Hi,
i want to generate etl trace log file programmatically (rather than starting and stopping the trace using tools like tracelog) in my kernel mode driver application. For this i tried using WPP trace macros WP_INIT_TRACING, WPP_CLEANUP and DoTraceMessage. To control the start/stop of trace session programmatically, i wanted to use StartTrace, ControlTrace, EnableTraceEx2 APIs. They use EVENT_TRACE_PROPERTIES structure. When i try to use EVENT_TRACE_PROPERTIES structure in my driver code, it is somehow disabled. i included the header file <evntrace.h>. when i check this header file there is a define
#if !defined(_EVNTRACE_KERNEL_MODE) || defined(WMIKM)
The structure is guarded by this macro.
and this structure is disabled(greyed out), and the reason is probably _EVNTRACE_KERNEL_MODE is defined in driver application i believe.
are the APIs StartTrace, EnableTraceEx2, ControlTrace not meant to be used in kernel mode driver ?