341 lines
12 KiB
Plaintext
341 lines
12 KiB
Plaintext
//******************************************
|
|
// System Trace Definitions
|
|
// Version 0004.0 18th December 2003
|
|
//******************************************
|
|
|
|
// The #typev statement and the #typev statement may be used to convert
|
|
// messages into user readable forms.
|
|
// With #typev all parameters are processed as strings and the default string
|
|
// processing of FormTMessage is used
|
|
// With #typev wherever possible parameters are processed as their native format
|
|
// and the %x!x! style of FormatMessage should be used.
|
|
//
|
|
// Note Parameter %1 through %9 are predefined
|
|
// Parameter is #typev
|
|
// %1 GUID Friendly Name string
|
|
// %2 GUID SubType Name string
|
|
// %3 Thread ID ULONG_PTR
|
|
// %4 System Time String
|
|
// %5 Kernel Time or User Time String
|
|
// %6 User Time or NULL String
|
|
// %7 Sequence Number LONG
|
|
// %8 Unused String
|
|
// %9 CPU Number LONG
|
|
// %10 and above are the user parameters
|
|
// %255 Is reserved
|
|
//
|
|
// Note these parameters are always present, but may not be valid
|
|
// depending on the source.
|
|
//
|
|
// User defined messages always start at message number 10
|
|
// Messages 0 through 9 are reserved for system use.
|
|
// Message number 255 is reserved.
|
|
//
|
|
// Available formats for user arguments are -
|
|
//
|
|
//Name Description #typev Format
|
|
//ItemChar CHAR
|
|
//ItemUChar UCHAR
|
|
//ItemCharShort USHORT
|
|
//ItemCharSign SHORT
|
|
//ItemShort Signed Short SHORT
|
|
//ItemUShort Unsigned Short USHORT
|
|
//ItemLong Signed Long, decoded as decimal LONG
|
|
//ItemULong Unsigned Long, decoded as decimal ULONG
|
|
//ItemULongX Unsigned Long, seen as hexadecimal ULONG
|
|
//ItemLongLong Signed 64 Bit value LONGLONG
|
|
//ItemULongLong Unsigned 64 Bit value ULONGLONG
|
|
//ItemRString Reduced Ascii String String
|
|
// (\t, \n, \r, \,, converted to space, trailing sp removed)
|
|
//ItemWString Unicode String, null terminated String
|
|
//ItemPString Counted Ascii String String
|
|
//ItemPWString Counted Unicode String String
|
|
//ItemMLString Multi-Line Ascii String String
|
|
//ItemSid Security identifier String
|
|
//ItemChar4 CHAR4
|
|
//ItemIPAddr IP Address String (If needed raw, use ItemUlong)
|
|
// (string of form xxx.xxx.xxx.xxx)
|
|
//ItemPort String (If needed raw use ItemUshort)
|
|
//ItemNWString Non-null terminated Wide Char String String
|
|
//ItemListByte (element1,element2,....) String
|
|
// byte index into a list of strings
|
|
//ItemListShort(element1,element2,....) String
|
|
// short index into a list of strings
|
|
//ItemListLong (element1,element2,....) String
|
|
// Long index into a list of strings
|
|
//ItemGUID Normal GUID format String
|
|
//ItemNTerror Translates a ULONG error code to the String
|
|
// NT Error Text
|
|
//ItemNTSTATUS Converts NTSTATUS to symbolic name String
|
|
//ItemWINERROR Converts WINERROR to symbolic name String
|
|
//ItemNETEVENT Converts NETEVENT to symbolic name String
|
|
//ItemMerror module.ext String
|
|
// Translates a ULONG error code using the
|
|
// module specified.
|
|
//ItemTimeStamp Treats a LONGLONG as a timestamp String
|
|
//ItemUnknown String
|
|
|
|
|
|
ce5b1020-8ea9-11d0-a4ec-00a0c9062910 TraceDp
|
|
#typev Start 1 "TraceDp TID=0x%3 Start"
|
|
#typev End 2 "TraceDp TID=0x%3End"
|
|
{
|
|
}
|
|
|
|
68fdd900-4a3e-11d1-84f4-0000f80464e3 EventTrace
|
|
#typev Header 0 "%0EventTrace Header"
|
|
{
|
|
}
|
|
|
|
2cb15d1d-5fc1-11d2-abe1-00a0c911f518 Image
|
|
#typev Load 10 "%0ImageLoad of %13!s! (Process= %12!d!, Base=0x%10!X!,size=0x%11!X!)"
|
|
{
|
|
Base Address, ItemPtr
|
|
Module Size, ItemPtr
|
|
ProcessId, ItemUlong
|
|
Image Filename, ItemWString
|
|
}
|
|
|
|
3d6fa8d0-fe05-11d0-9dda-00c04fd7ba7c Process
|
|
#typev Start 1 "%0Started Process %11!04X!.%12!04X! %16!s! :: %15!s! (Session=%13!d!) "
|
|
#typev End 2 "%0Ended Process %11!04X!.%12!04X! %16!s! :: %15!s! (Session=%13!d!) Exit Status %14!X!"
|
|
#typev DCStart 3 "%0Data Collection Started of %11!04X!.%12!04X! %16!s! :: %15!s! (Session=%13!d!)"
|
|
#typev DCEnd 4 "%0Data Colection Ended for %11!04X!.%12!04X! %16!s! :: %15!s! (Session=%13!d!)"
|
|
#typev Load 5 "%0Load of %11!04X!.%12!04X! %16!s! :: %15!s! (Session=%13!d!)"
|
|
{
|
|
PageDirectoryBase, ItemPtr
|
|
Process Id, ItemULong
|
|
Parent Id, ItemULong
|
|
Session Id, ItemULong
|
|
Exit Status, ItemUlong
|
|
User SID, ItemSid
|
|
Image FileName, ItemString
|
|
}
|
|
|
|
3d6fa8d1-fe05-11d0-9dda-00c04fd7ba7c Thread
|
|
#typev Start 1 "%0Started Thread %10!04X!.%11!04X!"
|
|
#typev DCStart 3 "%0Data Collection Started for %10!04X!.%11!04X!"
|
|
{
|
|
Process Id, ItemULong
|
|
Thread Id, ItemULong
|
|
StackBase, ItemPtr
|
|
StackLimit, ItemPtr
|
|
UserStackBase, ItemPtr
|
|
UserStackLimit, ItemPtr
|
|
StartAddr, ItemPtr
|
|
Win32StartAddr, ItemPtr
|
|
WaitMode, ItemChar
|
|
}
|
|
#typev End 2 "%0Ended Thread %10!04X!.%11!04X!"
|
|
#typev DCEnd 4 "%0Data Collection Ended for %10!04X!.%11!04X!"
|
|
{
|
|
Process Id, ItemULong
|
|
Thread Id, ItemULong
|
|
}
|
|
|
|
|
|
3d6fa8d3-fe05-11d0-9dda-00c04fd7ba7c PageFault
|
|
#typev TransitionFault 10 "%0Pagefault Transition VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev DemandZeroFault 11 "%0Pagefault DemandZero VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev CopyOnWrite 12 "%0Pagefault CopyOnWrite VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev GlobalPageFault 13 "%0Pagefault GuardPageFault VA=0x%10!08X!, PC=0x%11!08X!"
|
|
#typev Hard 14 "%0Pagefault Hard VA=0x%10!08X!, PC=0x%11!08X!, in %12!016X!"
|
|
#typev Notification 15 "%0Pagefault Notification VA=0x%10!08X!, PC=0x%11!08X!, in %12!016X!"
|
|
{
|
|
Virtual Address,ItemULongX
|
|
Program Counter,ItemUlongX
|
|
Byte Offset, ItemLongLong
|
|
File Object, ItemUlongX
|
|
Byte Count, ItemUlong
|
|
HotFile Name, ItemNWString
|
|
}
|
|
|
|
01853a65-418f-4f36-aefc-dc0f1d2fd235 Config
|
|
#typev CPU 10 "%0%15!s!(%16!s!) :: CPU # %11!d!, Speed %10!d!Mhz, Memory %12!d!K, PageSize %13!d!K, AllocationGranularity %14!d!"
|
|
{
|
|
MHz, ItemULong //10
|
|
NumberOfProcessors, ItemULong //11
|
|
MemSize, ItemULong //12
|
|
PageSize, ItemULong //13
|
|
AllocationGranularity, ItemULong //14
|
|
ComputerName, ItemWChar[256] //15
|
|
DomainName, ItemWChar[132] //16
|
|
|
|
}
|
|
#typev PhyDisk 11 "%0Phsical Disk %10!d!(%19!s!), SectorSize: %11!d!, SectorsperTrack: %12!d!, TracksPerCylinder %13!d! Cylinders %14!d!, SCSI (Port=%15!d!, Path %16!d!, Target=%17!d!, Lun=%18!d!)"
|
|
{
|
|
DiskNumber, ItemULong //10
|
|
BytesPerSector, ItemULong //11
|
|
SectorsPerTrack, ItemULong //12
|
|
TracksPerCylinder, ItemULong //13
|
|
Cylinders, ItemULongLong //14
|
|
SCSIPort, ItemULong //15
|
|
SCSIPath, ItemULong //16
|
|
SCSITarget, ItemULong //17
|
|
SCSILun, ItemULong //18
|
|
Manufacturer, ItemWChar[256] //19
|
|
PartitionCount, ItemULong //20
|
|
WriteCacheEnabled, ItemBool //21
|
|
BootDriveLetter, ItemWChar[3] //22
|
|
}
|
|
#typev LogDisk 12 "%0Logical Disk %12!d! %15!s! "
|
|
{
|
|
StartOffset, ItemULongLong //10
|
|
PartitionSize, ItemULongLong //11
|
|
DiskNumber, ItemULong //12
|
|
Size, ItemULong //13
|
|
DriveType, ItemULong //14
|
|
DriveLetterString, ItemWChar[4] //15
|
|
Pad, ItemULong //16
|
|
PartitionNumber, ItemULong //17
|
|
SectorsPerCluster, ItemULong //18
|
|
BytesPerSector, ItemULong //19
|
|
NumberOfFreeClusters, ItemLongLong //20
|
|
TotalNumberOfClusters, ItemLongLong //21
|
|
FileSystem, ItemWChar[16] //22
|
|
VolumeExt, ItemULong
|
|
|
|
}
|
|
#typev NIC 13 "%0NIC %12!d! Name = %10!s! "
|
|
{
|
|
NICName, ItemWChar[256] //10
|
|
Index, ItemULong //11
|
|
PhysicalAddrLen, ItemULong //12
|
|
PhysicalAddr, ItemWChar[8] //13
|
|
Size, ItemULong //14
|
|
IpAddress, ItemLong //15
|
|
SubnetMask, ItemLong //16
|
|
DhcpServer, ItemLong //17
|
|
Gateway, ItemLong //18
|
|
PrimaryWinsServer, ItemLong //19
|
|
SecondaryWinsServer, ItemLong //20
|
|
DnsServer1, ItemLong //21
|
|
DnsServer2, ItemLong //21
|
|
DnsServer3, ItemLong //23
|
|
DnsServer4, ItemLong //24
|
|
Data, ItemULong
|
|
}
|
|
#typev Video 14 "%0Video %17!s!"
|
|
{
|
|
MemorySize, ItemULong //10
|
|
XResolution, ItemULong //11
|
|
YResolution, ItemULong //12
|
|
BitsPerPixel, ItemULong //13
|
|
VRefresh, ItemULong //14
|
|
ChipType, ItemWCHAR[256] //15
|
|
DACType, ItemWCHAR[256] //16
|
|
AdapterString, ItemWCHAR[256] //17
|
|
BiosString, ItemWCHAR[256] //18
|
|
DeviceId, ItemWCHAR[256] //19
|
|
StateFlags, ItemULong
|
|
}
|
|
#typev Services 15 "%0Service (PID=%13!d!) %10!s! %11!s! %12!s!"
|
|
{
|
|
ServiceName, ItemWCHAR[34]
|
|
DisplayName, ItemWCHAR[256]
|
|
ProcessName, ItemWCHAR[34]
|
|
ProcessId, ItemULong
|
|
}
|
|
#typev Power 16 "%0Power Configuration"
|
|
{
|
|
S1, ItemBool
|
|
S2, ItemBool
|
|
S3, ItemBool
|
|
S4, ItemBool
|
|
S5, ItemBool
|
|
Pad1, ItemChar
|
|
Pad2, ItemChar
|
|
Pad3, ItemChar
|
|
}
|
|
|
|
|
|
3d6fa8d4-fe05-11d0-9dda-00c04fd7ba7c DiskIo
|
|
#typev Read 10 "%0Read of %12!5d! bytes (FileObj=0x%15!08X!)"
|
|
#typev Write 11 "%0Write of %12!5d! bytes (FileObj=0x%15!08X!)"
|
|
{
|
|
Disk Number, ItemULong
|
|
Irp Flags, ItemULongX
|
|
Transfer Size, ItemULong
|
|
QueueDepth, ItemULong
|
|
Byte Offset, ItemLongLong
|
|
File Object, ItemULongX
|
|
}
|
|
AE53722E-C863-11d2-8659-00C04FA321A1 Registry
|
|
#typev Create 10 "%0Create of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev Open 11 "%0Open of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev Delete 12 "%0Delete of Handle = 0x%11!08X!(%14!s!) Status = %10!0X!"
|
|
#typev Query 13 "%0Query of (%14!s!) Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev SetValue 14 "%0SetValue of %14!s! Handle = 0x%11!08X!(%14!s!)8X! Status = %10!0X! (TID =%3!0X!)"
|
|
#typev QueryValue 16 "%0QueryValue of (%14!s!) Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev EnumerateKey 17 "%0EnumerateKey of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev EnumerateValueKey 18 "%0EnumerateValueKey of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev QueryMultipleValue 19 "%0QueryMultiple of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev SetInformation 20 "%0SetInformation of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev Flush 21 "%0Flush of %14!s! Handle = 0x%11!08X! Status = %10!0X!"
|
|
#typev RunDown 22 "%0Rundown"
|
|
{
|
|
Status,ItemUlongX
|
|
Key Handle, ItemULongX
|
|
Elapsed Time, ItemLongLong
|
|
Index, ItemULong
|
|
KeyName, ItemWString
|
|
}
|
|
90cbdc39-4a3e-11d1-84f4-0000f80464e3 FileIo
|
|
#typev Name 0 "%0Filio for %11 (FileObj=0x%10!X!)"
|
|
#typev FileCreate 32 "%0File Create of %11 (FileObj=0x%10!X!)"
|
|
{
|
|
File Object, ItemPtr
|
|
File Name, ItemWString
|
|
}
|
|
|
|
9a280ac0-c8e0-11d1-84e2-00c04fb998a2 TcpIp
|
|
#typev Send 10 "%0TCPIP Send to %12!13s!:%14!05d! from %13!13s!:%15!05d! of %11!5d! bytes"
|
|
#typev Recv 11 "%0TCPIP Receive from %12!13s!:%14!05d! to %13!13s!:%15!05d! of %11!5d! bytes"
|
|
#typev Connect 12 "%0TCPIP Connect to %12:%14!05d! from %13:%15!05d!"
|
|
#typev Disconnect 13 "%0TCPIP Discon From %12:%14!05d! to %13:%15!05d!"
|
|
#typev Retransmit 14 "%0TCPIP Retransmit to %12:%14!05d!"
|
|
#typev Accept 15 "%0TCPIP Accept From %12:%14!05d!"
|
|
#typev Reconnect 16 "%0TCPIP Reconnect To %12:%14!05d!"
|
|
{
|
|
PID, ItemULong /10
|
|
size, ItemULong /11
|
|
daddr, ItemIPAddr /12
|
|
saddr, ItemIPAddr /13
|
|
dport, ItemUshort /14
|
|
sport, ItemUshort /15
|
|
}
|
|
|
|
bf3a50c5-a9c9-4988-a005-2df0b7c80f80 UdpIp
|
|
#typev Send 10 "%0UDP Send to %12!13s!:%14!05d! from %13!13s!:%15!05d! of %11!5d! bytes (Pid= %10!08X!)"
|
|
#typev Recv 11 "%0UDP Receive from %12!13s!:%14!05d! to %13!13s!:%15!05d! of %11!5d! bytes (Pid= %10!08X!)"
|
|
{
|
|
PID, ItemULong /10
|
|
size,ItemUlong /11
|
|
destaddr, ItemIPAddr /12
|
|
srcdaddr, ItemIPAddr /13
|
|
destport, ItemUshort /14
|
|
srcport, ItemUshort /15
|
|
}
|
|
|
|
//******************************************
|
|
// Test Events
|
|
// d58c126f-b309-11d1-969e-0000f875a5bc
|
|
//******************************************
|
|
ce5b1020-8ea9-11d0-a4ec-00a0c9062910 TraceDp
|
|
#typev Start 1
|
|
#typev End 2
|
|
{
|
|
UserData, ItemULong
|
|
}
|
|
|
|
f2e0e060-bf32-4b88-b8e4-5cad15af6ae9 ACPI
|
|
#typev One 1 "%0%10!s!"
|
|
{
|
|
String,ItemString
|
|
}
|
|
#typev two 2 "%0%10!s!"
|
|
{
|
|
String,ItemString
|
|
}
|
|
|