SKETCH OF HOW RESEARCH MIGHT CONTINUE AND RESULTS BE PRESENTED

EtwEventWriteStartScenario

Declaration 

ULONG
EtwEventWriteStartScenario (
    REGHANDLE RegHandle,
    PCEVENT_DESCRIPTOR EventDescriptor,
    ULONG UserDataCount,
    PEVENT_DATA_DESCRIPTOR UserData);

Parameters

The RegHandle argument specifies an event provider.

The EventDescriptor argument is the address of a structure that describes an event to write.

The UserDataCount argument specifies the number of data elements to pass with the event.

The UserData argument is the address of an array of structures that each describe one of those data elements.

Return Value

The function returns zero for success, else an error code.

Behaviour

The EtwEventWriteStartScenario function is just EtwEventWrite, to write the specified event, but with the additonal step of calling the NT kernel to start all WDI scenarios for which the specified event is configured as a start event.

It is an error (ERROR_INVALID_PARAMETER) to omit the event descriptor. It is also an error (ERROR_INVALID_HANDLE) if the handle to the provider is invalid or if the event is not enabled for the provider.

Availability

The EtwEventWriteStartScenario function is exported by name from NTDLL.DLL in version 6.0 and higher. The preferred access is through EventWriteStartScenario, which is exported by ADVAPI32.DLL version 6.0 and higher.

As with many NTDLL functions, Microsoft does not document EtwEventWriteStartScenario. Neither does Microsoft document the forwarded export from ADVAPI32.

This page was created on 30th October 2008 and was last modified on 21st November 2008.

Copyright © 2008. Geoff Chappell. All rights reserved. Conditions apply.