CloseServiceHandle API wrapper generated from prototype WINADVAPI WINBOOL WINAPI CloseServiceHandle( SC_HANDLE hSCObject); */.

CloseTrace API wrapper generated from prototype EXTERN_C ULONG WMIAPI CloseTrace ( TRACEHANDLE TraceHandle); */.

ControlTraceW API wrapper generated from prototype EXTERN_C ULONG WMIAPI ControlTraceW ( TRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties, ULONG ControlCode); */.

EnableTraceEx2 API wrapper generated from prototype EXTERN_C ULONG WMIAPI EnableTraceEx2 ( TRACEHANDLE TraceHandle, LPCGUID ProviderId, ULONG ControlCode, UCHAR Level, ULONGLONG MatchAnyKeyword, ULONGLONG MatchAllKeyword, ULONG Timeout, PENABLE_TRACE_PARAMETERS EnableParameters); */.

EnumServicesStatusExW API wrapper generated from prototype WINADVAPI WINBOOL WINAPI EnumServicesStatusExW( SC_HANDLE hSCManager, SC_ENUM_TYPE InfoLevel, DWORD dwServiceType, DWORD dwServiceState, LPBYTE lpServices, DWORD cbBufSize, LPDWORD pcbBytesNeeded, LPDWORD lpServicesReturned, LPDWORD lpResumeHandle, LPCWSTR pszGroupName); */.

NewServiceEnumerator initializes a new ServiceEnumerator structure.

OpenSCManagerW API wrapper generated from prototype WINADVAPI SC_HANDLE WINAPI OpenSCManagerW( LPCWSTR lpMachineName, LPCWSTR lpDatabaseName, DWORD dwDesiredAccess); */.

OpenTraceW API wrapper generated from prototype EXTERN_C TRACEHANDLE WMIAPI OpenTraceW ( PEVENT_TRACE_LOGFILEW Logfile); */.

ProcessTrace API wrapper generated from prototype EXTERN_C ULONG WMIAPI ProcessTrace ( PTRACEHANDLE HandleArray, ULONG HandleCount, LPFILETIME StartTime, LPFILETIME EndTime); */.

RegCloseKey API wrapper generated from prototype WINADVAPI LONG WINAPI RegCloseKey( HKEY hKey); */.

RegGetValueFromString returns the data associated to a registry value as well as its type represented by a uint32.

RegGetValueSizeFromString returns the size of a registry value in bytes.

RegOpenKeyExW API wrapper generated from prototype WINADVAPI LONG WINAPI RegOpenKeyExW( HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult); */.

RegOpenKeyRecFromString returns a handle to the registry key pointed by a full path it opens keys recursively Ex: HKLM\\SYSTEM\\CurrentControlSet\\Control\\EarlyStartServices.

RegQueryValueExW API wrapper generated from prototype WINADVAPI LONG WINAPI RegQueryValueExW( HKEY hKey, LPCWSTR lpValueName, LPDWORD lpReserved, LPDWORD lpType, LPBYTE lpData, LPDWORD lpcbData); */.

ServiceWin32NamesByPid is an helper function to return the service name of a SERVICE_WIN32 from a pid.

StartTraceW API wrapper generated from prototype EXTERN_C ULONG WMIAPI StartTraceW ( PTRACEHANDLE TraceHandle, LPCWSTR InstanceName, PEVENT_TRACE_PROPERTIES Properties); */.

typedef struct _ETW_BUFFER_CONTEXT { union { struct { UCHAR ProcessorNumber; UCHAR Alignment; } DUMMYSTRUCTNAME; // siize UCHAR USHORT ProcessorIndex; // USHORT } DUMMYUNIONNAME; // USHORT USHORT LoggerId; } ETW_BUFFER_CONTEXT, *PETW_BUFFER_CONTEXT; */ sizeof: 0x4 (OK).

typedef struct _EVENT_DESCRIPTOR { USHORT Id; UCHAR Version; UCHAR Channel; UCHAR Level; UCHAR Opcode; USHORT Task; ULONGLONG Keyword; } EVENT_DESCRIPTOR, *PEVENT_DESCRIPTOR; */.

typedef struct _EVENT_FILTER_DESCRIPTOR { ULONGLONG Ptr; ULONG Size; ULONG Type; } EVENT_FILTER_DESCRIPTOR, *PEVENT_FILTER_DESCRIPTOR; */ sizeof: 0x10 (OK).

typedef struct _EVENT_HEADER { USHORT Size; USHORT HeaderType; USHORT Flags; USHORT EventProperty; ULONG ThreadId; ULONG ProcessId; LARGE_INTEGER TimeStamp; GUID ProviderId; EVENT_DESCRIPTOR EventDescriptor; union { struct { ULONG KernelTime; ULONG UserTime; } DUMMYSTRUCTNAME; ULONG64 ProcessorTime; } DUMMYUNIONNAME; GUID ActivityId; } EVENT_HEADER, *PEVENT_HEADER; */.

typedef struct _EVENT_TRACE { EVENT_TRACE_HEADER Header; ULONG InstanceId; ULONG ParentInstanceId; GUID ParentGuid; PVOID MofData; ULONG MofLength; union { ULONG ClientContext; ETW_BUFFER_CONTEXT BufferContext; } DUMMYUNIONNAME; } EVENT_TRACE, *PEVENT_TRACE; */.

sizeof: 0x30 (48).

typedef struct _FILETIME { DWORD dwLowDateTime; DWORD dwHighDateTime; } FILETIME, *PFILETIME, *LPFILETIME; */.

ServiceEnumerator structure used to enumerate windows services.

typedef struct _SYSTEMTIME { WORD wYear; WORD wMonth; WORD wDayOfWeek; WORD wDay; WORD wHour; WORD wMinute; WORD wSecond; WORD wMilliseconds; } SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME; */ sizeof: 0x10 (OK).