-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathevent.h
More file actions
277 lines (252 loc) · 8.35 KB
/
event.h
File metadata and controls
277 lines (252 loc) · 8.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
#pragma once
// @test: rename to "event_trace.h"?
// @todo: no bit/version selection
#pragma pack(push, 8)
#if Q_NT_VERSION >= Q_NT_VISTA
#ifndef _TRACEHANDLE_DEFINED
#define _TRACEHANDLE_DEFINED
using TRACEHANDLE = std::uint64_t;
#endif
using EVENT_TRACE_INFORMATION_CLASS = enum _EVENT_TRACE_INFORMATION_CLASS : std::uint32_t
{
EventTraceKernelVersionInformation = 0, // EVENT_TRACE_VERSION_INFORMATION
EventTraceGroupMaskInformation = 1, // EVENT_TRACE_GROUPMASK_INFORMATION
EventTracePerformanceInformation = 2, // EVENT_TRACE_PERFORMANCE_INFORMATION
EventTraceTimeProfileInformation = 3, // EVENT_TRACE_TIME_PROFILE_INFORMATION
EventTraceSessionSecurityInformation = 4, // EVENT_TRACE_SESSION_SECURITY_INFORMATION
#if Q_NT_VERSION >= Q_NT_WIN7
EventTraceSpinlockInformation = 5, // EVENT_TRACE_SPINLOCK_INFORMATION
EventTraceStackTracingInformation = 6, // EVENT_TRACE_STACK_TRACING_INFORMATION
EventTraceExecutiveResourceInformation = 7, // EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION
EventTraceHeapTracingInformation = 8, // EVENT_TRACE_HEAP_TRACING_INFORMATION
EventTraceHeapSummaryTracingInformation = 9, // EVENT_TRACE_HEAP_TRACING_INFORMATION
EventTracePoolTagFilterInformation = 10, // EVENT_TRACE_POOLTAG_FILTER_INFORMATION
#endif
#if Q_NT_VERSION >= Q_NT_WIN8
EventTracePebsTracingInformation = 11, // EVENT_TRACE_PEBS_TRACING_INFORMATION
EventTraceProfileConfigInformation = 12, // EVENT_TRACE_PROFILE_CONFIG_INFORMATION
EventTraceProfileSourceListInformation = 13, // EVENT_TRACE_PROFILE_LIST_INFORMATION
EventTraceProfileEventListInformation = 14, // EVENT_TRACE_PROFILE_EVENT_INFORMATION
EventTraceProfileCounterListInformation = 15, // EVENT_TRACE_PROFILE_COUNTER_INFORMATION
EventTraceStackCachingInformation = 16, // EVENT_TRACE_STACK_CACHING_INFORMATION
EventTraceObjectTypeFilterInformation = 17, // EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION
#endif
#if Q_NT_VERSION >= Q_NT_WIN10_RS1
EventTraceSoftRestartInformation = 18, // EVENT_TRACE_SOFT_RESTART_INFORMATION
#endif
#if Q_NT_VERSION >= Q_NT_WIN10_RS3
EventTraceLastBranchConfigurationInformation = 19,
EventTraceLastBranchEventListInformation = 20, // EVENT_TRACE_PROFILE_EVENT_INFORMATION
#endif
#if Q_NT_VERSION >= Q_NT_WIN10_RS4
EventTraceProfileSourceAddInformation = 21, // EVENT_TRACE_PROFILE_ADD_INFORMATION
EventTraceProfileSourceRemoveInformation = 22, // EVENT_TRACE_PROFILE_REMOVE_INFORMATION
EventTraceProcessorTraceConfigurationInformation = 23,
EventTraceProcessorTraceEventListInformation = 24, // EVENT_TRACE_PROFILE_EVENT_INFORMATION
EventTraceCoverageSamplerInformation = 25, // EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION
#endif
#if Q_NT_VERSION >= Q_NT_WIN10_21H1
EventTraceUnifiedStackCachingInformation = 26,
#endif
#if Q_NT_VERSION >= Q_NT_WIN11_24H2
EventTraceContextRegisterTraceInformation = 27, // TRACE_CONTEXT_REGISTER_INFO
#endif
MaxEventTraceInfoClass
};
struct EVENT_TRACE_VERSION_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t EventTraceKernelVersion;
};
struct PERFINFO_GROUPMASK
{
std::uint32_t Masks[8];
};
struct EVENT_TRACE_GROUPMASK_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
TRACEHANDLE TraceHandle;
PERFINFO_GROUPMASK EventTraceGroupMasks;
};
struct EVENT_TRACE_PERFORMANCE_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
LARGE_INTEGER LogfileBytesWritten;
};
struct EVENT_TRACE_TIME_PROFILE_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t ProfileInterval;
};
struct EVENT_TRACE_SESSION_SECURITY_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t SecurityInformation;
TRACEHANDLE TraceHandle;
std::uint8_t SecurityDescriptor[ANYSIZE_ARRAY];
};
struct EVENT_TRACE_SPINLOCK_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t SpinLockSpinThreshold;
std::uint32_t SpinLockAcquireSampleRate;
std::uint32_t SpinLockContentionSampleRate;
std::uint32_t SpinLockHoldThreshold;
};
struct EVENT_TRACE_SYSTEM_EVENT_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
TRACEHANDLE TraceHandle;
std::uint32_t HookId[ANYSIZE_ARRAY];
};
using EVENT_TRACE_STACK_TRACING_INFORMATION = EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
using EVENT_TRACE_PEBS_TRACING_INFORMATION = EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
using EVENT_TRACE_PROFILE_EVENT_INFORMATION = EVENT_TRACE_SYSTEM_EVENT_INFORMATION;
struct EVENT_TRACE_EXECUTIVE_RESOURCE_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t ReleaseSamplingRate;
std::uint32_t ContentionSamplingRate;
std::uint32_t NumberOfExcessiveTimeouts;
};
struct EVENT_TRACE_HEAP_TRACING_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t ProcessId[ANYSIZE_ARRAY];
};
struct EVENT_TRACE_TAG_FILTER_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
TRACEHANDLE TraceHandle;
std::uint32_t Filter[ANYSIZE_ARRAY];
};
using EVENT_TRACE_POOLTAG_FILTER_INFORMATION = EVENT_TRACE_TAG_FILTER_INFORMATION;
using EVENT_TRACE_OBJECT_TYPE_FILTER_INFORMATION = EVENT_TRACE_TAG_FILTER_INFORMATION;
#define ETW_MAX_PROFILING_SOURCES 4
#define ETW_MAX_PMC_EVENTS 4
#define ETW_MAX_PMC_COUNTERS 4
struct EVENT_TRACE_PROFILE_COUNTER_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
TRACEHANDLE TraceHandle;
std::uint32_t ProfileSource[ANYSIZE_ARRAY];
};
using EVENT_TRACE_PROFILE_CONFIG_INFORMATION = EVENT_TRACE_PROFILE_COUNTER_INFORMATION;
struct PROFILE_SOURCE_INFO
{
std::uint32_t NextEntryOffset;
std::uint32_t Source;
std::uint32_t MinInterval;
std::uint32_t MaxInterval;
void* Reserved;
wchar_t Description[ANYSIZE_ARRAY];
};
struct EVENT_TRACE_PROFILE_LIST_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint32_t Spare;
PROFILE_SOURCE_INFO* Profile[ANYSIZE_ARRAY];
};
struct EVENT_TRACE_STACK_CACHING_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
TRACEHANDLE TraceHandle;
bool Enabled;
std::uint8_t Reserved[3];
std::uint32_t CacheSize;
std::uint32_t BucketCount;
};
struct EVENT_TRACE_SOFT_RESTART_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
TRACEHANDLE TraceHandle;
bool PersistTraceBuffers;
wchar_t FileName[ANYSIZE_ARRAY];
};
using EVENT_TRACE_PROFILE_ADD_INFORMATION_VERSIONS = enum _EVENT_TRACE_PROFILE_ADD_INFORMATION_VERSIONS
{
EventTraceProfileAddInformationV2 = 0x2,
EventTraceProfileAddInformationV3 = 0x3,
EventTraceProfileAddInformationMinVersion = EventTraceProfileAddInformationV2,
EventTraceProfileAddInformationMaxVersion = EventTraceProfileAddInformationV3
};
union EVENT_TRACE_PROFILE_ADD_INFORMATION_V2
{
struct
{
std::uint8_t PerfEvtEventSelect;
std::uint8_t PerfEvtUnitSelect;
std::uint8_t PerfEvtCMask;
std::uint8_t PerfEvtCInv;
std::uint8_t PerfEvtAnyThread;
std::uint8_t PerfEvtEdgeDetect;
} Intel;
struct
{
std::uint8_t PerfEvtEventSelect;
std::uint8_t PerfEvtUnitSelect;
} Amd;
struct
{
std::uint32_t PerfEvtType;
std::uint8_t AllowsHalt;
} Arm;
};
union EVENT_TRACE_PROFILE_ADD_INFORMATION_V3
{
struct
{
std::uint8_t PerfEvtEventSelect;
std::uint8_t PerfEvtUnitSelect;
std::uint8_t PerfEvtCMask;
std::uint8_t PerfEvtCInv;
std::uint8_t PerfEvtAnyThread;
std::uint8_t PerfEvtEdgeDetect;
} Intel;
struct
{
std::uint16_t PerfEvtEventSelect;
std::uint8_t PerfEvtUnitSelect;
std::uint8_t PerfEvtCMask;
std::uint8_t PerfEvtCInv;
std::uint8_t PerfEvtEdgeDetect;
std::uint8_t PerfEvtHostGuest;
std::uint8_t PerfPmuType;
} Amd;
struct
{
std::uint32_t PerfEvtType;
std::uint8_t AllowsHalt;
} Arm;
};
struct EVENT_TRACE_PROFILE_ADD_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint8_t Version;
union
{
EVENT_TRACE_PROFILE_ADD_INFORMATION_V2 V2;
EVENT_TRACE_PROFILE_ADD_INFORMATION_V3 V3;
};
std::uint32_t CpuInfoHierarchy[0x3];
std::uint32_t InitialInterval;
bool Persist;
wchar_t ProfileSourceDescription[0x1];
};
struct EVENT_TRACE_PROFILE_REMOVE_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
KPROFILE_SOURCE ProfileSource;
std::uint32_t CpuInfoHierarchy[3];
};
struct EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION
{
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
std::uint8_t CoverageSamplerInformationClass;
std::uint8_t MajorVersion;
std::uint8_t MinorVersion;
std::uint8_t Reserved;
HANDLE SamplerHandle;
};
#endif
#pragma pack(pop)