ETW_TRACE_PARTITION_INFORMATION structure
Contains partition information pulled from an ETW trace. Most commonly used as a return structure for QueryTraceProcessingHandle.
Syntax
typedef struct _ETW_TRACE_PARTITION_INFORMATION {
GUID PartitionId;
GUID ParentId;
ULONG64 Reserved;
ULONG PartitionType;
} ETW_TRACE_PARTITION_INFORMATION, *PETW_TRACE_PARTITION_INFORMATION;
Members
-
PartitionId
-
GUID to identify the machine.
-
ParentId
-
GUID that identifies the partition instance that contains the traced partition. If the traced partition is a host, then ParentId will be 0.
-
Reserved
-
Reserved for future use.
-
PartitionType
-
Enumeration value of the container type. the value may be one of the following:
Value Meaning - Process
- 1
For events originating from inside a “Windows Server Container”. - VmHost
- 2
For events originating from inside a “Hyper-V Container”. - VmHostedUvm
- 3
For events originating from a “Hyper-V Container” template virtual machine. - VmDirectUvm
- 4
For events originating from applications running with Windows Defender Application Guard.
Requirements
| Minimum supported client |
Windows 10, version 1709 [desktop apps only] |
| Minimum supported server |
Windows Server 2016 [desktop apps only] |
| Header |
|