Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
For ease of implementation, the full IDL is provided as follows, where "ms-dtyp.idl" is the IDL found in [MS-DTYP] section 5, Appendix A: Full MS-DTYP IDL.
-
import "ms-dtyp.idl"; [ uuid(82273FDC-E32A-18C3-3F78-827929DC23EA), version(0.0), #ifdef __midl ms_union, #endif // __midl pointer_default(unique) ] interface eventlog { // the following line(s) commented out to avoid redefinition of MS-DTYP types //typedef long NTSTATUS; #define MAX_STRINGS 0x00000100 #define MAX_SINGLE_EVENT 0x0003FFFF #define MAX_BATCH_BUFF 0x0007FFFF typedef struct _RPC_STRING { unsigned short Length; unsigned short MaximumLength; [size_is(MaximumLength)] char* Buffer; } RPC_STRING, *PRPC_STRING; typedef struct _RPC_CLIENT_ID { unsigned long UniqueProcess; unsigned long UniqueThread; } RPC_CLIENT_ID, *PRPC_CLIENT_ID; typedef [handle, unique] wchar_t * EVENTLOG_HANDLE_W; typedef [handle, unique] char * EVENTLOG_HANDLE_A; typedef [context_handle] void * IELF_HANDLE; typedef [context_handle] void ** PIELF_HANDLE; typedef [range(0, MAX_BATCH_BUFF)] unsigned long RULONG; NTSTATUS ElfrClearELFW ( [in] IELF_HANDLE LogHandle, [in,unique] PRPC_UNICODE_STRING BackupFileName ); NTSTATUS ElfrBackupELFW ( [in] IELF_HANDLE LogHandle, [in] PRPC_UNICODE_STRING BackupFileName ); NTSTATUS ElfrCloseEL ( [in,out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrDeregisterEventSource ( [in,out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrNumberOfRecords( [in] IELF_HANDLE LogHandle, [out] unsigned long * NumberOfRecords ); NTSTATUS ElfrOldestRecord( [in] IELF_HANDLE LogHandle, [out] unsigned long * OldestRecordNumber ); NTSTATUS ElfrChangeNotify( [in] IELF_HANDLE LogHandle, [in] RPC_CLIENT_ID ClientId, [in] ULONG Event ); NTSTATUS ElfrOpenELW ( [in] EVENTLOG_HANDLE_W UNCServerName, [in] PRPC_UNICODE_STRING ModuleName, [in] PRPC_UNICODE_STRING RegModuleName, [in] unsigned long MajorVersion, [in] unsigned long MinorVersion, [out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrRegisterEventSourceW ( [in] EVENTLOG_HANDLE_W UNCServerName, [in] PRPC_UNICODE_STRING ModuleName, [in] PRPC_UNICODE_STRING RegModuleName, [in] unsigned long MajorVersion, [in] unsigned long MinorVersion, [out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrOpenBELW ( [in] EVENTLOG_HANDLE_W UNCServerName, [in] PRPC_UNICODE_STRING BackupFileName, [in] unsigned long MajorVersion, [in] unsigned long MinorVersion, [out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrReadELW ( [in] IELF_HANDLE LogHandle, [in] unsigned long ReadFlags, [in] unsigned long RecordOffset, [in] RULONG NumberOfBytesToRead, [out, size_is(NumberOfBytesToRead)] unsigned char * Buffer, [out] unsigned long * NumberOfBytesRead, [out] unsigned long * MinNumberOfBytesNeeded ); NTSTATUS ElfrReportEventW ( [in] IELF_HANDLE LogHandle, [in] unsigned long Time, [in] unsigned short EventType, [in] unsigned short EventCategory, [in] unsigned long EventID, [in, range(0, 256)] unsigned short NumStrings, [in, range(0, 61440)] unsigned long DataSize, [in] PRPC_UNICODE_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], [in, size_is(DataSize), unique] unsigned char * Data, [in] unsigned short Flags, [in,out,unique] unsigned long * RecordNumber, [in,out,unique] unsigned long * TimeWritten ); NTSTATUS ElfrClearELFA ( [in] IELF_HANDLE LogHandle, [in,unique] PRPC_STRING BackupFileName ); NTSTATUS ElfrBackupELFA ( [in] IELF_HANDLE LogHandle, [in] PRPC_STRING BackupFileName ); NTSTATUS ElfrOpenELA ( [in] EVENTLOG_HANDLE_A UNCServerName, [in] PRPC_STRING ModuleName, [in] PRPC_STRING RegModuleName, [in] unsigned long MajorVersion, [in] unsigned long MinorVersion, [out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrRegisterEventSourceA ( [in] EVENTLOG_HANDLE_A UNCServerName, [in] PRPC_STRING ModuleName, [in] PRPC_STRING RegModuleName, [in] unsigned long MajorVersion, [in] unsigned long MinorVersion, [out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrOpenBELA ( [in] EVENTLOG_HANDLE_A UNCServerName, [in] PRPC_STRING BackupFileName, [in] unsigned long MajorVersion, [in] unsigned long MinorVersion, [out] IELF_HANDLE * LogHandle ); NTSTATUS ElfrReadELA ( [in] IELF_HANDLE LogHandle, [in] unsigned long ReadFlags, [in] unsigned long RecordOffset, [in] RULONG NumberOfBytesToRead, [out, size_is(NumberOfBytesToRead)] unsigned char * Buffer, [out] unsigned long * NumberOfBytesRead, [out] unsigned long * MinNumberOfBytesNeeded ); -
NTSTATUS ElfrReportEventA ( [in] IELF_HANDLE LogHandle, [in] unsigned long Time, [in] unsigned short EventType, [in] unsigned short EventCategory, [in] unsigned long EventID, [in, range(0, 256)] unsigned short NumStrings, [in, range(0, 61440)] unsigned long DataSize, [in] PRPC_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_STRING Strings[*], [in, size_is(DataSize), unique] unsigned char * Data, [in] unsigned short Flags, [in,out,unique] unsigned long * RecordNumber, [in,out,unique] unsigned long * TimeWritten ); void Opnum19NotUsedOnWire(void); void Opnum20NotUsedOnWire(void); void Opnum21NotUsedOnWire(void); NTSTATUS ElfrGetLogInformation( [in] IELF_HANDLE LogHandle, [in] unsigned long InfoLevel, [out, size_is(cbBufSize)] unsigned char * lpBuffer, [in, range(0, 1024)] unsigned long cbBufSize, [out] unsigned long * pcbBytesNeeded ); void Opnum23NotUsedOnWire(void);
-
NTSTATUS ElfrReportEventAndSourceW ( [in] IELF_HANDLE LogHandle, [in] unsigned long Time, [in] unsigned short EventType, [in] unsigned short EventCategory, [in] unsigned long EventID, [in] PRPC_UNICODE_STRING SourceName, [in, range(0, 256)] unsigned short NumStrings, [in, range(0, 61440)] unsigned long DataSize, [in] PRPC_UNICODE_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], [in, size_is(DataSize), unique] unsigned char * Data, [in] unsigned short Flags, [in,out,unique] unsigned long * RecordNumber, [in,out,unique] unsigned long * TimeWritten ); NTSTATUS ElfrReportEventExW( [in] IELF_HANDLE LogHandle, [in] PFILETIME TimeGenerated, [in] unsigned short EventType, [in] unsigned short EventCategory, [in] unsigned long EventID, [in, range(0, 256)] unsigned short NumStrings, [in, range(0, 61440)] unsigned long DataSize, [in] PRPC_UNICODE_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_UNICODE_STRING Strings[*], [in, size_is(DataSize), unique] unsigned char* Data, [in] unsigned short Flags, [in, out, unique] unsigned long* RecordNumber ); NTSTATUS ElfrReportEventExA( [in] IELF_HANDLE LogHandle, [in] PFILETIME TimeGenerated, [in] unsigned short EventType, [in] unsigned short EventCategory, [in] unsigned long EventID, [in, range(0, 256)] unsigned short NumStrings, [in, range(0, 61440)] unsigned long DataSize, [in] PRPC_STRING ComputerName, [in, unique] PRPC_SID UserSID, [in, size_is(NumStrings), unique] PRPC_STRING Strings[*], [in, size_is(DataSize), unique] unsigned char* Data, [in] unsigned short Flags, [in, out, unique] unsigned long* RecordNumber ); }