OpenTraceFromRealTimeLoggerWithAllocationOptions function (evntrace.h)
Creates a trace processing session attached to an active real-time ETW session.
Syntax
ETW_APP_DECLSPEC_DEPRECATED TRACEHANDLE WMIAPI OpenTraceFromRealTimeLoggerWithAllocationOptions(
PCWSTR LoggerName,
const ETW_OPEN_TRACE_OPTIONS *Options,
ULONG_PTR AllocationSize,
HANDLE MemoryPartitionHandle,
TRACE_LOGFILE_HEADER *LogFileHeader
);
Parameters
LoggerName
Name of the real-time event tracing session, or NULL if processing data from a log file. Specify a value for this member if you are calling OpenTraceFromRealTimeLoggerWithAllocationOptions to consume data from a real-time session.
When calling OpenTraceFromRealTimeLoggerWithAllocationOptions, if LogFileHeader is non-NULL then LoggerName must be NULL.
You can only consume events in real time if the trace controller has set the LogFileMode member of EVENT_TRACE_PROPERTIES to include the EVENT_TRACE_REAL_TIME_MODE flag.
Only users with administrative privileges, users in the Performance Log Users group, and applications running as LocalSystem, LocalService, NetworkService can consume events in real time. To grant a restricted user the ability to consume events in real time, add them to the Performance Log Users group or call EventAccessControl.
Options
Configuration options for this processing session. See ETW_OPEN_TRACE_OPTIONS for more details.
AllocationSize
The size, in bytes, of the memory that will be pre-allocated to store ETW buffers during processing. A larger allocation will reduce the need for individual allocation/free calls at the cost of higher consistent memory usage. This will be adjusted upward to a minimum of the total buffer space of the underlying Real-Time ETW session to ensure enough is allocated for basic functioning. If 0, the default size will be used.
MemoryPartitionHandle
The handle to the Memory Partition that should be used for memory allocations for this processing session. If NULL, the Memory Partition of the process will be used. See MemExtendedParameterPartitionHandle for more details.
LogFileHeader
Header information for the log file. See TRACE_LOGFILE_HEADER for more details.
Return value
A TRACEHANDLE that is used to identify this processing session. Typically passed to ProcessTrace to begin processing and to CloseTrace to end processing.
Remarks
Once ProcessTrace is called on the returned TRACEHANDLE, this will receive buffers from the ETW session as they are flushed and immediately begin processing them and calling the callbacks specified in the Options. This is identical to OpenTraceFromRealTime except that it allows customization of memory allocations for the processing session.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 2000 Professional [desktop apps | UWP apps] |
| Minimum supported server | Windows 2000 Server [desktop apps | UWP apps] |
| Target Platform | Windows |
| Header | evntrace.h |
| Library | Sechost.lib on Windows 8.1 and Windows Server 2012 R2; Advapi32.lib on Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista and Windows XP |
| DLL | Sechost.dll on Windows 8.1 and Windows Server 2012 R2; Advapi32.dll on Windows 8, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista and Windows XP |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for