| 术语 | enabletrace |
| 释义 | EnableTrace 语法: C++ ULONG EnableTrace( __in ULONG Enable, __in ULONG EnableFlag, __in ULONG EnableLevel, __in LPCGUID ControlGuid, __in TRACEHANDLE SessionHandle ); EnableTrace功能 启用或禁用指定的典型事件跟踪供应商。 在Windows Vista和之后,调用EnableTraceEx函数以启用或禁用的供应商。 参数 启用 [in] 如果是TRUE,启用提供者,否则,该供应商将被禁用。 EnableFlag [in] 供应商定义的值,指定该事件的事件提供程序生成类。生成的提供者只有一个事件类通常会忽略此标志。如果提供更加复杂,提供者可以使用RegisterTraceGuids TraceGuidReg参数登记超过一个事件类。例如,如果服务提供商提供了数据库组件,UI组件,和一般的处理组件,提供者可以登记为这些组件单独的事件类。这将使该控制器的能力,只打开数据库组件跟踪。 提供者要求其ControlCallback职能GetTraceEnableFlags以获取启用标志。 EnableLevel [in] 供应商定义的值,指定的信息化Level的活动产生。例如,您可以使用此值来表示对事件的严重程度(信息,警告,错误)您希望供应商产生。 指定一个值从零到255。 ETW定义了以下严重性级别,您可以使用。数字越大,意味着您也较低Level。例如,如果您指定TRACE_LEVEL_WARNING,您还会收到的警告,错误和致命的事件。 ValueMeaning TRACE_LEVEL_CRITICAL 1Abnormal退出或终止事件 TRACE_LEVEL_ERROR 2Severe错误事件 TRACE_LEVEL_INFORMATION 4Non如进入或退出错误事件事件 TRACE_LEVEL_VERBOSE 5Detailed跟踪事件 TRACE_LEVEL_WARNING 如分配失败3Warning事件 ControlGuid [in] 事件跟踪提供程序的GUID要启用或禁用。 SessionHandle [in] 处理的跟踪会话您要启用,禁用或更改提供事件日志记录级别。该StartTrace函数返回此句柄。 返回值 如果函数成功,则返回值为ERROR_SUCCESS。 如果函数失败,返回值是系统错误代码之一。下表列出了一些常见的错误及其原因。 返回codeDescription 以下ERROR_INVALID_PARAMETEROne是正确的: ControlGuid为NULL。 SessionHandle为NULL。 ERROR_INVALID_FUNCTIONYou不能改变旗帜和Level,使当提供未注册。 ERROR_WMI_GUID_NOT_FOUNDThe提供未注册。当KB307331或Windows 2000 Service Pack 4的安装和提供者没有登记。为了避免这个错误,供应商必须先登记。 ERROR_NO_SYSTEM_RESOURCES超出了跟踪会话,可以使供应商数目。 ERROR_ACCESS_DENIEDOnly具有管理权限的用户,在性能日志用户组的用户,服务本地系统,本地服务运行,是NetworkService可以启用跟踪供应商。要授予受限用户的能力,使一个跟踪供应商,将它们添加到性能日志用户组或见EventAccessControl。 Windows XP和Windows 2000:任何人都可以使一个跟踪供应商。 备注 事件跟踪控制器调用这个函数。 截至8跟踪会话可以启用和接收来自同一清单的提供者的事件,但是,只有一个跟踪会话可以使一个典型的供应商。如果有多个会议试图使典型的供应商,第一届会议将停止接收事件时,第二次会议使相同的供应商。例如,如果启用了会话阿提供1届乙,然后启用提供1,只有会议B将收到来自供应商一事件。 提供者仍然启用了会议,直到会话禁用的供应商。如果应用程序开始的会议结束后,供应商仍然没有启用禁用的供应商。 该EnableTrace函数调用ControlCallback功能的事件跟踪提供程序,如果定义实施。提供者定义的解释被启用或禁用。通常情况下,如果提供者已被启用,它产生的事件,但在它被禁用,它没有。该ControlCallback函数可以调用GetTraceEnableFlags,GetTraceEnableLevel,并GetTraceLoggerHandle函数来获取的EnableFlag,EnableLevel指定的价值观,SessionHandle参数,分别为。 您可以调用这个函数一次,以使供应商之前,自己注册的供应商。后自己注册的供应商,ETW要求供应商的ControlCallback功能。如果您尝试启用之前,供应商自己注册的多个会话供应商,ETW只会使在过去的会议供应商。例如,如果您启用供应商会议的A,然后让供应商会议乙,当自己注册的供应商,该供应商只对会议使乙 您不调用EnableTrace,使内核供应商。为了使内核供应商,设置EVENT_TRACE_PROPERTIES EnableFlags的成员,然后传递到StartTrace。该StartTrace功能,可以选择的内核供应商。 要确定的Level和使用,使一个清单的提供者,使用下列命令之一关键字: Logman查询提供 Wevtutil大奖赛 对于典型的提供商来说,它要由供应商提供的文件和控制器的潜在严重性级别或启用的标志,它支持。如果供应商希望被启用任何控制器,提供者应接受严重性级别0,使旗帜和解释为要求执行默认的日志记录0(不管是什么而定)。 如果您使用EnableTrace启用一个清单为基础的供应商,翻译下列情况: 该EnableLevel参数和设置在EnableTraceEx级别参数相同。 该EnableFlag是一样设置在EnableTraceEx MatchAnyKeyword参数相同。 在EnableCallback回调,SourceID的参数将是NULL,级别将被设置为在EnableTrace价值,MatchAnyKeyword将设置为EnableFlag在EventTrace价值,MatchAllKeyword将是0,FilterData将为NULL。 实例 举一个例子,它使用EnableTrace,请参阅启用和禁用的事件跟踪提供程序。 要求: 最低支持:client-Windows 2000专业版 最低支持server-Windows 2000服务器 HeaderEvntrace.h LibraryAdvapi32.lib DLLAdvapi32.dll 参见 ControlCallback GetTraceEnableFlags GetTraceEnableLevel GetTraceLoggerHandle StartTrace 如果有任何问题和意见,请发送给微软(wsddocfb@microsoft.com) 生成日期:2009年7月30日 ==英文原文==EnableTrace Function Enables or disables the specified classic event trace provider. On Windows Vista and later, call the EnableTraceEx function to enable or disable a provider. Syntax C++ ULONG EnableTrace( __in ULONG Enable, __in ULONG EnableFlag, __in ULONG EnableLevel, __in LPCGUID ControlGuid, __in TRACEHANDLE SessionHandle ); Parameters Enable [in] If TRUE, the provider is enabled; otherwise, the provider is disabled. EnableFlag [in] Provider-defined value that specifies the class of events for which the provider generates events. A provider that generates only one class of events will typically ignore this flag. If the provider is more complex, the provider could use the TraceGuidReg parameter of RegisterTraceGuids to register more than one class of events. For example, if the provider has a database component, a UI component, and a general processing component, the provider could register separate event classes for these components. This would then allow the controller the ability to turn on tracing in only the database component. The provider calls GetTraceEnableFlags from its ControlCallback function to obtain the enable flags. EnableLevel [in] Provider-defined value that specifies the level of information the event generates. For example, you can use this value to indicate the severity level of the events (informational, warning, error) you want the provider to generate. Specify a value from zero to 255. ETW defines the following severity levels that you can use. Higher numbers imply that you get lower levels as well. For example, if you specify TRACE_LEVEL_WARNING, you also receive all warning, error, and fatal events. ValueMeaning TRACE_LEVEL_CRITICAL 1Abnormal exit or termination events TRACE_LEVEL_ERROR 2Severe error events TRACE_LEVEL_INFORMATION 4Non-error events such as entry or exit events TRACE_LEVEL_VERBOSE 5Detailed trace events TRACE_LEVEL_WARNING 3Warning events such as allocation failures ControlGuid [in] GUID of the event trace provider that you want to enable or disable. SessionHandle [in] Handle of the event tracing session to which you want to enable, disable, or change the logging level of the provider. The StartTrace function returns this handle. Return Value If the function is successful, the return value is ERROR_SUCCESS. If the function fails, the return value is one of the system error codes . The following table includes some common errors and their causes. Return codeDescription ERROR_INVALID_PARAMETEROne of the following is true: ControlGuid is NULL. SessionHandle is NULL. ERROR_INVALID_FUNCTIONYou cannot change the enable flags and level when the provider is not registered. ERROR_WMI_GUID_NOT_FOUNDThe provider is not registered. Occurs when KB307331 or Windows 2000 Service Pack 4 is installed and the provider is not registered. To avoid this error, the provider must first be registered. ERROR_NO_SYSTEM_RESOURCES Exceeded the number of trace sessions that can enable the provider. ERROR_ACCESS_DENIEDOnly users with administrative privileges, users in the Performance Log Users group, and services running as LocalSystem, LocalService, NetworkService can enable trace providers. To grant a restricted user the ability to enable a trace provider, add them to the Performance Log Users group or see EventAccessControl . Windows XP and Windows 2000: Anyone can enable a trace provider. Remarks Event trace controllers call this function. Up to eight trace sessions can enable and receive events from the same manifest-based provider; however, only one trace session can enable a classic provider. If more than one session tried to enable a classic provider, the first session would stop receiving events when the second session enabled the same provider. For example, if Session A enabled Provider 1 and then Session B enabled Provider 1, only Session B would receive events from Provider 1. The provider remains enabled for the session until the session disables the provider. If the application that started the session ends without disabling the provider, the provider remains enabled. The EnableTrace function calls the ControlCallback function implemented by the event trace provider, if defined. The provider defines its interpretation of being enabled or disabled. Typically, if a provider has been enabled, it generates events, but while it is disabled, it does not. The ControlCallback function can call the GetTraceEnableFlags, GetTraceEnableLevel , and GetTraceLoggerHandle functions to obtain the values specified for the EnableFlag, EnableLevel, and SessionHandle parameters, respectively. You can call this function one time to enable a provider before the provider registers itself. After the provider registers itself, ETW calls the provider's ControlCallback function. If you try to enable the provider for multiple sessions before the provider registers itself, ETW will only enable the provider for the last session. For example, if you enable the provider to Session A and then enable the provider to Session B, when the provider registers itself, the provider is only enabled for Session B. You do not call EnableTrace to enable kernel providers. To enable kernel providers, set the EnableFlags member of EVENT_TRACE_PROPERTIES which you then pass to StartTrace. The StartTrace function enables the selected kernel providers. To determine the level and keywords used to enable a manifest-based provider, use one of the following commands: Logman query providers Wevtutil gp For classic providers, it is up to the provider to document and make available to potential controllers the severity levels or enable flags that it supports. If the provider wants to be enabled by any controller, the provider should accept 0 for the severity level and enable flags and interpret 0 as a request to perform default logging (whatever that may be). If you use EnableTrace to enable a manifest-based provider, the following translation occurs: The EnableLevel parameter is the same as setting the Level parameter in EnableTraceEx. The EnableFlag is the same as setting the MatchAnyKeyword parameter in EnableTraceEx. In the EnableCallback callback, the SourceId parameter will be NULL, Level will be set to the value in EnableTrace, MatchAnyKeyword will be set to the value of EnableFlag in EventTrace , MatchAllKeyword will be 0, and FilterData will be NULL. Examples For an example that uses EnableTrace, see Enabling and Disabling an Event Trace Provider . Requirements Minimum supported clientWindows 2000 Professional Minimum supported serverWindows 2000 Server HeaderEvntrace.h LibraryAdvapi32.lib DLLAdvapi32.dll See Also ControlCallback GetTraceEnableFlags GetTraceEnableLevel GetTraceLoggerHandle StartTrace Send comments about this topic to Microsoft Build date: 7/30/2009 ==原始网址==http://msdn.microsoft.com/en-us/library/aa363710(VS.85).aspx\n |
| 随便看 |
|
windows api函数参考手册包含2258条windows api函数文档,详细介绍nodejs、java、rust调用windows api的方法技巧,是学习windows api编程的入门中文文档。