TdhGetProperty function

Retrieves a property value from the event data.

Syntax


ULONG __stdcall TdhGetProperty(
  _In_   PEVENT_RECORD pEvent,
  _In_   ULONG TdhContextCount,
  _In_   PTDH_CONTEXT pTdhContext,
  _In_   ULONG PropertyDataCount,
  _In_   PPROPERTY_DATA_DESCRIPTOR pPropertyData,
  _In_   ULONG BufferSize,
  _Out_  PBYTE pBuffer
);

Parameters

pEvent [in]

The event record passed to your EventRecordCallback callback. For details, see the EVENT_RECORD structure.

TdhContextCount [in]

Number of elements in pTdhContext.

pTdhContext [in]

Array of context values for WPP or classic ETW events only; otherwise, NULL. For details, see the TDH_CONTEXT structure. The array must not contain duplicate context types.

PropertyDataCount [in]

Number of data descriptor structures in pPropertyData.

pPropertyData [in]

Array of PROPERTY_DATA_DESCRIPTOR structures that defines the property to retrieve.

If you called the TdhGetPropertySize function to retrieve the required buffer size for the property, you can use the same data descriptors.

If you are retrieving a property that is not a member of a structure, you can specify a single data descriptor. If you are retrieving a property that is a member of a structure, specify an array of two data descriptors (structures cannot contain or reference other structures).

BufferSize [in]

Size of the pBuffer buffer, in bytes. You can get this value from the pPropertySize parameter when calling TdhGetPropertySize function.

pBuffer [out]

User-allocated buffer that receives the property data.

Return value

Returns ERROR_SUCCESS if successful. Otherwise, this function returns one of the following return codes in addition to others.

Return codeDescription
ERROR_NOT_FOUND

The schema for the event was not found or the specified property was not found.

ERROR_INSUFFICIENT_BUFFER

The pBuffer buffer is too small. To get the required buffer size, call TdhGetPropertySize.

ERROR_INVALID_PARAMETER

One or more of the parameters is not valid.

ERROR_FILE_NOT_FOUND

The resourceFileName attribute in the manifest contains the location of the provider binary. When you register the manifest, the location is written to the registry. TDH was unable to find the binary based on the registered location.

ERROR_WMI_SERVER_UNAVAILABLE

The WMI service is not available.

 

Remarks

If the event is a WPP or classic ETW event, you can specify context information that is used to help parse the event information. The event is a WPP event if the EVENT_HEADER_FLAG_TRACE_MESSAGE flag is set in the Flags member of EVENT_HEADER (see the EventHeader member of EVENT_RECORD). The event is a legacy ETW event if the EVENT_HEADER_FLAG_CLASSIC_HEADER flag is set.

For a list of properties for WPP events and their data types, see PROPERTY_DATA_DESCRIPTOR.

Examples

For an example that shows how to call this function to retrieve the value of a top-level property or the member of a structure, see Using TdhGetProperty to Consume Event Data.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Tdh.h

Library

Tdh.lib

DLL

Tdh.dll

See also

TdhGetEventInformation
TdhGetPropertySize

 

 

Community Additions

ADD
Show:
© 2014 Microsoft