Wireshark 4.7.0
The Wireshark network protocol analyzer
Loading...
Searching...
No Matches
etl.h
Go to the documentation of this file.
1
12#ifndef __W_ETL_H__
13#define __W_ETL_H__
14
15#include "wiretap/wtap.h"
16#include "ws_symbol_export.h"
17#include "wiretap/wtap_module.h"
18
19#include <glib.h>
20#include <stdlib.h>
21
22#include <windows.h>
23#include <winsock2.h>
24#include <tdh.h>
25#include <guiddef.h>
26
27#define LOGGER_NAME L"wireshark etwdump"
28
32typedef struct
33{
34 EVENT_TRACE_PROPERTIES prop;
35 char padding[64];
36} SUPER_EVENT_TRACE_PROPERTIES;
37
41typedef struct _PROVIDER_FILTER {
42 GUID ProviderId;
43 ULONG64 Keyword;
44 UCHAR Level;
45} PROVIDER_FILTER;
46
50typedef struct _SCENARIO {
51 const WCHAR* name;
52 const PROVIDER_FILTER ProviderFilter;
53} SCENARIO;
54
58#define SCENARIO_KEY L"Scenario-"
59
63extern const struct _SCENARIO g_scenarios[];
64
75extern wtap_open_return_val etw_dump(const char* etl_filename, const char* pcapng_filename, const char* params, int* err, char** err_info);
76
88extern void wtap_etl_add_interface(int pkt_encap, const char* interface_name, unsigned short interface_name_length, const char* interface_desc, unsigned short interface_desc_length);
89
103extern void wtap_etl_rec_dump(char* etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char* comment, unsigned short comment_length);
104
105#endif
106
107
108/*
109 * Editor modelines - https://www.wireshark.org/tools/modelines.html
110 *
111 * Local variables:
112 * c-basic-offset: 4
113 * tab-width: 8
114 * indent-tabs-mode: nil
115 * End:
116 *
117 * vi: set shiftwidth=4 tabstop=8 expandtab:
118 * :indentSize=4:tabSize=8:noTabs=true:
119 */
SCENARIO
struct _SCENARIO SCENARIO
Pairs a named capture scenario with the ETW provider filter that defines what is collected for that s...
wtap_etl_rec_dump
void wtap_etl_rec_dump(char *etl_record, ULONG total_packet_length, ULONG original_packet_length, unsigned int interface_id, BOOLEAN is_inbound, ULARGE_INTEGER timestamp, int pkt_encap, char *comment, unsigned short comment_length)
Dumps an ETL record as a Wireshark packet.
Definition etl.c:1013
etw_dump
wtap_open_return_val etw_dump(const char *etl_filename, const char *pcapng_filename, const char *params, int *err, char **err_info)
Dumps ETL data to a PCAPNG file.
Definition etl.c:275
g_scenarios
const struct _SCENARIO g_scenarios[]
Global array of all registered capture scenarios; terminated by a sentinel entry.
Definition etl.c:175
PROVIDER_FILTER
struct _PROVIDER_FILTER PROVIDER_FILTER
Specifies the ETW provider filter criteria used to select which events are collected from a provider.
wtap_etl_add_interface
void wtap_etl_add_interface(int pkt_encap, const char *interface_name, unsigned short interface_name_length, const char *interface_desc, unsigned short interface_desc_length)
Adds a new interface to the ETL (Extcap) dump.
Definition etl.c:987
_PROVIDER_FILTER
Specifies the ETW provider filter criteria used to select which events are collected from a provider.
Definition etl.h:41
_PROVIDER_FILTER::ProviderId
GUID ProviderId
Definition etl.h:42
_PROVIDER_FILTER::Keyword
ULONG64 Keyword
Definition etl.h:43
_PROVIDER_FILTER::Level
UCHAR Level
Definition etl.h:44
_SCENARIO
Pairs a named capture scenario with the ETW provider filter that defines what is collected for that s...
Definition etl.h:50
_SCENARIO::ProviderFilter
const PROVIDER_FILTER ProviderFilter
Definition etl.h:52
_SCENARIO::name
const WCHAR * name
Definition etl.h:51
SUPER_EVENT_TRACE_PROPERTIES
Extends EVENT_TRACE_PROPERTIES with padding to accommodate the session and log file name strings that...
Definition etl.h:33
SUPER_EVENT_TRACE_PROPERTIES::prop
EVENT_TRACE_PROPERTIES prop
Definition etl.h:34
wtap_open_return_val
wtap_open_return_val
For registering file types that we can open.
Definition wtap.h:1779
wtap_module.h
Generated by doxygen 1.9.8