Upravit

Sdílet prostřednictvím


Event Tracing

Overview of the Event Tracing technology.

To develop Event Tracing, you need these headers:

For programming guidance for this technology, see:

Enumerations

 
_TDH_IN_TYPE

Defines the supported [in] types for a trace data helper (TDH).
_TDH_OUT_TYPE

Defines the supported [out] types for a trace data helper (TDH).
DECODING_SOURCE

Defines the source of the event data.
ETW_CONTEXT_REGISTER_TYPES

Specifies the set of registers to be collected when Context Register Tracing is enabled.
ETW_PROCESS_HANDLE_INFO_TYPE

Specifies the operation that will be performed on a trace processing session.
ETW_PROCESS_TRACE_MODES

Specifies the supported process trace modes.
ETW_PROVIDER_TRAIT_TYPE

Specifies the types of Provider Traits supported by Event Tracing for Windows (ETW).
EVENT_FIELD_TYPE

Defines the provider information to retrieve.
EVENT_INFO_CLASS

The EVENT_INFO_CLASS enumeration type is used with the EventSetInformation function to specify the configuration operation to be performed on an ETW event provider registration.
EVENTSECURITYOPERATION

Defines what component of the security descriptor that the EventAccessControl function modifies.
MAP_FLAGS

Defines constant values that indicate if the map is a value map, bitmap, or pattern map.
MAP_VALUETYPE

Defines if the value map value is in a ULONG data type or a string.
PAYLOAD_OPERATOR

Defines the supported payload operators for a trace data helper (TDH).
PROPERTY_FLAGS

Defines if the property is contained in a structure or array.
TDH_CONTEXT_TYPE

Defines the context type.
TEMPLATE_FLAGS

Defines constant values that indicates the layout of the event data.
TRACE_QUERY_INFO_CLASS

Used with EnumerateTraceGuidsEx and TraceSetInformation to specify a type of trace information.

Functions

 
AddLogfileTraceStream

Adds a new logfile-based ETW trace stream to the relogger.
AddRealtimeTraceStream

Adds a new real-time ETW trace stream to the relogger.
Cancel

Terminates the relogging process.
Clone

Creates a duplicate copy of an event.
CloseTrace

The CloseTrace function closes a trace processing session that was created with OpenTrace.
ControlTraceA

The ControlTraceA (ANSI) function (evntrace.h) flushes, queries, updates, or stops the specified event tracing session.
ControlTraceW

The ControlTraceW (Unicode) function (evntrace.h) flushes, queries, updates, or stops the specified event tracing session.
CreateEventInstance

Generates a new event.
CreateTraceInstanceId

A RegisterTraceGuids-based ("Classic") event provider uses the CreateTraceInstanceId function to create a unique transaction identifier and map it to a registration handle. The provider can then use the transaction identifier when calling the TraceEventInstance function.
CveEventWrite

A tracing function for publishing events when an attempted security vulnerability exploit is detected in your user-mode application.
DECLSPEC_XFGVIRT

EMI_MAP_FORMAT

Macro that retrieves the event map format.
EMI_MAP_INPUT

Macro that retrieves the event map input.
EMI_MAP_NAME

Macro that retrieves the event map name.
EMI_MAP_OUTPUT

Macro that retrieves the event map output.
EnableTrace

A trace session controller calls EnableTrace to configure how an ETW event provider logs events to a trace session. The EnableTraceEx2 function supersedes this function.
EnableTraceEx

A trace session controller calls EnableTraceEx to configure how an ETW event provider logs events to a trace session. The EnableTraceEx2 function supersedes this function.
EnableTraceEx2

A trace session controller calls EnableTraceEx2 to configure how an ETW event provider logs events to a trace session.
EnumerateTraceGuids

Retrieves information about event trace providers that are currently running on the computer. The EnumerateTraceGuidsEx function supersedes this function.
EnumerateTraceGuidsEx

Retrieves information about event trace providers that are currently running on the computer.
EtwGetTraitFromProviderTraits

EventAccessControl

Adds or modifies the permissions of the specified provider or session.
EventAccessQuery

Retrieves the permissions for the specified controller or provider.
EventAccessRemove

Removes the permissions defined in the registry for the specified provider or session.
EventActivityIdControl

Creates, queries, and sets activity identifiers for use in ETW events.
EventDataDescCreate

Sets the values of an EVENT_DATA_DESCRIPTOR.
EventDescCreate

Sets the values of an event descriptor.
EventDescGetChannel

Retrieves the channel from the event descriptor.
EventDescGetId

Retrieves the event identifier from the event descriptor.
EventDescGetKeyword

Retrieves the keyword from the event descriptor.
EventDescGetLevel

Retrieves the severity level from the event descriptor.
EventDescGetOpcode

Retrieves the operation code from the event descriptor.
EventDescGetTask

Retrieves the task from the event descriptor.
EventDescGetVersion

Retrieves the version from the event descriptor.
EventDescOrKeyword

Adds another keyword to the event descriptor.
EventDescSetChannel

Sets the Channel member of the event descriptor.
EventDescSetId

Sets the Id member of the event descriptor.
EventDescSetKeyword

Sets the Keyword member of the event descriptor.
EventDescSetLevel

Sets the Level member of the event descriptor.
EventDescSetOpcode

Sets the Opcode member of the event descriptor.
EventDescSetTask

Sets the Task member of the event descriptor.
EventDescSetVersion

Sets the Version member of the event descriptor.
EventDescZero

Initializes an event descriptor to zero.
EventEnabled

Determines whether an event provider should generate a particular event based on the event's EVENT_DESCRIPTOR.
EventProviderEnabled

Determines whether an event provider should generate a particular event based on the event's Level and Keyword.
EventRegister

Registers an ETW event provider, creating a handle that can be used to write ETW events.
EventSetInformation

Configures an ETW event provider.
EventUnregister

Unregisters an ETW event provider.
EventWrite

Writes an ETW event that uses the current thread's activity ID.
EventWriteEx

Writes an ETW event with an activity ID, an optional related activity ID, session filters, and special options.
EventWriteString

Writes an ETW event that contains a string as its data. This function should not be used.
EventWriteTransfer

Writes an ETW event with an activity ID and an optional related activity ID.
FlushTraceA

The FlushTraceA (ANSI) function (evntrace.h) causes an event tracing session to immediately deliver buffered events for the specified session.
FlushTraceW

The FlushTraceW (Unicode) function (evntrace.h) causes an event tracing session to immediately deliver buffered events for the specified session.
GetEventProcessorIndex

GetEventRecord

Retrieves the event record that describes an event.
GetTraceEnableFlags

A RegisterTraceGuids-based ("Classic") event provider uses the GetTraceEnableFlags function to retrieve the enable flags specified by the trace controller to indicate which category of events to trace. Providers call this function from their ControlCallback function.
GetTraceEnableLevel

A RegisterTraceGuids-based ("Classic") event provider uses the GetTraceEnableLevel function to retrieve the enable level specified by the trace controller to indicate which level of events to trace. Providers call this function from their ControlCallback function.
GetTraceLoggerHandle

A RegisterTraceGuids-based ("Classic") event provider uses the GetTraceLoggerHandle function to retrieve the handle of the event tracing session to which it should write events. Providers call this function from their ControlCallback function.
GetUserContext

Retrieves the user context associated with the stream to which the event belongs.
Inject

Injects a non-system-generated event into the event stream being written to the output trace logfile.
OnBeginProcessTrace

Indicates that a trace is about to begin so that relogging can be started.
OnEvent

Indicates that an event has been received on the trace streams associated with a relogger.
OnFinalizeProcessTrace

Indicates that a trace is about to end so that relogging can be finalized.
OpenTraceA

The OpenTraceA (ANSI) function (evntrace.h) opens an ETW trace processing handle for consuming events from an ETW real-time trace session or an ETW log file.
OpenTraceFromBufferStream

Creates a trace processing session that is not directly attached to any file or active session.
OpenTraceFromFile

Creates a trace processing session to process a Tracelog .etl file.
OpenTraceFromRealTimeLogger

Opens an ETW trace processing handle for consuming events from an ETW real-time trace session or an ETW log file.
OpenTraceFromRealTimeLoggerWithAllocationOptions

Creates a trace processing session attached to an active real-time ETW session.
OpenTraceW

The OpenTraceW (Unicode) function (evntrace.h) opens an ETW trace processing handle for consuming events from an ETW real-time trace session or an ETW log file.
PEI_PROVIDER_NAME

Macro that retrieves the Provider Event Info (PEI) name.
PENABLECALLBACK

ETW event providers optionally define an EnableCallback function to receive configuration change notifications. The PENABLECALLBACK type defines a pointer to this callback function. EnableCallback is a placeholder for the application-defined function name.
PETW_BUFFER_CALLBACK

Function definition for the BufferCallback that will be invoked by ProcessTrace.
PETW_BUFFER_COMPLETION_CALLBACK

Function definition for the callback that will be fired when ProcessTraceAddBufferToBufferStream is finished with a buffer. This callback should typically free the buffer as appropriate
PEVENT_CALLBACK

ETW event consumers implement this callback to receive events from a trace processing session. The EventRecordCallback callback supersedes this callback.
PEVENT_RECORD_CALLBACK

ETW event consumers implement this callback to receive events from a trace processing session. The PEVENT_RECORD_CALLBACK type defines a pointer to this callback function. EventRecordCallback is a placeholder for the application-defined function name.
PEVENT_TRACE_BUFFER_CALLBACKA

The PEVENT_TRACE_BUFFER_CALLBACKA (ANSI) (evntrace.h) function gets statistics about each buffer of events that ETW sends during a trace processing session.
PEVENT_TRACE_BUFFER_CALLBACKW

The PEVENT_TRACE_BUFFER_CALLBACKW (Unicode) (evntrace.h) function gets statistics about each buffer of events that ETW sends during a trace processing session.
PFI_FIELD_MESSAGE

Macro that retrieves the Provider Field Information (PFI) field message.
PFI_FIELD_NAME

Macro that retrieves the Provider Field Information (PFI) field name.
PFI_FILTER_MESSAGE

Macro that filters the Provider Field Information (PFI) field message.
PFI_PROPERTY_NAME

Macro that retrieves the Provider Field Information (PFI) property name.
ProcessTrace

Delivers events from one or more trace processing sessions to the consumer.
ProcessTrace

Delivers events from the associated trace streams to the consumer.
ProcessTraceAddBufferToBufferStream

Provides an ETW trace buffer to a processing session created by OpenTraceFromBufferStream.
ProcessTraceBufferDecrementReference

Releases a reference to a Buffer that was added by ProcessTraceBufferIncrementReference.
ProcessTraceBufferIncrementReference

Called during the BufferCallback on the provided Buffer to prevent it from being freed until the caller is done with it.
QueryAllTracesA

The QueryAllTracesA (ANSI) function (evntrace.h) function retrieves the properties and statistics for all event tracing sessions that the caller can query.
QueryAllTracesW

The QueryAllTracesW (Unicode) function (evntrace.h) function retrieves the properties and statistics for all event tracing sessions that the caller can query.
QueryTraceA

The QueryTraceA (ANSI) function (evntrace.h) retrieves the property settings and session statistics for the specified event tracing session.
QueryTraceProcessingHandle

Retrieves information about an ETW trace processing session opened by OpenTrace.
QueryTraceW

The QueryTraceW (Unicode) function (evntrace.h) retrieves the property settings and session statistics for the specified event tracing session.
RegisterCallback

Registers an implementation of IEventCallback with the relogger in order to signal trace activity (starting, stopping, and logging new events).
RegisterTraceGuidsA

The RegisterTraceGuidsA (ANSI) function (evntrace.h) is an obsolete function, and new code should use the provided alternative.
RegisterTraceGuidsW

The RegisterTraceGuidsW (Unicode) function (evntrace.h) is an obsolete function, and new code should use the provided alternative.
RemoveTraceCallback

The RemoveTraceCallback function stops an EventCallback function from receiving events for an event trace class. This function is obsolete.
SetActivityId

Sets the activity ID in the current thread.
SetCompressionMode

Enables or disables compression on the relogged trace.
SetEventDescriptor

Sets the event descriptor for an event.
SetOutputFilename

Indicates the file to which ETW should write the new, relogged trace.
SetPayload

Sets the payload for an event.
SetProcessId

Assigns an event to a specific process.
SetProcessorIndex

Sets the processor index in the current thread.
SetProviderId

Sets the GUID for the provider which traced an event.
SetThreadId

Sets the identifier of a thread that generates an event.
SetThreadTimes

Sets the thread times in the current thread.
SetTimeStamp

Sets the time at which an event occurred.
SetTraceCallback

The SetTraceCallback function specifies an EventCallback function to process events for the specified event trace class. This function is obsolete.
StartTraceA

The StartTrace function starts an event tracing session. (ANSI)
StartTraceW

The StartTrace function starts an event tracing session. (Unicode)
StopTraceA

The StopTraceA (ANSI) function (evntrace.h) stops the specified event tracing session. The ControlTrace function supersedes this function.
StopTraceW

The StopTraceW (Unicode) function (evntrace.h) stops the specified event tracing session. The ControlTrace function supersedes this function.
TdhAggregatePayloadFilters

Aggregates multiple payload filters for a single provider into a single data structure for use with the EnableTraceEx2 function.
TdhCleanupPayloadEventFilterDescriptor

Frees the aggregated structure of payload filters created using the TdhAggregatePayloadFilters function.
TdhCloseDecodingHandle

Frees any resources associated with the input decoding handle.
TdhCreatePayloadFilter

Creates a single filter for a single payload to be used with the EnableTraceEx2 function.
TdhDeletePayloadFilter

Frees the memory allocated for a single payload filter by the TdhCreatePayloadFilter function.
TdhEnumerateManifestProviderEvents

Retrieves the list of events present in the provider manifest.
TdhEnumerateProviderFieldInformation

Retrieves the specified field metadata for a given provider.
TdhEnumerateProviderFilters

Enumerates the filters that the specified provider defined in the manifest.
TdhEnumerateProviders

Retrieves a list of providers that have registered a MOF class or manifest file on the computer.
TdhEnumerateProvidersForDecodingSource

Retrieves a list of providers that have registered a MOF class or manifest file on the computer.
TdhFormatProperty

Formats a property value for display.
TdhGetDecodingParameter

Retrieves the value of a decoding parameter.
TdhGetEventInformation

Retrieves metadata about an event.
TdhGetEventMapInformation

Retrieves information about the event map contained in the event.
TdhGetManifestEventInformation

Retrieves metadata about an event in a manifest.
TdhGetProperty

Retrieves a property value from the event data.
TdhGetPropertySize

Retrieves the size of one or more property values in the event data.
TdhGetWppMessage

Retrieves the formatted WPP message embedded into an EVENT_RECORD structure.
TdhGetWppProperty

Retrieves a specific property associated with a WPP message.
TdhLoadManifest

Loads the manifest used to decode a log file.
TdhLoadManifestFromBinary

Takes a NULL-terminated path to a binary file that contains metadata resources needed to decode a specific event provider.
TdhLoadManifestFromMemory

Loads the manifest from memory.
TdhOpenDecodingHandle

Opens a decoding handle.
TdhQueryProviderFieldInformation

Retrieves information for the specified field from the event descriptions for those field values that match the given value.
TdhSetDecodingParameter

Sets the value of a decoding parameter.
TdhUnloadManifest

Unloads the manifest that was loaded by the TdhLoadManifest function.
TdhUnloadManifestFromMemory

Unloads the manifest from memory.
TEI_ACTIVITYID_NAME

Macro that retrieves the Trace Event Information (TEI) activity ID name.
TEI_CHANNEL_NAME

Macro that retrieves the Trace Event Information (TEI) channel name.
TEI_EVENT_MESSAGE

Macro that retrieves the Trace Event Information (TEI) message.
TEI_KEYWORDS_NAME

Macro that retrieves the Trace Event Information (TEI) keywords name.
TEI_LEVEL_NAME

Macro that retrieves the Trace Event Information (TEI) level name.
TEI_MAP_NAME

Macro that retrieves the Trace Event Information (TEI) map name.
TEI_OPCODE_NAME

Macro that retrieves the Trace Event Information (TEI) opcode name.
TEI_PROPERTY_NAME

Macro that retrieves the Trace Event Information (TEI) property name.
TEI_PROVIDER_MESSAGE

Macro that retrieves the Trace Event Information (TEI) provider message.
TEI_PROVIDER_NAME

Macro that retrieves the Trace Event Information (TEI) provider name.
TEI_RELATEDACTIVITYID_NAME

Macro that retrieves the Trace Event Information (TEI) related activity ID name.
TEI_TASK_NAME

Macro that retrieves the Trace Event Information (TEI) task name.
TraceEvent

A RegisterTraceGuids-based ("Classic") event provider uses the TraceEvent function to send a structured event to an event tracing session.
TraceEventInstance

A RegisterTraceGuids-based ("Classic") event provider uses the TraceEventInstance function to send a structured event to an event tracing session with an instance identifier.
TraceMessage

A RegisterTraceGuids-based ("Classic") event provider uses the TraceMessage function to send a message-based (TMF-based WPP) event to an event tracing session.
TraceMessageVa

A RegisterTraceGuids-based ("Classic") event provider uses the TraceMessageVa function to send a message-based (TMF-based WPP) event to an event tracing session using va_list parameters.
TraceQueryInformation

Provides information about an event tracing session.
TraceSetInformation

Configures event tracing session settings.
UnregisterTraceGuids

Unregisters a "Classic" (Windows 2000-style) ETW event trace provider that was registered using RegisterTraceGuids.
UpdateTraceA

The UpdateTraceA (ANSI) function (evntrace.h) updates the property setting of the specified event tracing session.
UpdateTraceW

The UpdateTraceW (Unicode) function (evntrace.h) updates the property setting of the specified event tracing session.
WMIDPREQUEST

A RegisterTraceGuids-based ("Classic") event provider implements this function to receive notifications from controllers. The WMIDPREQUEST type defines a pointer to this callback function. ControlCallback is a placeholder for the application-defined function name.

Interfaces

 
ITraceEvent

Provides access to data relating to a specific event.
ITraceEventCallback

Used by ETW to provide information to the relogger as the tracing process starts, ends, and logs events.
ITraceRelogger

Provides access to the relogging functionality, allowing you to manipulate and relog events from an ETW trace stream.

Structures

 
CLASSIC_EVENT_ID

Identifies the kernel event for which you want to enable call stack tracing.
ENABLE_TRACE_PARAMETERS

Contains information used to enable a provider via EnableTraceEx2.
ENABLE_TRACE_PARAMETERS_V1

Contains information used to enable a provider via EnableTraceEx2. This structure is obsolete.
ETW_BUFFER_CALLBACK_INFORMATION

Provided to the BufferCallback as the ConsumerInfo parameter and provides details on the current processing session.
ETW_BUFFER_CONTEXT

Provides context information about the event.
ETW_BUFFER_CONTEXT

Provides context information about the event. (ETW_BUFFER_CONTEXT)
ETW_BUFFER_HEADER

The header structure of an ETW buffer.
ETW_OPEN_TRACE_OPTIONS

Provides configuration parameters to OpenTraceFromBufferStream, OpenTraceFromFile, OpenTraceFromRealTimeLogger, OpenTraceFromRealTimeLoggerWithAllocationOptions functions.
ETW_TRACE_PARTITION_INFORMATION

Contains partition information pulled from an ETW trace.
EVENT_DATA_DESCRIPTOR

The EVENT_DATA_DESCRIPTOR structure defines a block of data that will be used in an ETW event.
EVENT_DESCRIPTOR

The EVENT_DESCRIPTOR structure contains information (metadata) about an ETW event.
EVENT_DESCRIPTOR

Contains metadata that defines the event.
EVENT_EXTENDED_ITEM_EVENT_KEY

EVENT_EXTENDED_ITEM_INSTANCE

Defines the relationship between events if TraceEventInstance was used to log related events.
EVENT_EXTENDED_ITEM_PEBS_INDEX

EVENT_EXTENDED_ITEM_PMC_COUNTERS

EVENT_EXTENDED_ITEM_PROCESS_START_KEY

EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID

Defines the parent event of this event.
EVENT_EXTENDED_ITEM_STACK_KEY32

EVENT_EXTENDED_ITEM_STACK_KEY64

EVENT_EXTENDED_ITEM_STACK_TRACE32

Defines a call stack on a 32-bit computer.
EVENT_EXTENDED_ITEM_STACK_TRACE64

Defines a call stack on a 64-bit computer.
EVENT_EXTENDED_ITEM_TS_ID

Defines the terminal session that logged the event.
EVENT_FILTER_DESCRIPTOR

Defines the filter data that a session passes to the provider's enable callback function.
EVENT_FILTER_EVENT_ID

Defines event IDs used in an EVENT_FILTER_DESCRIPTOR structure for an event ID or stack walk filter.
EVENT_FILTER_EVENT_NAME

Defines event IDs used in an EVENT_FILTER_DESCRIPTOR structure for an event name or stalk walk name filter.
EVENT_FILTER_HEADER

Defines the header data that must precede the filter data that is defined in the instrumentation manifest.
EVENT_FILTER_LEVEL_KW

Defines event IDs used in an EVENT_FILTER_DESCRIPTOR structure for a stack walk level-keyword filter.
EVENT_HEADER

The EVENT_HEADER structure (evntcons.h) defines information about the event.
EVENT_HEADER

The EVENT_HEADER structure (relogger.h) defines information about the event.
EVENT_HEADER_EXTENDED_DATA_ITEM

The EVENT_HEADER_EXTENDED_DATA_ITEM structure (evntcons.h) defines the extended data that ETW collects as part of the event data.
EVENT_HEADER_EXTENDED_DATA_ITEM

The EVENT_HEADER_EXTENDED_DATA_ITEM structure (relogger.h) defines the extended data that ETW collects as part of the event data.
EVENT_INSTANCE_HEADER

The EVENT_INSTANCE_HEADER structure contains standard event tracing information common to all events written by TraceEventInstance.
EVENT_INSTANCE_INFO

The EVENT_INSTANCE_INFO structure maps a unique transaction identifier to a registered event trace class for TraceEventInstance.
EVENT_MAP_ENTRY

Defines a single value map entry.
EVENT_MAP_INFO

Defines the metadata about the event map.
EVENT_PROPERTY_INFO

Provides information about a single property of the event or filter.
EVENT_RECORD

The EVENT_RECORD structure (evntcons.h) defines the layout of an event that ETW delivers.
EVENT_RECORD

The EVENT_RECORD structure (relogger.h) defines the layout of an event that ETW delivers.
EVENT_TRACE

The EVENT_TRACE structure is used to deliver event information to an event trace consumer.
EVENT_TRACE_HEADER

The EVENT_TRACE_HEADER structure contains standard event tracing information common to all events written by TraceEvent.
EVENT_TRACE_LOGFILEA

The EVENT_TRACE_LOGFILEA (ANSI) structure (evntrace.h) stores information about a trace data source.
EVENT_TRACE_LOGFILEW

The EVENT_TRACE_LOGFILEW (Unicode) structure (evntrace.h) stores information about a trace data source.
EVENT_TRACE_PROPERTIES

The EVENT_TRACE_PROPERTIES structure contains information about an event tracing session and is used with APIs such as StartTrace and ControlTrace.
EVENT_TRACE_PROPERTIES_V2

The EVENT_TRACE_PROPERTIES_V2 structure contains information about an event tracing session and is used with APIs such as StartTrace and ControlTrace.
MOF_FIELD

You may use the MOF_FIELD structures to append event data to the EVENT_TRACE_HEADER or EVENT_INSTANCE_HEADER structures.
PAYLOAD_FILTER_PREDICATE

Defines an event payload filter predicate that describes how to filter on a single field in a trace session.
PROPERTY_DATA_DESCRIPTOR

Defines the property to retrieve.
PROVIDER_ENUMERATION_INFO

Defines the array of providers that have registered a MOF or manifest on the computer.
PROVIDER_EVENT_INFO

Defines an array of events in a provider manifest.
PROVIDER_FIELD_INFO

Defines the field information.
PROVIDER_FIELD_INFOARRAY

Defines metadata information about the requested field.
PROVIDER_FILTER_INFO

Defines a filter and its data.
TDH_CONTEXT

Defines the additional information required to parse an event.
TRACE_CONTEXT_REGISTER_INFO

Identifies the set of registers to be logged when enabling Context Register Tracing.
TRACE_ENABLE_INFO

Defines the session and the information that the session used to enable the provider.
TRACE_EVENT_INFO

Defines the information about the event.
TRACE_GUID_INFO

Returned by EnumerateTraceGuidsEx. Defines the header to the list of sessions that enabled a provider.
TRACE_GUID_PROPERTIES

Returned by EnumerateTraceGuids. Contains information about an event trace provider.
TRACE_GUID_REGISTRATION

Used with RegisterTraceGuids to register event trace classes.
TRACE_LOGFILE_HEADER

The TRACE_LOGFILE_HEADER structure contains information about an event tracing session and its events.
TRACE_PERIODIC_CAPTURE_STATE_INFO

Used with TraceQueryInformation and TraceSetInformation to get or set information relating to a periodic capture state.
TRACE_PROVIDER_INFO

Defines the GUID and name for a provider.
TRACE_PROVIDER_INSTANCE_INFO

Defines an instance of the provider GUID.
TRACE_VERSION_INFO

Determines the version information of the TraceLogging session.