Wmistr.h
上传用户:dzyhzl
上传日期:2019-04-29
资源大小:56270k
文件大小:17k
- /*++
- Copyright (c) Microsoft Corporation. All rights reserved.
- Module Name:
- Wmistr.h
- Abstract:
- WMI structure definitions
- --*/
- #ifndef _WMISTR_
- #define _WMISTR_
- #pragma warning(disable: 4200) // nonstandard extension used : zero-sized array in struct/union
- #pragma warning(disable: 4201) // nonstandard extension used : nameless struct/union
- //
- // WNODE definition
- typedef struct _WNODE_HEADER
- {
- ULONG BufferSize; // Size of entire buffer inclusive of this ULONG
- ULONG ProviderId; // Provider Id of driver returning this buffer
- union
- {
- ULONG64 HistoricalContext; // Logger use
- struct
- {
- ULONG Version; // Reserved
- ULONG Linkage; // Linkage field reserved for WMI
- };
- };
- union
- {
- ULONG CountLost; // Reserved
- HANDLE KernelHandle; // Kernel handle for data block
- LARGE_INTEGER TimeStamp; // Timestamp as returned in units of 100ns
- // since 1/1/1601
- };
- GUID Guid; // Guid for data block returned with results
- ULONG ClientContext;
- ULONG Flags; // Flags, see below
- } WNODE_HEADER, *PWNODE_HEADER;
- //
- // WNODE_HEADER flags are defined as follows
- #define WNODE_FLAG_ALL_DATA 0x00000001 // set for WNODE_ALL_DATA
- #define WNODE_FLAG_SINGLE_INSTANCE 0x00000002 // set for WNODE_SINGLE_INSTANCE
- #define WNODE_FLAG_SINGLE_ITEM 0x00000004 // set for WNODE_SINGLE_ITEM
- #define WNODE_FLAG_EVENT_ITEM 0x00000008 // set for WNODE_EVENT_ITEM
- // Set if data block size is
- // identical for all instances
- // (used with WNODE_ALL_DATA
- // only)
- #define WNODE_FLAG_FIXED_INSTANCE_SIZE 0x00000010
- #define WNODE_FLAG_TOO_SMALL 0x00000020 // set for WNODE_TOO_SMALL
- // Set when a data provider returns a
- // WNODE_ALL_DATA in which the number of
- // instances and their names returned
- // are identical to those returned from the
- // previous WNODE_ALL_DATA query. Only data
- // blocks registered with dynamic instance
- // names should use this flag.
- #define WNODE_FLAG_INSTANCES_SAME 0x00000040
- // Instance names are not specified in
- // WNODE_ALL_DATA; values specified at
- // registration are used instead. Always
- // set for guids registered with static
- // instance names
- #define WNODE_FLAG_STATIC_INSTANCE_NAMES 0x00000080
- #define WNODE_FLAG_INTERNAL 0x00000100 // Used internally by WMI
- // timestamp should not be modified by
- // a historical logger
- #define WNODE_FLAG_USE_TIMESTAMP 0x00000200
- #define WNODE_FLAG_PERSIST_EVENT 0x00000400
- #define WNODE_FLAG_EVENT_REFERENCE 0x00002000
- // Set if Instance names are ansi. Only set when returning from
- // WMIQuerySingleInstanceA and WMIQueryAllDataA
- #define WNODE_FLAG_ANSI_INSTANCENAMES 0x00004000
- // Set if WNODE is a method call
- #define WNODE_FLAG_METHOD_ITEM 0x00008000
- // Set if instance names originated from a PDO
- #define WNODE_FLAG_PDO_INSTANCE_NAMES 0x00010000
- // The second byte, except the first bit is used exclusively for tracing
- #define WNODE_FLAG_TRACED_GUID 0x00020000 // denotes a trace
- #define WNODE_FLAG_LOG_WNODE 0x00040000 // request to log Wnode
- #define WNODE_FLAG_USE_GUID_PTR 0x00080000 // Guid is actually a pointer
- #define WNODE_FLAG_USE_MOF_PTR 0x00100000 // MOF data are dereferenced
- #define WNODE_FLAG_NO_HEADER 0x00200000 // Trace without header
- // Set for events that are WNODE_EVENT_REFERENCE
- // Mask for event severity level. Level 0xff is the most severe type of event
- #define WNODE_FLAG_SEVERITY_MASK 0xff000000
- //
- // This structure is used within the WNODE_ALL_DATA when the data blocks
- // for the different instances are different lengths. If the data blocks
- // for the different instances are identical lengths then
- // WNODE_FLAG_FIXED_INSTANCE_SIZE should be set and FixedInstanceSize
- // set to the common data block size.
- typedef struct
- {
- ULONG OffsetInstanceData; // Offset from beginning of WNODE_ALL_DATA
- // to Data block for instance
- ULONG LengthInstanceData; // Length of data block for instance
- } OFFSETINSTANCEDATAANDLENGTH, *POFFSETINSTANCEDATAANDLENGTH;
- typedef struct tagWNODE_ALL_DATA
- {
- struct _WNODE_HEADER WnodeHeader;
- ULONG DataBlockOffset;// Offset from begin of WNODE to first data block
- ULONG InstanceCount; // Count of instances whose data follows.
- // Offset to an array of offsets to the instance names
- ULONG OffsetInstanceNameOffsets;
- // If WNODE_FLAG_FIXED_INSTANCE_SIZE is set in Flags then
- // FixedInstanceSize specifies the size of each data block. In this case
- // there is one ULONG followed by the data blocks.
- // If WNODE_FLAG_FIXED_INSTANCE_SIZE is not set
- // then OffsetInstanceDataAndLength
- // is an array of OFFSETINSTANCEDATAANDLENGTH that specifies the
- // offsets and lengths of the data blocks for each instance.
- union
- {
- ULONG FixedInstanceSize;
- OFFSETINSTANCEDATAANDLENGTH OffsetInstanceDataAndLength[];
- /* [InstanceCount] */
- };
- // padding so that first data block begins on a 8 byte boundry
- // data blocks and instance names for all instances
- } WNODE_ALL_DATA, *PWNODE_ALL_DATA;
- typedef struct tagWNODE_SINGLE_INSTANCE
- {
- struct _WNODE_HEADER WnodeHeader;
- // Offset from beginning of WNODE_SINGLE_INSTANCE
- // to instance name. Use when
- // WNODE_FLAG_STATIC_INSTANCE_NAMES is reset
- // (Dynamic instance names)
- ULONG OffsetInstanceName;
- // Instance index when
- // WNODE_FLAG_STATIC_INSTANCE_NAME is set
- ULONG InstanceIndex; // (Static Instance Names)
- ULONG DataBlockOffset; // offset from beginning of WNODE to data block
- ULONG SizeDataBlock; // Size of data block for instance
- UCHAR VariableData[];
- // instance names and padding so data block begins on 8 byte boundry
- // data block
- } WNODE_SINGLE_INSTANCE, *PWNODE_SINGLE_INSTANCE;
- typedef struct tagWNODE_SINGLE_ITEM
- {
- struct _WNODE_HEADER WnodeHeader;
- // Offset from beginning of WNODE_SINGLE_INSTANCE
- // to instance name. Examine when
- // WNODE_FLAG_STATIC_INSTANCE_NAME is reset
- // (Dynamic instance names)
- ULONG OffsetInstanceName;
- // Instance index when
- // WNODE_FLAG_STATIC_INSTANCE_NAME
- ULONG InstanceIndex; // set (Static Instance Names)
- ULONG ItemId; // Item Id for data item being set
- ULONG DataBlockOffset; // offset from WNODE begin to data item value
- ULONG SizeDataItem; // Size of data item
- UCHAR VariableData[];
- // instance names and padding so data value begins on 8 byte boundry
- // data item value
- } WNODE_SINGLE_ITEM, *PWNODE_SINGLE_ITEM;
- typedef struct tagWNODE_METHOD_ITEM
- {
- struct _WNODE_HEADER WnodeHeader;
- // Offset from beginning of WNODE_METHOD_ITEM
- // to instance name. Examine when
- // WNODE_FLAG_STATIC_INSTANCE_NAME is reset
- // (Dynamic instance names)
- ULONG OffsetInstanceName;
- // Instance index when
- // WNODE_FLAG_STATIC_INSTANCE_NAME
- ULONG InstanceIndex; // set (Static Instance Names)
- ULONG MethodId; // Method id of method being called
- ULONG DataBlockOffset; // On Entry: offset from WNODE to input data
- // On Return: offset from WNODE to input and
- // output data blocks
- ULONG SizeDataBlock; // On Entry: Size of input data, 0 if no input
- // data
- // On Return: Size of output data, 0 if no output
- // data
- UCHAR VariableData[];
- // instance names and padding so data value begins on 8 byte boundry
- // data item value
- } WNODE_METHOD_ITEM, *PWNODE_METHOD_ITEM;
- typedef struct tagWNODE_EVENT_ITEM
- {
- struct _WNODE_HEADER WnodeHeader;
- // Different data could be here depending upon the flags set in the
- // WNODE_HEADER above. If the WNODE_FLAG_ALL_DATA flag is set then the
- // contents of a WNODE_ALL_DATA (excluding WNODE_HEADER) is here. If the
- // WNODE_FLAG_SINGLE_INSTANCE flag is set then a WNODE_SINGLE_INSTANCE
- // (excluding WNODE_HEADER) is here. Lastly if the WNODE_FLAG_SINGLE_ITEM
- // flag is set then a WNODE_SINGLE_ITEM (excluding WNODE_HEADER) is here.
- } WNODE_EVENT_ITEM, *PWNODE_EVENT_ITEM;
- //
- // If a KM data provider needs to fire an event that is larger than the
- // maximum size that WMI allows then it should fire a WNODE_EVENT_REFERENCE
- // that specifies which guid and instance name to query for the actual data
- // that should be part of the event.
- typedef struct tagWNODE_EVENT_REFERENCE
- {
- struct _WNODE_HEADER WnodeHeader;
- GUID TargetGuid;
- ULONG TargetDataBlockSize;
- union
- {
- ULONG TargetInstanceIndex;
- WCHAR TargetInstanceName[];
- };
- } WNODE_EVENT_REFERENCE, *PWNODE_EVENT_REFERENCE;
- typedef struct tagWNODE_TOO_SMALL
- {
- struct _WNODE_HEADER WnodeHeader;
- ULONG SizeNeeded; // Size needed to build WNODE result
- } WNODE_TOO_SMALL, *PWNODE_TOO_SMALL;
- typedef struct
- {
- GUID Guid; // Guid of data block being registered or updated
- ULONG Flags; // Flags
- ULONG InstanceCount; // Count of static instances names for the guid
- union
- {
- // If WMIREG_FLAG_INSTANCE_LIST then this has the offset
- // to a list of InstanceCount counted UNICODE
- // strings placed end to end.
- ULONG InstanceNameList;
-
- // If WMIREG_FLAG_INSTANCE_BASENAME then this has the
- // offset to a single counted UNICODE string that
- // has the basename for the instance names.
-
- ULONG BaseNameOffset;
-
- // If WMIREG_FLAG_INSTANCE_PDO is set then InstanceInfo
- // has the PDO whose device instance path will
- // become the instance name
- ULONG_PTR Pdo;
-
- // If WMIREG_FLAG_INSTANCE_REFERENCE then this points to
- // a WMIREGINSTANCEREF structure.
-
- ULONG_PTR InstanceInfo;// Offset from beginning of the WMIREGINFO structure to
- };
- } WMIREGGUIDW, *PWMIREGGUIDW;
- typedef WMIREGGUIDW WMIREGGUID;
- typedef PWMIREGGUIDW PWMIREGGUID;
- // Set if collection must be enabled for the guid before the data provider
- // can be queried for data.
- #define WMIREG_FLAG_EXPENSIVE 0x00000001
- // Set if instance names for this guid are specified in a static list within
- // the WMIREGINFO
- #define WMIREG_FLAG_INSTANCE_LIST 0x00000004
- // Set if instance names are to be static and generated by WMI using a
- // base name in the WMIREGINFO and an index
- #define WMIREG_FLAG_INSTANCE_BASENAME 0x00000008
- // Set if WMI should do automatic mapping of a PDO to device instance name
- // as the instance name for the guid. This flag should only be used by
- // kernel mode data providers.
- #define WMIREG_FLAG_INSTANCE_PDO 0x00000020
- // Note the flags WMIREG_FLAG_INSTANCE_LIST, WMIREG_FLAG_INSTANCE_BASENAME,
- // WMIREG_FLAG_INSTANCE_REFERENCE and WMIREG_FLAG_INSTANCE_PDO are mutually
- // exclusive.
- //
- // These flags are only valid in a response to WMI_GUID_REGUPDATE
- #define WMIREG_FLAG_REMOVE_GUID 0x00010000 // Remove support for guid
- #define WMIREG_FLAG_RESERVED1 0x00020000 // Reserved by WMI
- #define WMIREG_FLAG_RESERVED2 0x00040000 // Reserved by WMI
- // Set if guid is one that is written to trace log.
- // This guid cannot be queried directly via WMI, but must be read using
- // logger apis.
- #define WMIREG_FLAG_TRACED_GUID 0x00080000
- //
- // Only those Trace Guids that have this bit set can receive
- // Enable/Disable Notifications.
- //
- #define WMIREG_FLAG_TRACE_CONTROL_GUID 0x00001000
- //
- // Set if the guid is only used for firing events. Guids that can be queried
- // and that fire events should not have this bit set.
- #define WMIREG_FLAG_EVENT_ONLY_GUID 0x00000040
- typedef struct
- {
- // Size of entire WMIREGINFO structure including this ULONG
- // and any static instance names that follow
- ULONG BufferSize;
- ULONG NextWmiRegInfo; // Offset to next WMIREGINFO structure
- ULONG RegistryPath; // Offset from beginning of WMIREGINFO structure to a
- // counted Unicode string containing
- // the driver registry path (under HKLMCCSServices)
- // This must be filled only by kernel mode data
- // providers
-
- // Offset from beginning of WMIREGINFO structure to a
- // counted Unicode string containing
- // the name of resource in driver file containing MOF info
- ULONG MofResourceName;
- // Count of WMIREGGUID structures immediately following
- ULONG GuidCount;
- WMIREGGUIDW WmiRegGuid[]; // array of GuidCount WMIREGGUID structures
- // Variable length data including :
- // Instance Names
- } WMIREGINFOW, *PWMIREGINFOW;
- typedef WMIREGINFOW WMIREGINFO;
- typedef PWMIREGINFOW PWMIREGINFO;
- //
- // WMI request codes
- typedef enum
- {
- #ifndef _WMIKM_
- WMI_GET_ALL_DATA = 0,
- WMI_GET_SINGLE_INSTANCE = 1,
- WMI_SET_SINGLE_INSTANCE = 2,
- WMI_SET_SINGLE_ITEM = 3,
- WMI_ENABLE_EVENTS = 4,
- WMI_DISABLE_EVENTS = 5,
- WMI_ENABLE_COLLECTION = 6,
- WMI_DISABLE_COLLECTION = 7,
- WMI_REGINFO = 8,
- WMI_EXECUTE_METHOD = 9
- #endif
- } WMIDPREQUESTCODE;
- #if defined(_WINNT_) || defined(WINNT)
- //
- // WMI guid objects have the following rights
- // WMIGUID_QUERY
- // WMIGUID_SET
- // WMIGUID_NOTIFICATION
- // WMIGUID_READ_DESCRIPTION
- // WMIGUID_EXECUTE
- // TRACELOG_CREATE_REALTIME
- // TRACELOG_CREATE_ONDISK
- // TRACELOG_GUID_ENABLE
- // TRACELOG_ACCESS_KERNEL_LOGGER
- // TRACELOG_CREATE_INPROC
- // TRACELOG_ACCESS_REALTIME
- //
- // GuidTypes
- //
- //#ifndef _WMIKM_
- #define WMI_GUIDTYPE_TRACECONTROL 0
- #define WMI_GUIDTYPE_TRACE 1
- #define WMI_GUIDTYPE_DATA 2
- #define WMI_GUIDTYPE_EVENT 3
- //#endif
- //
- // Specific rights for WMI guid objects. These are available from 0x0001 to
- // 0xffff (ie up to 16 rights)
- //
- #define WMIGUID_QUERY 0x0001
- #define WMIGUID_SET 0x0002
- #define WMIGUID_NOTIFICATION 0x0004
- #define WMIGUID_READ_DESCRIPTION 0x0008
- #define WMIGUID_EXECUTE 0x0010
- #define TRACELOG_CREATE_REALTIME 0x0020
- #define TRACELOG_CREATE_ONDISK 0x0040
- #define TRACELOG_GUID_ENABLE 0x0080
- #define TRACELOG_ACCESS_KERNEL_LOGGER 0x0100
- #define TRACELOG_CREATE_INPROC 0x0200
- #define TRACELOG_ACCESS_REALTIME 0x0400
- #define TRACELOG_REGISTER_GUIDS 0x0800
- #define WMIGUID_ALL_ACCESS (STANDARD_RIGHTS_READ |
- SYNCHRONIZE |
- WMIGUID_QUERY |
- WMIGUID_SET |
- WMIGUID_NOTIFICATION |
- WMIGUID_READ_DESCRIPTION |
- WMIGUID_EXECUTE |
- TRACELOG_CREATE_REALTIME |
- TRACELOG_CREATE_ONDISK |
- TRACELOG_GUID_ENABLE |
- TRACELOG_ACCESS_KERNEL_LOGGER |
- TRACELOG_CREATE_INPROC |
- TRACELOG_ACCESS_REALTIME |
- TRACELOG_REGISTER_GUIDS )
- #define WMI_GLOBAL_LOGGER_ID 0x0001
- #endif
- #endif
English
