2020-09-30 16:53:55 +02:00

858 lines
27 KiB
C

/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
wmiumkm.h
Abstract:
Private definitions for WMI communications between user and kernel modes
Author:
AlanWar
Environment:
Kernel and User modes
Revision History:
--*/
#ifndef _WMIUMKM_
#define _WMIUMKM_
#if (_MSC_VER > 1020)
#pragma once
#endif
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable: 4200) // nonstandard extension used : zero-sized array in struct/union
//
// This defines the guid under which the default WMI security descriptor
// is maintained.
DEFINE_GUID(DefaultSecurityGuid, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
#define DefaultSecurityGuidName L"00000000-0000-0000-0000-000000000000"
#ifndef _WMIKM_
//
// This defines the codes used to define what a request must do. These
// definitions must match the same in wmium.h
//
typedef enum tagWMIACTIONCODE
{
WmiGetAllData = 0,
WmiGetSingleInstance = 1,
WmiChangeSingleInstance = 2,
WmiChangeSingleItem = 3,
WmiEnableEvents = 4,
WmiDisableEvents = 5,
WmiEnableCollection = 6,
WmiDisableCollection = 7,
WmiRegisterInfo = 8,
WmiExecuteMethodCall = 9,
WmiSetTraceNotify = 10
} WMIACTIONCODE;
#endif
#if defined(_WINNT_) || defined(WINNT)
typedef enum
{
WmiStartLoggerCode = 32,
WmiStopLoggerCode = 33,
WmiQueryLoggerCode = 34,
WmiTraceEventCode = 35,
WmiUpdateLoggerCode = 36,
WmiFlushLoggerCode = 37,
WmiMBRequest = 38,
WmiRequestDied = 39,
WmiTraceMessageCode = 40,
WmiSetMarkCode = 41,
WmiNtdllLoggerCode = 42,
WmiClockTypeCode = 43
#ifdef NTPERF
,
WmiSwitchBufferCode = 63
#endif
} WMITRACECODE;
#endif
typedef enum
{
WmiReadNotifications = 64,
WmiGetNextRegistrant = 65,
#ifndef MEMPHIS
WmiOpenGuid = 66,
#endif
WmiNotifyUser = 67,
WmiGetAllRegistrant = 68,
WmiGenerateEvent = 69,
WmiTranslateFileHandle = 71,
WmiGetVersion = 73,
WmiCheckAccess = 74,
WmiQueryAllMultiple = 75,
WmiQuerySingleMultiple = 76,
WmiEnumerateGuidList = 77,
WmiQueryDataBlockInformation = 78,
WmiOpenGuidForQuerySet = 79,
WmiOpenGuidForEvents = 80,
WmiReceiveNotif = 81,
WmiEnableDisableTracelogProvider = 82,
WmiRegisterGuids = 83,
WmiCreateUMLogger = 84,
WmiMBReply = 85,
WmiEnumerateMofResouces = 86,
WmiUnregisterDP = 87,
WmiEnumerateGuidListAndProperties = 88,
WmiNotifyLanguageChange = 89,
WmiMarkHandleAsClosed = 90
} WMISERVICECODES;
#define WMIUMKM_LL(x) L##x
#define WMIUMKM_L(x) WMIUMKM_LL(x)
//
// This defines the name of the WMI device that manages service IOCTLS
//
#define WMIServiceDeviceObjectName L"\\Device\\WMIDataDevice"
#define WMIServiceDeviceName_A "\\\\.\\WMIDataDevice"
#define WMIServiceDeviceName_W WMIUMKM_L(WMIServiceDeviceName_A)
#define WMIServiceDeviceName TEXT(WMIServiceDeviceName_A)
#define WMIServiceSymbolicLinkName_A "\\DosDevices\\WMIDataDevice"
#define WMIServiceSymbolicLinkName_W WMIUMKM_L(WMIServiceSymbolicLinkName_A)
#define WMIServiceSymbolicLinkName TEXT(WMIServiceSymbolicLinkName_A)
#define WMIAdminDeviceObjectName L"\\Device\\WMIAdminDevice"
#define WMIAdminDeviceName_A "\\\\.\\WMIAdminDevice"
#define WMIAdminDeviceName_W WMIUMKM_L(WMIAdminDeviceName_A)
#define WMIAdminDeviceName TEXT(WMIAdminDeviceName_A)
#define WMIAdminSymbolicLinkName TEXT("\\DosDevices\\WMIAdminDevice")
#ifdef MEMPHIS
//
// This id the name of the device that handles query/set IOCTLS. On memphis
// it is the same as the service device name.
#define WMIDataDeviceObjectName L"\\Device\\WMIDevice"
#define WMIDataDeviceName_A "\\\\.\\WMIServiceDevice")
#define WMIDataDeviceName_W WMIUMKM_L(WMIDataDeviceName_A)
#define WMIDataDeviceName TEXT(WMIDataDeviceName_A)
#define WMIDataSymbolicLinkName_A "\\DosDevices\\WMIServiceDevice"
#define WMIDataSymbolicLinkName_W WMIUMKM_L(WMIDataSymbolicLinkName_A)
#define WMIDataSymbolicLinkName TEXT(WMIDataSymbolicLinkName_A)
#else
#define WMIDataDeviceObjectName WMIServiceDeviceObjectName
#define WMIDataDeviceName_A WMIServiceDeviceName_A
#define WMIDataDeviceName_W WMIServiceDeviceName_W
#define WMIDataDeviceName WMIServiceDeviceName
#define WMIDataSymbolicLinkName_A WMIServiceSymbolicLinkName_A
#define WMIDataSymbolicLinkName_W WMIServiceSymbolicLinkName_W
#define WMIDataSymbolicLinkName WMIServiceSymbolicLinkName
#endif
//
// This defines the data structure that is used to pass a handle from
// um to km. In 32bit code a handle has 32bits and in 64bit code a handle
// has 64 bits and both call into the kernel which is 64bits. In order to
// insure that the data structures compile to the same size on 32 and 64
// bit systems we define the union with a dummy 64bit value so the field is
// forced to be 64 bits in all code. Note that the object manager always
// ignores the top 32bits of the handle in order to support 32 bit code
// that only maintains 32 bit handles
//
typedef union
{
HANDLE Handle;
ULONG64 Handle64;
ULONG32 Handle32;
} HANDLE3264, *PHANDLE3264;
typedef HANDLE3264 PVOID3264;
#ifdef _WIN64
#define WmipSetHandle3264(Handle3264, XHandle) \
(Handle3264).Handle = XHandle
#else
#define WmipSetHandle3264(Handle3264, XHandle) \
{ (Handle3264).Handle64 = 0; (Handle3264).Handle32 = (ULONG32)XHandle; }
#endif
#define WmipSetPVoid3264 WmipSetHandle3264
//
// This IOCTL will return when a KM notification has been generated that
// requires user mode attention.
// BufferIn - Not used
// BufferOut - Buffer to return notification information
#define IOCTL_WMI_READ_NOTIFICATIONS \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiReadNotifications, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will return with the next set of unprocessed registration info
// BufferIn - Not used
// BufferOut - Buffer to return registration information
#define IOCTL_WMI_GET_NEXT_REGISTRANT \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiGetNextRegistrant, METHOD_BUFFERED, FILE_READ_ACCESS)
#ifndef MEMPHIS
//
// This IOCTL will return a handle to a guid
// BufferIn - WMIOPENGUIDBLOCK
// BufferOut - WMIOPENGUIDBLOCK
#define IOCTL_WMI_OPEN_GUID \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiOpenGuid, METHOD_BUFFERED, FILE_READ_ACCESS)
#define IOCTL_WMI_OPEN_GUID_FOR_QUERYSET \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiOpenGuidForQuerySet, METHOD_BUFFERED, FILE_READ_ACCESS)
#define IOCTL_WMI_OPEN_GUID_FOR_EVENTS \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiOpenGuidForEvents, METHOD_BUFFERED, FILE_READ_ACCESS)
#endif
// This IOCTL will perform a query for all data items of a data block
// BufferIn - Incoming WNODE describing query. This gets filled in by driver
#define IOCTL_WMI_QUERY_ALL_DATA \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiGetAllData, METHOD_BUFFERED, FILE_READ_ACCESS)
// This IOCTL will query for a single instance
// BufferIn - Incoming WNODE describing query. This gets filled in by driver
#define IOCTL_WMI_QUERY_SINGLE_INSTANCE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiGetSingleInstance, METHOD_BUFFERED, FILE_READ_ACCESS)
// This IOCTL will set a single instance
// BufferIn - Incoming WNODE describing set.
#define IOCTL_WMI_SET_SINGLE_INSTANCE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiChangeSingleInstance, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will set a single item
// BufferIn - Incoming WNODE describing set.
#define IOCTL_WMI_SET_SINGLE_ITEM \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiChangeSingleItem, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will enable an event
// BufferIn - Incoming WNODE event item to enable
#define IOCTL_WMI_ENABLE_EVENT \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiEnableEvents, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will disable an event
// BufferIn - Incoming WNODE event item to disable
#define IOCTL_WMI_DISABLE_EVENT \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiDisableEvents, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will enable collection
// BufferIn - Incoming WNODE describing what to enable for collection
#define IOCTL_WMI_ENABLE_COLLECTION \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiEnableCollection, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will disable collection
// BufferIn - Incoming WNODE describing what to disable for collection
#define IOCTL_WMI_DISABLE_COLLECTION \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiDisableCollection, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will return the registration information for a specific provider
// BufferIn - Provider handle
// BufferOut - Buffer to return WMI information
#define IOCTL_WMI_GET_REGINFO \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiRegisterInfo, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will execute a method on a device
// BufferIn - WNODE_METHOD_ITEM
// BufferOut - WNODE_METHOD_ITEM
#define IOCTL_WMI_EXECUTE_METHOD \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiExecuteMethodCall, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will do a query all data multiple
// BufferIn - WMIQADMULTIPLE
// BufferOut - Linked WNODE_ALL_DATA with results
#define IOCTL_WMI_QAD_MULTIPLE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiQueryAllMultiple, METHOD_BUFFERED, FILE_WRITE_ACCESS)
//
// This specifies the maxiumum number of handles that can be passed to
// query all data multiple and query single instance multiple
//
#define QUERYMULIPLEHANDLELIMIT 0x1000
typedef struct
{
ULONG HandleCount;
HANDLE3264 Handles[1];
} WMIQADMULTIPLE, *PWMIQADMULTIPLE;
// This IOCTL will do a query single instance multiple
// BufferIn - WMIQSIMULTIPLE
// BufferOut - Linked WNODE_SINGLE_INSTANCE with results
#define IOCTL_WMI_QSI_MULTIPLE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiQuerySingleMultiple, METHOD_BUFFERED, FILE_WRITE_ACCESS)
#ifndef MEMPHIS
typedef struct
{
USHORT Length;
USHORT MaximumLength;
union
{
PWSTR Buffer;
ULONG64 Dummy;
};
} UNICODE_STRING3264, *PUNICODE_STRING3264;
typedef struct
{
HANDLE3264 Handle;
UNICODE_STRING3264 InstanceName;
} WMIQSIINFO, *PWMIQSIINFO;
typedef struct
{
ULONG QueryCount;
WMIQSIINFO QsiInfo[1];
} WMIQSIMULTIPLE, *PWMIQSIMULTIPLE;
#endif
// This IOCTL will mark the object as not longer able to receive events
// BufferIn - WMIMARKASCLOSED
// BufferOut -
#define IOCTL_WMI_MARK_HANDLE_AS_CLOSED \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiMarkHandleAsClosed, METHOD_BUFFERED, FILE_WRITE_ACCESS)
typedef struct
{
HANDLE3264 Handle;
} WMIMARKASCLOSED, *PWMIMARKASCLOSED;
// This IOCTL will register for receiving an event
// BufferIn - WMIRECEIVENOTIFICATIONS
// BufferOut - WMIRECEIVENOTIFICATIONS
#define IOCTL_WMI_RECEIVE_NOTIFICATIONS \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiReceiveNotif, METHOD_BUFFERED, FILE_WRITE_ACCESS)
//
// WmiReceiveNotification
//
#define RECEIVE_ACTION_NONE 1 // No special action required
#define RECEIVE_ACTION_CREATE_THREAD 2 // Mark guid objects as requiring
// a new thread to be
// created
typedef struct
{
//
// List of guid notification handles
//
ULONG HandleCount;
ULONG Action;
PVOID3264 /* PUSER_THREAD_START_ROUTINE */ UserModeCallback;
HANDLE3264 UserModeProcess;
HANDLE3264 Handles[1];
} WMIRECEIVENOTIFICATION, *PWMIRECEIVENOTIFICATION;
// This IOCTL will cause a registration notification to be generated
// BufferIn - Not used
// BufferOut - Not used
#define IOCTL_WMI_NOTIFY_USER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiNotifyUser, METHOD_BUFFERED, FILE_WRITE_ACCESS)
//
// This IOCTL will return with the all registration info
// BufferIn - Not used
// BufferOut - Buffer to return all registration information
#define IOCTL_WMI_GET_ALL_REGISTRANT \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiGetAllRegistrant, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will cause certain data providers to generate events
// BufferIn - WnodeEventItem to use in firing event
// BufferOut - Not Used
#define IOCTL_WMI_GENERATE_EVENT \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiGenerateEvent, METHOD_BUFFERED, FILE_WRITE_ACCESS)
// This IOCTL will translate a File Object into a device object
// BufferIn - pointer to incoming WMIFILETODEVICE structure
// BufferOut - outgoing WMIFILETODEVICE structure
#define IOCTL_WMI_TRANSLATE_FILE_HANDLE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiTranslateFileHandle, METHOD_BUFFERED, FILE_WRITE_ACCESS)
//
// This IOCTL will check if the caller has desired access to the guid
// BufferIn - WMIOPENGUIDBLOCK
// BufferOut - WMIOPENGUIDBLOCK
#define IOCTL_WMI_CHECK_ACCESS \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiCheckAccess, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will determine the version of WMI
// BufferIn - Not used
// BufferOut - WMIVERSIONINFO
#define IOCTL_WMI_GET_VERSION \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiGetVersion, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will return a list of guids registered with WMI
// BufferIn - Not used
// BufferOut - WMIGUIDLISTINFO
//
#define IOCTL_WMI_ENUMERATE_GUIDS \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiEnumerateGuidList, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will return a list of guids registered with WMI
// BufferIn - Not used
// BufferOut - WMIGUIDLISTINFO
//
#define IOCTL_WMI_ENUMERATE_GUIDS_AND_PROPERTIES \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiEnumerateGuidListAndProperties, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// WmiEnumerateGuidList - Enumerate guids
//
// WMIGUIDPROPERTIES structure is used to return the properties of
// all the registered guids in the EnumerateGuids call. The properties
// GuidType - ( 0-TraceControlGuid, 1-TraceGuid, 2-DataGuid, 3-EventGuid )
// LoggerId - If Trace guid and enabled, indicates the LoggerId to which this
// Guid is currently logging data
// EnableLevel - If Trace guid and enabled, indicates the level of logging
// EnableFlags - If Trace guid and enabled, indicates the flags used in logging.
// IsEnabled - Indicates whether this Guid is enabled currently. For data
// guids this means if collection is enabled,
// For event guids this means if events are enabled,
// For trace guids this means trace logging is enabled.
//
typedef struct
{
GUID Guid;
ULONG GuidType; // 0-TraceControlGuid, 1-TraceGuid, 2-DataGuid, 3-EventGuid
ULONG LoggerId;
ULONG EnableLevel;
ULONG EnableFlags;
BOOLEAN IsEnabled;
} WMIGUIDPROPERTIES, *PWMIGUIDPROPERTIES;
typedef struct
{
ULONG TotalGuidCount;
ULONG ReturnedGuidCount;
WMIGUIDPROPERTIES GuidList[1];
} WMIGUIDLISTINFO, *PWMIGUIDLISTINFO;
//
// This IOCTL will return a list of guids registered with WMI
// BufferIn - WMIGUIDINFO
// BufferOut - WMIGUIDINFO
//
#define IOCTL_WMI_QUERY_GUID_INFO \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiQueryDataBlockInformation, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will return the list of mof resources registered
//
// BufferIn - not used
// BufferOut - WMIMOFLIST
#define IOCTL_WMI_ENUMERATE_MOF_RESOURCES \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiEnumerateMofResouces, METHOD_BUFFERED, FILE_READ_ACCESS)
typedef struct
{
ULONG RegPathOffset;
ULONG ResourceOffset;
ULONG Flags;
} WMIMOFENTRY, *PWMIMOFENTRY;
#define WMIMOFENTRY_FLAG_USERMODE 0x00000001
typedef struct
{
ULONG MofListCount;
WMIMOFENTRY MofEntry[1];
} WMIMOFLIST, *PWMIMOFLIST;
//
// This IOCTL notifies the kernel that a language has been added or
// removed on a MUI system
//
// BufferIn - WMILANGUAGECHANGE
// BufferOut - not used
#define IOCTL_WMI_NOTIFY_LANGUAGE_CHANGE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiNotifyLanguageChange, METHOD_BUFFERED, FILE_READ_ACCESS)
#define MAX_LANGUAGE_SIZE 0x100
typedef struct
{
WCHAR Language[MAX_LANGUAGE_SIZE];
ULONG Flags;
} WMILANGUAGECHANGE, *PWMILANGUAGECHANGE;
#define WMILANGUAGECHANGE_FLAG_ADDED 0x00000001
#define WMILANGUAGECHANGE_FLAG_REMOVED 0x00000002
#define MOFEVENT_ACTION_IMAGE_PATH 0
#define MOFEVENT_ACTION_REGISTRY_PATH 1
#define MOFEVENT_ACTION_LANGUAGE_CHANGE 2
#define MOFEVENT_ACTION_BINARY_MOF 3
#if defined(_WINNT_) || defined(WINNT)
#ifndef MEMPHIS
#define WMIMAXREGGUIDCOUNT 65536
//
// This IOCTL will Register a set of guids with WMI
//
// BufferIn - WMIREGREQUEST followed by WMIREGINFOW
// BufferOut - TRACEGUIDMAP[GuidCount] followed by WMIUMREGRESULTS.
//
#define IOCTL_WMI_REGISTER_GUIDS CTL_CODE(FILE_DEVICE_UNKNOWN, WmiRegisterGuids, METHOD_BUFFERED, FILE_READ_ACCESS)
typedef struct
{
union {
POBJECT_ATTRIBUTES ObjectAttributes;
ULONG64 Dummy;
};
ULONG Cookie;
ULONG WmiRegInfo32Size;
ULONG WmiRegGuid32Size;
} WMIREGREQUEST, *PWMIREGREQUEST;
typedef struct
{
HANDLE3264 RequestHandle;
ULONG64 LoggerContext;
BOOLEAN MofIgnored;
} WMIREGRESULTS, *PWMIREGRESULTS;
//
// This IOCTL will unregister a data provider
//
// BufferIn - WMIUNREGGUIDS
// BufferOut - WMIUNREGGUIDS
//
#define IOCTL_WMI_UNREGISTER_GUIDS CTL_CODE(FILE_DEVICE_UNKNOWN, WmiUnregisterDP, METHOD_BUFFERED, FILE_READ_ACCESS)
typedef struct
{
IN GUID Guid;
IN HANDLE3264 RequestHandle;
OUT ULONG64 LoggerContext;
} WMIUNREGGUIDS, *PWMIUNREGGUIDS;
//
// This IOCTL will Create a user mode logger
//
// BufferIn - PWMICREATEUMLOGGER
// BufferOut - PWMICREATEUMLOGGER
typedef struct
{
IN POBJECT_ATTRIBUTES ObjectAttributes;
IN GUID ControlGuid;
OUT HANDLE3264 ReplyHandle;
OUT ULONG ReplyCount;
} WMICREATEUMLOGGER, *PWMICREATEUMLOGGER;
typedef struct
{
IN ULONG ObjectAttributes;
IN GUID ControlGuid;
OUT HANDLE3264 ReplyHandle;
OUT ULONG ReplyCount;
} WMICREATEUMLOGGER32, *PWMICREATEUMLOGGER32;
#define IOCTL_WMI_CREATE_UM_LOGGER CTL_CODE(FILE_DEVICE_UNKNOWN, WmiCreateUMLogger, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will reply to a MB request
//
// BufferIn - WMIMBREPLY
// BufferOut - not used
typedef struct
{
HANDLE3264 Handle;
ULONG ReplyIndex;
UCHAR Message[1];
} WMIMBREPLY, *PWMIMBREPLY;
#define IOCTL_WMI_MB_REPLY CTL_CODE(FILE_DEVICE_UNKNOWN, WmiMBReply, METHOD_BUFFERED, FILE_READ_ACCESS)
//
// This IOCTL will start an instance of a logger
// BufferIn - Logger configuration information
// BufferOut - Updated logger information when logger is started
#define IOCTL_WMI_START_LOGGER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiStartLoggerCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
//
// This IOCTL will stop an instance of a logger
// BufferIn - Logger information structure with Handle set
// BufferOut - Updated logger information when logger is stopped
#define IOCTL_WMI_STOP_LOGGER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiStopLoggerCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
//
// This IOCTL will update an existing logger attributes
// BufferIn - Logger information structure with Handle set
// BufferOut - Updated logger information
#define IOCTL_WMI_UPDATE_LOGGER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiUpdateLoggerCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
//
// This IOCTL will flush all buffers of a logger
// BufferIn - Logger configuration information
// BufferOut - Updated logger information when logger is flushed
#define IOCTL_WMI_FLUSH_LOGGER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiFlushLoggerCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
//
// This IOCTL will query a logger for its information
// BufferIn - Logger information structure with Handle set
// BufferOut - Updated logger information
#define IOCTL_WMI_QUERY_LOGGER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiQueryLoggerCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
//
// This IOCTL will synchronize a trace record to the logger
// BufferIn - Trace record, with handle set
// BufferOut - Not used
#define IOCTL_WMI_TRACE_EVENT \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiTraceEventCode, METHOD_NEITHER, FILE_WRITE_ACCESS)
//
// This IOCTL will synchronize a trace Message to the logger
// BufferIn - Trace record, with handle
// BufferOut - Not used
#define IOCTL_WMI_TRACE_MESSAGE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiTraceMessageCode, METHOD_NEITHER, FILE_WRITE_ACCESS)
//
// This IOCTL will set a mark in kernel logger
// BufferIn - Logger information structure with Handle set
// BufferOut - Not used
#define IOCTL_WMI_SET_MARK \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiSetMarkCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
//
// This IOCTL will set/get the logger information in the GuidEntry
// in case we are starting NTDLL heap or crit sec tracing
// BufferIn - WMINTDLLLOGGERINFO structure
// BufferOut - updated WMINTDLLLOGGERINFO in case of Get.
#define IOCTL_WMI_NTDLL_LOGGERINFO \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiNtdllLoggerCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_WMI_CLOCK_TYPE \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiClockTypeCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
#ifdef NTPERF
//
// This IOCTL will switch a buffer for UserMode Logging
// BufferIn - WMI_SWITCH_PERFMEM_BUFFER_INFORMATION structure
// BufferOut - Not used
#define IOCTL_WMI_SWITCH_BUFFER \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiSwitchBufferCode, METHOD_BUFFERED, FILE_ANY_ACCESS)
#endif //NTPERF
#endif
#endif // WINNT
//
// Notifications from kernel mode WMI to user mode WMI
//
#define NOTIFICATIONTYPES ULONG
// A new data provider is being registered
#define RegistrationAdd 0x00000001
// A data provider is being removed
#define RegistrationDelete 0x00000002
// A data provider is being updated
#define RegistrationUpdate 0x00000004
// An event is fired by a data provider
#define EventNotification 0x00000008
#define NOTIFICATIONSLOT_MASK_NOTIFICATIONTYPES (RegistrationAdd | \
RegistrationDelete | \
RegistrationUpdate)
#define INTERNALNOTIFICATIONSIZE (sizeof(WNODE_HEADER) + sizeof(KMREGINFO))
//
// This is used in IOCTL_WMI_GET_ALL_REGISTRANT to report the list of
// registered KM data providers to the WMI service
typedef struct
{
OUT ULONG ProviderId; // Provider Id (or device object pointer)
OUT ULONG Flags; // REGENTRY_FLAG_*
} KMREGINFO, *PKMREGINFO;
#define REGENTRY_FLAG_NEWREGINFO 0x00000004 // Entry has new registration info
#define REGENTRY_FLAG_UPDREGINFO 0x00000008 // Entry has updated registration info
//
// This structure is used in IOCTL_WMI_TRANSLATE_FILE_HANDLE
typedef struct
{
union
{
IN HANDLE3264 FileHandle; // File handle whose instance name is needed
OUT ULONG SizeNeeded; // If incoming buffer too small then this
// returns with number bytes needed.
};
IN HANDLE3264 KernelHandle; // Kernel handle for data block
OUT ULONG BaseIndex; //
OUT USHORT InstanceNameLength; // Length of instance name in bytes
OUT WCHAR InstanceNames[1]; // Instance name in unicode
} WMIFHTOINSTANCENAME, *PWMIFHTOINSTANCENAME;
#ifndef MEMPHIS
//
// This is used in IOCTL_WMI_OPEN_GUID
// Guid must be in the form \WmiGuid\00000000-0000-0000-0000-000000000000
#define WmiGuidObjectDirectory L"\\WmiGuid\\"
#define WmiGuidObjectDirectoryLength (sizeof(WmiGuidObjectDirectory) / sizeof(WCHAR))
#define WmiGuidGuidPosition 9
#define WmiSampleGuidObjectName L"\\WmiGuid\\00000000-0000-0000-0000-000000000000"
#define WmiGuidObjectNameLength ((sizeof(WmiSampleGuidObjectName) / sizeof(WCHAR))-1) // 45
typedef struct
{
IN POBJECT_ATTRIBUTES ObjectAttributes;
IN ACCESS_MASK DesiredAccess;
OUT HANDLE3264 Handle;
} WMIOPENGUIDBLOCK, *PWMIOPENGUIDBLOCK;
typedef struct
{
IN UINT32 /* POBJECT_ATTRIBUTES32 */ ObjectAttributes;
IN ACCESS_MASK DesiredAccess;
OUT HANDLE3264 Handle;
} WMIOPENGUIDBLOCK32, *PWMIOPENGUIDBLOCK32;
typedef struct
{
GUID Guid;
ACCESS_MASK DesiredAccess;
} WMICHECKGUIDACCESS, *PWMICHECKGUIDACCESS;
#endif
//
// This is the header in front of a WNODE request
typedef struct
{
ULONG ProviderId; // Provider Id of target device
} WMITARGET, *PWMITARGET;
typedef struct
{
ULONG Length; // Length of this header
ULONG Count; // Count of device object to target
UCHAR Template[sizeof(WNODE_ALL_DATA)]; // Template WNODE_ALL_DATA
WMITARGET Target[1]; // Provider ids for device object targets
} WMITARGETHEADER, *PWMITARGETHEADER;
//
// This is used to retrieve the internal version of WMI in IOCTL_WMI_GET_VERSION
#define WMI_CURRENT_VERSION 1
typedef struct
{
ULONG32 Version;
} WMIVERSIONINFO, *PWMIVERSIONINFO;
//
// WmiQueryGuidInfo
typedef struct
{
HANDLE3264 KernelHandle;
BOOLEAN IsExpensive;
} WMIQUERYGUIDINFO, *PWMIQUERYGUIDINFO;
#if defined(_WINNT_) || defined(WINNT)
//
// Used to enable and disable a tracelog provider
//
// BufferIn - WmiTraceEnableDisableInfo
// BufferOut -
#define IOCTL_WMI_ENABLE_DISABLE_TRACELOG \
CTL_CODE(FILE_DEVICE_UNKNOWN, WmiEnableDisableTracelogProvider, METHOD_BUFFERED, FILE_READ_ACCESS)
typedef struct
{
GUID Guid;
ULONG64 LoggerContext;
BOOLEAN Enable;
} WMITRACEENABLEDISABLEINFO, *PWMITRACEENABLEDISABLEINFO;
#define EVENT_TRACE_INTERNAL_FLAG_PRIVATE 0x01
#endif // WINNT
typedef struct
{
ULONGLONG GuidMapHandle;
GUID Guid;
ULONGLONG SystemTime;
} TRACEGUIDMAP, *PTRACEGUIDMAP;
typedef struct
{
WNODE_HEADER Wnode;
ULONG64 LoggerContext;
ULONG64 SecurityToken;
} WMITRACE_NOTIFY_HEADER, *PWMITRACE_NOTIFY_HEADER;
#ifndef MEMPHIS
#define ENABLECRITSECTRACE 0x1
#define DISABLECRITSECTRACE 0xFFFFFFFE
#define ENABLEHEAPTRACE 0x2
#define DISABLEHEAPTRACE 0xFFFFFFFD
#define DISABLENTDLLTRACE 0xFFFFFFFC
#endif
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning( default: 4200 )
#endif
#endif // _WMIUMKM_