mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
185 lines
4.3 KiB
185 lines
4.3 KiB
// © 2000 Microsoft Corporation. All rights reserved.
|
|
|
|
#pragma namespace ("\\\\.\\root\\cimv2")
|
|
#pragma classflags ("forceupdate")
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Base event for all WMI self-instrumentation events.
|
|
|
|
class MSFT_WmiSelfEvent : __ExtrinsicEvent
|
|
{
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// New notification sink registered because of new query
|
|
|
|
class MSFT_WmiRegisterNotificationSink : MSFT_WmiSelfEvent
|
|
{
|
|
string Namespace;
|
|
string QueryLanguage;
|
|
string Query;
|
|
uint64 Sink;
|
|
};
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Notification sink removed
|
|
|
|
class MSFT_WmiCancelNotificationSink : MSFT_WmiSelfEvent
|
|
{
|
|
string Namespace;
|
|
string QueryLanguage;
|
|
string Query;
|
|
uint64 Sink;
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Provider base event
|
|
|
|
class MSFT_WmiProviderEvent : MSFT_WmiSelfEvent
|
|
{
|
|
string Namespace;
|
|
string ProviderName;
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Event provider events
|
|
|
|
class MSFT_WmiEventProviderEvent : MSFT_WmiProviderEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiEventProviderLoaded : MSFT_WmiEventProviderEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiEventProviderUnloaded : MSFT_WmiEventProviderEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiEventProviderNewQuery : MSFT_WmiEventProviderEvent
|
|
{
|
|
uint32 QueryId;
|
|
string QueryLanguage;
|
|
string Query;
|
|
uint32 Result;
|
|
};
|
|
|
|
class MSFT_WmiEventProviderCancelQuery : MSFT_WmiEventProviderEvent
|
|
{
|
|
uint32 QueryId;
|
|
uint32 Result;
|
|
};
|
|
|
|
class MSFT_WmiEventProviderAccessCheck : MSFT_WmiEventProviderEvent
|
|
{
|
|
string QueryLanguage;
|
|
string Query;
|
|
uint8 Sid[];
|
|
uint32 Result;
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Consumer provider events
|
|
|
|
class MSFT_WmiConsumerProviderEvent : MSFT_WmiProviderEvent
|
|
{
|
|
string Machine;
|
|
};
|
|
|
|
class MSFT_WmiConsumerProviderLoaded : MSFT_WmiConsumerProviderEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiConsumerProviderUnloaded : MSFT_WmiConsumerProviderEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiConsumerProviderSinkLoaded : MSFT_WmiConsumerProviderEvent
|
|
{
|
|
__EventConsumer ref Consumer;
|
|
};
|
|
|
|
class MSFT_WmiConsumerProviderSinkUnloaded : MSFT_WmiConsumerProviderEvent
|
|
{
|
|
__EventConsumer ref Consumer;
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Thread pool events
|
|
|
|
class MSFT_WmiThreadPoolEvent : MSFT_WmiSelfEvent
|
|
{
|
|
uint32 ThreadId;
|
|
};
|
|
|
|
class MSFT_WmiThreadPoolThreadCreated : MSFT_WmiThreadPoolEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiThreadPoolThreadDeleted : MSFT_WmiThreadPoolEvent
|
|
{
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// Filter events
|
|
|
|
class MSFT_WmiFilterEvent : MSFT_WmiSelfEvent
|
|
{
|
|
string Namespace;
|
|
string Name;
|
|
string QueryLanguage;
|
|
string Query;
|
|
};
|
|
|
|
class MSFT_WmiFilterActivated : MSFT_WmiFilterEvent
|
|
{
|
|
};
|
|
|
|
class MSFT_WmiFilterDeactivated : MSFT_WmiFilterEvent
|
|
{
|
|
};
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// WMI Event Provider registration.
|
|
|
|
#pragma DeleteInstance("MSFT_WMI_NonCOMEventProvider.Name=\"WMI Self-Instrumentation Event Provider\"", NOFAIL)
|
|
|
|
instance of __Win32Provider as $P1
|
|
{
|
|
Name = "WMI Self-Instrumentation Event Provider";
|
|
HostingModel = "Decoupled:NonCOM";
|
|
};
|
|
|
|
instance of __EventProviderRegistration
|
|
{
|
|
Provider = $P1;
|
|
|
|
EventQueryList = {"select * from MSFT_WmiSelfEvent"};
|
|
/*
|
|
{
|
|
"select * from MSFT_WmiRegisterNotificationSink",
|
|
"select * from MSFT_WmiCancelNotificationSink",
|
|
"select * from MSFT_WmiEventProviderLoaded",
|
|
"select * from MSFT_WmiEventProviderUnloaded",
|
|
"select * from MSFT_WmiEventProviderNewQuery",
|
|
"select * from MSFT_WmiEventProviderCancelQuery",
|
|
"select * from MSFT_WmiEventProviderAccessCheck",
|
|
"select * from MSFT_WmiConsumerProviderLoaded",
|
|
"select * from MSFT_WmiConsumerProviderUnloaded",
|
|
"select * from MSFT_WmiConsumerProviderSinkLoaded",
|
|
"select * from MSFT_WmiConsumerProviderSinkUnloaded",
|
|
"select * from MSFT_WmiThreadPoolThreadCreated",
|
|
"select * from MSFT_WmiThreadPoolThreadDeleted",
|
|
"select * from MSFT_WmiFilterActivated",
|
|
"select * from MSFT_WmiFilterDeactivated"
|
|
};
|
|
*/
|
|
};
|
|
|