Custom Injection of System Information

Updated: February 29, 2012

Kernel Trace Control allows custom injection of system information when multiple trace files are merged into a single output trace file. To include system information, a single flag or combination of flags is set in the CreateMergedTraceFile function. The following flags define the system information to be added to the merged trace file:

#define EVENT_TRACE_MERGE_EXTENDED_DATA_NONE 0x00000000
No system information should be added to the merged trace file.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_IMAGEID 0x00000001
Inject image information such as checksum and timestamp used during symbol lookup.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_BUILDINFO 0x00000002
Inject operating system build information such as product name and build lab.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_VOLUME_MAPPING 0x00000004
Inject volume mapping between MS-DOS and Windows NT paths. The payload of the event contains two NULL-terminated Unicode strings. The first string contains the Windows NT path and the second string contains the MS-DOS path. The length of the payload is the size, in bytes, of the two strings including the NULL characters.

For example, a Windows NT path “\Device\HarddiskVolume1\” would be translated to the MS-DOS path “C:\”.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_WINSAT 0x00000008
Inject WinSat information.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA 0x00000010
Inject trace data header (TDH) metadata for events that are captured on computers other than the computer on which the events are being analyzed. For more information about trace data header information, see Event Tracing.

#define EVENT_METADATA_LOG_TYPE_TRACE_EVENT_INFO 0x20
Inject trace information that identifies the events logged through EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA.

#define EVENT_METADATA_LOG_TYPE_EVENT_MAP_INFO 0x21
Inject information that defines the metadata for the events logged as a result of setting the EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA flag. For more information, see EVENT_MAP_INFO Structure.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_PERFTRACK_METADATA 0x00000020
Inject PerfTrack events metadata for decoding of PerfTrack events on different computers. These events are injected only on Windows 7 and Windows Server 2008.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_DEFAULT 0x000FFFFF
Inject the data for image, build, volume mapping, WinSat, event metadata, and PerfTrack metadata.

#define EVENT_TRACE_MERGE_EXTENDED_DATA_ALL 0xFFFFFFFF
Inject all extended data information to the output trace file.

Requirements:

  • Versions: Available beginning in Windows Vista. This structure is distributed with Windows Performance Analyzer.

  • Headers: Declared in KernelTraceControl.h. Include KernelTraceControl.h.

  • Library: Contained in KernelTraceControl.dll.

Show: