ETW_BUFFER_HEADER structure (evntrace.h)
The header structure of an ETW buffer.
Syntax
typedef struct ETW_BUFFER_HEADER {
ULONG Reserved1[4];
LARGE_INTEGER TimeStamp;
ULONG Reserved2[4];
ETW_BUFFER_CONTEXT ClientContext;
ULONG Reserved3;
ULONG FilledBytes;
ULONG Reserved4[5];
} ETW_BUFFER_HEADER;
Members
Reserved1[4]
Reserved.
TimeStamp
The time when the buffer was flushed. It will be in the raw clock type of the session from which the buffer was collected (for example, QueryPerformanceCounter, CPU timestamp counter, or GetSystemTimeAsFileTime).
Reserved2[4]
Reserved.
ClientContext
Contains information about the processor and logger that generated this buffer. See ETW_BUFFER_CONTEXT.
Reserved3
FilledBytes
The size of the valid data in the buffer. This is the size of the ETW_BUFFER_HEADER and the event data. When a buffer is copied, it is common to only allocate enough memory to store the valid data (for example, only FilledBytes bytes are allocated and copied), so recipients of a buffer should not read beyond this offset
Reserved4[5]
Reserved.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 2000 Professional [desktop apps | UWP apps] |
| Minimum supported server | Windows 2000 Server [desktop apps | UWP apps] |
| Header | evntrace.h |