PLACEHOLDER FOR WORK THAT MAY NEVER BE DONE - PREVIEW ONLY

EtwQueryLoggerCode

When given EtwQueryLoggerCode (3) as its FunctionCode argument, the NtTraceControl function gets information about a tracing session, known less formally as a logger. This note deals only with the function’s behaviour that is specific to this function code. The function’s general behaviour is here taken as assumed knowledge.

A WMI_LOGGER_INFORMATION structure is expected to begin the input and is produced as the function’s successful output. If either the input or output buffer is too small for this structure, including because a user-mode request gives NULL for either buffer’s address, the function returns STATUS_INVALID_BUFFER_SIZE. If a kernel-mode request provides no input, the returned error code is STATUS_INVALID_PARAMETER.

TO BE DONE?