|
|
//******************************************// Guid Definitions// 10/23/98//******************************************
// The #type statement and the #typev statement may be used to convert// messages into user readable forms.// With #type all parameters are processed as strings and the default string// processing of FormTMessage is used// With #typev wherever possible parameters are processed as their native format// and the %x!x! style of FormatMessage should be used.//// Note Parameter %1 through %9 are predefined// Parameter is #typev// %1 GUID Friendly Name string// %2 GUID SubType Name string// %3 Thread ID ULONG_PTR// %4 System Time String// %5 Kernel Time or User Time String// %6 User Time or NULL String// %7 Sequence Number LONG// %8 Unused String// %9 CPU Number LONG// %10 and above are the user parameters// %255 Is reserved//// Note these parameters are always present, but may not be valid // depending on the source.//// User defined messages always start at message number 10// Messages 0 through 9 are reserved for system use.// Message number 255 is reserved.//// Available formats for user arguments are -////Name Description #typev Format//ItemChar CHAR//ItemUChar UCHAR//ItemCharShort USHORT//ItemCharSign SHORT//ItemShort Signed Short SHORT//ItemUShort Unsigned Short USHORT//ItemLong Signed Long, decoded as decimal LONG//ItemULong Unsigned Long, decoded as decimal ULONG//ItemULongX Unsigned Long, seen as hexadecimal ULONG//ItemLongLong Signed 64 Bit value LONGLONG//ItemULongLong Unsigned 64 Bit value ULONGLONG//ItemRString Reduced Ascii String String// (\t, \n, \r, \,, converted to space, trailing sp removed)//ItemWString Unicode String, null terminated String//ItemPString Counted Ascii String String//ItemPWString Counted Unicode String String//ItemMLString Multi-Line Ascii String String//ItemSid Security identifier String//ItemChar4 CHAR4//ItemIPAddr IP Address String (If needed raw, use ItemUlong)// (string of form xxx.xxx.xxx.xxx)//ItemPort String (If needed raw use ItemUshort)//ItemNWString Non-null terminated Wide Char String String//ItemListByte (element1,element2,....) String// byte index into a list of strings//ItemListShort(element1,element2,....) String// short index into a list of strings//ItemListLong (element1,element2,....) String// Long index into a list of strings//ItemGUID Normal GUID format String//ItemNTerror Translates a ULONG error code to the String// NT Error Text//ItemNTSTATUS Converts NTSTATUS to symbolic name String//ItemWINERROR Converts WINERROR to symbolic name String//ItemNETEVENT Converts NETEVENT to symbolic name String//ItemMerror module.ext String// Translates a ULONG error code using the // module specified.//ItemTimeStamp Treats a LONGLONG as a timestamp String//ItemUnknown String
ce5b1020-8ea9-11d0-a4ec-00a0c9062910 TraceDp#type Start 1 "TraceDp TID=0x%3 Start"#type End 2 "TraceDp TID=0x%3End"{}
68fdd900-4a3e-11d1-84f4-0000f80464e3 EventTrace#typev Header 0 "EventTrace Header"{ BufferSize, ItemULong //10 Version, ItemULong //11 BuildNumber, ItemULong //12 NumProc, ItemULong //13 EndTime, ItemULongLong //14 TimerResolution,ItemULong //15 MaxFileSize, ItemULong //16 LogFileMode, ItemULongX //17 BuffersWritten, ItemULong //18 StartBuffers, ItemULong //19 PointerSize, ItemULong //20 EventsLost, ItemULong //21 CPUSpeed, ItemULong //22 LoggerName, ItemPtr //23 LogFileName, ItemPtr //24 TimeZone, ItemCharHidden[176] //25 BootTime, ItemULongLong //26 PerfFrequency, ItemULongLong //27 StartTime, ItemULongLong //28 ReservedFlags, ItemULongX //29 BuffersLost, ItemULong //30}
01853a65-418f-4f36-aefc-dc0f1d2fd235 HWConfig#typev CPU 10 "%15!s! :: CPU # %11!d!, Speed %10!d!Mhz, Memory %12!d!K, PageSize %13!d!K, AllocationGranularity %14!d!"{ MHz, ItemULong // 10 NumberOfProcessors, ItemULong // 11 MemSize, ItemULong // 12 PageSize, ItemULong // 13 AllocationGranularity, ItemULong // 14 ComputerName, ItemWString // 15}#typev PhyDisk 11 "Phsical Disk %10!d!(%19!s!), SectorSize: %11!d!, SectorsperTrack: %12!d!, TracksPerCylinder %13!d! Cylinders %14!d!, SCSI (Port=%15!d!, Path %16!d!, Target=%17!d!, Lun=%18!d!)" { DiskNumber, ItemULong // 10 BytesPerSector, ItemULong // 11 SectorsPerTrack, ItemULong // 12 TracksPerCylinder, ItemULong // 13 Cylinders, ItemULongLong // 14 SCSIPort, ItemULong // 15 SCSIPath, ItemULong // 16 SCSITarget, ItemULong // 17 SCSILun, ItemULong // 18 Manufacturer, ItemWString // 19}#typev LogDisk 12 "Logical Disk %10!d! StartOffset: %11!d!, Size: %12!d!"{ DiskNumber, ItemULong // 10 Pad, ItemULong // 11 StartOffset, ItemULongLong // 12 PartitionSize, ItemULongLong // 13}#typev NIC 13 "NIC %10!s!"{ NICName, ItemWString // 10}
2cb15d1d-5fc1-11d2-abe1-00a0c911f518 Image#typev Load 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>ImageLoad of %13!s! (Process= %12!d!, Base=0x%10!X!,size=0x%11!X!)"{ Base Address, ItemPtr Module Size, ItemPtr ProcessId, ItemUlong Image Filename, ItemWString}
3d6fa8d0-fe05-11d0-9dda-00c04fd7ba7c Process#typev Start 1 "%10!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>Process Started %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!) "#typev End 2 "%10!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>Process Ended %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!) Exit Status %14!X!" #typev DCStart 3 "%10!08X!.%3!08X!::%4!s! [%1!s!DC] <*>Process Data Collection Started of %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!)"#typev DCEnd 4 "%10!08X!.%3!08X!::%4!s! [%1!s!DC] <*>Process Data Colection Ended for %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!)"#typev Load 5 "%10!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>5Load of %16!s! :: %15!s! (Pid=%11!d!,PPid=%12!d!, Session=%13!d!)"{ PageDirectoryBase, ItemPtr Process Id, ItemULong Parent Id, ItemULong Session Id, ItemULong Exit Status, ItemUlong User SID, ItemSid Image FileName, ItemString}
3d6fa8d1-fe05-11d0-9dda-00c04fd7ba7c Thread#typev Start 1 "%11!08X!.%10!08X!::%4!s! [%1!s!] <%9!d!>Started"#typev DCStart 3 "%11!08X!.%10!08X!::%4!s! [%1!s!DC] <%9!d!>Data Collection Started "#type Start 1#type DCStart 3{ Process Id, ItemULong Thread Id, ItemULong StackBase, ItemPtr StackLimit, ItemPtr UserStackBase, ItemPtr UserStackLimit, ItemPtr StartAddr, ItemPtr Win32StartAddr, ItemPtr WaitMode, ItemChar}#typev End 2 "%11!08X!.%10!08X!::%4!s! [%1!s!] <%9!d!>Ended"#typev DCEnd 4 "%11!08X!.%10!08X!::%4!s! [%1!s!DC] <%9!d!>Data Collection Ended"{ Process Id, ItemULong Thread Id, ItemULong}
3d6fa8d3-fe05-11d0-9dda-00c04fd7ba7c PageFault#typev TransitionFault 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault Transition VA=0x%10!08X!, PC=0x%11!08X!"#typev DemandZeroFault 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault DemandZero VA=0x%10!08X!, PC=0x%11!08X!"#typev CopyOnWrite 12 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault CopyOnWrite VA=0x%10!08X!, PC=0x%11!08X!"#typev GlobalPageFault 13 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault GuardPageFault VA=0x%10!08X!, PC=0x%11!08X!"#typev Hard 14 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault Hard VA=0x%10!08X!, PC=0x%11!08X!, in %12!016X!"#typev Notification 15 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Pagefault Notification VA=0x%10!08X!, PC=0x%11!08X!, in %12!016X!"{ Virtual Address,ItemULongX Program Counter,ItemUlongX Byte Offset, ItemLongLong File Object, ItemUlongX Byte Count, ItemUlong HotFile Name, ItemNWString}
01853a65-418f-4f36-aefc-dc0f1d2fd235 HWConfig#typev CPU 10 "%15!s! :: CPU # %11!d!, Speed %10!d!Mhz, Memory %12!d!K, PageSize %13!d!K, AllocationGranularity %14!d!"{ MHz, ItemULong NumberOfProcessors, ItemULong MemSize, ItemULong PageSize, ItemULong AllocationGranularity, ItemULong ComputerName, ItemWString}#typev PhyDisk 11 "Phsical Disk %10!d!(%19!s!), SectorSize: %11!d!, SectorsperTrack: %12!d!, TracksPerCylinder %13!d! Cylinders %14!d!, SCSI (Port=%15!d!, Path %16!d!, Target=%17!d!, Lun=%18!d!)" { DiskNumber, ItemULong BytesPerSector, ItemULong SectorsPerTrack, ItemULong TracksPerCylinder, ItemULong Cylinders, ItemULongLong SCSIPort, ItemULong SCSIPath, ItemULong SCSITarget, ItemULong SCSILun, ItemULong Manufacturer, ItemWString}#typev LogDisk 12 "Logical Disk %10!d! StartOffset: %11!d!, Size: %12!d!"{ DiskNumber, ItemULong Pad, ItemULong StartOffset, ItemULongLong PartitionSize, ItemULongLong}#typev NIC 13 "NIC %10!s!"{ NICName, ItemWString}
3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c DiskIo#typev Read 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Disk %10!2d! Read of %12!5d! bytes (FileObj=0x%15!08X!)"#typev Write 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Disk %10!2d! Write of %12!5d! bytes (FileObj=0x%15!08X!)"{ Disk Number, ItemULong Irp Flags, ItemULongX Transfer Size, ItemULong QueueDepth, ItemULong Byte Offset, ItemLongLong File Object, ItemULongX}AE53722E-C863-11d2-8659-00C04FA321A1 Registry#typev Create 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Create of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#typev Open 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Open of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#typev Delete 12 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Delete of Handle = 0x%11!08X!(%14!s!) Status = %10!0X!"#typev Query 13 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Query of (%14!s!) Handle = 0x%11!08X! Status = %10!0X!"#typev SetValue 14 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>SetValue of %14!s! Handle = 0x%11!08X!(%14!s!)8X! Status = %10!0X! (TID =%3!0X!)"#typev QueryValue 16 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>QueryValue of (%14!s!) Handle = 0x%11!08X! Status = %10!0X!"#typev EnumerateKey 17 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>EnumerateKey of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#typev EnumerateValueKey 18 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>EnumerateValueKey of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#typev QueryMultipleValue 19 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>QueryMultiple of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#typev SetInformation 20 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>SetInformation of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#typev Flush 21 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Flush of %14!s! Handle = 0x%11!08X! Status = %10!0X!"#type RunDown 22 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Rundown"{ Status,ItemUlongX Key Handle, ItemULongX Elapsed Time, ItemLongLong Index, ItemULong KeyName, ItemWString}90cbdc39-4a3e-11d1-84f4-0000f80464e3 FileIo#typev Name 0 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!>Filio for %11 (FileObj=0x%10!X!)"{ File Object, ItemPtr File Name, ItemWString}
9a280ac0-c8e0-11d1-84e2-00c04fb998a2 TcpIp#typev Send 10 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Send to %10!13s!:%12!05d! from %11!13s!:%13!05d! of %14!5d! bytes" { saddr, ItemIPAddr daddr, ItemIPAddr sport, ItemUShort dport, ItemUShort size, ItemULong PID, ItemULongX}#typev Recv 11 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Receive from %10!13s!:%12!05d! to %11!13s!:%13!05d! of %14!5d! bytes" { saddr, ItemIPAddr daddr, ItemIPAddr sport, ItemUShort dport, ItemUShort size, ItemULong PID, ItemULongX}#typev Connect 12 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Connect to %10:%12!05D! from %11:%13!05D!" #typev Disconnect 13 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Discon From %10:%12!05D! to %11:%13!05D!" { saddr, ItemIPAddr daddr, ItemIPAddr sport, ItemUShort dport, ItemUShort size, ItemULong PID, ItemULongX}#typev Retransmit 14 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Retransmit to %10:%12!05D!" #typev Accept 15 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>TCPIP Accept From %10:%12!05D!"{ saddr, ItemIPAddr daddr, ItemIPAddr sport, ItemUShort dport, ItemUShort size, ItemULong PID, ItemULongX}
bf3a50c5-a9c9-4988-a005-2df0b7c80f80 UdpIp#typev Send 10 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>UDP Send to %11!13s!:%12!05d! from %14!13s!:%15!05d! of %13!5d! bytes (Context= %10!08X!)" #typev Recv 11 "%15!08X!.%3!08X!::%4!s! [%1!s!] <%9!d!>UDP Receive from %11!13s!:%12!05d! to %14!13s!:%15!05d! of %13!5d! bytes (Context= %10!08X!)" { context, ItemULongX /10 destaddr, ItemIPAddr /11 destport, ItemUShort /12 Bufrsize, ItemUShort /13 srcdaddr, ItemIPAddr /14 srcport, ItemUShort /15 sentsize, ItemUShort /16}
//******************************************// Test Events// d58c126f-b309-11d1-969e-0000f875a5bc//******************************************ce5b1020-8ea9-11d0-a4ec-00a0c9062910 TraceDp#type Start 1#type End 2{ UserData, ItemULong}//******************************************// Test Events// 1bd67283-57cc-11d2-9a03-00c04f72c722//******************************************1bd67283-57cc-11d2-9a03-00c04f72c722 TranProv#type Start 1#type End 2{ UserData, ItemULong}
//******************************************// DS Events // 1c83b2fc-c04f-11d1-8afc-00c04fc21914//******************************************
5b7eb15d-7441-11d2-b711-00c04fb998a2 DsKccGuid#type Start 1#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Null1, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd000-daeb-11d1-be80-00c04fadfff5 DsDirSearch#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong Caller, ItemDSString Choice, ItemDSString ObjDN, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd001-daeb-11d1-be80-00c04fadfff5 DsDirAddEntry#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong Caller, ItemDSString ObjDn, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd002-daeb-11d1-be80-00c04fadfff5 DsDirMod#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong Caller, ItemDSString ObjDn, ItemDSString Null3, ItemDSString Null4, ItemMLString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemMLString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd005-daeb-11d1-be80-00c04fadfff5 DsDirModDN#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Caller, ItemDSString ObjDn, ItemDSString NewParentDn, ItemDSString NewName, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd003-daeb-11d1-be80-00c04fadfff5 DsDirDel#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong Caller, ItemDSString ObjDn, ItemDSString Null3, ItemDSString Null4, ItemMLString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemMLString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd004-daeb-11d1-be80-00c04fadfff5 DsDirCompare#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong Caller, ItemDSString AssertType, ItemDSString ObjDn, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd006-daeb-11d1-be80-00c04fadfff5 DsDirGtNcChg#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong UuidDest, ItemDSString NcDn, ItemDSString UsnVecFrom, ItemDSString flags, ItemDSString RetCrit, ItemDSString ExtOp, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong NumObj, ItemDSString NumBytes, ItemDSString UsnVecTo, ItemDSString ExtRet, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd007-daeb-11d1-be80-00c04fadfff5 DsDirReplSync#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong NcDn, ItemDSString DsaOrUuid, ItemDSString Options, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId, ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd008-daeb-11d1-be80-00c04fadfff5 DsDirFind#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Caller, ItemDSString AttId, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
05acd009-daeb-11d1-be80-00c04fadfff5 DsLdapBind#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Null1, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa22-7f4b-11d2-b389-0000f87a46c8 DsKccTask#type Start 1#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Null1, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa23-7f4b-11d2-b389-0000f87a46c8 DsDrsReplSync#type Start 1 Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ObjDN, ItemDSString DraSrc, ItemDSString UuidSrc, ItemDSString Options, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa24-7f4b-11d2-b389-0000f87a46c8 DsDrsReplGtChg#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong UuidDest, ItemDSString NcDn, ItemDSString UsnFromHighObj, ItemDSString UsnFromHighProp, ItemDSString Flags, ItemDSString MaxObj, ItemDSString MaxBytes, ItemDSString ExtOp, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong UsnToHighObj, ItemDSString UsnToHighProp, ItemDSString NumObj, ItemDSString NumByte, ItemDSString ExtRet, ItemDSString ErrCode, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa25-7f4b-11d2-b389-0000f87a46c8 DsDrsUpdtRefs#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong NcDn, ItemDSString DsaDest, ItemDSString UuidDest, ItemDSString Options, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa26-7f4b-11d2-b389-0000f87a46c8 DsDrsReplAdd#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong NcDn, ItemDSString SrcDsaDn, ItemDSString TransDn, ItemDSString DsaSrc, ItemDSString Options, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa27-7f4b-11d2-b389-0000f87a46c8 DsDrsReplMod#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong NcDn, ItemDSString UuidSrc, ItemDSString SrcDra, ItemDSString RepFlags, ItemDSString ModFields, ItemDSString Options, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa28-7f4b-11d2-b389-0000f87a46c8 DsDrsReplDel#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong NcDn, ItemDSString DsaSrc, ItemDSString Options, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa29-7f4b-11d2-b389-0000f87a46c8 DsDrsVrfyNames#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong cNames, ItemDSString Flags, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa2a-7f4b-11d2-b389-0000f87a46c8 DsDrsIntDmMv#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong SrcDsaDn, ItemDSString SrcObjDn, ItemDSString DstNameDn, ItemDSString TargetNcDn, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa2b-7f4b-11d2-b389-0000f87a46c8 DsDrsAddEntry#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong cObj, ItemDSString NameDn, ItemDSString NextNameDn, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong cObjAdded, ItemDSString ErrCode, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa2c-7f4b-11d2-b389-0000f87a46c8 DsDrsExecKcc#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong TaskId, ItemDSString Flags, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa2d-7f4b-11d2-b389-0000f87a46c8 DsDrsGtReplInfo#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong InfoType, ItemDSString ObjDn, ItemDSString UuidSrc, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa2e-7f4b-11d2-b389-0000f87a46c8 DsDrsGtNT4ChgLg#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong flags, ItemDSString maxLen, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong NtStatus, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa2f-7f4b-11d2-b389-0000f87a46c8 DsDrsCrackNames#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong cNames, ItemDSString CodePage, ItemDSString LocaleId, ItemDSString FmtOffered, ItemDSString FmtDesired, ItemDSString Flags, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa30-7f4b-11d2-b389-0000f87a46c8 DsDrsWrtSPN#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Account, ItemDSString Op, ItemDSString cSpn, ItemDSString Flags, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa31-7f4b-11d2-b389-0000f87a46c8 DsDrsDCInfo#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Domain, ItemDSString InfoLevel, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
14f8aa32-7f4b-11d2-b389-0000f87a46c8 DsDrsGtMbrshps#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong cDsNames, ItemDSString OpType, ItemDSString LimitDomDn, ItemDSString Flags, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong ErrCode, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
5b7eb154-7441-11d2-b711-00c04fb998a2 LdapAtqGuid#type Start 1#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong}
b9d4702a-6a98-11d2-b710-00c04fb998a2 LdapRequest#type Start 1{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Choice, ItemDSString Null2, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}#type End 2{ Signature, ItemCharSign Version, ItemCharShort Inserts, ItemCharShort messageId, ItemULong BindId,ItemULong Id, ItemDSString ErrCode, ItemDSString Null3, ItemDSString Null4, ItemDSString Null5, ItemDSString Null6, ItemDSString Null7, ItemDSString Null8, ItemDSString}
//******************************************// KDC Events // 24db8964-e6bc-11d1-916a-0000f8045b04//******************************************
50af5304-e6bc-11d1-916a-0000f8045b04 GetASTicket#type Start 1{ KdcOption, ItemULongX}#type End 2{ KerbErr, ItemULongX Client, ItemPWString Server, ItemPWString RequestRealm, ItemPWString}
c11cf384-e6bd-11d1-916a-0000f8045b04 TGSRequest#type Start 1{ KdcOption, ItemULongX}#type End 2{ KerbErr, ItemULongX Client, ItemPWString ServerAcct, ItemPWString ClientRealm, ItemPWString}
//******************************************// SAM Events // 8e598056-8993-11d2-819e-0000f875a064//******************************************
39511dbe-899b-11d2-819e-0000f875a064 SamUserCreate#type Start 1#type End 2
abb14b68-899b-11d2-819e-0000f875a064 SamCompCreate#type Start 1#type End 2
c8eb5e5c-899c-11d2-819e-0000f875a064 SamGrpCreate#type Start 1#type End 2
f9d2ba6a-899c-11d2-819e-0000f875a064 SamAddMemGrp#type Start 1#type End 2
250959aa-899d-11d2-819e-0000f875a064 SamDelMemGrp#type Start 1#type End 2
45fc997e-899d-11d2-819e-0000f875a064 SamPwdChng#type Start 1#type End 2
62bef71e-899d-11d2-819e-0000f875a064 SamUserPwdSet#type Start 1#type End 2
880217b8-899d-11d2-819e-0000f875a064 SamCompPwdSet#type Start 1#type End 2
1f228de8-8a6c-11d2-819e-0000f875a064 SamPwdPushPdc#type Start 1#type End 2
a41d90bc-899d-11d2-819e-0000f875a064 SamIdByName#type Start 1#type End 2
25059476-899f-11d2-819e-0000f875a064 SamNameById#type Start 1#type End 2
//******************************************// LSA Events// cc85922f-db41-11d2-9244-006008269001 MSLSATrace//******************************************
cc85922e-db41-11d2-9244-006008269001 QuerySecret#type Start 1#type End 2
2306fe3b-dbf6-11d2-9244-006008269001 Close#type Start 1#type End 2
2306fe3a-dbf6-11d2-9244-006008269001 OpenPolicy#type Start 1#type End 2
2306fe39-dbf6-11d2-9244-006008269001 QueryInformationPolicy#type Start 1#type End 2
2306fe38-dbf6-11d2-9244-006008269001 SetInformationPolicy#type Start 1#type End 2
2306fe37-dbf6-11d2-9244-006008269001 EnumerateTrustedDomains#type Start 1#type End 2
2306fe36-dbf6-11d2-9244-006008269001 LookupNames#type Start 1#type End 2
2306fe35-dbf6-11d2-9244-006008269001 LookupSids#type Start 1#type End 2
2306fe34-dbf6-11d2-9244-006008269001 OpenTrustedDomain#type Start 1#type End 2
2306fe33-dbf6-11d2-9244-006008269001 QueryInfoTrustedDomain#type Start 1#type End 2
2306fe32-dbf6-11d2-9244-006008269001 SetInformationTrustedDomain#type Start 1#type End 2
2306fe31-dbf6-11d2-9244-006008269001 QueryInformationPolicy2#type Start 1#type End 2
2306fe30-dbf6-11d2-9244-006008269001 SetInformationPolicy2#type Start 1#type End 2
2306fe2f-dbf6-11d2-9244-006008269001 QueryTrustedDomainInfoByName#type Start 1#type End 2
2306fe2e-dbf6-11d2-9244-006008269001 SetTrustedDomainInfoByName#type Start 1#type End 2
2306fe2d-dbf6-11d2-9244-006008269001 EnumerateTrustedDomainsEx#type Start 1#type End 2
2306fe2c-dbf6-11d2-9244-006008269001 CreateTrustedDomainEx#type Start 1#type End 2
2306fe2b-dbf6-11d2-9244-006008269001 QueryDomainInformationPolicy#type Start 1#type End 2
2306fe2a-dbf6-11d2-9244-006008269001 SetDomainInformationPolicy#type Start 1#type End 2
2306fe29-dbf6-11d2-9244-006008269001 OpenTrustedDomainByName#type Start 1#type End 2
// Netdevicef404cdf8-6926-11d2-a059-00a0c95b7f08 NetDevice#typev Normal 10 "%11!2d!, %4: %12!s!"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11 Message, ItemString // 12}#type BytesIndicated 11 "%11, %4: NDBothHandleReceiveIndication (%15): Conn[%12], Indicated %13, Available %14"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11 ConnIdx, ItemUShort // 12 Indicated, ItemULong // 13 Available, ItemULong // 14 Message, ItemString // 15}#type BuildReceiveIrpEnter 20 "%11, %4: NDBothBuildReceiveIrp: Entry"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}#type BuildReceiveIrpInfo 23 "%11, %4: NDBothBuildReceiveIrp as %13: Conn[%12], Phase = %14"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11 ConnIdx, ItemUShort // 12 DriverType,ItemString // 13 ConnPhase, ItemString // 14}#type BuildReceiveIrpCounts 26 "%11, %4: NDBothBuildReceiveIrp as %17: Bytes for Sec %12, Buf %13, Hdr %14, Rcb In = %15, Out = %16"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11 SecBytes,ItemULong // 12 BufBytes,ItemULong // 13 HdrBytes,ItemULong // 14 RcbInIdx,ItemUShort // 15 RcbOutIdx,ItemUShort // 16 DriverType,ItemString // 17}#type BuildReceiveIrpExit 29 "%11, %4: NDBothBuildReceiveIrp: Exit"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}#type ProcessIncomingBufferEntry 120 "%11, %4: NDBothProcessIncomingBuffer: Entry"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}#type ProcessIncomingBufferIgnore 126 "%11, %4: NDBothProcessIncomingBuffer: Ignoring Message"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}#type ProcessIncomingBufferExit 129 "%11, %4: NDBothProcessIncomingBuffer: Exit"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}#type ProcessNewHeaderEnter 130 "%11, %4: NDBothProcessNewHeader: Entry"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}#type ProcessNewHeaderAnnounce 132 "%11, %4: NDBothProcessNewHeader as %16 for RCB[%12] on Conn[%15] is Rqst Id 0x%13_%14"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11 RCB Idx, ItemUShort // 12 Rqst IdH,ItemULongX // 13 Rqst IdL,ItemULongX // 14 Conn Idx,ItemUShort // 15 DriverType,ItemString // 16}#type ProcessNewHeaderExit 148 "%11, %4: NDBothProcessNewHeader: Exit"{ Ordinal, ItemULongX // 10 CPU Num, ItemUShort // 11}
5eb2d7d2-c2af-11d2-afc3-00c04f8ef2f7 Sample#typev Ascii 10 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!> Type: %2, Seq: %10!d! Str1: %11!s!"//#typev Ascii 0 "0,%3!08X!,%4!s!,%1!s!,%9!d!,%2,%10!d!,%11!s!"{ Sequence, ItemUlong // 10 AsciiStr, ItemString // 11}//#typev Wchar 11 "00000000.%3!08X!::%4!s! [%1!s!] <%9!d!> Type: %2!s!, Seq: %10!d! Str1: %11!s!"//#typev Wchar 11 "0,%3!08X!,%4!s!,%1!s!,%9!d!,%2,%10!d!,%11!s!"//{// Sequence,ItemUlong // 10// UnicodeStr, ItemWString // 11//}
|
