TdhGetProperty function

Retrieves a property value from the event data.

Syntax

TDHSTATUS TdhGetProperty(
  PEVENT_RECORD             pEvent,
  ULONG                     TdhContextCount,
  PTDH_CONTEXT              pTdhContext,
  ULONG                     PropertyDataCount,
  PPROPERTY_DATA_DESCRIPTOR pPropertyData,
  ULONG                     BufferSize,
  PBYTE                     pBuffer
);

Parameters

pEvent

The event record passed to your EventRecordCallback callback. For details, see the EVENT_RECORD structure.

TdhContextCount

Number of elements in pTdhContext.

pTdhContext

Array of context values for WPP or classic ETW events only; otherwise, NULL. For details, see the TDH_CONTEXT structure. The array must not contain duplicate context types.

PropertyDataCount

Number of data descriptor structures in pPropertyData.

pPropertyData

Array of PROPERTY_DATA_DESCRIPTOR structures that defines the property to retrieve.

If you called the TdhGetPropertySize function to retrieve the required buffer size for the property, you can use the same data descriptors.

If you are retrieving a property that is not a member of a structure, you can specify a single data descriptor. If you are retrieving a property that is a member of a structure, specify an array of two data descriptors (structures cannot contain or reference other structures).

BufferSize

Size of the pBuffer buffer, in bytes. You can get this value from the pPropertySize parameter when calling TdhGetPropertySize function.

pBuffer

User-allocated buffer that receives the property data.

Return Value

Returns ERROR_SUCCESS if successful. Otherwise, this function returns one of the following return codes in addition to others.

Return code Description
ERROR_NOT_FOUND
The schema for the event was not found or the specified property was not found.
ERROR_INSUFFICIENT_BUFFER
The pBuffer buffer is too small. To get the required buffer size, call TdhGetPropertySize.
ERROR_INVALID_PARAMETER
One or more of the parameters is not valid.
ERROR_FILE_NOT_FOUND
The resourceFileName attribute in the manifest contains the location of the provider binary. When you register the manifest, the location is written to the registry. TDH was unable to find the binary based on the registered location.
ERROR_WMI_SERVER_UNAVAILABLE
The WMI service is not available.

Remarks

If the event is a WPP or classic ETW event, you can specify context information that is used to help parse the event information. The event is a WPP event if the EVENT_HEADER_FLAG_TRACE_MESSAGE flag is set in the Flags member of EVENT_HEADER (see the EventHeader member of EVENT_RECORD). The event is a legacy ETW event if the EVENT_HEADER_FLAG_CLASSIC_HEADER flag is set.

For a list of properties for WPP events and their data types, see PROPERTY_DATA_DESCRIPTOR.

Examples

For an example that shows how to call this function to retrieve the value of a top-level property or the member of a structure, see Using TdhGetProperty to Consume Event Data.

Requirements

   
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Target Platform Windows
Header tdh.h
Library Tdh.lib
DLL Tdh.dll

See Also

TdhGetEventInformation

TdhGetPropertySize