NtTraceControl - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
#ifndef _NTWMI_H

/**
 * The NtTraceControl function is used to control various aspects of Event Tracing for Windows (ETW).
 *
 * \param FunctionCode The control code for the operation to be performed.
 * \param InputBuffer A pointer to the input buffer.
 * \param InputBufferLength The size of the input buffer, in bytes.
 * \param OutputBuffer A pointer to the output buffer.
 * \param OutputBufferLength The size of the output buffer, in bytes.
 * \param ReturnLength A pointer to a variable that receives the size of the data returned in the output buffer.
 * \return NTSTATUS Successful or errant status.
 */
NTSYSCALLAPI
NTSTATUS
NTAPI
NtTraceControl(
    _In_ ETWTRACECONTROLCODE FunctionCode,
    _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
    _In_ ULONG InputBufferLength,
    _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
    _In_ ULONG OutputBufferLength,
    _Out_ PULONG ReturnLength
    );

#endif

View code on GitHub
#ifndef _NTZWAPI_H

NTSYSCALLAPI
NTSTATUS
NTAPI
ZwTraceControl(
    _In_ ETWTRACECONTROLCODE FunctionCode,
    _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
    _In_ ULONG InputBufferLength,
    _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
    _In_ ULONG OutputBufferLength,
    _Out_ PULONG ReturnLength
    );

#endif

View code on GitHub

NtDoc

No description available.

Edit description on GitHub