WmiQueryTraceInformation - NtDoc

Native API online documentation, based on the System Informer (formerly Process Hacker) phnt headers 
// wdm.h

NTSTATUS WmiQueryTraceInformation(
  [in]            TRACE_INFORMATION_CLASS TraceInformationClass,
  [out]           PVOID                   TraceInformation,
  [in]            ULONG                   TraceInformationLength,
  [out, optional] PULONG                  RequiredLength,
  [in, optional]  PVOID                   Buffer
);
View the official Windows Driver Kit DDI reference

NtDoc

No description available.

Edit description on GitHub

Windows Driver Kit DDI reference (nf-wdm-wmiquerytraceinformation)

WmiQueryTraceInformation function

Description

The WmiQueryTraceInformation routine returns information about a WMI event trace.

Parameters

TraceInformationClass [in]

Specifies a TRACE_INFORMATION_CLASS enumerator that indicates the type of information to return about an event trace.

TraceInformation [out]

A pointer to a caller-allocated output buffer where the routine returns the event trace information specified by TraceInformationClass.

TraceInformationLength [in]

Specifies the size, in bytes, of the TraceInformation buffer.

RequiredLength [out, optional]

A pointer to the value returned by the routine that specifies the required size, in bytes, of the TraceInformation buffer. The caller should set RequiredLength to NULL if it does not use the required length information.

Buffer [in, optional]

A pointer to the query-specific input information that a caller supplies. If caller-supplied information is not required, the caller should set Buffer to NULL.

Return value

Return code Description
STATUS_SUCCESS Success
STATUS_INFO_LENGTH_MISMATCH The size of the TraceInformation buffer is not equal to the required size for the specified event trace information.
STATUS_INVALID_HANDLE The trace handle specified by the HistoricalContext member of the (PWNODE_HEADER)Buffer is not valid.
STATUS_INVALID_INFO_CLASS The specified type of event trace information is not valid.
STATUS_INVALID_PARAMETER The name of the event trace, supplied with a query to return a trace handle given its name, is not valid.
STATUS_INVALID_PARAMETER_MIX The caller did not supply the information required for the specified event trace information.
STATUS_MORE_ENTRIES The TraceInformation buffer is not large enough to hold an array of all the valid event trace handles.
STATUS_NOT_FOUND A global logger was not found.

Remarks

For each type of event trace information specified by TraceInformationClass, the following table provides:

Value of TraceClassInformation Input requirements Information returned
TraceIdClass TraceInformationLength is equal to the value of sizeof(ULONG).

The size, in bytes of the TraceInformation buffer is greater than or equal to the value of sizeof(ULONG).

The HistoricalContext member of (PWNODE_HEADER)Buffer specifies an event trace handle.		 (PULONG)TraceInformation* is set to the logger ID of the event trace handle.
TraceHandleClass TraceInformationLength is equal to the value of sizeof(TRACEHANDLE).

The size, in bytes of the TraceInformation buffer must be greater than or equal to the value of sizeof(TRACEHANDLE).

(PULONG)Buffer* is set to a logger ID.		 (PTRACEHANDLE)TraceInformation* is set to an event trace handle for the specified logger. If the specified logger ID is zero, an event trace handle for the kernel logger is returned.
TraceEnableFlagsClass TraceInformationLength is greater than or equal to the value of sizeof(ULONG).

The size, in bytes of the TraceInformation buffer must be greater than or equal to the value of sizeof(ULONG).

The HistoricalContext member of (PWNODE_HEADER)Buffer specifies an event trace handle.		 (PULONG)TraceInformation* is set to the enable flags that are set for the specified event trace handle.
TraceEnableLevelClass TraceInformationLength is set greater than or equal to the value of sizeof(ULONG).

The size, in bytes of the TraceInformation buffer must be greater than or equal to the value of sizeof(ULONG).

The HistoricalContext member of (PWNODE_HEADER)Buffer specifies an event trace handle.		 (PULONG)TraceInformation* is set to the level for the specified event trace handle.
GlobalLoggerHandleClass TraceInformationLength is equal to the value of sizeof(TRACEHANDLE).

The size, in bytes of the TraceInformation buffer must be greater than or equal to the value of sizeof(TRACEHANDLE).		 (PTRACEHANDLE)TraceInformation* is set to an event trace handle for the global logger.
EventLoggerHandleClass For internal use only. For internal use only.
AllLoggerHandlesClass TraceInformationLength is set to the size, bytes, of an array of m TRACEHANDLE values.

The size, in bytes of the TraceInformation buffer must be greater than or equal to the value of (m*sizeof(TRACEHANDLE)).		 The TraceInformation buffer contains an array of n trace handles, where n is the minimum of m, the number of caller-supplied event trace handles, and the number of valid event trace handles. The routine returns a status of STATUS_MORE_ENTRIES if the TraceInformation buffer is too small to hold all trace handles.
TraceHandleByNameClass TraceInformationLength is set to the value of sizeof(TRACEHANDLE).

The size, in bytes, of the TraceInformation buffer must be greater than or equal to the value of sizeof(TRACEHANDLE).

(PUNICODE_STRING)Buffer specifies a friendly trace name in Unicode format.		 (PTRACEHANDLE)TraceInformation* is set to the event trace handle associated with the specified friendly name.

If the caller supplies a non-NULL RequiredLength pointer, WmiQueryTraceInformation also returns the required length for the specified event trace information.

WmiQueryTraceInformation runs at the IRQL of the caller.

See also

IoWMIWriteEvent

TRACE_INFORMATION_CLASS

WmiFireEvent

WmiTraceMessage

WmiTraceMessageVa

View the official Windows Driver Kit DDI reference

Edit description on GitHub