Windows2003-3790/public/sdk/inc/ntelfapi.h
2020-09-30 16:53:55 +02:00

373 lines
8.6 KiB
C

/*++
Copyright (c) Microsoft Corporation. All rights reserved.
Module Name:
ntelfapi.h
Abstract:
This file contains the prototypes for the user-level Elf APIs.
Author:
Rajen Shah (rajens) 30-Jul-1991
Revision History:
--*/
#ifndef _NTELFAPI_
#define _NTELFAPI_
#if _MSC_VER > 1000
#pragma once
#endif
#ifdef __cplusplus
extern "C" {
#endif
// begin_winnt
//
// Defines for the READ flags for Eventlogging
//
#define EVENTLOG_SEQUENTIAL_READ 0x0001
#define EVENTLOG_SEEK_READ 0x0002
#define EVENTLOG_FORWARDS_READ 0x0004
#define EVENTLOG_BACKWARDS_READ 0x0008
//
// The types of events that can be logged.
//
#define EVENTLOG_SUCCESS 0x0000
#define EVENTLOG_ERROR_TYPE 0x0001
#define EVENTLOG_WARNING_TYPE 0x0002
#define EVENTLOG_INFORMATION_TYPE 0x0004
#define EVENTLOG_AUDIT_SUCCESS 0x0008
#define EVENTLOG_AUDIT_FAILURE 0x0010
//
// Defines for the WRITE flags used by Auditing for paired events
// These are not implemented in Product 1
//
#define EVENTLOG_START_PAIRED_EVENT 0x0001
#define EVENTLOG_END_PAIRED_EVENT 0x0002
#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004
#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008
#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010
//
// Structure that defines the header of the Eventlog record. This is the
// fixed-sized portion before all the variable-length strings, binary
// data and pad bytes.
//
// TimeGenerated is the time it was generated at the client.
// TimeWritten is the time it was put into the log at the server end.
//
typedef struct _EVENTLOGRECORD {
ULONG Length; // Length of full record
ULONG Reserved; // Used by the service
ULONG RecordNumber; // Absolute record number
ULONG TimeGenerated; // Seconds since 1-1-1970
ULONG TimeWritten; // Seconds since 1-1-1970
ULONG EventID;
USHORT EventType;
USHORT NumStrings;
USHORT EventCategory;
USHORT ReservedFlags; // For use with paired events (auditing)
ULONG ClosingRecordNumber; // For use with paired events (auditing)
ULONG StringOffset; // Offset from beginning of record
ULONG UserSidLength;
ULONG UserSidOffset;
ULONG DataLength;
ULONG DataOffset; // Offset from beginning of record
//
// Then follow:
//
// WCHAR SourceName[]
// WCHAR Computername[]
// SID UserSid
// WCHAR Strings[]
// BYTE Data[]
// CHAR Pad[]
// ULONG Length;
//
} EVENTLOGRECORD, *PEVENTLOGRECORD;
//SS: start of changes to support clustering
//SS: ideally the
#define MAXLOGICALLOGNAMESIZE 256
#if _MSC_VER >= 1200
#pragma warning(push)
#endif
#pragma warning(disable : 4200)
typedef struct _EVENTSFORLOGFILE{
ULONG ulSize;
WCHAR szLogicalLogFile[MAXLOGICALLOGNAMESIZE]; //name of the logical file-security/application/system
ULONG ulNumRecords;
EVENTLOGRECORD pEventLogRecords[];
}EVENTSFORLOGFILE, *PEVENTSFORLOGFILE;
typedef struct _PACKEDEVENTINFO{
ULONG ulSize; //total size of the structure
ULONG ulNumEventsForLogFile; //number of EventsForLogFile structure that follow
ULONG ulOffsets[]; //the offsets from the start of this structure to the EVENTSFORLOGFILE structure
}PACKEDEVENTINFO, *PPACKEDEVENTINFO;
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default : 4200)
#endif
//SS: end of changes to support clustering
// end_winnt
#ifdef UNICODE
#define ElfClearEventLogFile ElfClearEventLogFileW
#define ElfBackupEventLogFile ElfBackupEventLogFileW
#define ElfOpenEventLog ElfOpenEventLogW
#define ElfRegisterEventSource ElfRegisterEventSourceW
#define ElfOpenBackupEventLog ElfOpenBackupEventLogW
#define ElfReadEventLog ElfReadEventLogW
#define ElfReportEvent ElfReportEventW
#else
#define ElfClearEventLogFile ElfClearEventLogFileA
#define ElfBackupEventLogFile ElfBackupEventLogFileA
#define ElfOpenEventLog ElfOpenEventLogA
#define ElfRegisterEventSource ElfRegisterEventSourceA
#define ElfOpenBackupEventLog ElfOpenBackupEventLogA
#define ElfReadEventLog ElfReadEventLogA
#define ElfReportEvent ElfReportEventA
#endif // !UNICODE
//
// Handles are RPC context handles. Note that a Context Handle is
// always a pointer type unlike regular handles.
//
//
// Prototypes for the APIs
//
NTSTATUS
NTAPI
ElfClearEventLogFileW (
IN HANDLE LogHandle,
IN PUNICODE_STRING BackupFileName
);
NTSTATUS
NTAPI
ElfClearEventLogFileA (
IN HANDLE LogHandle,
IN PSTRING BackupFileName
);
NTSTATUS
NTAPI
ElfBackupEventLogFileW (
IN HANDLE LogHandle,
IN PUNICODE_STRING BackupFileName
);
NTSTATUS
NTAPI
ElfBackupEventLogFileA (
IN HANDLE LogHandle,
IN PSTRING BackupFileName
);
NTSTATUS
NTAPI
ElfCloseEventLog (
IN HANDLE LogHandle
);
NTSTATUS
NTAPI
ElfDeregisterEventSource (
IN HANDLE LogHandle
);
NTSTATUS
NTAPI
ElfNumberOfRecords (
IN HANDLE LogHandle,
OUT PULONG NumberOfRecords
);
NTSTATUS
NTAPI
ElfOldestRecord (
IN HANDLE LogHandle,
OUT PULONG OldestRecord
);
NTSTATUS
NTAPI
ElfChangeNotify (
IN HANDLE LogHandle,
IN HANDLE Event
);
NTSTATUS
ElfGetLogInformation (
IN HANDLE LogHandle,
IN ULONG InfoLevel,
OUT PVOID lpBuffer,
IN ULONG cbBufSize,
OUT PULONG pcbBytesNeeded
);
NTSTATUS
NTAPI
ElfOpenEventLogW (
IN PUNICODE_STRING UNCServerName,
IN PUNICODE_STRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfRegisterEventSourceW (
IN PUNICODE_STRING UNCServerName,
IN PUNICODE_STRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfOpenBackupEventLogW (
IN PUNICODE_STRING UNCServerName,
IN PUNICODE_STRING FileName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfOpenEventLogA (
IN PSTRING UNCServerName,
IN PSTRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfRegisterEventSourceA (
IN PSTRING UNCServerName,
IN PSTRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfOpenBackupEventLogA (
IN PSTRING UNCServerName,
IN PSTRING FileName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfReadEventLogW (
IN HANDLE LogHandle,
IN ULONG ReadFlags,
IN ULONG RecordNumber,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead,
OUT PULONG MinNumberOfBytesNeeded
);
NTSTATUS
NTAPI
ElfReadEventLogA (
IN HANDLE LogHandle,
IN ULONG ReadFlags,
IN ULONG RecordNumber,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead,
OUT PULONG MinNumberOfBytesNeeded
);
NTSTATUS
NTAPI
ElfReportEventW (
IN HANDLE LogHandle,
IN USHORT EventType,
IN USHORT EventCategory OPTIONAL,
IN ULONG EventID,
IN PSID UserSid OPTIONAL,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PUNICODE_STRING *Strings OPTIONAL,
IN PVOID Data OPTIONAL,
IN USHORT Flags,
IN OUT PULONG RecordNumber OPTIONAL,
IN OUT PULONG TimeWritten OPTIONAL
);
NTSTATUS
NTAPI
ElfReportEventA (
IN HANDLE LogHandle,
IN USHORT EventType,
IN USHORT EventCategory OPTIONAL,
IN ULONG EventID,
IN PSID UserSid OPTIONAL,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PANSI_STRING *Strings OPTIONAL,
IN PVOID Data OPTIONAL,
IN USHORT Flags,
IN OUT PULONG RecordNumber OPTIONAL,
IN OUT PULONG TimeWritten OPTIONAL
);
NTSTATUS
NTAPI
ElfRegisterClusterSvc(
IN PUNICODE_STRING UNCServerName,
OUT PULONG pulEventInfoSize,
OUT PVOID *ppPackedEventInfo
);
NTSTATUS
NTAPI
ElfDeregisterClusterSvc(
IN PUNICODE_STRING UNCServerName
);
NTSTATUS
NTAPI
ElfWriteClusterEvents(
IN PUNICODE_STRING UNCServerName,
IN ULONG ulEventInfoSize,
IN PVOID pPackedEventInfo
);
NTSTATUS
NTAPI
ElfFlushEventLog (
IN HANDLE LogHandle
);
#ifdef __cplusplus
}
#endif
#endif // _NTELFAPI_