TdhGetEventInformation function (tdh.h)
Retrieves metadata about an event.
Syntax
TDHSTATUS TdhGetEventInformation(
[in] PEVENT_RECORD Event,
[in] ULONG TdhContextCount,
[in] PTDH_CONTEXT TdhContext,
[out] PTRACE_EVENT_INFO Buffer,
[in, out] PULONG BufferSize
);
Parameters
[in] Event
The event record passed to your EventRecordCallback callback. For details, see the EVENT_RECORD structure.
[in] TdhContextCount
Number of elements in pTdhContext.
[in] TdhContext
Array of context values for WPP or classic ETW events only; otherwise, NULL. For details, see the TDH_CONTEXT structure. The array must not contain duplicate context types.
[out] Buffer
User-allocated buffer to receive the event information. For details, see the TRACE_EVENT_INFO structure.
[in, out] BufferSize
Size, in bytes, of the pBuffer buffer. If the function succeeds, this parameter receives the size of the buffer used. If the buffer is too small, the function returns ERROR_INSUFFICIENT_BUFFER and sets this parameter to the required buffer size. If the buffer size is zero on input, no data is returned in the buffer and this parameter receives the required buffer size.
Return value
Returns ERROR_SUCCESS if successful. Otherwise, this function returns one of the following return codes in addition to others.
| Return code | Description |
|---|---|
|
The size of the pBuffer buffer is too small. Use the required buffer size set in pBufferSize to allocate a new buffer. |
|
The schema for the event was not found. |
|
One or more of the parameters is not valid. |
|
The resourceFileName attribute in the manifest contains the location of the provider binary. When you register the manifest, the location is written to the registry. TDH was unable to find the binary based on the registered location. |
|
The WMI service is not available. |
Remarks
If the event is a WPP or legacy ETW event, you can specify context information that is used to help parse the event information. The event is a WPP event if the EVENT_HEADER_FLAG_TRACE_MESSAGE flag is set in the Flags member of EVENT_HEADER (see the EventHeader member of EVENT_RECORD). The event is a legacy ETW event if the EVENT_HEADER_FLAG_CLASSIC_HEADER flag is set.
Examples
For an example that shows how to retrieve metadata about an event, see Using TdhFormatProperty to Consume Event Data.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows Vista [desktop apps only] |
| Minimum supported server | Windows Server 2008 [desktop apps only] |
| Target Platform | Windows |
| Header | tdh.h |
| Library | Tdh.lib |
| DLL | Tdh.dll |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for