Geoff Chappell, Software Analyst
PLACEHOLDER FOR WORK THAT MAY NEVER BE DONE - PREVIEW ONLY
When given EtwFlushLoggerCode (5) as its FunctionCode argument, the NtTraceControl function flushes a tracing session, known less formally as a logger. This note deals only with the function’s behaviour that is specific to this function code. The function’s general behaviour is here taken as assumed knowledge.
A WMI_LOGGER_INFORMATION structure is expected to begin the input and is produced as the function’s successful output. If either the input or output buffer is too small for this structure, including because a user-mode request gives NULL for either buffer’s address, the function returns STATUS_INVALID_BUFFER_SIZE. If a kernel-mode request provides no input, the returned error code is STATUS_INVALID_PARAMETER.
TO BE DONE?