Geoff Chappell, Software Analyst
The public symbol file NTKRPAMP.PDB for the original release of Windows 10 tells that the kernel is built with the TraceLoggingProvider.h header at
d:\th.public.fre\internal\minwin\priv_sdk\inc
and draws from it the following type definitions:
| Line Number | Type |
|---|---|
| 1305 | enum _TlgIn_t |
| 1350 | enum _TlgOut_t |
| 1380 | enum _TlgBlob_t |
| 1409 | struct _TraceLoggingMetadata_t |
| 1425 | struct _TlgProviderMetadata_t |
| 1511 | struct _TlgProvider_t |
A header named TraceLoggingProvider.h is among the headers in the publicly available Windows Driver Kit (WDK) for Windows 10. It is there in the “shared” subdirectory with many other headers that are intended for use in both kernel-mode and user-mode programming.