npm - @bun-win32/wevtapi - Versions diffs - 1.0.0 - Mend

@bun-win32/wevtapi 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/AI.md ADDED Viewed

@@ -0,0 +1,71 @@
+# AI Guide for @bun-win32/wevtapi
+How to use this package, not what the Win32 API does.
+## Usage
+```ts
+import Wevtapi, { SomeFlag } from '@bun-win32/wevtapi';
+// Methods bind lazily on first call
+const result = Wevtapi.SomeFunctionW(arg1, arg2);
+// Preload: array, single string, or no args (all symbols)
+Wevtapi.Preload(['SomeFunctionW', 'AnotherFunction']);
+Wevtapi.Preload('SomeFunctionW');
+Wevtapi.Preload();
+```
+## Where To Look
+| Need                              | Read                 |
+| --------------------------------- | -------------------- |
+| Find a method or its MS Docs link | `structs/Wevtapi.ts` |
+| Find types, enums, constants      | `types/Wevtapi.ts`   |
+| Quick examples                    | `README.md`          |
+`index.ts` re-exports the class and all types - import from `@bun-win32/wevtapi` directly.
+## Calling Convention
+All documented `wevtapi.dll` exports are bound. Each method maps 1:1 to its DLL export. Names, parameter names, and order match Microsoft Docs.
+### Strings
+`W` methods take UTF-16LE NUL-terminated buffers. `A` methods take ANSI strings.
+```ts
+const wide = Buffer.from('Hello\0', 'utf16le'); // LPCWSTR
+Wevtapi.SomeFunctionW(wide.ptr);
+// Reading a wide string back from a buffer:
+const text = new TextDecoder('utf-16').decode(buf).replace(/\0.*$/, '');
+```
+### Return types
+- `HANDLE`, `HWND`, etc. -> `bigint`
+- `DWORD`, `UINT`, `BOOL`, `INT`, `LONG` -> `number`
+- `LPVOID`, `LPWSTR`, etc. -> `Pointer`
+- Win32 `BOOL` is `number` (0 or non-zero), **not** JS `boolean`. Do not compare with `=== true`.
+### Pointers, handles, out-parameters
+- **Pointer** params (`LP*`, `P*`, `Pointer`): pass `buffer.ptr` from a caller-allocated `Buffer`.
+- **Handle** params (`HANDLE`, `HWND`, etc.): pass a `bigint` value.
+- **Out-parameters**: allocate a `Buffer`, pass `.ptr`, read the result after the call.
+```ts
+const out = Buffer.alloc(4);
+Wevtapi.SomeFunction(out.ptr);
+const value = out.readUInt32LE(0);
+```
+### Nullability
+- `| NULL` in a signature -> pass `null` (optional pointer).
+- `| 0n` in a signature -> pass `0n` (optional handle).
+## Errors and Cleanup
+Return values are raw. If the Win32 function uses last-error semantics, read via `GetLastError()`. Resource cleanup is your responsibility - same as raw Win32.

package/README.md ADDED Viewed

@@ -0,0 +1,62 @@
+# @bun-win32/wevtapi
+Zero-dependency, zero-overhead Win32 Wevtapi bindings for [Bun](https://bun.sh) on Windows.
+## Overview
+`@bun-win32/wevtapi` exposes the `wevtapi.dll` exports using [Bun](https://bun.sh)'s FFI. It provides a single class, `Wevtapi`, which lazily binds native symbols on first use. You can optionally preload a subset or all symbols up-front via `Preload()`.
+The bindings are strongly typed for a smooth DX in TypeScript.
+## Features
+- [Bun](https://bun.sh)-first ergonomics on Windows 10/11.
+- Direct FFI to `wevtapi.dll` (Windows Event Log queries, rendering, subscriptions, channel configuration, and publisher metadata).
+- In-source docs in `structs/Wevtapi.ts` with links to Microsoft Learn.
+- Lazy binding on first call; optional eager preload (`Wevtapi.Preload()`).
+- No wrapper overhead; calls map 1:1 to native APIs.
+- Strongly-typed Win32 aliases, enums, and constants (see `types/Wevtapi.ts`).
+## Requirements
+- [Bun](https://bun.sh) runtime
+- Windows 10 or later
+## Installation
+```sh
+bun add @bun-win32/wevtapi
+```
+## Quick Start
+```ts
+import Wevtapi, { EvtQueryFlags } from '@bun-win32/wevtapi';
+const channelPath = Buffer.from('System\0', 'utf16le');
+const query = Buffer.from('*\0', 'utf16le');
+const resultSet = Wevtapi.EvtQuery(0n, channelPath.ptr, query.ptr, EvtQueryFlags.EvtQueryChannelPath);
+if (resultSet === 0n) {
+  throw new Error('EvtQuery failed');
+}
+Wevtapi.EvtClose(resultSet);
+```
+> [!NOTE]
+> AI agents: see `AI.md` for the package binding contract and source-navigation guidance. It explains how to use the package without scanning the entire implementation.
+## Examples
+Run the included examples:
+```sh
+bun run example:event-tail
+bun run example:channel-report
+```
+## Notes
+- Either rely on lazy binding or call `Wevtapi.Preload()`.
+- Windows only. Bun runtime required.

package/index.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import Wevtapi from './structs/Wevtapi';
+export * from './types/Wevtapi';
+export default Wevtapi;

package/package.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+  "author": "Stev Peifer <stev@bell.net>",
+  "bugs": {
+    "url": "https://github.com/ObscuritySRL/bun-win32/issues"
+  },
+  "dependencies": {
+    "@bun-win32/core": "1.1.2"
+  },
+  "description": "Zero-dependency, zero-overhead Win32 WEVTAPI bindings for Bun (FFI) on Windows.",
+  "devDependencies": {
+    "@bun-win32/kernel32": "1.0.21",
+    "@types/bun": "latest"
+  },
+  "exports": {
+    ".": "./index.ts"
+  },
+  "license": "MIT",
+  "module": "index.ts",
+  "name": "@bun-win32/wevtapi",
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "private": false,
+  "homepage": "https://github.com/ObscuritySRL/bun-win32#readme",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/ObscuritySRL/bun-win32.git",
+    "directory": "packages/wevtapi"
+  },
+  "type": "module",
+  "version": "1.0.0",
+  "main": "./index.ts",
+  "keywords": [
+    "bun",
+    "ffi",
+    "win32",
+    "windows",
+    "wevtapi",
+    "windows-event-log",
+    "event-log",
+    "subscriptions",
+    "bindings",
+    "typescript",
+    "dll"
+  ],
+  "files": [
+    "AI.md",
+    "README.md",
+    "index.ts",
+    "structs/*.ts",
+    "types/*.ts"
+  ],
+  "sideEffects": false,
+  "engines": {
+    "bun": ">=1.1.0"
+  },
+  "scripts": {
+    "example:channel-report": "bun ./example/channel-report.ts",
+    "example:event-tail": "bun ./example/event-tail.ts"
+  }
+}

package/structs/Wevtapi.ts ADDED Viewed

@@ -0,0 +1,319 @@
+import { type FFIFunction, FFIType } from 'bun:ffi';
+import { Win32 } from '@bun-win32/core';
+import type {
+  BOOL,
+  DWORD,
+  EVT_HANDLE,
+  EVT_OBJECT_ARRAY_PROPERTY_HANDLE,
+  EVT_SUBSCRIBE_CALLBACK,
+  EvtChannelConfigPropertyId,
+  EvtEventMetadataPropertyId,
+  EvtEventPropertyId,
+  EvtExportLogFlags,
+  EvtFormatMessageFlags,
+  EvtLoginClass,
+  EvtLogPropertyId,
+  EvtOpenLogFlags,
+  EvtPublisherMetadataPropertyId,
+  EvtQueryFlags,
+  EvtQueryPropertyId,
+  EvtRenderContextFlags,
+  EvtRenderFlags,
+  EvtSeekFlags,
+  EvtSubscribeFlags,
+  HANDLE,
+  LCID,
+  LONGLONG,
+  LPCWSTR,
+  LPWSTR,
+  NULL,
+  PDWORD,
+  PEVT_HANDLE,
+  PEVT_RPC_LOGIN,
+  PEVT_VARIANT,
+  PLPCWSTR,
+  PVOID,
+} from '../types/Wevtapi';
+/**
+ * Thin, lazy-loaded FFI bindings for `wevtapi.dll`.
+ *
+ * Each static method corresponds one-to-one with a Win32 export declared in `Symbols`.
+ * The first call to a method binds the underlying native symbol via `bun:ffi` and
+ * memoizes it on the class for subsequent calls. For bulk, up-front binding, use `Preload`.
+ *
+ * Symbols are defined with explicit `FFIType` signatures and kept alphabetized.
+ * You normally do not access `Symbols` directly; call the static methods or preload
+ * a subset for hot paths.
+ *
+ * @example
+ * ```ts
+ * import Wevtapi from './structs/Wevtapi';
+ *
+ * const channelPath = Buffer.from('System\0', 'utf16le');
+ * const query = Buffer.from('*\0', 'utf16le');
+ * const queryHandle = Wevtapi.EvtQuery(0n, channelPath.ptr, query.ptr, 0x0000_0001);
+ * ```
+ */
+class Wevtapi extends Win32 {
+  protected static override name = 'wevtapi.dll';
+  /** @inheritdoc */
+  protected static override readonly Symbols = {
+    EvtArchiveExportedLog: { args: [FFIType.u64, FFIType.ptr, FFIType.u32, FFIType.u32], returns: FFIType.i32 },
+    EvtCancel: { args: [FFIType.u64], returns: FFIType.i32 },
+    EvtClearLog: { args: [FFIType.u64, FFIType.ptr, FFIType.ptr, FFIType.u32], returns: FFIType.i32 },
+    EvtClose: { args: [FFIType.u64], returns: FFIType.i32 },
+    EvtCreateBookmark: { args: [FFIType.ptr], returns: FFIType.u64 },
+    EvtCreateRenderContext: { args: [FFIType.u32, FFIType.ptr, FFIType.u32], returns: FFIType.u64 },
+    EvtExportLog: { args: [FFIType.u64, FFIType.ptr, FFIType.ptr, FFIType.ptr, FFIType.u32], returns: FFIType.i32 },
+    EvtFormatMessage: { args: [FFIType.u64, FFIType.u64, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetChannelConfigProperty: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetEventInfo: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetEventMetadataProperty: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetExtendedStatus: { args: [FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.u32 },
+    EvtGetLogInfo: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetObjectArrayProperty: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetObjectArraySize: { args: [FFIType.u64, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetPublisherMetadataProperty: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtGetQueryInfo: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtNext: { args: [FFIType.u64, FFIType.u32, FFIType.ptr, FFIType.u32, FFIType.u32, FFIType.ptr], returns: FFIType.i32 },
+    EvtNextChannelPath: { args: [FFIType.u64, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtNextEventMetadata: { args: [FFIType.u64, FFIType.u32], returns: FFIType.u64 },
+    EvtNextPublisherId: { args: [FFIType.u64, FFIType.u32, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtOpenChannelConfig: { args: [FFIType.u64, FFIType.ptr, FFIType.u32], returns: FFIType.u64 },
+    EvtOpenChannelEnum: { args: [FFIType.u64, FFIType.u32], returns: FFIType.u64 },
+    EvtOpenEventMetadataEnum: { args: [FFIType.u64, FFIType.u32], returns: FFIType.u64 },
+    EvtOpenLog: { args: [FFIType.u64, FFIType.ptr, FFIType.u32], returns: FFIType.u64 },
+    EvtOpenPublisherEnum: { args: [FFIType.u64, FFIType.u32], returns: FFIType.u64 },
+    EvtOpenPublisherMetadata: { args: [FFIType.u64, FFIType.ptr, FFIType.ptr, FFIType.u32, FFIType.u32], returns: FFIType.u64 },
+    EvtOpenSession: { args: [FFIType.u32, FFIType.ptr, FFIType.u32, FFIType.u32], returns: FFIType.u64 },
+    EvtQuery: { args: [FFIType.u64, FFIType.ptr, FFIType.ptr, FFIType.u32], returns: FFIType.u64 },
+    EvtRender: { args: [FFIType.u64, FFIType.u64, FFIType.u32, FFIType.u32, FFIType.ptr, FFIType.ptr, FFIType.ptr], returns: FFIType.i32 },
+    EvtSaveChannelConfig: { args: [FFIType.u64, FFIType.u32], returns: FFIType.i32 },
+    EvtSeek: { args: [FFIType.u64, FFIType.i64, FFIType.u64, FFIType.u32, FFIType.u32], returns: FFIType.i32 },
+    EvtSetChannelConfigProperty: { args: [FFIType.u64, FFIType.u32, FFIType.u32, FFIType.ptr], returns: FFIType.i32 },
+    EvtSubscribe: { args: [FFIType.u64, FFIType.u64, FFIType.ptr, FFIType.ptr, FFIType.u64, FFIType.ptr, FFIType.ptr, FFIType.u32], returns: FFIType.u64 },
+    EvtUpdateBookmark: { args: [FFIType.u64, FFIType.u64], returns: FFIType.i32 },
+  } as const satisfies Record<string, FFIFunction>;
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtarchiveexportedlog
+  public static EvtArchiveExportedLog(Session: EVT_HANDLE | 0n, LogFilePath: LPCWSTR, Locale: LCID, Flags: DWORD): BOOL {
+    return Wevtapi.Load('EvtArchiveExportedLog')(Session, LogFilePath, Locale, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtcancel
+  public static EvtCancel(Object: EVT_HANDLE | 0n): BOOL {
+    return Wevtapi.Load('EvtCancel')(Object);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtclearlog
+  public static EvtClearLog(Session: EVT_HANDLE | 0n, ChannelPath: LPCWSTR, TargetFilePath: LPCWSTR | NULL, Flags: DWORD): BOOL {
+    return Wevtapi.Load('EvtClearLog')(Session, ChannelPath, TargetFilePath, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtclose
+  public static EvtClose(Object: EVT_HANDLE): BOOL {
+    return Wevtapi.Load('EvtClose')(Object);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtcreatebookmark
+  public static EvtCreateBookmark(BookmarkXml: LPCWSTR | NULL): EVT_HANDLE {
+    return Wevtapi.Load('EvtCreateBookmark')(BookmarkXml);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtcreaterendercontext
+  public static EvtCreateRenderContext(ValuePathsCount: DWORD, ValuePaths: PLPCWSTR | NULL, Flags: EvtRenderContextFlags): EVT_HANDLE {
+    return Wevtapi.Load('EvtCreateRenderContext')(ValuePathsCount, ValuePaths, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtexportlog
+  public static EvtExportLog(Session: EVT_HANDLE | 0n, Path: LPCWSTR | NULL, Query: LPCWSTR | NULL, TargetFilePath: LPCWSTR, Flags: EvtExportLogFlags): BOOL {
+    return Wevtapi.Load('EvtExportLog')(Session, Path, Query, TargetFilePath, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtformatmessage
+  public static EvtFormatMessage(
+    PublisherMetadata: EVT_HANDLE | 0n,
+    Event: EVT_HANDLE | 0n,
+    MessageId: DWORD,
+    ValueCount: DWORD,
+    Values: PEVT_VARIANT | NULL,
+    Flags: EvtFormatMessageFlags,
+    BufferSize: DWORD,
+    Buffer: LPWSTR | NULL,
+    BufferUsed: PDWORD,
+  ): BOOL {
+    return Wevtapi.Load('EvtFormatMessage')(PublisherMetadata, Event, MessageId, ValueCount, Values, Flags, BufferSize, Buffer, BufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetchannelconfigproperty
+  public static EvtGetChannelConfigProperty(ChannelConfig: EVT_HANDLE, PropertyId: EvtChannelConfigPropertyId, Flags: DWORD, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT | NULL, PropertyValueBufferUsed: PDWORD): BOOL {
+    return Wevtapi.Load('EvtGetChannelConfigProperty')(ChannelConfig, PropertyId, Flags, PropertyValueBufferSize, PropertyValueBuffer, PropertyValueBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgeteventinfo
+  public static EvtGetEventInfo(Event: EVT_HANDLE, PropertyId: EvtEventPropertyId, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT | NULL, PropertyValueBufferUsed: PDWORD): BOOL {
+    return Wevtapi.Load('EvtGetEventInfo')(Event, PropertyId, PropertyValueBufferSize, PropertyValueBuffer, PropertyValueBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgeteventmetadataproperty
+  public static EvtGetEventMetadataProperty(
+    EventMetadata: EVT_HANDLE,
+    PropertyId: EvtEventMetadataPropertyId,
+    Flags: DWORD,
+    EventMetadataPropertyBufferSize: DWORD,
+    EventMetadataPropertyBuffer: PEVT_VARIANT | NULL,
+    EventMetadataPropertyBufferUsed: PDWORD,
+  ): BOOL {
+    return Wevtapi.Load('EvtGetEventMetadataProperty')(EventMetadata, PropertyId, Flags, EventMetadataPropertyBufferSize, EventMetadataPropertyBuffer, EventMetadataPropertyBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetextendedstatus
+  public static EvtGetExtendedStatus(BufferSize: DWORD, Buffer: LPWSTR | NULL, BufferUsed: PDWORD): DWORD {
+    return Wevtapi.Load('EvtGetExtendedStatus')(BufferSize, Buffer, BufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetloginfo
+  public static EvtGetLogInfo(Log: EVT_HANDLE, PropertyId: EvtLogPropertyId, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT | NULL, PropertyValueBufferUsed: PDWORD): BOOL {
+    return Wevtapi.Load('EvtGetLogInfo')(Log, PropertyId, PropertyValueBufferSize, PropertyValueBuffer, PropertyValueBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetobjectarrayproperty
+  public static EvtGetObjectArrayProperty(
+    ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE,
+    PropertyId: DWORD,
+    ArrayIndex: DWORD,
+    Flags: DWORD,
+    PropertyValueBufferSize: DWORD,
+    PropertyValueBuffer: PEVT_VARIANT | NULL,
+    PropertyValueBufferUsed: PDWORD,
+  ): BOOL {
+    return Wevtapi.Load('EvtGetObjectArrayProperty')(ObjectArray, PropertyId, ArrayIndex, Flags, PropertyValueBufferSize, PropertyValueBuffer, PropertyValueBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetobjectarraysize
+  public static EvtGetObjectArraySize(ObjectArray: EVT_OBJECT_ARRAY_PROPERTY_HANDLE, ObjectArraySize: PDWORD): BOOL {
+    return Wevtapi.Load('EvtGetObjectArraySize')(ObjectArray, ObjectArraySize);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetpublishermetadataproperty
+  public static EvtGetPublisherMetadataProperty(
+    PublisherMetadata: EVT_HANDLE,
+    PropertyId: EvtPublisherMetadataPropertyId,
+    Flags: DWORD,
+    PublisherMetadataPropertyBufferSize: DWORD,
+    PublisherMetadataPropertyBuffer: PEVT_VARIANT | NULL,
+    PublisherMetadataPropertyBufferUsed: PDWORD,
+  ): BOOL {
+    return Wevtapi.Load('EvtGetPublisherMetadataProperty')(PublisherMetadata, PropertyId, Flags, PublisherMetadataPropertyBufferSize, PublisherMetadataPropertyBuffer, PublisherMetadataPropertyBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtgetqueryinfo
+  public static EvtGetQueryInfo(QueryOrSubscription: EVT_HANDLE, PropertyId: EvtQueryPropertyId, PropertyValueBufferSize: DWORD, PropertyValueBuffer: PEVT_VARIANT | NULL, PropertyValueBufferUsed: PDWORD): BOOL {
+    return Wevtapi.Load('EvtGetQueryInfo')(QueryOrSubscription, PropertyId, PropertyValueBufferSize, PropertyValueBuffer, PropertyValueBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtnext
+  public static EvtNext(ResultSet: EVT_HANDLE, EventsSize: DWORD, Events: PEVT_HANDLE, Timeout: DWORD, Flags: DWORD, Returned: PDWORD): BOOL {
+    return Wevtapi.Load('EvtNext')(ResultSet, EventsSize, Events, Timeout, Flags, Returned);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtnextchannelpath
+  public static EvtNextChannelPath(ChannelEnum: EVT_HANDLE, ChannelPathBufferSize: DWORD, ChannelPathBuffer: LPWSTR | NULL, ChannelPathBufferUsed: PDWORD): BOOL {
+    return Wevtapi.Load('EvtNextChannelPath')(ChannelEnum, ChannelPathBufferSize, ChannelPathBuffer, ChannelPathBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtnexteventmetadata
+  public static EvtNextEventMetadata(EventMetadataEnum: EVT_HANDLE, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtNextEventMetadata')(EventMetadataEnum, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtnextpublisherid
+  public static EvtNextPublisherId(PublisherEnum: EVT_HANDLE, PublisherIdBufferSize: DWORD, PublisherIdBuffer: LPWSTR | NULL, PublisherIdBufferUsed: PDWORD): BOOL {
+    return Wevtapi.Load('EvtNextPublisherId')(PublisherEnum, PublisherIdBufferSize, PublisherIdBuffer, PublisherIdBufferUsed);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopenchannelconfig
+  public static EvtOpenChannelConfig(Session: EVT_HANDLE | 0n, ChannelPath: LPCWSTR, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenChannelConfig')(Session, ChannelPath, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopenchannelenum
+  public static EvtOpenChannelEnum(Session: EVT_HANDLE | 0n, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenChannelEnum')(Session, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopeneventmetadataenum
+  public static EvtOpenEventMetadataEnum(PublisherMetadata: EVT_HANDLE, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenEventMetadataEnum')(PublisherMetadata, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopenlog
+  public static EvtOpenLog(Session: EVT_HANDLE | 0n, Path: LPCWSTR, Flags: EvtOpenLogFlags): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenLog')(Session, Path, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopenpublisherenum
+  public static EvtOpenPublisherEnum(Session: EVT_HANDLE | 0n, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenPublisherEnum')(Session, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopenpublishermetadata
+  public static EvtOpenPublisherMetadata(Session: EVT_HANDLE | 0n, PublisherId: LPCWSTR, LogFilePath: LPCWSTR | NULL, Locale: LCID, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenPublisherMetadata')(Session, PublisherId, LogFilePath, Locale, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtopensession
+  public static EvtOpenSession(LoginClass: EvtLoginClass, Login: PEVT_RPC_LOGIN, Timeout: DWORD, Flags: DWORD): EVT_HANDLE {
+    return Wevtapi.Load('EvtOpenSession')(LoginClass, Login, Timeout, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtquery
+  public static EvtQuery(Session: EVT_HANDLE | 0n, Path: LPCWSTR | NULL, Query: LPCWSTR | NULL, Flags: EvtQueryFlags): EVT_HANDLE {
+    return Wevtapi.Load('EvtQuery')(Session, Path, Query, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtrender
+  public static EvtRender(Context: EVT_HANDLE | 0n, Fragment: EVT_HANDLE, Flags: EvtRenderFlags, BufferSize: DWORD, Buffer: PVOID | NULL, BufferUsed: PDWORD, PropertyCount: PDWORD): BOOL {
+    return Wevtapi.Load('EvtRender')(Context, Fragment, Flags, BufferSize, Buffer, BufferUsed, PropertyCount);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtsavechannelconfig
+  public static EvtSaveChannelConfig(ChannelConfig: EVT_HANDLE, Flags: DWORD): BOOL {
+    return Wevtapi.Load('EvtSaveChannelConfig')(ChannelConfig, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtseek
+  public static EvtSeek(ResultSet: EVT_HANDLE, Position: LONGLONG, Bookmark: EVT_HANDLE | 0n, Timeout: DWORD, Flags: EvtSeekFlags): BOOL {
+    return Wevtapi.Load('EvtSeek')(ResultSet, Position, Bookmark, Timeout, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtsetchannelconfigproperty
+  public static EvtSetChannelConfigProperty(ChannelConfig: EVT_HANDLE, PropertyId: EvtChannelConfigPropertyId, Flags: DWORD, PropertyValue: PEVT_VARIANT): BOOL {
+    return Wevtapi.Load('EvtSetChannelConfigProperty')(ChannelConfig, PropertyId, Flags, PropertyValue);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtsubscribe
+  public static EvtSubscribe(
+    Session: EVT_HANDLE | 0n,
+    SignalEvent: HANDLE | 0n,
+    ChannelPath: LPCWSTR | NULL,
+    Query: LPCWSTR | NULL,
+    Bookmark: EVT_HANDLE | 0n,
+    Context: PVOID | NULL,
+    Callback: EVT_SUBSCRIBE_CALLBACK | NULL,
+    Flags: EvtSubscribeFlags,
+  ): EVT_HANDLE {
+    return Wevtapi.Load('EvtSubscribe')(Session, SignalEvent, ChannelPath, Query, Bookmark, Context, Callback, Flags);
+  }
+  // https://learn.microsoft.com/en-us/windows/win32/api/winevt/nf-winevt-evtupdatebookmark
+  public static EvtUpdateBookmark(Bookmark: EVT_HANDLE, Event: EVT_HANDLE): BOOL {
+    return Wevtapi.Load('EvtUpdateBookmark')(Bookmark, Event);
+  }
+}
+export default Wevtapi;

package/types/Wevtapi.ts ADDED Viewed

@@ -0,0 +1,269 @@
+import type { Pointer } from 'bun:ffi';
+import type { DWORD, HANDLE } from '@bun-win32/core';
+export type { BOOL, DWORD, HANDLE, LPCWSTR, LPWSTR, NULL, PDWORD, PVOID } from '@bun-win32/core';
+export const EVT_ALL_ACCESS = 0x0000_0007;
+export const EVT_CLEAR_ACCESS = 0x0000_0004;
+export const EVT_READ_ACCESS = 0x0000_0001;
+export const EVT_VARIANT_TYPE_ARRAY = 0x0080;
+export const EVT_VARIANT_TYPE_MASK = 0x007f;
+export const EVT_WRITE_ACCESS = 0x0000_0002;
+export enum EvtChannelClockType {
+  EvtChannelClockTypeSystemTime = 0,
+  EvtChannelClockTypeQPC,
+}
+export enum EvtChannelConfigPropertyId {
+  EvtChannelConfigEnabled = 0,
+  EvtChannelConfigIsolation,
+  EvtChannelConfigType,
+  EvtChannelConfigOwningPublisher,
+  EvtChannelConfigClassicEventlog,
+  EvtChannelConfigAccess,
+  EvtChannelLoggingConfigRetention,
+  EvtChannelLoggingConfigAutoBackup,
+  EvtChannelLoggingConfigMaxSize,
+  EvtChannelLoggingConfigLogFilePath,
+  EvtChannelPublishingConfigLevel,
+  EvtChannelPublishingConfigKeywords,
+  EvtChannelPublishingConfigControlGuid,
+  EvtChannelPublishingConfigBufferSize,
+  EvtChannelPublishingConfigMinBuffers,
+  EvtChannelPublishingConfigMaxBuffers,
+  EvtChannelPublishingConfigLatency,
+  EvtChannelPublishingConfigClockType,
+  EvtChannelPublishingConfigSidType,
+  EvtChannelPublisherList,
+  EvtChannelPublishingConfigFileMax,
+  EvtChannelConfigPropertyIdEND,
+}
+export enum EvtChannelIsolationType {
+  EvtChannelIsolationTypeApplication = 0,
+  EvtChannelIsolationTypeSystem,
+  EvtChannelIsolationTypeCustom,
+}
+export enum EvtChannelReferenceFlags {
+  EvtChannelReferenceImported = 0x0000_0001,
+}
+export enum EvtChannelSidType {
+  EvtChannelSidTypeNone = 0,
+  EvtChannelSidTypePublishing,
+}
+export enum EvtChannelType {
+  EvtChannelTypeAdmin = 0,
+  EvtChannelTypeOperational,
+  EvtChannelTypeAnalytic,
+  EvtChannelTypeDebug,
+}
+export enum EvtEventMetadataPropertyId {
+  EventMetadataEventID = 0,
+  EventMetadataEventVersion,
+  EventMetadataEventChannel,
+  EventMetadataEventLevel,
+  EventMetadataEventOpcode,
+  EventMetadataEventTask,
+  EventMetadataEventKeyword,
+  EventMetadataEventMessageID,
+  EventMetadataEventTemplate,
+  EvtEventMetadataPropertyIdEND,
+}
+export enum EvtEventPropertyId {
+  EvtEventQueryIDs = 0,
+  EvtEventPath,
+  EvtEventPropertyIdEND,
+}
+export enum EvtExportLogFlags {
+  EvtExportLogChannelPath = 0x0000_0001,
+  EvtExportLogFilePath = 0x0000_0002,
+  EvtExportLogTolerateQueryErrors = 0x0000_1000,
+  EvtExportLogOverwrite = 0x0000_2000,
+}
+export enum EvtFormatMessageFlags {
+  EvtFormatMessageEvent = 1,
+  EvtFormatMessageLevel,
+  EvtFormatMessageTask,
+  EvtFormatMessageOpcode,
+  EvtFormatMessageKeyword,
+  EvtFormatMessageChannel,
+  EvtFormatMessageProvider,
+  EvtFormatMessageId,
+  EvtFormatMessageXml,
+}
+export enum EvtLoginClass {
+  EvtRpcLogin = 1,
+}
+export enum EvtLogPropertyId {
+  EvtLogCreationTime = 0,
+  EvtLogLastAccessTime,
+  EvtLogLastWriteTime,
+  EvtLogFileSize,
+  EvtLogAttributes,
+  EvtLogNumberOfLogRecords,
+  EvtLogOldestRecordNumber,
+  EvtLogFull,
+}
+export enum EvtOpenLogFlags {
+  EvtOpenChannelPath = 0x0000_0001,
+  EvtOpenFilePath = 0x0000_0002,
+}
+export enum EvtPublisherMetadataPropertyId {
+  EvtPublisherMetadataPublisherGuid = 0,
+  EvtPublisherMetadataResourceFilePath,
+  EvtPublisherMetadataParameterFilePath,
+  EvtPublisherMetadataMessageFilePath,
+  EvtPublisherMetadataHelpLink,
+  EvtPublisherMetadataPublisherMessageID,
+  EvtPublisherMetadataChannelReferences,
+  EvtPublisherMetadataChannelReferencePath,
+  EvtPublisherMetadataChannelReferenceIndex,
+  EvtPublisherMetadataChannelReferenceID,
+  EvtPublisherMetadataChannelReferenceFlags,
+  EvtPublisherMetadataChannelReferenceMessageID,
+  EvtPublisherMetadataLevels,
+  EvtPublisherMetadataLevelName,
+  EvtPublisherMetadataLevelValue,
+  EvtPublisherMetadataLevelMessageID,
+  EvtPublisherMetadataTasks,
+  EvtPublisherMetadataTaskName,
+  EvtPublisherMetadataTaskEventGuid,
+  EvtPublisherMetadataTaskValue,
+  EvtPublisherMetadataTaskMessageID,
+  EvtPublisherMetadataOpcodes,
+  EvtPublisherMetadataOpcodeName,
+  EvtPublisherMetadataOpcodeValue,
+  EvtPublisherMetadataOpcodeMessageID,
+  EvtPublisherMetadataKeywords,
+  EvtPublisherMetadataKeywordName,
+  EvtPublisherMetadataKeywordValue,
+  EvtPublisherMetadataKeywordMessageID,
+  EvtPublisherMetadataPropertyIdEND,
+}
+export enum EvtQueryFlags {
+  EvtQueryChannelPath = 0x0000_0001,
+  EvtQueryFilePath = 0x0000_0002,
+  EvtQueryForwardDirection = 0x0000_0100,
+  EvtQueryReverseDirection = 0x0000_0200,
+  EvtQueryTolerateQueryErrors = 0x0000_1000,
+}
+export enum EvtQueryPropertyId {
+  EvtQueryNames = 0,
+  EvtQueryStatuses,
+  EvtQueryPropertyIdEND,
+}
+export enum EvtRenderContextFlags {
+  EvtRenderContextValues = 0,
+  EvtRenderContextSystem,
+  EvtRenderContextUser,
+}
+export enum EvtRenderFlags {
+  EvtRenderEventValues = 0,
+  EvtRenderEventXml,
+  EvtRenderBookmark,
+}
+export enum EvtRpcLoginFlags {
+  EvtRpcLoginAuthDefault = 0,
+  EvtRpcLoginAuthNegotiate,
+  EvtRpcLoginAuthKerberos,
+  EvtRpcLoginAuthNTLM,
+}
+export enum EvtSeekFlags {
+  EvtSeekRelativeToFirst = 1,
+  EvtSeekRelativeToLast = 2,
+  EvtSeekRelativeToCurrent = 3,
+  EvtSeekRelativeToBookmark = 4,
+  EvtSeekOriginMask = 7,
+  EvtSeekStrict = 0x0001_0000,
+}
+export enum EvtSubscribeFlags {
+  EvtSubscribeToFutureEvents = 1,
+  EvtSubscribeStartAtOldestRecord = 2,
+  EvtSubscribeStartAfterBookmark = 3,
+  EvtSubscribeOriginMask = 3,
+  EvtSubscribeTolerateQueryErrors = 0x0000_1000,
+  EvtSubscribeStrict = 0x0001_0000,
+}
+export enum EvtSubscribeNotifyAction {
+  EvtSubscribeActionError = 0,
+  EvtSubscribeActionDeliver,
+}
+export enum EvtSystemPropertyId {
+  EvtSystemProviderName = 0,
+  EvtSystemProviderGuid,
+  EvtSystemEventID,
+  EvtSystemQualifiers,
+  EvtSystemLevel,
+  EvtSystemTask,
+  EvtSystemOpcode,
+  EvtSystemKeywords,
+  EvtSystemTimeCreated,
+  EvtSystemEventRecordId,
+  EvtSystemActivityID,
+  EvtSystemRelatedActivityID,
+  EvtSystemProcessID,
+  EvtSystemThreadID,
+  EvtSystemChannel,
+  EvtSystemComputer,
+  EvtSystemUserID,
+  EvtSystemVersion,
+  EvtSystemPropertyIdEND,
+}
+export enum EvtVariantType {
+  EvtVarTypeNull = 0,
+  EvtVarTypeString,
+  EvtVarTypeAnsiString,
+  EvtVarTypeSByte,
+  EvtVarTypeByte,
+  EvtVarTypeInt16,
+  EvtVarTypeUInt16,
+  EvtVarTypeInt32,
+  EvtVarTypeUInt32,
+  EvtVarTypeInt64,
+  EvtVarTypeUInt64,
+  EvtVarTypeSingle,
+  EvtVarTypeDouble,
+  EvtVarTypeBoolean,
+  EvtVarTypeBinary,
+  EvtVarTypeGuid,
+  EvtVarTypeSizeT,
+  EvtVarTypeFileTime,
+  EvtVarTypeSysTime,
+  EvtVarTypeSid,
+  EvtVarTypeHexInt32,
+  EvtVarTypeHexInt64,
+  EvtVarTypeEvtHandle = 32,
+  EvtVarTypeEvtXml = 35,
+}
+export type EVT_HANDLE = HANDLE;
+export type EVT_OBJECT_ARRAY_PROPERTY_HANDLE = HANDLE;
+export type EVT_SUBSCRIBE_CALLBACK = Pointer;
+export type LCID = DWORD;
+export type LONGLONG = bigint;
+export type PEVT_HANDLE = Pointer;
+export type PEVT_RPC_LOGIN = Pointer;
+export type PEVT_VARIANT = Pointer;
+export type PLPCWSTR = Pointer;