Generated/Microsoft_Windows_Kernel

// // This code was generated by EtwEventTypeGen.exe // using System; namespace Tx.Windows.Microsoft_Windows_Kernel_Network { public enum EventTask : uint { KERNEL_NETWORK_TASK_TCPIP = 10, KERNEL_NETWORK_TASK_UDPIP = 11, } [Format("TCPv4: %2 bytes transmitted from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 10, 0, "Data_sent_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_SendIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint startime { get; set; } [EventField("win:UInt32")] public uint endtime { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: %2 bytes received from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 11, 0, "Data_received_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_RecvIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: Connection attempted between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 12, 0, "Connection_attempted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_ConnectIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt16")] public ushort mss { get; set; } [EventField("win:UInt16")] public ushort sackopt { get; set; } [EventField("win:UInt16")] public ushort tsopt { get; set; } [EventField("win:UInt16")] public ushort wsopt { get; set; } [EventField("win:UInt32")] public uint rcvwin { get; set; } [EventField("win:UInt16")] public ushort rcvwinscale { get; set; } [EventField("win:UInt16")] public ushort sndwinscale { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: Connection closed between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 13, 0, "Disconnect_issued_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_DisconnectIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: %2 bytes retransmitted from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 14, 0, "Data_retransmitted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_RetransmitIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: Connection established between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 15, 0, "Connection_accepted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_AcceptIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt16")] public ushort mss { get; set; } [EventField("win:UInt16")] public ushort sackopt { get; set; } [EventField("win:UInt16")] public ushort tsopt { get; set; } [EventField("win:UInt16")] public ushort wsopt { get; set; } [EventField("win:UInt32")] public uint rcvwin { get; set; } [EventField("win:UInt16")] public ushort rcvwinscale { get; set; } [EventField("win:UInt16")] public ushort sndwinscale { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: Reconnect attempt between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 16, 0, "Reconnect_attempted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_ReconnectIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv4: Connection attempt failed with error code %2.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 17, 0, "TCP_connection_attempt_failed_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_Fail : SystemEvent { [EventField("win:UInt16")] public ushort Proto { get; set; } [EventField("win:UInt16")] public ushort FailureCode { get; set; } } [Format("TCPv4: %2 bytes copied in protocol on behalf of user for connection between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 18, 0, "Protocol_copied_data_on_behalf_of_user_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_TcpCopyIPV4 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("UDPv4: %2 bytes transmitted from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 42, 0, "Data_sent_over_UDP_protocol_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_SendIPV4Udp : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("UDPv4: %2 bytes received from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 43, 0, "Data_received_over_UDP_protocol_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4")] public class KNetEvt_RecvIPV4Udp : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:UInt32")] public uint daddr { get; set; } [EventField("win:UInt32")] public uint saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("UDPv4: Connection attempt failed with error code %2.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 49, 0, "UDP_connection_attempt_failed_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV4", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_FailUdp : SystemEvent { [EventField("win:UInt16")] public ushort Proto { get; set; } [EventField("win:UInt16")] public ushort FailureCode { get; set; } } [Format("TCPv6: %2 bytes transmitted from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 26, 0, "Data_sent_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_SendIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint startime { get; set; } [EventField("win:UInt32")] public uint endtime { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: %2 bytes received from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 27, 0, "Data_received_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_RecvIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: Connection attempted between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 28, 0, "Connection_attempted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_ConnectIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt16")] public ushort mss { get; set; } [EventField("win:UInt16")] public ushort sackopt { get; set; } [EventField("win:UInt16")] public ushort tsopt { get; set; } [EventField("win:UInt16")] public ushort wsopt { get; set; } [EventField("win:UInt32")] public uint rcvwin { get; set; } [EventField("win:UInt16")] public ushort rcvwinscale { get; set; } [EventField("win:UInt16")] public ushort sndwinscale { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: Connection closed between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 29, 0, "Disconnect_issued_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_DisconnectIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: %2 bytes retransmitted from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 30, 0, "Data_retransmitted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_RetransmitIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: Connection established between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 31, 0, "Connection_accepted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_AcceptIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt16")] public ushort mss { get; set; } [EventField("win:UInt16")] public ushort sackopt { get; set; } [EventField("win:UInt16")] public ushort tsopt { get; set; } [EventField("win:UInt16")] public ushort wsopt { get; set; } [EventField("win:UInt32")] public uint rcvwin { get; set; } [EventField("win:UInt16")] public ushort rcvwinscale { get; set; } [EventField("win:UInt16")] public ushort sndwinscale { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: Reconnect attempt between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 32, 0, "Reconnect_attempted_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_ReconnectIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("TCPv6: %2 bytes copied in protocol on behalf of user for connection between %4:%6 and %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 34, 0, "Protocol_copied_data_on_behalf_of_user_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_TcpCopyIPV6 : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("UDPv6: %2 bytes transmitted from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 58, 0, "Data_sent_over_UDP_protocol_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_SendIPV6Udp : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } [Format("UDPv6: %2 bytes received from %4:%6 to %3:%5.")] [ManifestEvent("{7dd42a49-5329-4832-8dfd-43d979153a88}", 59, 0, "Data_received_over_UDP_protocol_", "win:Informational", "Microsoft-Windows-Kernel-Network/Analytic", "KERNEL_NETWORK_KEYWORD_IPV6")] public class KNetEvt_RecvIPV6Udp : SystemEvent { [EventField("win:UInt32")] public uint PID { get; set; } [EventField("win:UInt32")] public uint size { get; set; } [EventField("win:Binary", "16")] public byte[] daddr { get; set; } [EventField("win:Binary", "16")] public byte[] saddr { get; set; } [EventField("win:UInt16")] public ushort dport { get; set; } [EventField("win:UInt16")] public ushort sport { get; set; } [EventField("win:UInt32")] public uint seqnum { get; set; } [EventField("win:UInt32")] public uint connid { get; set; } } }

Generated/Microsoft_Windows_Kernel_Network.cs (532 lines of code) (raw):