????

Your IP : 3.145.149.120

Current Path : C:/Windows/System32/wbem/
Upload File :
Current File : C:/Windows/System32/wbem/msv1_0.mof

//*********************************************
//*** MSV1_0 SSP: MSV1_0
//*********************************************
#pragma autorecover
#pragma classflags("forceupdate")
#pragma namespace ("\\\\.\\Root\\WMI")

[Dynamic, 
    Description("Security: NTLM Authentication") : amended,
    Guid("{5BBB6C18-AA45-49b1-A15F-085F7ED0AA90}"),
    locale("MS\\0x409")]
class MSV1_0DebugTrace : EventTrace
{      
    [
        Description ("Enable Flags") : amended,
        
        ValueDescriptions{
            "Error Flag", "Warning Flag", "Init Flag", "Misc Flag", 
            "Logon Session Flag", "Leak Track Flag", "Lpc Flag", "Lpc More Flag",
            "Api Flag", "Api More Flag", "Session Keys Flag", "Negotiate Flag", 
            "Updates Flag", "NTLM V2 Flag", "Credentials Flag", "Protocol Version Flag",
            "Target Flag"} : amended,
        
        Values{"Error", "Warning", "Init", "Misc", 
               "LogonSess", "Leak", "Lpc", "LpcMore",
               "Api", "ApiMore", "SKey", "Nego", 
               "Updates", "NtLmV2", "Cred", "Version",
               "Target"},
        
        ValueMap{"0x00000001", "0x00000002", "0x00000004", "0x00000008", 
                 "0x00000010", "0x00000020", "0x00000040", "0x00000080",
                 "0x00000100", "0x00000200", "0x00000400", "0x00000800", 
                 "0x00001000", "0x00002000", "0x00004000", "0x00008000",
                 "0x00010000"} : amended
    ]

    uint32 Flags;
};

[Dynamic, 
  Description("NTLM Security Protocol") : amended,
  Guid("{C92CF544-91B3-4dc0-8E11-C580339A0BF8}"),
  locale("MS\\0x409")]
class MSV1_0Trace:EventTrace
{      
};

[Dynamic,
 Description("NTLM Server Accept") : amended,
 Guid("{94d4c9eb-0d01-41ae-99e8-15b26b593a83}"),
 DisplayName("NtlmServerAccept"),
 locale("MS\\0x409")
]
class NtlmServerAccept:MSV1_0Trace
{

};

[Dynamic,
 Description("NTLM Server Accept") : amended,
 EventType(1),
 EventTypeName("Start"),
 locale("MS\\0x409")
]
class NtlmServerAccept_Start:NtlmServerAccept
{
    [WmiDataId(1),
     Description("Stage Hint") : amended,
     read]
     uint32  StageHint;
    [WmiDataId(2),
     Description("In-Context") : amended,
     pointer,
     read]
     uint32  InContext;
};

[Dynamic,
 Description("NTLM Server Accept") : amended,
 EventType(2),
 EventTypeName("End"),
 locale("MS\\0x409")
]
class NtlmServerAccept_End:NtlmServerAccept
{
    [WmiDataId(1),
     Description("Stage Hint") : amended,
     read]
     uint32  StageHint;
    [WmiDataId(2),
     Description("In-Context") : amended,
     pointer,
     read]
     uint32  InContext;
    [WmiDataId(3),
     Description("Out-Context") : amended,
     pointer,
     read]
     uint32  OutContext;
    [WmiDataId(4),
     Description("Status") : amended,
     read]
     uint32  Status;
};

[Dynamic,
 Description("NTLM Server Accept") : amended,
 EventType(0),
 EventTypeName("Info"),
 locale("MS\\0x409")
]
class NtlmServerAccept_Info:NtlmServerAccept
{
    [WmiDataId(1),
     Description("Stage Hint") : amended,
     read]
     uint32  StageHint;
    [WmiDataId(2),
     Description("In-Context") : amended,
     pointer,
     read]
     uint32  InContext;
    [WmiDataId(3),
     Description("Out-Context") : amended,
     pointer,
     read]
     uint32  OutContext;
    [WmiDataId(4),
     Description("Flags") : amended,
     read]
     uint32  Flags;
    [WmiDataId(5),
     Description("Client User Name") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  UserName;
    [WmiDataId(6),
     Description("Client Domain Name") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  DomainName;
    [WmiDataId(7),
     Description("Client Workstation") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  Workstation;
};

[Dynamic,
 Description("NTLM Client Initialize") : amended,        
 Guid("{6df28b22-73be-45cc-ba80-8b332b35a21d}"),
 DisplayName("NtlmClientInitialize"),
 locale("MS\\0x409")
]
class NtlmClientInitialize:MSV1_0Trace
{

};

[Dynamic,
 Description("NTLM Client Initialize") : amended,        
 EventType(1),
 EventTypeName("Start"),
 locale("MS\\0x409")
]
class NtlmClientInitialize_Start:NtlmClientInitialize
{
    [WmiDataId(1),
     Description("Stage Hint") : amended,
     read]
     uint32  StageHint;
    [WmiDataId(2),
     Description("In-Context") : amended,
     pointer,
     read]
     uint32  InContext;
};

[Dynamic,
 Description("NTLM Client Initialize") : amended,        
 EventType(2),
 EventTypeName("End"),
 locale("MS\\0x409")
]
class NtlmClientInitialize_End:NtlmClientInitialize
{
    [WmiDataId(1),
     Description("Stage Hint") : amended,
     read]
     uint32  StageHint;
    [WmiDataId(2),
     Description("In-Context") : amended,
     pointer,
     read]
     uint32  InContext;
    [WmiDataId(3),
     Description("Out-Context") : amended,
     pointer,
     read]
     uint32  OutContext;
    [WmiDataId(4),
     Description("Status") : amended,
     read]
     uint32  Status;
};

[Dynamic,
 Description("NTLM Logon User") : amended,           
 Guid("{19196b33-a302-4c12-9d5a-eac149e93c46}"),
 DisplayName("NtlmLogonUser"),
 locale("MS\\0x409")
]
class NtlmLogonUser:MSV1_0Trace
{

};

[Dynamic,
 Description("NTLM Logon User") : amended,           
 EventType(1),
 EventTypeName("Start"),
 locale("MS\\0x409")
]
class NtlmLogonUser_Start:NtlmLogonUser
{
};

[Dynamic,
 Description("NTLM Logon User") : amended,           
 EventType(2),
 EventTypeName("End"),
 locale("MS\\0x409")
]
class NtlmLogonUser_End:NtlmLogonUser
{
    [WmiDataId(1),
     Description("Status") : amended,
     read]
     uint32  Status;
    [WmiDataId(2),
     Description("Logon Type") : amended,
     read]
     uint32  LogonType;
    [WmiDataId(3),
     Description("User Name") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  UserName;
    [WmiDataId(4),
     Description("Domain Name") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  DomainName;
};

[Dynamic,
 Description("NTLM Validate Credentials") : amended,           
 Guid("{34d84181-c28a-41d8-bb9e-995190df83df}"),
 DisplayName("NtlmValidateUser"),
 locale("MS\\0x409")
]
class NtlmValidateUser:MSV1_0Trace
{

};

[Dynamic,
 Description("NTLM Validate Credentials") : amended,           
 EventType(1),
 EventTypeName("Start"),
 locale("MS\\0x409")
]
class NtlmValidateUser_Start:NtlmValidateUser
{
};

[Dynamic,
 Description("NTLM Validate Credentials") : amended,           
 EventType(2),
 EventTypeName("End"),
 locale("MS\\0x409")
]
class NtlmValidateUser_End:NtlmValidateUser
{
    [WmiDataId(1),
     Description("Success Bitmask") : amended,
     read]
     uint32  Success;
    [WmiDataId(2),
     Description("Logon Server") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  LogonServer;
    [WmiDataId(3),
     Description("Domain Name") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  LogonDomain;
    [WmiDataId(4),
     Description("User Name") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  UserName;
    [WmiDataId(5),
     Description("Logon Workstation") : amended,
     StringTermination("Counted"),
     format("w"),
     read]
     string  Workstation;
};