QueryAllTraces function
The QueryAllTraces function retrieves the properties and statistics for all event tracing sessions started on the computer for which the caller has permissions to query.
Syntax
ULONG QueryAllTraces( _Out_ PEVENT_TRACE_PROPERTIES *PropertyArray, _In_ ULONG PropertyArrayCount, _Out_ PULONG SessionCount );
Parameters
- PropertyArray [out]
-
An array of pointers to EVENT_TRACE_PROPERTIES structures that receive session properties and statistics for the event tracing sessions.
You only need to set the Wnode.BufferSize, LoggerNameOffset , and LogFileNameOffset members of the EVENT_TRACE_PROPERTIES structure. The other members should all be set to zero.
- PropertyArrayCount [in]
-
Number of structures in the PropertyArray array. This value must be less than or equal to 64, the maximum number of event tracing sessions that ETW supports.
- SessionCount [out]
-
Actual number of event tracing sessions started on the computer.
Return value
If the function succeeds, the return value is ERROR_SUCCESS.
If the function fails, the return value is one of the system error codes. The following table includes some common errors and their causes.
| Return code | Description |
|---|---|
|
One of the following is true:
|
|
The property array is too small to receive information for all sessions (SessionCount is greater than PropertyArrayCount). The function fills the property array with the number of property structures specified in PropertyArrayCount. |
Remarks
Event trace controllers call this function.
This function retrieves the trace sessions that the caller has permissions to query. Users running with elevated administrative privileges, users in the Performance Log Users group, and services running as LocalSystem, LocalService, NetworkService can view all tracing sessions.
This function does not return private logging sessions.
To retrieve information for a single session, use the ControlTrace function and set the ControlCode parameter to EVENT_TRACE_CONTROL_QUERY.
Examples
The following example shows how to call this function.
#include <windows.h> #include <stdio.h> #include <wmistr.h> #include <evntrace.h> #define MAX_SESSIONS 64 #define MAX_SESSION_NAME_LEN 1024 #define MAX_LOGFILE_PATH_LEN 1024 void wmain(void) { ULONG status = ERROR_SUCCESS; PEVENT_TRACE_PROPERTIES pSessions[MAX_SESSIONS]; // Array of pointers to property structures PEVENT_TRACE_PROPERTIES pBuffer = NULL; // Buffer that contains all the property structures ULONG SessionCount = 0; // Actual number of sessions started on the computer ULONG BufferSize = 0; ULONG PropertiesSize = 0; WCHAR SessionGuid[50]; // The size of the session name and log file name used by the // controllers are not known, therefore create a properties structure that allows // for the maximum size of both. PropertiesSize = sizeof(EVENT_TRACE_PROPERTIES) + (MAX_SESSION_NAME_LEN*sizeof(WCHAR)) + (MAX_LOGFILE_PATH_LEN*sizeof(WCHAR)); BufferSize = PropertiesSize * MAX_SESSIONS; pBuffer = (PEVENT_TRACE_PROPERTIES) malloc(BufferSize); if (pBuffer) { ZeroMemory(pBuffer, BufferSize); for (USHORT i = 0; i < MAX_SESSIONS; i++) { pSessions[i] = (EVENT_TRACE_PROPERTIES*)((BYTE*)pBuffer + (i*PropertiesSize)); pSessions[i]->Wnode.BufferSize = PropertiesSize; pSessions[i]->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES); pSessions[i]->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + (MAX_SESSION_NAME_LEN*sizeof(WCHAR)); } } else { wprintf(L"Error allocating memory for properties.\n"); goto cleanup; } status = QueryAllTraces(pSessions, (ULONG)MAX_SESSIONS, &SessionCount); if (ERROR_SUCCESS == status || ERROR_MORE_DATA == status) { wprintf(L"Requested session count, %d. Actual session count, %d.\n\n", MAX_SESSIONS, SessionCount); for (USHORT i = 0; i < SessionCount; i++) { StringFromGUID2(pSessions[i]->Wnode.Guid, SessionGuid, (sizeof(SessionGuid) / sizeof(SessionGuid[0]))); wprintf(L"Session GUID: %s\nSession ID: %d\nSession name: %s\nLog file: %s\n" L"min buffers: %d\nmax buffers: %d\nbuffers: %d\nbuffers written: %d\n" L"buffers lost: %d\nevents lost: %d\n\n", SessionGuid, pSessions[i]->Wnode.HistoricalContext, (LPWSTR)((char*)pSessions[i] + pSessions[i]->LoggerNameOffset), (LPWSTR)((char*)pSessions[i] + pSessions[i]->LogFileNameOffset), pSessions[i]->MinimumBuffers, pSessions[i]->MaximumBuffers, pSessions[i]->NumberOfBuffers, pSessions[i]->BuffersWritten, pSessions[i]->LogBuffersLost, pSessions[i]->EventsLost); } } else { wprintf(L"Error calling QueryAllTraces, %d.\n", status); goto cleanup; } cleanup: if (pBuffer) { free(pBuffer); pBuffer = NULL; } }
Requirements
|
Minimum supported client |
Windows 2000 Professional [desktop apps only] |
|---|---|
|
Minimum supported server |
Windows 2000 Server [desktop apps only] |
|
Header |
|
|
Library |
|
|
DLL |
|
|
Unicode and ANSI names |
QueryAllTracesW (Unicode) and QueryAllTracesA (ANSI) |
See also