One of the major novelties of the Windows event logging is that it supports an extensive set of data types. Those above the API are documented in a header file (WinEvt.h) and in the Microsoft Developer Network, of course.
| Code | Name | Meaning |
|---|---|---|
| 0x00 | TypeNull | suppresses optional substitution |
| 0x01 | TypeString | UCS2-LE |
| 0x02 | TypeAnsiString | |
| 0x03 | TypeSByte | signed 8bit integer |
| 0x04 | TypeByte | unsigned 8bit integer |
| 0x05 | TypeInt16 | signed 16bit integer |
| 0x06 | TypeUInt16 | unsigned 16bit integer |
| 0x07 | TypeInt32 | signed 32bit integer |
| 0x08 | TypeUInt32 | unsigned 32bit integer |
| 0x09 | TypeInt64 | signed 64bit integer |
| 0x0a | TypeUInt64 | unsigned 64bit integer |
| 0x0b | TypeSignle | single precision floating point number |
| 0x0c | TypeDouble | double precision floating point number |
| 0x0d | TypeBoolean | true/false, occupies 4 bytes |
| 0x0e | TypeBinary | stream of binary data |
| 0x0f | TypeGuid | global unique identifier, 16 bytes |
| 0x10 | TypeSizeT | size_t, either 32 or 64bit wide |
| 0x11 | TypeFileTime | 64 bit, 100ns since 1601-01-01 00:00:00 |
| 0x12 | TypeSysTime | 32bit, seconds since 1970-01-01 00:00:00 |
| 0x13 | TypeSid | security identifier (variable length) |
| 0x14 | TypeHexInt32 | 32bit integer in hex notation |
| 0x15 | TypeHexInt64 | 64bit integer in hex notation |
| 0x20 | TypeEvtHandle | event log object |
| 0x21 | TypeEvtBXml | undocumented binary XML for an event |
| 0x23 | TypeEvtXml | XML for an event |
