EVENT_INSTANCE_GUID_HEADER - NtDoc
Native API online documentation, based on the System Informer
(formerly Process Hacker) phnt
headers
#ifndef _NTWMI_H
// New struct that replaces EVENT_INSTANCE_GUID_HEADER. It is basically
// EVENT_TRACE_HEADER + 2 Guids.
// For XP, we will not publish this struct and hide it from users.
// TRACE_VERSION in LOG_FILE_HEADER will tell the consumer APIs to use
// this struct instead of EVENT_TRACE_HEADER.
typedef struct _EVENT_INSTANCE_GUID_HEADER
{
USHORT Size; // Size of entire record
union
{
USHORT FieldTypeFlags; // Indicates valid fields
struct
{
UCHAR HeaderType; // Header type - internal use only
UCHAR MarkerFlags; // Marker - internal use only
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
union
{
ULONG Version;
struct
{
UCHAR Type; // event type
UCHAR Level; // trace instrumentation level
USHORT Version; // version of trace record
} Class;
} DUMMYUNIONNAME2;
ULONG ThreadId; // Thread Id
ULONG ProcessId; // Process Id
LARGE_INTEGER TimeStamp; // time when event happens
union
{
GUID Guid; // Guid that identifies event
ULONGLONG GuidPtr; // use with WNODE_FLAG_USE_GUID_PTR
} DUMMYUNIONNAME3;
union
{
struct
{
ULONG ClientContext; // Reserved
ULONG Flags; // Flags for header
} DUMMYSTRUCTNAME;
struct
{
ULONG KernelTime; // Kernel Mode CPU ticks
ULONG UserTime; // User mode CPU ticks
} DUMMYSTRUCTNAME2;
ULONG64 ProcessorTime; // Processor Clock
} DUMMYUNIONNAME4;
ULONG InstanceId;
ULONG ParentInstanceId;
GUID ParentGuid; // Guid that identifies event
} EVENT_INSTANCE_GUID_HEADER, *PEVENT_INSTANCE_GUID_HEADER;
View code on GitHubNo description available.