Upravit

Sdílet prostřednictvím


OpenTraceFromRealTimeLoggerWithAllocationOptions function (evntrace.h)

Creates a trace processing session attached to an active real-time ETW session.

Syntax

ETW_APP_DECLSPEC_DEPRECATED PROCESSTRACE_HANDLE WMIAPI OpenTraceFromRealTimeLoggerWithAllocationOptions(
  PCWSTR                       LoggerName,
  const ETW_OPEN_TRACE_OPTIONS *Options,
  ULONG_PTR                    AllocationSize,
  HANDLE                       MemoryPartitionHandle,
  TRACE_LOGFILE_HEADER         *LogFileHeader
);

Parameters

LoggerName

Name of the real-time event tracing session, or NULL if processing data from a log file. Specify a value for this member if you are calling OpenTraceFromRealTimeLoggerWithAllocationOptions to consume data from a real-time session.

When calling OpenTraceFromRealTimeLoggerWithAllocationOptions, if LogFileHeader is non-NULL then LoggerName must be NULL.

You can only consume events in real time if the trace controller has set the LogFileMode member of EVENT_TRACE_PROPERTIES to include the EVENT_TRACE_REAL_TIME_MODE flag.

Only users with administrative privileges, users in the Performance Log Users group, and applications running as LocalSystem, LocalService, NetworkService can consume events in real time. To grant a restricted user the ability to consume events in real time, add them to the Performance Log Users group or call EventAccessControl.

Options

Configuration options for this processing session. See ETW_OPEN_TRACE_OPTIONS for more details.

AllocationSize

The size, in bytes, of the memory that will be pre-allocated to store ETW buffers during processing. A larger allocation will reduce the need for individual allocation/free calls at the cost of higher consistent memory usage. This will be adjusted upward to a minimum of the total buffer space of the underlying Real-Time ETW session to ensure enough is allocated for basic functioning. If 0, the default size will be used.

MemoryPartitionHandle

The handle to the Memory Partition that should be used for memory allocations for this processing session. If NULL, the Memory Partition of the process will be used. See MemExtendedParameterPartitionHandle for more details.

LogFileHeader

Header information for the log file. See TRACE_LOGFILE_HEADER for more details.

Return value

A TRACEHANDLE that is used to identify this processing session. Typically passed to ProcessTrace to begin processing and to CloseTrace to end processing.

Remarks

Once ProcessTrace is called on the returned TRACEHANDLE, this will receive buffers from the ETW session as they are flushed and immediately begin processing them and calling the callbacks specified in the Options. This is identical to OpenTraceFromRealTime except that it allows customization of memory allocations for the processing session.

Requirements

Requirement Value
Minimum supported client Windows 11 2022 Update
Minimum supported server Windows Server 2022
Target Platform Windows
Header evntrace.h
Library Advapi32.dll
DLL Sechost.dll on Windows 8.1 and Windows Server 2012 R2; Advapi32.dll on Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista and Windows XP