#pragma classflags(64)
#pragma namespace("\\\\.\\root\\wmi")

[Dynamic,Guid("{D75D8303-6C21-4bde-9C98-ECC6320F9291}")] 
class MSNT_FileBaseTrace_Set1 : EventTrace
{
  [DefineValues{"EVENT_TRACE_FLAG_CREATE", "EVENT_TRACE_FLAG_CREATENAMEDPIPE", "EVENT_TRACE_FLAG_CLOSE", "EVENT_TRACE_FLAG_READ", "EVENT_TRACE_FLAG_WRITE", "EVENT_TRACE_FLAG_QUERYINFORMATION", "EVENT_TRACE_FLAG_SETINFORMATION", "EVENT_TRACE_FLAG_QUERYEA", "EVENT_TRACE_FLAG_SETEA", "EVENT_TRACE_FLAG_FLUSHBUFFERS", "EVENT_TRACE_FLAG_QUERYVOLINFO", "EVENT_TRACE_FLAG_SETVOLINFO", "EVENT_TRACE_FLAG_DIRECTORYCONTROL", "EVENT_TRACE_FLAG_FILESYSCONTROL", "EVENT_TRACE_FLAG_DEVICECONTROL", "EVENT_TRACE_FLAG_INTERNALDEVICECONTROL", "EVENT_TRACE_FLAG_SHUTDOWN", "EVENT_TRACE_FLAG_LOCKCONTROL", "EVENT_TRACE_FLAG_CLEANUP", "EVENT_TRACE_FLAG_CREATEMAILSLOT", "EVENT_TRACE_FLAG_QUERYSECURITY", "EVENT_TRACE_FLAG_SETSECURITY", "EVENT_TRACE_FLAG_POWER", "EVENT_TRACE_FLAG_SYSTEMCONTROL", "EVENT_TRACE_FLAG_DEVICECHANGE", "EVENT_TRACE_FLAG_QUERYQUOTA", "EVENT_TRACE_FLAG_SETQUOTA", "EVENT_TRACE_FLAG_PNP"},Values{"create", "createnamedpipe", "close", "read", "write", "queryinfo", "setinfo", "queryea", "setea", "flushbuffers", "queryvolinfo", "setvolinfo", "directorycontrol", "filesystemcontrol", "devicecontrol", "internaldevicecontrol", "shutdown", "lockcontrol", "cleanup", "createmailslot", "querysecurity", "setsecurity", "power", "systemcontrol", "devicechange", "queryquota", "setquota", "pnp"},ValueMap{"0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000", "0x00800000", "0x01000000", "0x02000000", "0x04000000", "0x08000000"}] uint32 Flags;
};

[Dynamic,Guid("{058DD951-7604-414d-A5D6-A56D35367A46}")] 
class MSNT_FileBaseTrace_Set2 : EventTrace
{
  [DefineValues{"EVENT_TRACE_FLAG_ACQUIRESECTIONSYNCH", "EVENT_TRACE_FLAG_RELEASESECTIONSYNCH", "EVENT_TRACE_FLAG_ACQUIREMODWRITE", "EVENT_TRACE_FLAG_RELEASEMODWRITE", "EVENT_TRACE_FLAG_ACQUIRECCFLUSH", "EVENT_TRACE_FLAG_RELEASECCFLUSH", "EVENT_TRACE_FLAG_NOTIFYSTREAMFILEOBJ", "EVENT_TRACE_FLAG_FASTIOCHECKIFPOSSIBLE", "EVENT_TRACE_FLAG_NETWORKQUERYOPEN", "EVENT_TRACE_FLAG_MDLREAD", "EVENT_TRACE_FLAG_MDLREADCOMPLETE", "EVENT_TRACE_FLAG_PREPAREMDLWRITE", "EVENT_TRACE_FLAG_MDLWRITECOMPLETE", "EVENT_TRACE_FLAG_VOLUMEMOUNT", "EVENT_TRACE_FLAG_VOLUMEDISMOUNT"},Values{"acquireforsectionsynchronization", "releaseforsectionsynchronization", "acquireformodwrite", "releaseformodwrite", "acquireforccflush", "releaseforccflush", "notifystreamfileobject", "fastiocheckifpossible", "networkqueryopen", "mdlread", "mdlreadcomplete", "preparemdlwrite", "mdlwritecomplete", "volumemount", "volumedismount"},ValueMap{"0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000"}] uint32 Flags;
};

[Dynamic,Guid("{7DA1385C-F8F5-414d-B9D0-02FCA090F1EC}")] 
class MSNT_FileBaseTrace_OptionalData : EventTrace
{
  [DefineValues{"EVENT_TRACE_FLAG_USERCONTEXT", "EVENT_TRACE_FLAG_SESSIONID", "EVENT_TRACE_FLAG_LASTACCESSTIME", "EVENT_TRACE_FLAG_CALLPARAMETERS", "EVENT_TRACE_FLAG_CALLRESULTDATA", "EVENT_TRACE_FLAG_PREVIOUSDATA", "EVENT_TRACE_FLAG_CREATEONEXISTINGFILE", "EVENT_TRACE_FLAG_PROCESSWINDOWSTATION", "EVENT_TRACE_FLAG_BLOCKPAGINGIO"},Values{"usercontext", "sessionid", "lastaccesstime", "callparameters", "callresultdata", "previousdata", "createonexistingfile", "processwindowstation", "blockpagingio"},ValueMap{"0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100"}] uint32 Flags;
};

[Dynamic,Guid("{127D46AF-4AD3-489f-9165-F00BA64D5467}")] 
class MSNT_FileBaseTrace_VolumeToLog : EventTrace
{
  [DefineValues{"EVENT_TRACE_FLAG_A", "EVENT_TRACE_FLAG_B", "EVENT_TRACE_FLAG_C", "EVENT_TRACE_FLAG_D", "EVENT_TRACE_FLAG_E", "EVENT_TRACE_FLAG_F", "EVENT_TRACE_FLAG_G", "EVENT_TRACE_FLAG_H", "EVENT_TRACE_FLAG_I", "EVENT_TRACE_FLAG_J", "EVENT_TRACE_FLAG_K", "EVENT_TRACE_FLAG_L", "EVENT_TRACE_FLAG_M", "EVENT_TRACE_FLAG_N", "EVENT_TRACE_FLAG_O", "EVENT_TRACE_FLAG_P", "EVENT_TRACE_FLAG_Q", "EVENT_TRACE_FLAG_R", "EVENT_TRACE_FLAG_S", "EVENT_TRACE_FLAG_T", "EVENT_TRACE_FLAG_U", "EVENT_TRACE_FLAG_V", "EVENT_TRACE_FLAG_W", "EVENT_TRACE_FLAG_X", "EVENT_TRACE_FLAG_Y", "EVENT_TRACE_FLAG_Z", "EVENT_TRACE_FLAG_ALL", "EVENT_TRACE_FLAG_LOCAL", "EVENT_TRACE_FLAG_NETWORK"},Values{"a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "all", "local", "network"},ValueMap{"0x00000001", "0x00000002", "0x00000004", "0x00000008", "0x00000010", "0x00000020", "0x00000040", "0x00000080", "0x00000100", "0x00000200", "0x00000400", "0x00000800", "0x00001000", "0x00002000", "0x00004000", "0x00008000", "0x00010000", "0x00020000", "0x00040000", "0x00080000", "0x00100000", "0x00200000", "0x00400000", "0x00800000", "0x01000000", "0x02000000", "0x04000000", "0X08000000", "0X10000000"}] uint32 Flags;
};

[Dynamic,Guid("{F681E6CC-EC6C-4ee9-90A6-C0C4E83276C2}"),EventVersion(0)] 
class FileTrace : MSNT_FileBaseTrace_Set1
{
};

[Dynamic,EventType{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 236, 237, 238, 239, 240, 241, 242, 243, 249, 250, 251, 252, 253, 254, 255},EventTypeName("FileTrace")] 
class FileOperation : FileTrace
{
  [WmiDataId(1),format("x"),read] uint32 Status;
  [WmiDataId(2),Values{"NORMALIZE_NAME_COMPONENT", "GENERATE_FILE_NAME", "VOLUME_DISMOUNT", "VOLUME_MOUNT", "MDL_WRITE_COMPLETE", "PREPARE_MDL_WRITE", "MDL_READ_COMPLETE", "MDL_READ", "NETWORK_QUERY_OPEN", "FAST_IO_CHECK_IF_POSSIBLE", "NOTIFY_STREAM_FILE_OBJECT", "RELEASE_FOR_CC_FLUSH", "ACQUIRE_FOR_CC_FLUSH", "RELEASE_FOR_MOD_WRITE", "ACQUIRE_FOR_MOD_WRITE", "RELEASE_FOR_SECTION_SYNCHRONIZATION", "ACQUIRE_FOR_SECTION_SYNCHRONIZATION", "CREATE", "CREATE_NAMED_PIPE", "CLOSE", "READ", "WRITE", "QUERY_INFORMATION", "SET_INFORMATION", "QUERY_EA", "SET_EA", "FLUSH_BUFFERS", "QUERY_VOLUME_INFORMATION", "SET_VOLUME_INFORMATION", "DIRECTORY_CONTROL", "FILE_SYSTEM_CONTROL", "DEVICE_CONTROL", "INTERNAL_DEVICE_CONTROL", "SHUTDOWN", "LOCK_CONTROL", "CLEANUP", "CREATE_MAILSLOT", "QUERY_SECURITY", "SET_SECURITY", "POWER", "SYSTEM_CONTROL", "DEVICE_CHANGE", "QUERY_QUOTA", "SET_QUOTA", "PNP"},ValueMap{"0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "15", "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", "30", "31", "32", "33", "34", "35", "36", "37", "38", "39", "40", "41", "42", "43", "44", "45", "46", "47", "48", "49"},read] uint8 Operation;
  [WmiDataId(3),read] uint8 MinorOperation;
  [WmiDataId(4),read] uint32 SequenceNumber;
  [WmiDataId(5),read] uint8 IsPagingIO;
  [WmiDataId(6),read] uint8 IsFastIO;
  [WmiDataId(7),Values{"False", "True", "NA"},ValueMap{"0", "1", "2"},read] uint8 IsDirectory;
  [WmiDataId(8),Values{"False", "True", "NA"},ValueMap{"0", "1", "2"},read] uint8 CreateOnExisting;
  [WmiDataId(9),read] sint64 StartTime;
  [WmiDataId(10),read] uint32 ProcessId;
  [WmiDataId(11),read] sint64 ProcessCreateTime;
  [WmiDataId(12),format("x"),pointer,read] uint64 FileObject;
  [WmiDataId(13),read] sint64 LastAccessTime;
  [WmiDataId(14),read] uint32 SessionId;
  [WmiDataId(15),pointer,read] uint64 WindowStation;
  [WmiDataId(16),pointer,read] uint32 AccessToken;
  [WmiDataId(17),read] uint32 SidLength;
  [WmiDataId(18),read] uint32 ParametersLength;
  [WmiDataId(19),read] uint32 ResultLength;
  [WmiDataId(20),read] uint32 PreviousValueLength;
  [WmiDataId(21),extension("Sid"),read] object UserSID;
  [WmiDataId(22),WmiSizeIs("ParametersLength"),read] uint8 OperationalParameters[];
  [WmiDataId(23),WmiSizeIs("ResultLength"),read] uint8 ResultData[];
  [WmiDataId(24),WmiSizeIs("PreviousValueLength"),read] uint8 PreviousValue[];
  [WmiDataId(25),StringTermination("NullTerminated"),format("w"),read] string FileName;
  [WmiDataId(26),StringTermination("NullTerminated"),format("w"),read] string VolumeDosName;
  [WmiDataId(27),StringTermination("NullTerminated"),format("w"),read] string VolumeGuidName;
  [WmiDataId(28),StringTermination("NullTerminated"),format("w"),read] string VolumeName;
};