once
  15. #endif
  16. #ifdef __cplusplus
  17. extern "C" {
  18. #endif
  19. // begin_winnt
  20. //
  21. // Defines for the READ flags for Eventlogging
  22. //
  23. #define EVENTLOG_SEQUENTIAL_READ 0x0001
  24. #define EVENTLOG_SEEK_READ 0x0002
  25. #define EVENTLOG_FORWARDS_READ 0x0004
  26. #define EVENTLOG_BACKWARDS_READ 0x0008
  27. //
  28. // The types of events that can be logged.
  29. //
  30. #define EVENTLOG_SUCCESS 0x0000
  31. #define EVENTLOG_ERROR_TYPE 0x0001
  32. #define EVENTLOG_WARNING_TYPE 0x0002
  33. #define EVENTLOG_INFORMATION_TYPE 0x0004
  34. #define EVENTLOG_AUDIT_SUCCESS 0x0008
  35. #define EVENTLOG_AUDIT_FAILURE 0x0010
  36. //
  37. // Defines for the WRITE flags used by Auditing for paired events
  38. // These are not implemented in Product 1
  39. //
  40. #define EVENTLOG_START_PAIRED_EVENT 0x0001
  41. #define EVENTLOG_END_PAIRED_EVENT 0x0002
  42. #define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004
  43. #define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008
  44. #define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010
  45. //
  46. // Structure that defines the header of the Eventlog record. This is the
  47. // fixed-sized portion before all the variable-length strings, binary
  48. // data and pad bytes.
  49. //
  50. // TimeGenerated is the time it was generated at the client.
  51. // TimeWritten is the time it was put into the log at the server end.
  52. //
  53. typedef struct _EVENTLOGRECORD {
  54. ULONG Length; // Length of full record
  55. ULONG Reserved; // Used by the service
  56. ULONG RecordNumber; // Absolute record number
  57. ULONG TimeGenerated; // Seconds since 1-1-1970
  58. ULONG TimeWritten; // Seconds since 1-1-1970
  59. ULONG EventID;
  60. USHORT EventType;
  61. USHORT NumStrings;
  62. USHORT EventCategory;
  63. USHORT ReservedFlags; // For use with paired events (auditing)
  64. ULONG ClosingRecordNumber; // For use with paired events (auditing)
  65. ULONG StringOffset; // Offset from beginning of record
  66. ULONG UserSidLength;
  67. ULONG UserSidOffset;
  68. ULONG DataLength;
  69. ULONG DataOffset; // Offset from beginning of record
  70. //
  71. // Then follow:
  72. //
  73. // WCHAR SourceName[]
  74. // WCHAR Computername[]
  75. // SID UserSid
  76. // WCHAR Strings[]
  77. // BYTE Data[]
  78. // CHAR Pad[]
  79. // ULONG Length;
  80. //
  81. } EVENTLOGRECORD, *PEVENTLOGRECORD;
  82. //SS: start of changes to support clustering
  83. //SS: ideally the
  84. #define MAXLOGICALLOGNAMESIZE 256
  85. #if _MSC_VER >= 1200
  86. #pragma warning(push)
  87. #endif
  88. #pragma warning(disable : 4200)
  89. typedef struct _EVENTSFORLOGFILE{
  90. ULONG ulSize;
  91. WCHAR szLogicalLogFile[MAXLOGICALLOGNAMESIZE]; //name of the logical file-security/application/system
  92. ULONG ulNumRecords;
  93. EVENTLOGRECORD pEventLogRecords[];
  94. }EVENTSFORLOGFILE, *PEVENTSFORLOGFILE;
  95. typedef struct _PACKEDEVENTINFO{
  96. ULONG ulSize; //total size of the structure
  97. ULONG ulNumEventsForLogFile; //number of EventsForLogFile structure that follow
  98. ULONG ulOffsets[]; //the offsets from the start of this structure to the EVENTSFORLOGFILE structure
  99. }PACKEDEVENTINFO, *PPACKEDEVENTINFO;
  100. #if _MSC_VER >= 1200
  101. #pragma warning(pop)
  102. #else
  103. #pragma warning(default : 4200)
  104. #endif
  105. //SS: end of changes to support clustering
  106. // end_winnt
  107. #ifdef UNICODE
  108. #define ElfClearEventLogFile ElfClearEventLogFileW
  109. #define ElfBackupEventLogFile ElfBackupEventLogFileW
  110. #define ElfOpenEventLog ElfOpenEventLogW
  111. #define ElfRegisterEventSource ElfRegisterEventSourceW
  112. #define ElfOpenBackupEventLog ElfOpenBackupEventLogW
  113. #define ElfReadEventLog ElfReadEventLogW
  114. #define ElfReportEvent ElfReportEventW
  115. #else
  116. #define ElfClearEventLogFile ElfClearEventLogFileA
  117. #define ElfBackupEventLogFile ElfBackupEventLogFileA
  118. #define ElfOpenEventLog ElfOpenEventLogA
  119. #define ElfRegisterEventSource ElfRegisterEventSourceA
  120. #define ElfOpenBackupEventLog ElfOpenBackupEventLogA
  121. #define ElfReadEventLog ElfReadEventLogA
  122. #define ElfReportEvent ElfReportEventA
  123. #endif // !UNICODE
  124. //
  125. // Handles are RPC context handles. Note that a Context Handle is
  126. // always a pointer type unlike regular handles.
  127. //
  128. //
  129. // Prototypes for the APIs
  130. //
  131. NTSTATUS
  132. NTAPI
  133. ElfClearEventLogFileW (
  134. IN HANDLE LogHandle,
  135. IN PUNICODE_STRING BackupFileName
  136. );
  137. NTSTATUS
  138. NTAPI
  139. ElfClearEventLogFileA (
  140. IN HANDLE LogHandle,
  141. IN PSTRING BackupFileName
  142. );
  143. NTSTATUS
  144. NTAPI
  145. ElfBackupEventLogFileW (
  146. IN HANDLE LogHandle,
  147. IN PUNICODE_STRING BackupFileName
  148. );
  149. NTSTATUS
  150. NTAPI
  151. ElfBackupEventLogFileA (
  152. IN HANDLE LogHandle,
  153. IN PSTRING BackupFileName
  154. );
  155. NTSTATUS
  156. NTAPI
  157. ElfCloseEventLog (
  158. IN HANDLE LogHandle
  159. );
  160. NTSTATUS
  161. NTAPI
  162. ElfDeregisterEventSource (
  163. IN HANDLE LogHandle
  164. );
  165. NTSTATUS
  166. NTAPI
  167. ElfNumberOfRecords (
  168. IN HANDLE LogHandle,
  169. OUT PULONG NumberOfRecords
  170. );
  171. NTSTATUS
  172. NTAPI
  173. ElfOldestRecord (
  174. IN HANDLE LogHandle,
  175. OUT PULONG OldestRecord
  176. );
  177. NTSTATUS
  178. NTAPI
  179. ElfChangeNotify (
  180. IN HANDLE LogHandle,
  181. IN HANDLE Event
  182. );
  183. NTSTATUS
  184. ElfGetLogInformation (
  185. IN HANDLE LogHandle,
  186. IN ULONG InfoLevel,
  187. OUT PVOID lpBuffer,
  188. IN ULONG cbBufSize,
  189. OUT PULONG pcbBytesNeeded
  190. );
  191. NTSTATUS
  192. NTAPI
  193. ElfOpenEventLogW (
  194. IN PUNICODE_STRING UNCServerName,
  195. IN PUNICODE_STRING SourceName,
  196. OUT PHANDLE LogHandle
  197. );
  198. NTSTATUS
  199. NTAPI
  200. ElfRegisterEventSourceW (
  201. IN PUNICODE_STRING UNCServerName,
  202. IN PUNICODE_STRING SourceName,
  203. OUT PHANDLE LogHandle
  204. );
  205. NTSTATUS
  206. NTAPI
  207. ElfOpenBackupEventLogW (
  208. IN PUNICODE_STRING UNCServerName,
  209. IN PUNICODE_STRING FileName,
  210. OUT PHANDLE LogHandle
  211. );
  212. NTSTATUS
  213. NTAPI
  214. ElfOpenEventLogA (
  215. IN PSTRING UNCServerName,
  216. IN PSTRING SourceName,
  217. OUT PHANDLE LogHandle
  218. );
  219. NTSTATUS
  220. NTAPI
  221. ElfRegisterEventSourceA (
  222. IN PSTRING UNCServerName,
  223. IN PSTRING SourceName,
  224. OUT PHANDLE LogHandle
  225. );
  226. NTSTATUS
  227. NTAPI
  228. ElfOpenBackupEventLogA (
  229. IN PSTRING UNCServerName,
  230. IN PSTRING FileName,
  231. OUT PHANDLE LogHandle
  232. );
  233. NTSTATUS
  234. NTAPI
  235. ElfReadEventLogW (
  236. IN HANDLE LogHandle,
  237. IN ULONG ReadFlags,
  238. IN ULONG RecordNumber,
  239. OUT PVOID Buffer,
  240. IN ULONG NumberOfBytesToRead,
  241. OUT PULONG NumberOfBytesRead,
  242. OUT PULONG MinNumberOfBytesNeeded
  243. );
  244. NTSTATUS
  245. NTAPI
  246. ElfReadEventLogA (
  247. IN HANDLE LogHandle,
  248. IN ULONG ReadFlags,
  249. IN ULONG RecordNumber,
  250. OUT PVOID Buffer,
  251. IN ULONG NumberOfBytesToRead,
  252. OUT PULONG NumberOfBytesRead,
  253. OUT PULONG MinNumberOfBytesNeeded
  254. );
  255. NTSTATUS
  256. NTAPI
  257. ElfReportEventW (
  258. IN HANDLE LogHandle,
  259. IN USHORT EventType,
  260. IN USHORT EventCategory OPTIONAL,
  261. IN ULONG EventID,
  262. IN PSID UserSid OPTIONAL,
  263. IN USHORT NumStrings,
  264. IN ULONG DataSize,
  265. IN PUNICODE_STRING *Strings OPTIONAL,
  266. IN PVOID Data OPTIONAL,
  267. IN USHORT Flags,
  268. IN OUT PULONG RecordNumber OPTIONAL,
  269. IN OUT PULONG TimeWritten OPTIONAL
  270. );
  271. NTSTATUS
  272. NTAPI
  273. ElfReportEventA (
  274. IN HANDLE LogHandle,
  275. IN USHORT EventType,
  276. IN USHORT EventCategory OPTIONAL,
  277. IN ULONG EventID,
  278. IN PSID UserSid OPTIONAL,
  279. IN USHORT NumStrings,
  280. IN ULONG DataSize,
  281. IN PANSI_STRING *Strings OPTIONAL,
  282. IN PVOID Data OPTIONAL,
  283. IN USHORT Flags,
  284. IN OUT PULONG RecordNumber OPTIONAL,
  285. IN OUT PULONG TimeWritten OPTIONAL
  286. );
  287. NTSTATUS
  288. NTAPI
  289. ElfRegisterClusterSvc(
  290. IN PUNICODE_STRING UNCServerName,
  291. OUT PULONG pulEventInfoSize,
  292. OUT PVOID *ppPackedEventInfo
  293. );
  294. NTSTATUS
  295. NTAPI
  296. ElfDeregisterClusterSvc(
  297. IN PUNICODE_STRING UNCServerName
  298. );
  299. NTSTATUS
  300. NTAPI
  301. ElfWriteClusterEvents(
  302. IN PUNICODE_STRING UNCServerName,
  303. IN ULONG ulEventInfoSize,
  304. IN PVOID pPackedEventInfo
  305. );
  306. #ifdef __cplusplus
  307. }
  308. #endif
  309. #endif // _NTELFAPI_