Event Tracing Functions
Event trace controllers use the following functions to manage event tracing sessions.
| Controller function | Description |
|---|---|
| ControlTrace | Flushes, queries, updates, or stops the specified session. |
| EnableTrace | Enables or disables a classic event trace provider. |
| EnableTraceEx | Enables or disables a manifested event trace provider. |
| EnableTraceEx2 | Enables or disables a manifested event trace provider. |
| EnumerateTraceGuids | Retrieves information about registered event trace providers. |
| EnumerateTraceGuidsEx | Retrieves information about registered event trace providers that are running on the computer. |
| FlushTrace | Flushes buffered events for the specified session. The ControlTrace function supersedes this function. |
| QueryAllTraces | Retrieves property settings and statistics for all sessions. |
| QueryTrace | Retrieves property settings and statistics for the specified session.
The ControlTrace function supersedes this function. |
| QueryTraceProcessingHandle | Retrieves container information from the specified session. |
| StartTrace | Starts the specified session. |
| StopTrace | Stops the specified session.
The ControlTrace function supersedes this function. |
| TraceQueryInformation | Queries event tracing session settings for the specified information class. |
| TraceSetInformation | Enables or disables the specified information class. |
| UpdateTrace | Updates the properties of the specified session.
The ControlTrace function supersedes this function. |
Classic event trace providers use the following functions to generate events.
| Provider function | Description |
|---|---|
| ControlCallback | Providers implement this callback to receive enable or disable event tracing notifications from controllers. |
| CreateTraceInstanceId | Creates an identifier for a group of related events. |
| GetTraceEnableFlags | Retrieves the enable flags set by the EnableTrace function. |
| GetTraceEnableLevel | Retrieves the enable level set by the EnableTrace function. |
| GetTraceLoggerHandle | Retrieves the event tracing session handle passed to the EnableTrace function. |
| RegisterTraceGuids | Registers a provider and its event trace classes. |
| TraceEvent | Generates an event. |
| TraceEventInstance | Generates events for a transaction. |
| TraceMessage TraceMessageVa | Generates informational messages. |
| UnregisterTraceGuids | Unregisters a provider and its event trace classes. |
Manifest-based event trace providers use the following functions to generate events.
| Provider function | Description |
|---|---|
| CveEventWrite | A tracing function for publishing events when an attempted security vulnerability exploit is detected in your user-mode application. |
| EnableCallback | Providers implement this callback to receive enable or disable event tracing notifications from controllers. |
| EventActivityIdControl | Creates, queries, and sets the current activity identifier used by the EventWriteTransfer function. |
| EventEnabled | Determines if the event is enabled for any session. |
| EventProviderEnabled | Determines if the event is enabled for any session. |
| EventRegister | Registers the provider. |
| EventSetInformation | Performs operations on a registration object. |
| EventUnregister | Removes the provider's registration. |
| EventWrite | Writes an event. This function is superseded by EventWriteEx. |
| EventWriteEx | Writes an event. |
| EventWriteString | Writes an event that contains a string as its data. |
| EventWriteTransfer | Links events together when tracing events in an end-to-end scenario. |
Event trace consumers use the following functions to process events.
| Consumer function | Description |
|---|---|
| BufferCallback | Consumers implement this callback to receive statistics about each buffer of events that ETW delivers to an event trace consumer. |
| CloseTrace | Closes a trace. |
| EventCallback | Consumers implement this callback to receive all events from a session. |
| EventRecordCallback | Consumers implement this callback to receive events from a session. |
| OpenTrace | Opens a trace for processing. |
| ProcessTrace | Delivers events to a consumer for processing. |
| TdhAggregatePayloadFilters | Aggregates multiple payload filters for a single provider into a single data structure for use with the EnableTraceEx2 function. |
| TdhCleanupPayloadEventFilterDescriptor | Frees the aggregated structure of payload filters created using the TdhAggregatePayloadFilters function. |
| TdhCloseDecodingHandle | Frees resources associated with the input decoding handle. |
| TdhCreatePayloadFilter | Creates a single filter for a single payload to be used with the EnableTraceEx2 function. |
| TdhDeletePayloadFilter | Frees the memory allocated for a single payload filter by the TdhCreatePayloadFilter function. |
| TdhEnumerateManifestProviderEvents | Retrieves the list of events present in the provider manifest. |
| TdhEnumerateProviderFieldInformation | Retrieves the specified field metadata for a given provider. |
| TdhEnumerateProviderFilters | Enumerates the filters for a given provider. |
| TdhEnumerateProviders | Retrieves a list of providers that have registered a MOF or manifest file on the computer. |
| TdhFormatProperty | Formats a property value for display. |
| TdhGetDecodingParameter | Retrieves the value of a decoding parameter. |
| TdhGetEventInformation | Retrieves metadata about an event. |
| TdhGetEventMapInformation | Retrieves information about the event map contained in the event. |
| TdhGetManifestEventInformation | Retrieves metadata about an event in a manifest. |
| TdhGetProperty | Retrieves a property value from the event data. |
| TdhGetPropertySize | Retrieves the size of one or more property values in the event data. |
| TdhGetWppMessage | Retrieves the formatted WPP message embedded into an EVENT_RECORD structure. |
| TdhGetWppProperty | Retrieves a specific property associated with a WPP message. |
| TdhLoadManifest | Loads the manifest used to decode a log file. |
| TdhLoadManifestFromBinary | Takes a NULL-terminated path to a binary file that contains metadata resources needed to decode a specific event provider. |
| TdhOpenDecodingHandle | Opens a decoding handle. |
| TdhQueryProviderFieldInformation | Retrieves information for the specified field from the event descriptions for those field values that match the given value. |
| TdhSetDecodingParameter | Sets the value of a decoding parameter. |
| TdhUnloadManifest | Unloads the manifest that was loaded by the TdhLoadManifest function. |
The following functions manage access permissions to the controller and provider functions.
| Access control function | Description |
|---|---|
| EventAccessControl | Adds or modifies the permissions of the specified provider or session. |
| EventAccessQuery | Retrieves the permissions for the specified controller or provider. |
| EventAccessRemove | Removes the permissions defined in the registry for the specified provider or session. |
You should not use the following functions; they may be unavailable in subsequent versions.
| Access control function | Description |
|---|---|
| EventClassCallback | Consumers implement this callback to receive events for a specific event trace class from a session. |
| RemoveTraceCallback | Stops an EventClassCallback function from receiving events for an event trace class. |
| SetTraceCallback | Specifies an EventClassCallback function to receive events for the specified event trace class. |
Show: