| UID | title | description | helpviewer_keywords | old-location | tech.root | ms.assetid | ms.date | ms.keywords | req.header | req.include-header | req.target-type | req.target-min-winverclnt | req.target-min-winversvr | req.kmdf-ver | req.umdf-ver | req.ddi-compliance | req.unicode-ansi | req.idl | req.max-support | req.namespace | req.assembly | req.type-library | req.lib | req.dll | req.irql | targetos | req.typenames | req.redist | ms.custom | f1_keywords | dev_langs | topic_type | api_type | api_location | api_name | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
NS:evntcons._EVENT_HEADER |
EVENT_HEADER (evntcons.h) |
The EVENT_HEADER structure (evntcons.h) defines information about the event. |
|
etw\event_header.htm |
ETW |
479091ae-7229-433b-b93b-8da6cc18df89 |
08/04/2022 |
*PEVENT_HEADER, EVENT_HEADER, EVENT_HEADER structure [ETW], EVENT_HEADER_FLAG_32_BIT_HEADER, EVENT_HEADER_FLAG_64_BIT_HEADER, EVENT_HEADER_FLAG_CLASSIC_HEADER, EVENT_HEADER_FLAG_EXTENDED_INFO, EVENT_HEADER_FLAG_NO_CPUTIME, EVENT_HEADER_FLAG_PRIVATE_SESSION, EVENT_HEADER_FLAG_STRING_ONLY, EVENT_HEADER_FLAG_TRACE_MESSAGE, EVENT_HEADER_PROPERTY_FORWARDED_XML, EVENT_HEADER_PROPERTY_LEGACY_EVENTLOG, EVENT_HEADER_PROPERTY_XML, PEVENT_HEADER, PEVENT_HEADER structure pointer [ETW], _EVENT_HEADER, base.event_header, etw.event_header, relogger/EVENT_HEADER, relogger/PEVENT_HEADER |
evntcons.h |
Evntcons.h |
Windows |
Windows Vista [desktop apps only] |
Windows Server 2008 [desktop apps only] |
Windows |
EVENT_HEADER, *PEVENT_HEADER |
19H1 |
|
|
|
|
|
|
Defines information about the event.
Size of the event record, in bytes.
Reserved.
Flags that provide information about the event such as the type of session it was logged to and if the event contains extended data. This member can contain one or more of the following flags.
| Value | Meaning |
|---|---|
|
The ExtendedData member of EVENT_RECORD contains data. |
|
The event was logged to a private session. Use ProcessorTime for elapsed execution time. |
|
The event data is a null-terminated Unicode string. You do not need a manifest to parse the UserData member of EVENT_RECORD. |
|
The provider used TraceMessage or TraceMessageVa to log the event. Most providers do not use these functions to write events, so this flag typically indicates that the event was written by Windows Software Trace Preprocessor (WPP). |
|
Use ProcessorTime for elapsed execution time. |
|
Indicates that the provider was running on a 32-bit computer or in a WOW64 session. |
|
Indicates that the provider was running on a 64-bit computer. |
|
Indicates that provider used TraceEvent to log the event. |
Indicates the source to use for parsing the event data.
Identifies the thread that generated the event.
Identifies the process that generated the event.
Contains the time that the event occurred. The resolution is system time unless the ProcessTraceMode member of EVENT_TRACE_LOGFILE contains the PROCESS_TRACE_MODE_RAW_TIMESTAMP flag, in which case the resolution depends on the value of the Wnode.ClientContext member of EVENT_TRACE_PROPERTIES at the time the controller created the session.
GUID that uniquely identifies the provider that logged the event.
Defines the information about the event such as the event identifier and severity level. For details, see EVENT_DESCRIPTOR.
Elapsed execution time for kernel-mode instructions, in CPU time units. If you are using a private session, use the value in the ProcessorTime member instead. For more information, see Remarks.
Elapsed execution time for user-mode instructions, in CPU time units. If you are using a private session, use the value in the ProcessorTime member instead. For more information, see Remarks.
For private sessions, the elapsed execution time for user-mode instructions, in CPU ticks.
Identifier that relates two events. For details, see EventWriteTransfer.
You can use the KernelTime and UserTime members to determine the CPU cost in units for a set of instructions (the values indicate the CPU usage charged to that thread at the time of logging). For example, if Event A and Event B are consecutively logged by the same thread and they have CPU usage numbers 150 and 175, then the activity that was performed by that thread between events A and B cost 25 CPU time units (175 – 150).
The TimerResolution of the TRACE_LOGFILE_HEADER structure contains the resolution of the CPU usage timer in 100-nanosecond units. You can use the timer resolution with the kernel time and user time values to determine the amount of CPU time that the set of instructions used. For example, if the timer resolution is 156,250, then 25 CPU time units is 0.39 seconds (156,250 * 25 * 100 / 1,000,000,000). This is the amount of CPU time (not elapsed wall clock time) used by the set of instructions between events A and B.