EtwProviderEnabled function (wdm.h)

The EtwProviderEnabled function verifies that a provider is enabled for event logging at a specified level and keyword.


BOOLEAN EtwProviderEnabled(
  [in] REGHANDLE RegHandle,
  [in] UCHAR     Level,
  [in] ULONGLONG Keyword


[in] RegHandle

A pointer to the event provider registration handle, which is returned by the EtwRegister function if the event provider registration is successful.

[in] Level

The level at which the provider is enabled.

[in] Keyword

The keyword that indicates whether the provider is enabled.

Return value

The function returns TRUE if the provider is enabled and FALSE if the provider is not enabled.


You can use the EtwProviderEnabled function to verify that the registered provider is enabled for any event by passing in zeros for the Level and Keyword values when you call the function. If any event is enabled, the provider is enabled.

If an event descriptor is already available, use the EtwEventEnabled function.


Minimum supported client Available in Windows Vista and later versions of Windows.
Target Platform Universal
Header wdm.h (include Wdm.h, Ntddk.h)
Library NtosKrnl.lib
DLL NtosKrnl.exe
IRQL Any level

See also