186 lines
4.3 KiB
Plaintext
186 lines
4.3 KiB
Plaintext
|
// <20> 2000 Microsoft Corporation. All rights reserved.
|
|||
|
|
|||
|
#pragma namespace ("\\\\.\\root\\cimv2")
|
|||
|
#pragma classflags ("forceupdate")
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Base event for all WMI self-instrumentation events.
|
|||
|
|
|||
|
class MSFT_WmiSelfEvent : __ExtrinsicEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// New notification sink registered because of new query
|
|||
|
|
|||
|
class MSFT_WmiRegisterNotificationSink : MSFT_WmiSelfEvent
|
|||
|
{
|
|||
|
string Namespace;
|
|||
|
string QueryLanguage;
|
|||
|
string Query;
|
|||
|
uint64 Sink;
|
|||
|
};
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Notification sink removed
|
|||
|
|
|||
|
class MSFT_WmiCancelNotificationSink : MSFT_WmiSelfEvent
|
|||
|
{
|
|||
|
string Namespace;
|
|||
|
string QueryLanguage;
|
|||
|
string Query;
|
|||
|
uint64 Sink;
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Provider base event
|
|||
|
|
|||
|
class MSFT_WmiProviderEvent : MSFT_WmiSelfEvent
|
|||
|
{
|
|||
|
string Namespace;
|
|||
|
string ProviderName;
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Event provider events
|
|||
|
|
|||
|
class MSFT_WmiEventProviderEvent : MSFT_WmiProviderEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiEventProviderLoaded : MSFT_WmiEventProviderEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiEventProviderUnloaded : MSFT_WmiEventProviderEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiEventProviderNewQuery : MSFT_WmiEventProviderEvent
|
|||
|
{
|
|||
|
uint32 QueryId;
|
|||
|
string QueryLanguage;
|
|||
|
string Query;
|
|||
|
uint32 Result;
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiEventProviderCancelQuery : MSFT_WmiEventProviderEvent
|
|||
|
{
|
|||
|
uint32 QueryId;
|
|||
|
uint32 Result;
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiEventProviderAccessCheck : MSFT_WmiEventProviderEvent
|
|||
|
{
|
|||
|
string QueryLanguage;
|
|||
|
string Query;
|
|||
|
uint8 Sid[];
|
|||
|
uint32 Result;
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Consumer provider events
|
|||
|
|
|||
|
class MSFT_WmiConsumerProviderEvent : MSFT_WmiProviderEvent
|
|||
|
{
|
|||
|
string Machine;
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiConsumerProviderLoaded : MSFT_WmiConsumerProviderEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiConsumerProviderUnloaded : MSFT_WmiConsumerProviderEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiConsumerProviderSinkLoaded : MSFT_WmiConsumerProviderEvent
|
|||
|
{
|
|||
|
__EventConsumer ref Consumer;
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiConsumerProviderSinkUnloaded : MSFT_WmiConsumerProviderEvent
|
|||
|
{
|
|||
|
__EventConsumer ref Consumer;
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Thread pool events
|
|||
|
|
|||
|
class MSFT_WmiThreadPoolEvent : MSFT_WmiSelfEvent
|
|||
|
{
|
|||
|
uint32 ThreadId;
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiThreadPoolThreadCreated : MSFT_WmiThreadPoolEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiThreadPoolThreadDeleted : MSFT_WmiThreadPoolEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// Filter events
|
|||
|
|
|||
|
class MSFT_WmiFilterEvent : MSFT_WmiSelfEvent
|
|||
|
{
|
|||
|
string Namespace;
|
|||
|
string Name;
|
|||
|
string QueryLanguage;
|
|||
|
string Query;
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiFilterActivated : MSFT_WmiFilterEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
class MSFT_WmiFilterDeactivated : MSFT_WmiFilterEvent
|
|||
|
{
|
|||
|
};
|
|||
|
|
|||
|
|
|||
|
/////////////////////////////////////////////////////////////////////////////
|
|||
|
// WMI Event Provider registration.
|
|||
|
|
|||
|
#pragma DeleteInstance("MSFT_WMI_NonCOMEventProvider.Name=\"WMI Self-Instrumentation Event Provider\"", NOFAIL)
|
|||
|
|
|||
|
instance of __Win32Provider as $P1
|
|||
|
{
|
|||
|
Name = "WMI Self-Instrumentation Event Provider";
|
|||
|
HostingModel = "Decoupled:NonCOM";
|
|||
|
};
|
|||
|
|
|||
|
instance of __EventProviderRegistration
|
|||
|
{
|
|||
|
Provider = $P1;
|
|||
|
|
|||
|
EventQueryList = {"select * from MSFT_WmiSelfEvent"};
|
|||
|
/*
|
|||
|
{
|
|||
|
"select * from MSFT_WmiRegisterNotificationSink",
|
|||
|
"select * from MSFT_WmiCancelNotificationSink",
|
|||
|
"select * from MSFT_WmiEventProviderLoaded",
|
|||
|
"select * from MSFT_WmiEventProviderUnloaded",
|
|||
|
"select * from MSFT_WmiEventProviderNewQuery",
|
|||
|
"select * from MSFT_WmiEventProviderCancelQuery",
|
|||
|
"select * from MSFT_WmiEventProviderAccessCheck",
|
|||
|
"select * from MSFT_WmiConsumerProviderLoaded",
|
|||
|
"select * from MSFT_WmiConsumerProviderUnloaded",
|
|||
|
"select * from MSFT_WmiConsumerProviderSinkLoaded",
|
|||
|
"select * from MSFT_WmiConsumerProviderSinkUnloaded",
|
|||
|
"select * from MSFT_WmiThreadPoolThreadCreated",
|
|||
|
"select * from MSFT_WmiThreadPoolThreadDeleted",
|
|||
|
"select * from MSFT_WmiFilterActivated",
|
|||
|
"select * from MSFT_WmiFilterDeactivated"
|
|||
|
};
|
|||
|
*/
|
|||
|
};
|
|||
|
|