EVENT_RECORD structure (relogger.h)
The EVENT_RECORD structure defines the layout of an event that ETW delivers.
Syntax
typedef struct _EVENT_RECORD {
EVENT_HEADER EventHeader;
ETW_BUFFER_CONTEXT BufferContext;
USHORT ExtendedDataCount;
USHORT UserDataLength;
PEVENT_HEADER_EXTENDED_DATA_ITEM ExtendedData;
PVOID UserData;
PVOID UserContext;
} EVENT_RECORD, *PEVENT_RECORD;
Members
EventHeader
Information about the event such as the time stamp for when it was written. For details, see the EVENT_HEADER structure.
BufferContext
Defines information such as the session that logged the event. For details, see the ETW_BUFFER_CONTEXT structure.
ExtendedDataCount
The number of extended data structures in the ExtendedData member.
UserDataLength
The size, in bytes, of the data in the UserData member.
ExtendedData
One or more extended data items that ETW collects. The extended data includes some items, such as the security identifier (SID) of the user that logged the event, only if the controller sets the EnableProperty parameter passed to the EnableTraceEx or EnableTraceEx2 function. The extended data includes other items, such as the related activity identifier and decoding information for trace logging, regardless whether the controller sets the EnableProperty parameter passed to EnableTraceEx or EnableTraceEx2. For details, see the EVENT_HEADER_EXTENDED_DATA_ITEM structure .
UserData
Event specific data. To parse this data, see Retrieving Event Data Using TDH. If the Flags member of EVENT_HEADER contains EVENT_HEADER_FLAG_STRING_ONLY, the data is a null-terminated Unicode string that you do not need TDH to parse.
UserContext
Th context specified in the Context member of the EVENT_TRACE_LOGFILE structure that is passed to the OpenTrace function.
Remarks
The EVENT_RECORD structure is passed to the consumer's implementation of the EventRecordCallback callback .
Requirements
Requirement | Value |
---|---|
Minimum supported client | Windows Vista [desktop apps only] |
Minimum supported server | Windows Server 2008 [desktop apps only] |
Header | relogger.h (include Evntcons.h) |