Edit

Share via

FwpmNetEventEnum4 function (fwpmu.h)

  • Article

Retrieves the next page of results from the network event enumerator.

Syntax

DWORD FwpmNetEventEnum4(
  HANDLE          engineHandle,
  HANDLE          enumHandle,
  UINT32          numEntriesRequested,
  FWPM_NET_EVENT4 ***entries,
  UINT32          *numEntriesReturned
);

Parameters

engineHandle

Type: _In_ HANDLE

A handle to an open session with the filter engine. To open a session with the filter engine, call FwpmEngineOpen0.

enumHandle

Type: _In_ HANDLE

A handle to a network event enumeration created by a call to FwpmNetEventCreateEnumHandle0.

numEntriesRequested

Type: _In_ UINT32

The number of enumeration entries requested.

entries

Type: _Outptr_result_buffer_(*numEntriesReturned) const FWPM_NET_EVENT4***

Addresses of enumeration entries.

numEntriesReturned

Type: _Out_ UINT32*

The number of enumeration entries returned.

Return value

Return code/value Description
ERROR_SUCCESS
0		 The network events were enumerated successfully.
FWP_E_NET_EVENTS_DISABLED
0x80320013		 The collection of network diagnostic events is disabled.
Call FwpmEngineSetOption0 to enable it.
FWP_E_* error code
0x80320001—0x80320039		 A Windows Filtering Platform (WFP)-specific error. For details, see WFP error codes.
RPC_* error code
0x80010001—0x80010122		 Failure to communicate with the remote or local firewall engine.

Remarks

If numEntriesReturned is less than the numEntriesRequested, then the enumeration is exhausted.

You must free the returned array of entries (but not the individual entries themselves) by calling FwpmFreeMemory0.

A subsequent call that uses the same enumHandle parameter will return the next set of events following those in the current entries buffer.

FwpmNetEventEnum4 returns only events that were logged prior to the creation of the enumHandle parameter. For more info, see Logging.

Requirements

Requirement Value
Header fwpmu.h
Library Fwpuclnt.lib
DLL Fwpuclnt.dll