Geoff Chappell, Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the ETWP.H header at
d:\th\minkernel\ntos\etw
and draws from it the following type definitions:
| Line Number | Type |
|---|---|
| 594 | struct _ETW_BUFFER_QUEUE |
| 600 | enum _ETW_HEADER_TYPE |
| 612 | struct _ETW_PMC_SUPPORT |
| 620 | struct _WMI_LOGGER_CONTEXT |
| 860 | struct _ETW_REALTIME_CONSUMER |
| 908 | struct _ETW_LOGGER_HANDLE |
| 2385 | enum _ETW_STRING_TOKEN_TYPE |
| 2392 | enum _ETW_PERFECT_HASH_FUNCTION_TYPE |
| 2408 | struct _ETW_LAST_ENABLE_INFO |
| 2427 | struct _ETW_PAYLOAD_FILTER |
| 2432 | struct _ETW_FILTER_PID |
| 2437 | struct _ETW_FILTER_STRING_TOKEN_ELEMENT |
| 2442 | struct _ETW_FILTER_STRING_TOKEN |
| 2453 | struct _ETW_FILTER_HEADER |
| 2465 | struct _ETW_GUID_ENTRY |
| 2491 | struct _ETW_REPLY_QUEUE |
| 2512 | struct _ETW_QUEUE_ENTRY |
| 2523 | struct _ETW_PROVIDER_TRAITS |
| 2529 | struct _ETW_REG_ENTRY |
| 2638 | struct _ETW_SILODRIVERSTATE |
The header ETWP.H is not known in any Device Driver Kit (DDK) or Windows Driver Kit (WDK).