Geoff Chappell, Software Analyst
PLACEHOLDER FOR WORK THAT MAY NEVER BE DONE - PREVIEW ONLY
When given 0x1C as its FunctionCode argument, the NtTraceControl function sets the disallow list for a provider group. Microsoft’s name for this function code is not known. This note deals only with the function’s behaviour that is specific to this function code. The function’s general behaviour is here taken as assumed knowledge.
If the input buffer does not provide at least 8 bytes, the function returns STATUS_INVALID_PARAMETER. The second dword of input is to be a number of 0x10-byte entries that follow. If the total size does not equal InBufferLen, the function returns STATUS_INVALID_PARAMETER.
TO BE DONE?