Documentation
¶
Index ¶
- func TdhGetEventInformation(Event *EventRecord, TdhContextCount types.ULONG, TdhContext *TdhContext, ...) types.ErrorCode
- func TdhGetProperty(pEvent *EventRecord, TdhContextCount types.ULONG, pTdhContext *TdhContext, ...) types.ErrorCode
- func TdhGetPropertySize(pEvent *EventRecord, TdhContextCount types.ULONG, pTdhContext *TdhContext, ...) types.ErrorCode
- type BufferContext
- type DecodingSource
- type EVENT_FIELD_TYPE
- type EVENT_HEADER_u
- type EVENT_HEADER_u_s
- type EVENT_MAP_ENTRY
- type EVENT_MAP_ENTRY_u
- type EVENT_MAP_INFO
- type EVENT_MAP_INFO_u
- type EventDescriptor
- type EventHeader
- type EventHeaderExtendedDataItem
- type EventHeaderFlag
- type EventHeaderProperty
- type EventPropertyInfo
- type EventRecord
- type Linkage
- type MAP_FLAGS
- type MAP_VALUETYPE
- type PEVENT_MAP_INFO
- type PPROVIDER_ENUMERATION_INFO
- type PPROVIDER_FIELD_INFOARRAY
- type PPROVIDER_FILTER_INFO
- type PROVIDER_ENUMERATION_INFO
- type PROVIDER_FIELD_INFO
- type PROVIDER_FIELD_INFOARRAY
- type PROVIDER_FILTER_INFO
- type PTDH_HANDLE
- type PTRACE_EVENT_INFO
- type PropertyDataDescriptor
- type PropertyFlags
- type StructType
- type TDH_HANDLE
- type TRACE_PROVIDER_INFO
- type TdhContext
- type TdhContextType
- type TdhInType
- type TdhOutType
- type TemplateFlags
- type TraceEventInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func TdhGetEventInformation ¶
func TdhGetEventInformation(Event *EventRecord, TdhContextCount types.ULONG, TdhContext *TdhContext, Buffer *TraceEventInfo, BufferSize *types.ULONG) types.ErrorCode
https://docs.microsoft.com/en-us/windows/win32/api/tdh/nf-tdh-tdhgeteventinformation
func TdhGetProperty ¶
func TdhGetProperty(pEvent *EventRecord, TdhContextCount types.ULONG, pTdhContext *TdhContext, PropertyDataCount types.ULONG, pPropertyData *PropertyDataDescriptor, BufferSize types.ULONG, pBuffer *types.BYTE) types.ErrorCode
https://docs.microsoft.com/en-us/windows/win32/api/tdh/nf-tdh-tdhgetproperty
func TdhGetPropertySize ¶
func TdhGetPropertySize(pEvent *EventRecord, TdhContextCount types.ULONG, pTdhContext *TdhContext, PropertyDataCount types.ULONG, pPropertyData *PropertyDataDescriptor, pPropertySize *types.ULONG) types.ErrorCode
https://docs.microsoft.com/en-us/windows/win32/api/tdh/nf-tdh-tdhgetpropertysize
Types ¶
type BufferContext ¶
type DecodingSource ¶
DecodingSource
const ( DecodingSourceXMLFile DecodingSource = 0 DecodingSourceWbem DecodingSource = 1 DecodingSourceWPP DecodingSource = 2 )
type EVENT_FIELD_TYPE ¶
EVENT_FIELD_TYPE
const ( EventKeywordInformation EVENT_FIELD_TYPE = 0 EventLevelInformation EVENT_FIELD_TYPE = 1 EventChannelInformation EVENT_FIELD_TYPE = 2 EventTaskInformation EVENT_FIELD_TYPE = 3 EventOpcodeInformation EVENT_FIELD_TYPE = 4 )
type EVENT_HEADER_u_s ¶
EVENT_HEADER_u_s
type EVENT_MAP_ENTRY ¶
type EVENT_MAP_ENTRY struct {
OutputOffset types.ULONG
U1 EVENT_MAP_ENTRY_u
}
EVENT_MAP_ENTRY
type EVENT_MAP_INFO ¶
type EVENT_MAP_INFO struct {
NameOffset types.ULONG
Flag MAP_FLAGS
EntryCount types.ULONG
U1 EVENT_MAP_INFO_u
MapEntryArray [1]EVENT_MAP_ENTRY
}
EVENT_MAP_INFO
type EVENT_MAP_INFO_u ¶
type EVENT_MAP_INFO_u struct {
MapEntryValueType MAP_VALUETYPE
}
EVENT_MAP_INFO_u
type EventDescriptor ¶
type EventDescriptor struct {
// ID represents event identifier.
ID uint16
// Version indicates a revision to the event definition.
Version uint8
// Channel is the audience for the event (e.g. administrator or developer).
Channel uint8
// Level is the severity or level of detail included in the event.
Level uint8
// Opcode is step in a sequence of operations being performed within the `Task` field. For MOF-defined events,
// the `Opcode` member contains the event type value.
Opcode uint8
// Task represents a larger unit of work within an application or component.
Task uint16
// Keyword A bitmask that specifies a logical group of related events. Each bit corresponds to one group. An event may belong to one or more groups.
// The keyword can contain one or more provider-defined keywords, standard keywords, or both.
Keyword uint64
}
EventDescriptor
type EventHeader ¶
type EventHeader struct {
Size types.USHORT
HeaderType types.USHORT
Flags EventHeaderFlag
EventProperty EventHeaderProperty
ThreadId types.ULONG
ProcessId types.ULONG
TimeStamp types.LARGE_INTEGER
ProviderId types.GUID
EventDescriptor EventDescriptor
ProcessorTime types.ULONG64
ActivityId types.GUID
}
EventHeader
type EventHeaderFlag ¶
EventHeaderFlag
const ( EventHeaderFlagExtendedInfo EventHeaderFlag = 0x0001 EventHeaderFlagPrivateSession EventHeaderFlag = 0x0002 EventHeaderFlagStringOnly EventHeaderFlag = 0x0004 EventHeaderFlagTraceMessage EventHeaderFlag = 0x0008 EventHeaderFlagNoCPUTime EventHeaderFlag = 0x0010 EventHeaderFlag32BitHeader EventHeaderFlag = 0x0020 EventHeaderFlag64BitHeader EventHeaderFlag = 0x0040 EventHeaderFlagClassicHeader EventHeaderFlag = 0x0100 )
type EventHeaderProperty ¶
EventHeaderProperty
const ( EventHeaderPropertyXML EventHeaderProperty = 0x0001 EventHeaderPropertyForwardedXML EventHeaderProperty = 0x0002 EventHeaderPropertyLegacyEventLog EventHeaderProperty = 0x0004 )
type EventPropertyInfo ¶
type EventPropertyInfo struct {
Flags PropertyFlags
NameOffset types.ULONG
StructType StructType
Count types.USHORT
Length types.USHORT
Reserved types.ULONG
}
EventPropertyInfo
type EventRecord ¶
type EventRecord struct {
EventHeader EventHeader
BufferContext BufferContext
ExtendedDataCount types.USHORT
UserDataLength types.USHORT
ExtendedData *EventHeaderExtendedDataItem
UserData types.PVOID
UserContext types.PVOID
}
EventRecord
type MAP_FLAGS ¶
MAP_FLAGS
const ( EVENTMAP_INFO_FLAG_MANIFEST_VALUEMAP MAP_FLAGS = 0x1 EVENTMAP_INFO_FLAG_MANIFEST_BITMAP MAP_FLAGS = 0x2 EVENTMAP_INFO_FLAG_MANIFEST_PATTERNMAP MAP_FLAGS = 0x4 EVENTMAP_INFO_FLAG_WBEM_VALUEMAP MAP_FLAGS = 0x8 EVENTMAP_INFO_FLAG_WBEM_BITMAP MAP_FLAGS = 0x10 EVENTMAP_INFO_FLAG_WBEM_FLAG MAP_FLAGS = 0x20 EVENTMAP_INFO_FLAG_WBEM_NO_MAP MAP_FLAGS = 0x40 )
type MAP_VALUETYPE ¶
MAP_VALUETYPE
const ( EVENTMAP_ENTRY_VALUETYPE_ULONG MAP_VALUETYPE = 0 EVENTMAP_ENTRY_VALUETYPE_STRING MAP_VALUETYPE = 1 )
type PEVENT_MAP_INFO ¶
type PEVENT_MAP_INFO *EVENT_MAP_INFO
type PPROVIDER_ENUMERATION_INFO ¶
type PPROVIDER_ENUMERATION_INFO *PROVIDER_ENUMERATION_INFO
type PPROVIDER_FIELD_INFOARRAY ¶
type PPROVIDER_FIELD_INFOARRAY *PROVIDER_FIELD_INFOARRAY
type PPROVIDER_FILTER_INFO ¶
type PPROVIDER_FILTER_INFO *PROVIDER_FILTER_INFO
type PROVIDER_ENUMERATION_INFO ¶
type PROVIDER_ENUMERATION_INFO struct {
NumberOfProviders types.ULONG
Reserved types.ULONG
TraceProviderInfoArray [1]TRACE_PROVIDER_INFO
}
PROVIDER_ENUMERATION_INFO
type PROVIDER_FIELD_INFO ¶
type PROVIDER_FIELD_INFO struct {
NameOffset types.ULONG
DescriptionOffset types.ULONG
Value types.ULONGLONG
}
PROVIDER_FIELD_INFO
type PROVIDER_FIELD_INFOARRAY ¶
type PROVIDER_FIELD_INFOARRAY struct {
NumberOfElements types.ULONG
FieldType EVENT_FIELD_TYPE
FieldInfoArray [1]PROVIDER_FIELD_INFO
}
PROVIDER_FIELD_INFOARRAY
type PROVIDER_FILTER_INFO ¶
type PROVIDER_FILTER_INFO struct {
Id types.UCHAR
Version types.UCHAR
MessageOffset types.ULONG
Reserved types.ULONG
PropertyCount types.ULONG
EventPropertyInfoArray [1]EventPropertyInfo
}
PROVIDER_FILTER_INFO
type PTRACE_EVENT_INFO ¶
type PTRACE_EVENT_INFO *TraceEventInfo
type PropertyDataDescriptor ¶
type PropertyDataDescriptor struct {
PropertyName types.ULONGLONG
ArrayIndex types.ULONG
Reserved types.ULONG
}
PropertyDataDescriptor
type PropertyFlags ¶
PropertyFlags
const ( PropertyStruct PropertyFlags = 0x1 PropertyParamLength PropertyFlags = 0x2 PropertyParamCount PropertyFlags = 0x4 PropertyWBEMXmlFragment PropertyFlags = 0x8 PropertyParamFixedLength PropertyFlags = 0x10 )
type StructType ¶
type StructType struct {
InType TdhInType
OutType TdhOutType
MapNameOffset types.ULONG
}
EVENT_PROPERTY_INFO_u1
type TRACE_PROVIDER_INFO ¶
type TRACE_PROVIDER_INFO struct {
ProviderGuid types.GUID
SchemaSource types.ULONG
ProviderNameOffset types.ULONG
}
TRACE_PROVIDER_INFO
type TdhContext ¶
type TdhContext struct {
ParameterValue types.ULONGLONG
ParameterType TdhContextType
ParameterSize types.ULONG
}
TdhContext
type TdhContextType ¶
TdhContextType
const ( TdhContextWPPTmfFile TdhContextType = 0 TdhContextWPPTmfSearchpath TdhContextType = 1 TdhContextWPPGMT TdhContextType = 2 TdhContextPointersize TdhContextType = 3 )
type TdhInType ¶
TdhInType
const ( TdhIntypeNull TdhInType = 0 TdhIntypeUnicodestring TdhInType = 1 TdhIntypeAnsiString TdhInType = 2 TdhIntypeInt8 TdhInType = 3 TdhIntypeUint8 TdhInType = 4 TdhIntypeInt16 TdhInType = 5 TdhIntypeUint16 TdhInType = 6 TdhIntypeInt32 TdhInType = 7 TdhIntypeUint32 TdhInType = 8 TdhIntypeInt64 TdhInType = 9 TdhIntypeUint64 TdhInType = 10 TdhIntypeFloat TdhInType = 11 TdhIntypeDouble TdhInType = 12 TdhIntypeBoolean TdhInType = 13 TdhIntypeBinary TdhInType = 14 TdhIntypeGuid TdhInType = 15 TdhIntypePointer TdhInType = 16 TdhIntypeFileTime TdhInType = 17 TdhIntypeSystemTime TdhInType = 18 TdhIntypeSid TdhInType = 19 TdhIntypeHexInt32 TdhInType = 20 TdhIntypeHexInt64 TdhInType = 21 TdhIntypeCountedString TdhInType = 300 TdhIntypeCountedAnsiString TdhInType = 301 TdhIntypeReversedCountedString TdhInType = 302 TdhIntypeReversedCountedAnsiString TdhInType = 303 TdhIntypeNonnullTerminatedString TdhInType = 304 TdhIntypeNonnullTerminatedAnsiString TdhInType = 305 TdhIntypeUnicodeChar TdhInType = 306 TdhIntypeAnsiChar TdhInType = 307 TdhIntypeSizet TdhInType = 308 TdhIntypeHexDump TdhInType = 309 TdhIntypeWbemSid TdhInType = 310 )
type TdhOutType ¶
TdhOutType
const ( TdhOutypeNull TdhOutType = 0 TdhOutypeString TdhOutType = 1 TdhOutypeDateTime TdhOutType = 2 TdhOutypeByte TdhOutType = 3 TdhOutypeUnsignedByte TdhOutType = 4 TdhOutypeShort TdhOutType = 5 TdhOutypeUnsignedShort TdhOutType = 6 TdhOutypeInt TdhOutType = 7 TdhOutypeUnsignedInt TdhOutType = 8 TdhOutypeLong TdhOutType = 9 TdhOutypeUnsignedLong TdhOutType = 10 TdhOutypeFloat TdhOutType = 11 TdhOutypeDouble TdhOutType = 12 TdhOutypeBoolean TdhOutType = 13 TdhOutypeGuid TdhOutType = 14 TdhOutypeHexBinary TdhOutType = 15 TdhOutypeHexInt8 TdhOutType = 16 TdhOutypeHexInt16 TdhOutType = 17 TdhOutypeHexInt32 TdhOutType = 18 TdhOutypeHexInt64 TdhOutType = 19 TdhOutypePid TdhOutType = 20 TdhOutypeTid TdhOutType = 21 TdhOutypePort TdhOutType = 22 TdhOutypeIpv4 TdhOutType = 23 TdhOutypeIpv6 TdhOutType = 24 TdhOutypeSocketAddress TdhOutType = 25 TdhOutypeCIMDateTime TdhOutType = 26 TdhOutypeETWTime TdhOutType = 27 TdhOutypeXml TdhOutType = 28 TdhOutypeErrorCode TdhOutType = 29 TdhOutypeWin32Error TdhOutType = 30 TdhOutypeNtstatus TdhOutType = 31 TdhOutypeHresult TdhOutType = 32 TdhOutypeCultureInsensitiveDateTime TdhOutType = 33 TdhOutypeReducedString TdhOutType = 300 TdhOutypeNoPrint TdhOutType = 301 )
type TemplateFlags ¶
TemplateFlags
const ( TEMPLATE_EVENT_DATA TemplateFlags = 1 TEMPLATE_USER_DATA TemplateFlags = 2 )
type TraceEventInfo ¶
type TraceEventInfo struct {
ProviderGuid types.GUID
EventGuid types.GUID
EventDescriptor EventDescriptor
DecodingSource DecodingSource
ProviderNameOffset types.ULONG
LevelNameOffset types.ULONG
ChannelNameOffset types.ULONG
KeywordsNameOffset types.ULONG
TaskNameOffset types.ULONG
OpcodeNameOffset types.ULONG
EventMessageOffset types.ULONG
ProviderMessageOffset types.ULONG
BinaryXMLOffset types.ULONG
BinaryXMLSize types.ULONG
ActivityIDNameOffset types.ULONG
RelatedActivityIDNameOffset types.ULONG
PropertyCount types.ULONG
TopLevelPropertyCount types.ULONG
Flags TemplateFlags
EventPropertyInfoArray [1]EventPropertyInfo
}
TraceEventInfo
Source Files
Click to show internal directories.
Click to hide internal directories.