Reputation: 71
Event trace consumer throwing error on ProcessTrace api
Working on creating a tool to log kernel events to get better understanding of ETW. I used the below MS sample to create a kernel logger session and added the opentrace/processtrace/closetrace apis in the middle(before the cleanup label) to consume the events.
MS sample for creating a trace session: https://learn.microsoft.com/en-us/windows/win32/etw/configuring-and-starting-the-nt-kernel-logger-session
OpenTrace/ProcessTrace/CloseTrace code is similar to this: https://stackoverflow.com/a/69781152/9265719
StartTrace and Opentrace succeed, but ProcessTrace api is throwing an Error 4201: "The instance name passed was not recognized as valid by a WMI data provider". I set the KERNEL_LOGGER_NAME on the loggername member of the EVENT_TRACE_LOGFILE structure used in OpenTrace.
Any knows reason why its throws the error?
Thanks
Upvotes: 0
Views: 108