Поделиться через


Custom Injection of System Information

Kernel Trace Control allows custom injection of system information when multiple trace files are merged into a single output trace file. To include system information, a single flag or combination of flags is set in the CreateMergedTraceFile function. The following flags define the system information to be added to the merged trace file:

  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_NONE 0x00000000
    No system information should be added to the merged trace file.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_IMAGEID 0x00000001
    Inject image information such as checksum and timestamp used during symbol lookup.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_BUILDINFO 0x00000002
    Inject operating system build information such as product name and build lab.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_VOLUME_MAPPING 0x00000004
    Inject volume mapping between MS-DOS and Windows NT paths. The payload of the event contains two NULL-terminated Unicode strings. The first string contains the Windows NT path and the second string contains the MS-DOS path. The length of the payload is the size, in bytes, of the two strings including the NULL characters.

    For example, a Windows NT path “\Device\HarddiskVolume1\” would be translated to the MS-DOS path “C:\”.

  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_WINSAT 0x00000008
    Inject WinSat information.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA 0x00000010
    Inject trace data header (TDH) metadata for events that are captured on computers other than the computer on which the events are being analyzed. For more information about trace data header information, see Event Tracing.
  • #define EVENT_METADATA_LOG_TYPE_TRACE_EVENT_INFO 0x20
    Inject trace information that identifies the events logged through EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA.
  • #define EVENT_METADATA_LOG_TYPE_EVENT_MAP_INFO 0x21
    Inject information that defines the metadata for the events logged as a result of setting the EVENT_TRACE_MERGE_EXTENDED_DATA_EVENT_METADATA flag. For more information, see EVENT_MAP_INFO Structure.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_PERFTRACK_METADATA 0x00000020
    Inject PerfTrack events metadata for decoding of PerfTrack events on different computers. These events are injected only on Windows 7 and Windows Server 2008.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_DEFAULT 0x000FFFFF
    Inject the data for image, build, volume mapping, WinSat, event metadata, and PerfTrack metadata.
  • #define EVENT_TRACE_MERGE_EXTENDED_DATA_ALL 0xFFFFFFFF
    Inject all extended data information to the output trace file.

Remarks

Requirements:

  • Versions: Available beginning in Windows Vista. This structure is distributed with Windows Performance Analyzer.

  • Headers: Declared in KernelTraceControl.h. Include KernelTraceControl.h.

  • Library: Contained in KernelTraceControl.dll.

See Also

Reference

CreateMergedTraceFile

Other Resources

Kernel Trace Control API Reference