Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,412 questions
How to subscribe to all registered valid event channels?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 63%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Yen-Ming Chiu
21
Reputation points
I used EvtOpenChannelEnum to fetch all registered events on the computer, then trying to subscribe to them with EvtSubscribe.
And some of them lead to the error 4201 (The instance name passed was not recognized as valid by a WMI data provider.)
I did filter out those channels which have "/Analytic" and "/Debug" at the end of the name, and those channels are named "Analytic" or "Debug". But it still doesn't work.
Is there have any other limitations with ETW subscriptions?
PS: the following picture shows a part of what I got after fetching and filtering.
Windows API - Win32
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,519 questions
{count} votes
-
Song Zhu - MSFT 906 Reputation points2021-03-26T07:23:51.963+00:00 ERROR_WMI_INSTANCE_NOT_FOUND means "the session from which you are trying to consume events in real time is not running or does not have the real-time trace mode enabled".And you can refer to Why isn't my Event Trace for Windows working?.
Sign in to comment