/*++
Copyright (c) 1991-1993 Microsoft Corporation
Module Name:
ntelfapi.h
Abstract:
This file contains the prototypes for the user-level Elf APIs.
Author:
Rajen Shah (rajens) 30-Jul-1991
Revision History:
--*/
#ifndef _NTELFAPI_
#define _NTELFAPI_
// begin_winnt
//
// Defines for the READ flags for Eventlogging
//
#define EVENTLOG_SEQUENTIAL_READ 0X0001
#define EVENTLOG_SEEK_READ 0X0002
#define EVENTLOG_FORWARDS_READ 0X0004
#define EVENTLOG_BACKWARDS_READ 0X0008
//
// The types of events that can be logged.
//
#define EVENTLOG_SUCCESS 0X0000
#define EVENTLOG_ERROR_TYPE 0x0001
#define EVENTLOG_WARNING_TYPE 0x0002
#define EVENTLOG_INFORMATION_TYPE 0x0004
#define EVENTLOG_AUDIT_SUCCESS 0x0008
#define EVENTLOG_AUDIT_FAILURE 0x0010
//
// Defines for the WRITE flags used by Auditing for paired events
// These are not implemented in Product 1
//
#define EVENTLOG_START_PAIRED_EVENT 0x0001
#define EVENTLOG_END_PAIRED_EVENT 0x0002
#define EVENTLOG_END_ALL_PAIRED_EVENTS 0x0004
#define EVENTLOG_PAIRED_EVENT_ACTIVE 0x0008
#define EVENTLOG_PAIRED_EVENT_INACTIVE 0x0010
//
// Structure that defines the header of the Eventlog record. This is the
// fixed-sized portion before all the variable-length strings, binary
// data and pad bytes.
//
// TimeGenerated is the time it was generated at the client.
// TimeWritten is the time it was put into the log at the server end.
//
typedef struct _EVENTLOGRECORD {
ULONG Length; // Length of full record
ULONG Reserved; // Used by the service
ULONG RecordNumber; // Absolute record number
ULONG TimeGenerated; // Seconds since 1-1-1970
ULONG TimeWritten; // Seconds since 1-1-1970
ULONG EventID;
USHORT EventType;
USHORT NumStrings;
USHORT EventCategory;
USHORT ReservedFlags; // For use with paired events (auditing)
ULONG ClosingRecordNumber; // For use with paired events (auditing)
ULONG StringOffset; // Offset from beginning of record
ULONG UserSidLength;
ULONG UserSidOffset;
ULONG DataLength;
ULONG DataOffset; // Offset from beginning of record
//
// Then follow:
//
// WCHAR SourceName[]
// WCHAR Computername[]
// SID UserSid
// WCHAR Strings[]
// BYTE Data[]
// CHAR Pad[]
// ULONG Length;
//
} EVENTLOGRECORD, *PEVENTLOGRECORD;
// end_winnt
#ifdef UNICODE
#define ElfClearEventLogFile ElfClearEventLogFileW
#define ElfBackupEventLogFile ElfBackupEventLogFileW
#define ElfOpenEventLog ElfOpenEventLogW
#define ElfRegisterEventSource ElfRegisterEventSourceW
#define ElfOpenBackupEventLog ElfOpenBackupEventLogW
#define ElfReadEventLog ElfReadEventLogW
#define ElfReportEvent ElfReportEventW
#else
#define ElfClearEventLogFile ElfClearEventLogFileA
#define ElfBackupEventLogFile ElfBackupEventLogFileA
#define ElfOpenEventLog ElfOpenEventLogA
#define ElfRegisterEventSource ElfRegisterEventSourceA
#define ElfOpenBackupEventLog ElfOpenBackupEventLogA
#define ElfReadEventLog ElfReadEventLogA
#define ElfReportEvent ElfReportEventA
#endif // !UNICODE
//
// Handles are RPC context handles. Note that a Context Handle is
// always a pointer type unlike regular handles.
//
//
// Prototypes for the APIs
//
NTSTATUS
NTAPI
ElfClearEventLogFileW (
IN HANDLE LogHandle,
IN PUNICODE_STRING BackupFileName
);
NTSTATUS
NTAPI
ElfClearEventLogFileA (
IN HANDLE LogHandle,
IN PSTRING BackupFileName
);
NTSTATUS
NTAPI
ElfBackupEventLogFileW (
IN HANDLE LogHandle,
IN PUNICODE_STRING BackupFileName
);
NTSTATUS
NTAPI
ElfBackupEventLogFileA (
IN HANDLE LogHandle,
IN PSTRING BackupFileName
);
NTSTATUS
NTAPI
ElfCloseEventLog (
IN HANDLE LogHandle
);
NTSTATUS
NTAPI
ElfDeregisterEventSource (
IN HANDLE LogHandle
);
NTSTATUS
NTAPI
ElfNumberOfRecords (
IN HANDLE LogHandle,
OUT PULONG NumberOfRecords
);
NTSTATUS
NTAPI
ElfOldestRecord (
IN HANDLE LogHandle,
OUT PULONG OldestRecord
);
NTSTATUS
NTAPI
ElfChangeNotify (
IN HANDLE LogHandle,
IN HANDLE Event
);
NTSTATUS
NTAPI
ElfOpenEventLogW (
IN PUNICODE_STRING UNCServerName,
IN PUNICODE_STRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfRegisterEventSourceW (
IN PUNICODE_STRING UNCServerName,
IN PUNICODE_STRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfOpenBackupEventLogW (
IN PUNICODE_STRING UNCServerName,
IN PUNICODE_STRING FileName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfOpenEventLogA (
IN PSTRING UNCServerName,
IN PSTRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfRegisterEventSourceA (
IN PSTRING UNCServerName,
IN PSTRING SourceName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfOpenBackupEventLogA (
IN PSTRING UNCServerName,
IN PSTRING FileName,
OUT PHANDLE LogHandle
);
NTSTATUS
NTAPI
ElfReadEventLogW (
IN HANDLE LogHandle,
IN ULONG ReadFlags,
IN ULONG RecordNumber,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead,
OUT PULONG MinNumberOfBytesNeeded
);
NTSTATUS
NTAPI
ElfReadEventLogA (
IN HANDLE LogHandle,
IN ULONG ReadFlags,
IN ULONG RecordNumber,
OUT PVOID Buffer,
IN ULONG NumberOfBytesToRead,
OUT PULONG NumberOfBytesRead,
OUT PULONG MinNumberOfBytesNeeded
);
NTSTATUS
NTAPI
ElfReportEventW (
IN HANDLE LogHandle,
IN USHORT EventType,
IN USHORT EventCategory OPTIONAL,
IN ULONG EventID,
IN PSID UserSid OPTIONAL,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PUNICODE_STRING *Strings OPTIONAL,
IN PVOID Data OPTIONAL,
IN USHORT Flags,
IN OUT PULONG RecordNumber OPTIONAL,
IN OUT PULONG TimeWritten OPTIONAL
);
NTSTATUS
NTAPI
ElfReportEventA (
IN HANDLE LogHandle,
IN USHORT EventType,
IN USHORT EventCategory OPTIONAL,
IN ULONG EventID,
IN PSID UserSid OPTIONAL,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PANSI_STRING *Strings OPTIONAL,
IN PVOID Data OPTIONAL,
IN USHORT Flags,
IN OUT PULONG RecordNumber OPTIONAL,
IN OUT PULONG TimeWritten OPTIONAL
);
#endif // _NTELFAPI_
