Event Tracing
Overview of the Event Tracing technology.
To develop Event Tracing, you need these headers:
For programming guidance for this technology, see:
Enumerations
_TDH_IN_TYPE Defines the supported [in] types for a trace data helper (TDH). |
_TDH_OUT_TYPE Defines the supported [out] types for a trace data helper (TDH). |
DECODING_SOURCE Defines the source of the event data. |
ETW_CONTEXT_REGISTER_TYPES Specifies the set of registers to be collected when Context Register Tracing is enabled. |
ETW_PROCESS_HANDLE_INFO_TYPE Specifies the operation that will be performed on a trace processing session. |
ETW_PROCESS_TRACE_MODES Specifies the supported process trace modes. |
ETW_PROVIDER_TRAIT_TYPE Specifies the types of Provider Traits supported by Event Tracing for Windows (ETW). |
EVENT_FIELD_TYPE Defines the provider information to retrieve. |
EVENT_INFO_CLASS The EVENT_INFO_CLASS enumeration type is used with the EventSetInformation function to specify the configuration operation to be performed on an ETW event provider registration. |
EVENTSECURITYOPERATION Defines what component of the security descriptor that the EventAccessControl function modifies. |
MAP_FLAGS Defines constant values that indicate if the map is a value map, bitmap, or pattern map. |
MAP_VALUETYPE Defines if the value map value is in a ULONG data type or a string. |
PAYLOAD_OPERATOR Defines the supported payload operators for a trace data helper (TDH). |
PROPERTY_FLAGS Defines if the property is contained in a structure or array. |
TDH_CONTEXT_TYPE Defines the context type. |
TEMPLATE_FLAGS Defines constant values that indicates the layout of the event data. |
TRACE_QUERY_INFO_CLASS Used with EnumerateTraceGuidsEx and TraceSetInformation to specify a type of trace information. |
Functions
AddLogfileTraceStream Adds a new logfile-based ETW trace stream to the relogger. |
AddRealtimeTraceStream Adds a new real-time ETW trace stream to the relogger. |
Cancel Terminates the relogging process. |
Clone Creates a duplicate copy of an event. |
CloseTrace The CloseTrace function closes a trace processing session that was created with OpenTrace. |
ControlTraceA The ControlTraceA (ANSI) function (evntrace.h) flushes, queries, updates, or stops the specified event tracing session. |
ControlTraceW The ControlTraceW (Unicode) function (evntrace.h) flushes, queries, updates, or stops the specified event tracing session. |
CreateEventInstance Generates a new event. |
CreateTraceInstanceId A RegisterTraceGuids-based ("Classic") event provider uses the CreateTraceInstanceId function to create a unique transaction identifier and map it to a registration handle. The provider can then use the transaction identifier when calling the TraceEventInstance function. |
CveEventWrite A tracing function for publishing events when an attempted security vulnerability exploit is detected in your user-mode application. |
DECLSPEC_XFGVIRT |
EMI_MAP_FORMAT Macro that retrieves the event map format. |
EMI_MAP_INPUT Macro that retrieves the event map input. |
EMI_MAP_NAME Macro that retrieves the event map name. |
EMI_MAP_OUTPUT Macro that retrieves the event map output. |
EnableTrace A trace session controller calls EnableTrace to configure how an ETW event provider logs events to a trace session. The EnableTraceEx2 function supersedes this function. |
EnableTraceEx A trace session controller calls EnableTraceEx to configure how an ETW event provider logs events to a trace session. The EnableTraceEx2 function supersedes this function. |
EnableTraceEx2 A trace session controller calls EnableTraceEx2 to configure how an ETW event provider logs events to a trace session. |
EnumerateTraceGuids Retrieves information about event trace providers that are currently running on the computer. The EnumerateTraceGuidsEx function supersedes this function. |
EnumerateTraceGuidsEx Retrieves information about event trace providers that are currently running on the computer. |
EtwGetTraitFromProviderTraits |
EventAccessControl Adds or modifies the permissions of the specified provider or session. |
EventAccessQuery Retrieves the permissions for the specified controller or provider. |
EventAccessRemove Removes the permissions defined in the registry for the specified provider or session. |
EventActivityIdControl Creates, queries, and sets activity identifiers for use in ETW events. |
EventDataDescCreate Sets the values of an EVENT_DATA_DESCRIPTOR. |
EventDescCreate Sets the values of an event descriptor. |
EventDescGetChannel Retrieves the channel from the event descriptor. |
EventDescGetId Retrieves the event identifier from the event descriptor. |
EventDescGetKeyword Retrieves the keyword from the event descriptor. |
EventDescGetLevel Retrieves the severity level from the event descriptor. |
EventDescGetOpcode Retrieves the operation code from the event descriptor. |
EventDescGetTask Retrieves the task from the event descriptor. |
EventDescGetVersion Retrieves the version from the event descriptor. |
EventDescOrKeyword Adds another keyword to the event descriptor. |
EventDescSetChannel Sets the Channel member of the event descriptor. |
EventDescSetId Sets the Id member of the event descriptor. |
EventDescSetKeyword Sets the Keyword member of the event descriptor. |
EventDescSetLevel Sets the Level member of the event descriptor. |
EventDescSetOpcode Sets the Opcode member of the event descriptor. |
EventDescSetTask Sets the Task member of the event descriptor. |
EventDescSetVersion Sets the Version member of the event descriptor. |
EventDescZero Initializes an event descriptor to zero. |
EventEnabled Determines whether an event provider should generate a particular event based on the event's EVENT_DESCRIPTOR. |
EventProviderEnabled Determines whether an event provider should generate a particular event based on the event's Level and Keyword. |
EventRegister Registers an ETW event provider, creating a handle that can be used to write ETW events. |
EventSetInformation Configures an ETW event provider. |
EventUnregister Unregisters an ETW event provider. |
EventWrite Writes an ETW event that uses the current thread's activity ID. |
EventWriteEx Writes an ETW event with an activity ID, an optional related activity ID, session filters, and special options. |
EventWriteString Writes an ETW event that contains a string as its data. This function should not be used. |
EventWriteTransfer Writes an ETW event with an activity ID and an optional related activity ID. |
FlushTraceA The FlushTraceA (ANSI) function (evntrace.h) causes an event tracing session to immediately deliver buffered events for the specified session. |
FlushTraceW The FlushTraceW (Unicode) function (evntrace.h) causes an event tracing session to immediately deliver buffered events for the specified session. |
GetEventProcessorIndex |
GetEventRecord Retrieves the event record that describes an event. |
GetTraceEnableFlags A RegisterTraceGuids-based ("Classic") event provider uses the GetTraceEnableFlags function to retrieve the enable flags specified by the trace controller to indicate which category of events to trace. Providers call this function from their ControlCallback function. |
GetTraceEnableLevel A RegisterTraceGuids-based ("Classic") event provider uses the GetTraceEnableLevel function to retrieve the enable level specified by the trace controller to indicate which level of events to trace. Providers call this function from their ControlCallback function. |
GetTraceLoggerHandle A RegisterTraceGuids-based ("Classic") event provider uses the GetTraceLoggerHandle function to retrieve the handle of the event tracing session to which it should write events. Providers call this function from their ControlCallback function. |
GetUserContext Retrieves the user context associated with the stream to which the event belongs. |
Inject Injects a non-system-generated event into the event stream being written to the output trace logfile. |
OnBeginProcessTrace Indicates that a trace is about to begin so that relogging can be started. |
OnEvent Indicates that an event has been received on the trace streams associated with a relogger. |
OnFinalizeProcessTrace Indicates that a trace is about to end so that relogging can be finalized. |
OpenTraceA The OpenTraceA (ANSI) function (evntrace.h) opens an ETW trace processing handle for consuming events from an ETW real-time trace session or an ETW log file. |
OpenTraceFromBufferStream Creates a trace processing session that is not directly attached to any file or active session. |
OpenTraceFromFile Creates a trace processing session to process a Tracelog .etl file. |
OpenTraceFromRealTimeLogger Opens an ETW trace processing handle for consuming events from an ETW real-time trace session or an ETW log file. |
OpenTraceFromRealTimeLoggerWithAllocationOptions Creates a trace processing session attached to an active real-time ETW session. |
OpenTraceW The OpenTraceW (Unicode) function (evntrace.h) opens an ETW trace processing handle for consuming events from an ETW real-time trace session or an ETW log file. |
PEI_PROVIDER_NAME Macro that retrieves the Provider Event Info (PEI) name. |
PENABLECALLBACK ETW event providers optionally define an EnableCallback function to receive configuration change notifications. The PENABLECALLBACK type defines a pointer to this callback function. EnableCallback is a placeholder for the application-defined function name. |
PETW_BUFFER_CALLBACK Function definition for the BufferCallback that will be invoked by ProcessTrace. |
PETW_BUFFER_COMPLETION_CALLBACK Function definition for the callback that will be fired when ProcessTraceAddBufferToBufferStream is finished with a buffer. This callback should typically free the buffer as appropriate |
PEVENT_CALLBACK ETW event consumers implement this callback to receive events from a trace processing session. The EventRecordCallback callback supersedes this callback. |
PEVENT_RECORD_CALLBACK ETW event consumers implement this callback to receive events from a trace processing session. The PEVENT_RECORD_CALLBACK type defines a pointer to this callback function. EventRecordCallback is a placeholder for the application-defined function name. |
PEVENT_TRACE_BUFFER_CALLBACKA The PEVENT_TRACE_BUFFER_CALLBACKA (ANSI) (evntrace.h) function gets statistics about each buffer of events that ETW sends during a trace processing session. |
PEVENT_TRACE_BUFFER_CALLBACKW The PEVENT_TRACE_BUFFER_CALLBACKW (Unicode) (evntrace.h) function gets statistics about each buffer of events that ETW sends during a trace processing session. |
PFI_FIELD_MESSAGE Macro that retrieves the Provider Field Information (PFI) field message. |
PFI_FIELD_NAME Macro that retrieves the Provider Field Information (PFI) field name. |
PFI_FILTER_MESSAGE Macro that filters the Provider Field Information (PFI) field message. |
PFI_PROPERTY_NAME Macro that retrieves the Provider Field Information (PFI) property name. |
ProcessTrace Delivers events from one or more trace processing sessions to the consumer. |
ProcessTrace Delivers events from the associated trace streams to the consumer. |
ProcessTraceAddBufferToBufferStream Provides an ETW trace buffer to a processing session created by OpenTraceFromBufferStream. |
ProcessTraceBufferDecrementReference Releases a reference to a Buffer that was added by ProcessTraceBufferIncrementReference. |
ProcessTraceBufferIncrementReference Called during the BufferCallback on the provided Buffer to prevent it from being freed until the caller is done with it. |
QueryAllTracesA The QueryAllTracesA (ANSI) function (evntrace.h) function retrieves the properties and statistics for all event tracing sessions that the caller can query. |
QueryAllTracesW The QueryAllTracesW (Unicode) function (evntrace.h) function retrieves the properties and statistics for all event tracing sessions that the caller can query. |
QueryTraceA The QueryTraceA (ANSI) function (evntrace.h) retrieves the property settings and session statistics for the specified event tracing session. |
QueryTraceProcessingHandle Retrieves information about an ETW trace processing session opened by OpenTrace. |
QueryTraceW The QueryTraceW (Unicode) function (evntrace.h) retrieves the property settings and session statistics for the specified event tracing session. |
RegisterCallback Registers an implementation of IEventCallback with the relogger in order to signal trace activity (starting, stopping, and logging new events). |
RegisterTraceGuidsA The RegisterTraceGuidsA (ANSI) function (evntrace.h) is an obsolete function, and new code should use the provided alternative. |
RegisterTraceGuidsW The RegisterTraceGuidsW (Unicode) function (evntrace.h) is an obsolete function, and new code should use the provided alternative. |
RemoveTraceCallback The RemoveTraceCallback function stops an EventCallback function from receiving events for an event trace class. This function is obsolete. |
SetActivityId Sets the activity ID in the current thread. |
SetCompressionMode Enables or disables compression on the relogged trace. |
SetEventDescriptor Sets the event descriptor for an event. |
SetOutputFilename Indicates the file to which ETW should write the new, relogged trace. |
SetPayload Sets the payload for an event. |
SetProcessId Assigns an event to a specific process. |
SetProcessorIndex Sets the processor index in the current thread. |
SetProviderId Sets the GUID for the provider which traced an event. |
SetThreadId Sets the identifier of a thread that generates an event. |
SetThreadTimes Sets the thread times in the current thread. |
SetTimeStamp Sets the time at which an event occurred. |
SetTraceCallback The SetTraceCallback function specifies an EventCallback function to process events for the specified event trace class. This function is obsolete. |
StartTraceA The StartTrace function starts an event tracing session. (ANSI) |
StartTraceW The StartTrace function starts an event tracing session. (Unicode) |
StopTraceA The StopTraceA (ANSI) function (evntrace.h) stops the specified event tracing session. The ControlTrace function supersedes this function. |
StopTraceW The StopTraceW (Unicode) function (evntrace.h) stops the specified event tracing session. The ControlTrace function supersedes this function. |
TdhAggregatePayloadFilters Aggregates multiple payload filters for a single provider into a single data structure for use with the EnableTraceEx2 function. |
TdhCleanupPayloadEventFilterDescriptor Frees the aggregated structure of payload filters created using the TdhAggregatePayloadFilters function. |
TdhCloseDecodingHandle Frees any resources associated with the input decoding handle. |
TdhCreatePayloadFilter Creates a single filter for a single payload to be used with the EnableTraceEx2 function. |
TdhDeletePayloadFilter Frees the memory allocated for a single payload filter by the TdhCreatePayloadFilter function. |
TdhEnumerateManifestProviderEvents Retrieves the list of events present in the provider manifest. |
TdhEnumerateProviderFieldInformation Retrieves the specified field metadata for a given provider. |
TdhEnumerateProviderFilters Enumerates the filters that the specified provider defined in the manifest. |
TdhEnumerateProviders Retrieves a list of providers that have registered a MOF class or manifest file on the computer. |
TdhEnumerateProvidersForDecodingSource Retrieves a list of providers that have registered a MOF class or manifest file on the computer. |
TdhFormatProperty Formats a property value for display. |
TdhGetDecodingParameter Retrieves the value of a decoding parameter. |
TdhGetEventInformation Retrieves metadata about an event. |
TdhGetEventMapInformation Retrieves information about the event map contained in the event. |
TdhGetManifestEventInformation Retrieves metadata about an event in a manifest. |
TdhGetProperty Retrieves a property value from the event data. |
TdhGetPropertySize Retrieves the size of one or more property values in the event data. |
TdhGetWppMessage Retrieves the formatted WPP message embedded into an EVENT_RECORD structure. |
TdhGetWppProperty Retrieves a specific property associated with a WPP message. |
TdhLoadManifest Loads the manifest used to decode a log file. |
TdhLoadManifestFromBinary Takes a NULL-terminated path to a binary file that contains metadata resources needed to decode a specific event provider. |
TdhLoadManifestFromMemory Loads the manifest from memory. |
TdhOpenDecodingHandle Opens a decoding handle. |
TdhQueryProviderFieldInformation Retrieves information for the specified field from the event descriptions for those field values that match the given value. |
TdhSetDecodingParameter Sets the value of a decoding parameter. |
TdhUnloadManifest Unloads the manifest that was loaded by the TdhLoadManifest function. |
TdhUnloadManifestFromMemory Unloads the manifest from memory. |
TEI_ACTIVITYID_NAME Macro that retrieves the Trace Event Information (TEI) activity ID name. |
TEI_CHANNEL_NAME Macro that retrieves the Trace Event Information (TEI) channel name. |
TEI_EVENT_MESSAGE Macro that retrieves the Trace Event Information (TEI) message. |
TEI_KEYWORDS_NAME Macro that retrieves the Trace Event Information (TEI) keywords name. |
TEI_LEVEL_NAME Macro that retrieves the Trace Event Information (TEI) level name. |
TEI_MAP_NAME Macro that retrieves the Trace Event Information (TEI) map name. |
TEI_OPCODE_NAME Macro that retrieves the Trace Event Information (TEI) opcode name. |
TEI_PROPERTY_NAME Macro that retrieves the Trace Event Information (TEI) property name. |
TEI_PROVIDER_MESSAGE Macro that retrieves the Trace Event Information (TEI) provider message. |
TEI_PROVIDER_NAME Macro that retrieves the Trace Event Information (TEI) provider name. |
TEI_RELATEDACTIVITYID_NAME Macro that retrieves the Trace Event Information (TEI) related activity ID name. |
TEI_TASK_NAME Macro that retrieves the Trace Event Information (TEI) task name. |
TraceEvent A RegisterTraceGuids-based ("Classic") event provider uses the TraceEvent function to send a structured event to an event tracing session. |
TraceEventInstance A RegisterTraceGuids-based ("Classic") event provider uses the TraceEventInstance function to send a structured event to an event tracing session with an instance identifier. |
TraceMessage A RegisterTraceGuids-based ("Classic") event provider uses the TraceMessage function to send a message-based (TMF-based WPP) event to an event tracing session. |
TraceMessageVa A RegisterTraceGuids-based ("Classic") event provider uses the TraceMessageVa function to send a message-based (TMF-based WPP) event to an event tracing session using va_list parameters. |
TraceQueryInformation Provides information about an event tracing session. |
TraceSetInformation Configures event tracing session settings. |
UnregisterTraceGuids Unregisters a "Classic" (Windows 2000-style) ETW event trace provider that was registered using RegisterTraceGuids. |
UpdateTraceA The UpdateTraceA (ANSI) function (evntrace.h) updates the property setting of the specified event tracing session. |
UpdateTraceW The UpdateTraceW (Unicode) function (evntrace.h) updates the property setting of the specified event tracing session. |
WMIDPREQUEST A RegisterTraceGuids-based ("Classic") event provider implements this function to receive notifications from controllers. The WMIDPREQUEST type defines a pointer to this callback function. ControlCallback is a placeholder for the application-defined function name. |
Interfaces
ITraceEvent Provides access to data relating to a specific event. |
ITraceEventCallback Used by ETW to provide information to the relogger as the tracing process starts, ends, and logs events. |
ITraceRelogger Provides access to the relogging functionality, allowing you to manipulate and relog events from an ETW trace stream. |
Structures
CLASSIC_EVENT_ID Identifies the kernel event for which you want to enable call stack tracing. |
ENABLE_TRACE_PARAMETERS Contains information used to enable a provider via EnableTraceEx2. |
ENABLE_TRACE_PARAMETERS_V1 Contains information used to enable a provider via EnableTraceEx2. This structure is obsolete. |
ETW_BUFFER_CALLBACK_INFORMATION Provided to the BufferCallback as the ConsumerInfo parameter and provides details on the current processing session. |
ETW_BUFFER_CONTEXT Provides context information about the event. |
ETW_BUFFER_CONTEXT Provides context information about the event. (ETW_BUFFER_CONTEXT) |
ETW_BUFFER_HEADER The header structure of an ETW buffer. |
ETW_OPEN_TRACE_OPTIONS Provides configuration parameters to OpenTraceFromBufferStream, OpenTraceFromFile, OpenTraceFromRealTimeLogger, OpenTraceFromRealTimeLoggerWithAllocationOptions functions. |
ETW_TRACE_PARTITION_INFORMATION Contains partition information pulled from an ETW trace. |
EVENT_DATA_DESCRIPTOR The EVENT_DATA_DESCRIPTOR structure defines a block of data that will be used in an ETW event. |
EVENT_DESCRIPTOR The EVENT_DESCRIPTOR structure contains information (metadata) about an ETW event. |
EVENT_DESCRIPTOR Contains metadata that defines the event. |
EVENT_EXTENDED_ITEM_EVENT_KEY |
EVENT_EXTENDED_ITEM_INSTANCE Defines the relationship between events if TraceEventInstance was used to log related events. |
EVENT_EXTENDED_ITEM_PEBS_INDEX |
EVENT_EXTENDED_ITEM_PMC_COUNTERS |
EVENT_EXTENDED_ITEM_PROCESS_START_KEY |
EVENT_EXTENDED_ITEM_RELATED_ACTIVITYID Defines the parent event of this event. |
EVENT_EXTENDED_ITEM_STACK_KEY32 |
EVENT_EXTENDED_ITEM_STACK_KEY64 |
EVENT_EXTENDED_ITEM_STACK_TRACE32 Defines a call stack on a 32-bit computer. |
EVENT_EXTENDED_ITEM_STACK_TRACE64 Defines a call stack on a 64-bit computer. |
EVENT_EXTENDED_ITEM_TS_ID Defines the terminal session that logged the event. |
EVENT_FILTER_DESCRIPTOR Defines the filter data that a session passes to the provider's enable callback function. |
EVENT_FILTER_EVENT_ID Defines event IDs used in an EVENT_FILTER_DESCRIPTOR structure for an event ID or stack walk filter. |
EVENT_FILTER_EVENT_NAME Defines event IDs used in an EVENT_FILTER_DESCRIPTOR structure for an event name or stalk walk name filter. |
EVENT_FILTER_HEADER Defines the header data that must precede the filter data that is defined in the instrumentation manifest. |
EVENT_FILTER_LEVEL_KW Defines event IDs used in an EVENT_FILTER_DESCRIPTOR structure for a stack walk level-keyword filter. |
EVENT_HEADER The EVENT_HEADER structure (evntcons.h) defines information about the event. |
EVENT_HEADER The EVENT_HEADER structure (relogger.h) defines information about the event. |
EVENT_HEADER_EXTENDED_DATA_ITEM The EVENT_HEADER_EXTENDED_DATA_ITEM structure (evntcons.h) defines the extended data that ETW collects as part of the event data. |
EVENT_HEADER_EXTENDED_DATA_ITEM The EVENT_HEADER_EXTENDED_DATA_ITEM structure (relogger.h) defines the extended data that ETW collects as part of the event data. |
EVENT_INSTANCE_HEADER The EVENT_INSTANCE_HEADER structure contains standard event tracing information common to all events written by TraceEventInstance. |
EVENT_INSTANCE_INFO The EVENT_INSTANCE_INFO structure maps a unique transaction identifier to a registered event trace class for TraceEventInstance. |
EVENT_MAP_ENTRY Defines a single value map entry. |
EVENT_MAP_INFO Defines the metadata about the event map. |
EVENT_PROPERTY_INFO Provides information about a single property of the event or filter. |
EVENT_RECORD The EVENT_RECORD structure (evntcons.h) defines the layout of an event that ETW delivers. |
EVENT_RECORD The EVENT_RECORD structure (relogger.h) defines the layout of an event that ETW delivers. |
EVENT_TRACE The EVENT_TRACE structure is used to deliver event information to an event trace consumer. |
EVENT_TRACE_HEADER The EVENT_TRACE_HEADER structure contains standard event tracing information common to all events written by TraceEvent. |
EVENT_TRACE_LOGFILEA The EVENT_TRACE_LOGFILEA (ANSI) structure (evntrace.h) stores information about a trace data source. |
EVENT_TRACE_LOGFILEW The EVENT_TRACE_LOGFILEW (Unicode) structure (evntrace.h) stores information about a trace data source. |
EVENT_TRACE_PROPERTIES The EVENT_TRACE_PROPERTIES structure contains information about an event tracing session and is used with APIs such as StartTrace and ControlTrace. |
EVENT_TRACE_PROPERTIES_V2 The EVENT_TRACE_PROPERTIES_V2 structure contains information about an event tracing session and is used with APIs such as StartTrace and ControlTrace. |
MOF_FIELD You may use the MOF_FIELD structures to append event data to the EVENT_TRACE_HEADER or EVENT_INSTANCE_HEADER structures. |
PAYLOAD_FILTER_PREDICATE Defines an event payload filter predicate that describes how to filter on a single field in a trace session. |
PROPERTY_DATA_DESCRIPTOR Defines the property to retrieve. |
PROVIDER_ENUMERATION_INFO Defines the array of providers that have registered a MOF or manifest on the computer. |
PROVIDER_EVENT_INFO Defines an array of events in a provider manifest. |
PROVIDER_FIELD_INFO Defines the field information. |
PROVIDER_FIELD_INFOARRAY Defines metadata information about the requested field. |
PROVIDER_FILTER_INFO Defines a filter and its data. |
TDH_CONTEXT Defines the additional information required to parse an event. |
TRACE_CONTEXT_REGISTER_INFO Identifies the set of registers to be logged when enabling Context Register Tracing. |
TRACE_ENABLE_INFO Defines the session and the information that the session used to enable the provider. |
TRACE_EVENT_INFO Defines the information about the event. |
TRACE_GUID_INFO Returned by EnumerateTraceGuidsEx. Defines the header to the list of sessions that enabled a provider. |
TRACE_GUID_PROPERTIES Returned by EnumerateTraceGuids. Contains information about an event trace provider. |
TRACE_GUID_REGISTRATION Used with RegisterTraceGuids to register event trace classes. |
TRACE_LOGFILE_HEADER The TRACE_LOGFILE_HEADER structure contains information about an event tracing session and its events. |
TRACE_PERIODIC_CAPTURE_STATE_INFO Used with TraceQueryInformation and TraceSetInformation to get or set information relating to a periodic capture state. |
TRACE_PROVIDER_INFO Defines the GUID and name for a provider. |
TRACE_PROVIDER_INSTANCE_INFO Defines an instance of the provider GUID. |
TRACE_VERSION_INFO Determines the version information of the TraceLogging session. |