PC World Komputer 2010 April

home *** CD-ROM | disk | FTP | other *** search

/ PC World Komputer 2010 April / PCWorld0410.iso / WindowsServerTrial / server.iso / sources / install.wim / 2 / Windows / System32 / wbem / filetrace.mof < prev next >

Wrap

Text File | 2006-09-18 | 17.5 KB | 662 lines

/*++ Copyright (c) Microsoft Corporation. All rights reserved. Module Name: FileTrace.mof Abstract: This file defines the file trace MOF classes that describe the data logged by the file trace mini filter. Revision History: --*/ #pragma namespace("\\\\.\\root\\wmi") #pragma classflags("forceupdate") [Dynamic, Description("File Kernel Trace; Operation Set 1") : amended, Guid("{D75D8303-6C21-4bde-9C98-ECC6320F9291}") ] class MSNT_FileBaseTrace_Set1:EventTrace { [Description ("Enable Flags") : amended, ValueDescriptions{ "Create", "Create Named Pipe", "Close", "Read", "Write", "Query Information", "Set Information", "Query EA", "Set EA", "Flush Buffers", "Query Volume Information", "Set Volume Information", "Directory Control", "File System Control", "Device Control", "Internal Device Control", "Shutdown", "Lock Control", "Cleanup", "Create Mailslot", "Query Security", "Set Security", "Power", "System Control", "Device Change", "Query Quota", "Set Quota", "PNP"} : amended, DefineValues{ "EVENT_TRACE_FLAG_CREATE", "EVENT_TRACE_FLAG_CREATENAMEDPIPE", "EVENT_TRACE_FLAG_CLOSE", "EVENT_TRACE_FLAG_READ", "EVENT_TRACE_FLAG_WRITE", "EVENT_TRACE_FLAG_QUERYINFORMATION", "EVENT_TRACE_FLAG_SETINFORMATION", "EVENT_TRACE_FLAG_QUERYEA", "EVENT_TRACE_FLAG_SETEA", "EVENT_TRACE_FLAG_FLUSHBUFFERS", "EVENT_TRACE_FLAG_QUERYVOLINFO", "EVENT_TRACE_FLAG_SETVOLINFO", "EVENT_TRACE_FLAG_DIRECTORYCONTROL", "EVENT_TRACE_FLAG_FILESYSCONTROL", "EVENT_TRACE_FLAG_DEVICECONTROL", "EVENT_TRACE_FLAG_INTERNALDEVICECONTROL", "EVENT_TRACE_FLAG_SHUTDOWN", "EVENT_TRACE_FLAG_LOCKCONTROL", "EVENT_TRACE_FLAG_CLEANUP", "EVENT_TRACE_FLAG_CREATEMAILSLOT", "EVENT_TRACE_FLAG_QUERYSECURITY", "EVENT_TRACE_FLAG_SETSECURITY", "EVENT_TRACE_FLAG_POWER", "EVENT_TRACE_FLAG_SYSTEMCONTROL", "EVENT_TRACE_FLAG_DEVICECHANGE", "EVENT_TRACE_FLAG_QUERYQUOTA", "EVENT_TRACE_FLAG_SETQUOTA", "EVENT_TRACE_FLAG_PNP"}, Values{ "create", "createnamedpipe", "close", "read", "write", "queryinfo", "setinfo", "queryea", "setea" "flushbuffers", "queryvolinfo", "setvolinfo", "directorycontrol", "filesystemcontrol", "devicecontrol", "internaldevicecontrol", "shutdown", "lockcontrol", "cleanup", "createmailslot", "querysecurity", "setsecurity", "power", "systemcontrol", "devicechange", "queryquota", "setquota", "pnp"}, ValueMap{ "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000", "0x00800000", "0x01000000", "0x02000000", "0x04000000", "0x08000000"} ] uint32 Flags; }; [Dynamic, Description("File Kernel Trace; Operation Set 2") : amended, Guid("{058DD951-7604-414d-A5D6-A56D35367A46}") ] class MSNT_FileBaseTrace_Set2:EventTrace { [Description ("Enable Flags") : amended, ValueDescriptions{ "Acquire For Section Synchronization", "Release For Section Synchronization", "Acquire For Mod Write", "Release For Mod Write", "Acquire For CC Flush", "Release For CC Flush", "Notify Stream File Object", "Fast IO Check If Possible", "Network Query Open", "MDL Read", "MDL Read Complete", "Prepare MDL Write", "MDL Write Complete", "Volume Mount", "Volume Dismount"} : amended, DefineValues{ "EVENT_TRACE_FLAG_ACQUIRESECTIONSYNCH", "EVENT_TRACE_FLAG_RELEASESECTIONSYNCH", "EVENT_TRACE_FLAG_ACQUIREMODWRITE", "EVENT_TRACE_FLAG_RELEASEMODWRITE", "EVENT_TRACE_FLAG_ACQUIRECCFLUSH", "EVENT_TRACE_FLAG_RELEASECCFLUSH", "EVENT_TRACE_FLAG_NOTIFYSTREAMFILEOBJ", "EVENT_TRACE_FLAG_FASTIOCHECKIFPOSSIBLE", "EVENT_TRACE_FLAG_NETWORKQUERYOPEN", "EVENT_TRACE_FLAG_MDLREAD", "EVENT_TRACE_FLAG_MDLREADCOMPLETE", "EVENT_TRACE_FLAG_PREPAREMDLWRITE", "EVENT_TRACE_FLAG_MDLWRITECOMPLETE", "EVENT_TRACE_FLAG_VOLUMEMOUNT", "EVENT_TRACE_FLAG_VOLUMEDISMOUNT"}, Values{ "acquireforsectionsynchronization", "releaseforsectionsynchronization", "acquireformodwrite", "releaseformodwrite", "acquireforccflush", "releaseforccflush", "notifystreamfileobject", "fastiocheckifpossible", "networkqueryopen", "mdlread", "mdlreadcomplete", "preparemdlwrite", "mdlwritecomplete", "volumemount", "volumedismount"}, ValueMap{ "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000"} ] uint32 Flags; }; [Dynamic, Description("File Kernel Trace; Optional Data") : amended, Guid("{7DA1385C-F8F5-414d-B9D0-02FCA090F1EC}") ] class MSNT_FileBaseTrace_OptionalData : EventTrace { [Description ("Enable Flags") : amended, ValueDescriptions{ "User Context", "Session Id", "Last Access Time", "Call Parameters", "Call Result Data", "Previous Data", "Create On Existing File", "Process Window Station"} : amended, DefineValues{ "EVENT_TRACE_FLAG_USERCONTEXT", "EVENT_TRACE_FLAG_SESSIONID", "EVENT_TRACE_FLAG_LASTACCESSTIME", "EVENT_TRACE_FLAG_CALLPARAMETERS", "EVENT_TRACE_FLAG_CALLRESULTDATA", "EVENT_TRACE_FLAG_PREVIOUSDATA", "EVENT_TRACE_FLAG_CREATEONEXISTINGFILE", "EVENT_TRACE_FLAG_PROCESSWINDOWSTATION", "EVENT_TRACE_FLAG_BLOCKPAGINGIO"}, Values{ "usercontext", "sessionid", "lastaccesstime", "callparameters", "callresultdata", "previousdata", "createonexistingfile", "processwindowstation", "blockpagingio"}, ValueMap{ "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100"} ] uint32 Flags; }; [Dynamic, Description("File Kernel Trace; Volume To Log") : amended, Guid("{127D46AF-4AD3-489f-9165-F00BA64D5467}") ] class MSNT_FileBaseTrace_VolumeToLog : EventTrace { [Description ("Enable Flags") : amended, ValueDescriptions{ "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "X", "Y", "Z", "All", "Local", "Network"} : amended, DefineValues{ "EVENT_TRACE_FLAG_A", "EVENT_TRACE_FLAG_B", "EVENT_TRACE_FLAG_C", "EVENT_TRACE_FLAG_D", "EVENT_TRACE_FLAG_E", "EVENT_TRACE_FLAG_F", "EVENT_TRACE_FLAG_G", "EVENT_TRACE_FLAG_H", "EVENT_TRACE_FLAG_I", "EVENT_TRACE_FLAG_J", "EVENT_TRACE_FLAG_K", "EVENT_TRACE_FLAG_L", "EVENT_TRACE_FLAG_M", "EVENT_TRACE_FLAG_N", "EVENT_TRACE_FLAG_O", "EVENT_TRACE_FLAG_P", "EVENT_TRACE_FLAG_Q", "EVENT_TRACE_FLAG_R", "EVENT_TRACE_FLAG_S", "EVENT_TRACE_FLAG_T", "EVENT_TRACE_FLAG_U", "EVENT_TRACE_FLAG_V", "EVENT_TRACE_FLAG_W", "EVENT_TRACE_FLAG_X", "EVENT_TRACE_FLAG_Y", "EVENT_TRACE_FLAG_Z", "EVENT_TRACE_FLAG_ALL", "EVENT_TRACE_FLAG_LOCAL", "EVENT_TRACE_FLAG_NETWORK"}, Values{ "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "all", "local", "network"}, ValueMap{ "0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000", "0x00800000", "0x01000000", "0x02000000", "0x04000000", "0X08000000", "0X10000000"} ] uint32 Flags; }; [Dynamic, Description("File Trace") : amended, Guid("{F681E6CC-EC6C-4ee9-90A6-C0C4E83276C2}"), EventVersion(0), DisplayName("File Trace") : amended ] class FileTrace : MSNT_FileBaseTrace_Set1 { }; [Dynamic, EventType{0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20, 21,22,23,24,25,26,27,236,237,238,239,240,241,242,243, 249,250,251,252,253,254,255}, EventTypeName("FileTrace"), Description("File Trace Event") : amended ] class FileOperation : FileTrace { [WmiDataId(1), Description("Status") : amended, format("x"), read] uint32 Status; [WmiDataId(2), Description("Operation") : amended, Values{ "NORMALIZE_NAME_COMPONENT", "GENERATE_FILE_NAME", "VOLUME_DISMOUNT", "VOLUME_MOUNT", "MDL_WRITE_COMPLETE", "PREPARE_MDL_WRITE", "MDL_READ_COMPLETE", "MDL_READ", "NETWORK_QUERY_OPEN", "FAST_IO_CHECK_IF_POSSIBLE", "NOTIFY_STREAM_FILE_OBJECT", "RELEASE_FOR_CC_FLUSH", "ACQUIRE_FOR_CC_FLUSH", "RELEASE_FOR_MOD_WRITE", "ACQUIRE_FOR_MOD_WRITE", "RELEASE_FOR_SECTION_SYNCHRONIZATION", "ACQUIRE_FOR_SECTION_SYNCHRONIZATION", "CREATE", "CREATE_NAMED_PIPE", "CLOSE", "READ", "WRITE", "QUERY_INFORMATION", "SET_INFORMATION", "QUERY_EA", "SET_EA", "FLUSH_BUFFERS", "QUERY_VOLUME_INFORMATION", "SET_VOLUME_INFORMATION", "DIRECTORY_CONTROL", "FILE_SYSTEM_CONTROL", "DEVICE_CONTROL", "INTERNAL_DEVICE_CONTROL", "SHUTDOWN", "LOCK_CONTROL", "CLEANUP", "CREATE_MAILSLOT", "QUERY_SECURITY", "SET_SECURITY", "POWER", "SYSTEM_CONTROL", "DEVICE_CHANGE", "QUERY_QUOTA", "SET_QUOTA", "PNP"}, ValueMap{ "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "45", "46", "47", "48", "49"}, read] uint8 Operation; [WmiDataId(3), Description("Minor operation") : amended, read] uint8 MinorOperation; [WmiDataId(4), Description("SequenceNumber") : amended, read] uint32 SequenceNumber; [WmiDataId(5), Description("Is this a paging operation") : amended, read] uint8 IsPagingIO; [WmiDataId(6), Description("Is this a fast IO operation") : amended, read] uint8 IsFastIO; [WmiDataId(7), Description("IsDirectory") : amended, Values{ "False", "True", "NA"}, ValueMap{ "0", "1", "2"}, read] uint8 IsDirectory; [WmiDataId(8), Description("Create called on existing file") : amended, Values{ "False", "True", "NA"}, ValueMap{ "0", "1", "2"}, read] uint8 CreateOnExisting; [WmiDataId(9), Description("The time the operation started") : amended, read] sint64 StartTime; [WmiDataId(10), Description("Id of the operation's process") : amended, read] uint32 ProcessId; [WmiDataId(11), Description("The time the process was created") : amended, read] sint64 ProcessCreateTime; [WmiDataId(12), Description("File Object") : amended, format("x"), pointer, read] uint64 FileObject; [WmiDataId(13), Description("File last access time") : amended, read] sint64 LastAccessTime; [WmiDataId(14), Description("Session Id") : amended, read] uint32 SessionId; [WmiDataId(15), Description("Window Station") : amended, pointer, read] uint64 WindowStation; [WmiDataId(16), Description("Acess token address") : amended, pointer, read] uint32 AccessToken; [WmiDataId(17), Description("User Sid Data Length") : amended, read] uint32 SidLength; [WmiDataId(18), Description("Parameters Data Length") : amended, read] uint32 ParametersLength; [WmiDataId(19), Description("Result Data Length") : amended, read] uint32 ResultLength; [WmiDataId(20), Description("Previous Value Length") : amended, read] uint32 PreviousValueLength; [WmiDataId(21), Description("User Sid") : amended, extension("Sid"), read] object UserSID; [WmiDataId(22), description("Operational Parameters") : amended, WmiSizeIs("ParametersLength"), read] uint8 OperationalParameters[]; [WmiDataId(23), description("Query Result Data") : amended, WmiSizeIs("ResultLength"), read] uint8 ResultData[]; [WmiDataId(24), description("Previous Value") : amended, WmiSizeIs("PreviousValueLength"), read] uint8 PreviousValue[]; [WmiDataId(25), Description("File Name") : amended, StringTermination("NullTerminated"), format("w"), read] string FileName; [WmiDataId(26), Description("Volume Dos Name") : amended, StringTermination("NullTerminated"), format("w"), read] string VolumeDosName; [WmiDataId(27), Description("Volume Guid Name") : amended, StringTermination("NullTerminated"), format("w"), read] string VolumeGuidName; [WmiDataId(28), Description("Volume Name") : amended, StringTermination("NullTerminated"), format("w"), read] string VolumeName; };