Jaa


Custom Injection of System Information

Kernel Trace Control allows custom injection of system information when multiple trace files are merged into a single output trace file. To include system information, a single flag or combination of flags is set in the CreateMergedTraceFile function. The following flags define the system information to be added to the merged trace file:

#define EVENT_TRACE_MERGE_EXTENDED_DATA_NONE 0x00000000
No system information should be added to the merged trace file.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_IMAGEID 0x00000001
Inject image information such as checksum and timestamp used during symbol lookup.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_BUILDINFO 0x00000002
Inject operating system build information such as product name and build lab.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_VOLUME_MAPPING 0x00000004
Inject volume mapping between MS-DOS and Windows NT paths. The payload of the event contains two NULL-terminated Unicode strings. The first string contains the Windows NT path and the second string contains the MS-DOS path. The length of the payload is the size, in bytes, of the two strings including the NULL characters.

For example, a Windows NT path “\Device\HarddiskVolume1\” would be translated to the MS-DOS path “C:\”.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_WINSAT 0x00000008
Inject WinSat information.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA 0x00000010
Inject trace data header (TDH) metadata for events that are captured on computers other than the computer on which the events are being analyzed. For more information about trace data header information, see Event Tracing.

#define EVENT_METADATA_LOG_TYPE_TRACE_EVENT_INFO 0x20
Inject trace information that identifies the events logged through EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA.

#define EVENT_METADATA_LOG_TYPE_EVENT_MAP_INFO 0x21
Inject information that defines the metadata for the events logged as a result of setting the EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA flag. For more information, see EVENT_MAP_INFO Structure.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_PERFTRACK_METADATA 0x00000020
Inject PerfTrack events metadata for decoding of PerfTrack events on different computers. These events are injected only on Windows 7 and Windows Server 2008.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_DEFAULT 0x000FFFFF
Inject the data for image, build, volume mapping, WinSat, event metadata, and PerfTrack metadata.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_ALL 0xFFFFFFF
Inject all extended data information to the output trace file.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_NETWORK_INTERFACE 0x00000040
Inject network interface information.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_NGEN_PDB 0x00000080
Create PDBs to enable symbol loading for NGEN binaries that appear in the trace.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_COMPRESS_TRACE 0x10000000
Compress the merged trace. Only supported on Windows 8 and higher.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_INJECT_ONLY 0x40000000
Only inject image identification information, do not copy events from the input trace(s).

Remarks

Requirements:

Versions: Available beginning in Windows Vista. This structure is distributed with Windows Performance Analyzer.

Headers: Declared in KernelTraceControl.h. Include KernelTraceControl.h.

Library: Contained in KernelTraceControl.dll.

Kernel Trace Control API Reference

CreateMergedTraceFile