ホーム › System.Diagnostics.Etw › EventAccessQuery
EventAccessQuery
関数ETWプロバイダーのセキュリティ記述子を照会する。
シグネチャ
// ADVAPI32.dll
#include <windows.h>
DWORD EventAccessQuery(
GUID* Guid,
PSECURITY_DESCRIPTOR Buffer, // optional
DWORD* BufferSize
);パラメーター
| 名前 | 型 | 方向 |
|---|---|---|
| Guid | GUID* | in |
| Buffer | PSECURITY_DESCRIPTOR | outoptional |
| BufferSize | DWORD* | inout |
戻り値の型: DWORD
各言語での呼び出し定義
// ADVAPI32.dll
#include <windows.h>
DWORD EventAccessQuery(
GUID* Guid,
PSECURITY_DESCRIPTOR Buffer, // optional
DWORD* BufferSize
);[DllImport("ADVAPI32.dll", ExactSpelling = true)]
static extern uint EventAccessQuery(
ref Guid Guid, // GUID*
IntPtr Buffer, // PSECURITY_DESCRIPTOR optional, out
ref uint BufferSize // DWORD* in/out
);<DllImport("ADVAPI32.dll", ExactSpelling:=True)>
Public Shared Function EventAccessQuery(
ByRef Guid As Guid, ' GUID*
Buffer As IntPtr, ' PSECURITY_DESCRIPTOR optional, out
ByRef BufferSize As UInteger ' DWORD* in/out
) As UInteger
End Function' Guid : GUID*
' Buffer : PSECURITY_DESCRIPTOR optional, out
' BufferSize : DWORD* in/out
Declare PtrSafe Function EventAccessQuery Lib "advapi32" ( _
ByVal Guid As LongPtr, _
ByVal Buffer As LongPtr, _
ByRef BufferSize As Long) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。import ctypes
from ctypes import wintypes
EventAccessQuery = ctypes.windll.advapi32.EventAccessQuery
EventAccessQuery.restype = wintypes.DWORD
EventAccessQuery.argtypes = [
ctypes.c_void_p, # Guid : GUID*
wintypes.HANDLE, # Buffer : PSECURITY_DESCRIPTOR optional, out
ctypes.POINTER(wintypes.DWORD), # BufferSize : DWORD* in/out
]require 'fiddle'
require 'fiddle/import'
lib = Fiddle.dlopen('ADVAPI32.dll')
EventAccessQuery = Fiddle::Function.new(
lib['EventAccessQuery'],
[
Fiddle::TYPE_VOIDP, # Guid : GUID*
Fiddle::TYPE_VOIDP, # Buffer : PSECURITY_DESCRIPTOR optional, out
Fiddle::TYPE_VOIDP, # BufferSize : DWORD* in/out
],
-Fiddle::TYPE_INT)#[link(name = "advapi32")]
extern "system" {
fn EventAccessQuery(
Guid: *mut GUID, // GUID*
Buffer: *mut core::ffi::c_void, // PSECURITY_DESCRIPTOR optional, out
BufferSize: *mut u32 // DWORD* in/out
) -> u32;
}
// crates: windows-sys provides ready-made bindings for this API.$sig = @"
[DllImport("ADVAPI32.dll")]
public static extern uint EventAccessQuery(ref Guid Guid, IntPtr Buffer, ref uint BufferSize);
"@
$api = Add-Type -MemberDefinition $sig -Name 'ADVAPI32_EventAccessQuery' -Namespace Win32 -PassThru
# $api::EventAccessQuery(Guid, Buffer, BufferSize)#uselib "ADVAPI32.dll"
#func global EventAccessQuery "EventAccessQuery" sptr, sptr, sptr
; EventAccessQuery varptr(Guid), Buffer, varptr(BufferSize) ; 戻り値は stat
; Guid : GUID* -> "sptr"
; Buffer : PSECURITY_DESCRIPTOR optional, out -> "sptr"
; BufferSize : DWORD* in/out -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。出力引数:
#uselib "ADVAPI32.dll" #cfunc global EventAccessQuery "EventAccessQuery" var, sptr, var ; res = EventAccessQuery(Guid, Buffer, BufferSize) ; Guid : GUID* -> "var" ; Buffer : PSECURITY_DESCRIPTOR optional, out -> "sptr" ; BufferSize : DWORD* in/out -> "var" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。#uselib "ADVAPI32.dll" #cfunc global EventAccessQuery "EventAccessQuery" sptr, sptr, sptr ; res = EventAccessQuery(varptr(Guid), Buffer, varptr(BufferSize)) ; Guid : GUID* -> "sptr" ; Buffer : PSECURITY_DESCRIPTOR optional, out -> "sptr" ; BufferSize : DWORD* in/out -> "sptr" ; ※出力/バッファ引数はポインタ方式(token=sptr / 呼び出しは varptr(変数))。
出力引数:
; DWORD EventAccessQuery(GUID* Guid, PSECURITY_DESCRIPTOR Buffer, DWORD* BufferSize) #uselib "ADVAPI32.dll" #cfunc global EventAccessQuery "EventAccessQuery" var, intptr, var ; res = EventAccessQuery(Guid, Buffer, BufferSize) ; Guid : GUID* -> "var" ; Buffer : PSECURITY_DESCRIPTOR optional, out -> "intptr" ; BufferSize : DWORD* in/out -> "var" ; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。; DWORD EventAccessQuery(GUID* Guid, PSECURITY_DESCRIPTOR Buffer, DWORD* BufferSize) #uselib "ADVAPI32.dll" #cfunc global EventAccessQuery "EventAccessQuery" intptr, intptr, intptr ; res = EventAccessQuery(varptr(Guid), Buffer, varptr(BufferSize)) ; Guid : GUID* -> "intptr" ; Buffer : PSECURITY_DESCRIPTOR optional, out -> "intptr" ; BufferSize : DWORD* in/out -> "intptr" ; ※出力/バッファ引数はポインタ方式(token=intptr / 呼び出しは varptr(変数))。
import (
"golang.org/x/sys/windows"
"unsafe"
)
var (
advapi32 = windows.NewLazySystemDLL("ADVAPI32.dll")
procEventAccessQuery = advapi32.NewProc("EventAccessQuery")
)
// Guid (GUID*), Buffer (PSECURITY_DESCRIPTOR optional, out), BufferSize (DWORD* in/out)
r1, _, err := procEventAccessQuery.Call(
uintptr(Guid),
uintptr(Buffer),
uintptr(BufferSize),
)
_ = err // syscall.Errno (valid when the call sets last-error)
_ = r1 // DWORDfunction EventAccessQuery(
Guid: PGUID; // GUID*
Buffer: THandle; // PSECURITY_DESCRIPTOR optional, out
BufferSize: Pointer // DWORD* in/out
): DWORD; stdcall;
external 'ADVAPI32.dll' name 'EventAccessQuery';result := DllCall("ADVAPI32\EventAccessQuery"
, "Ptr", Guid ; GUID*
, "Ptr", Buffer ; PSECURITY_DESCRIPTOR optional, out
, "Ptr", BufferSize ; DWORD* in/out
, "UInt") ; return: DWORD●EventAccessQuery(Guid, Buffer, BufferSize) = DLL("ADVAPI32.dll", "dword EventAccessQuery(void*, void*, void*)")
# 呼び出し: EventAccessQuery(Guid, Buffer, BufferSize)
# Guid : GUID* -> "void*"
# Buffer : PSECURITY_DESCRIPTOR optional, out -> "void*"
# BufferSize : DWORD* in/out -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。