Win32 API 日本語リファレンス
ホームSystem.Diagnostics.Etw › EventWrite

EventWrite

関数
マニフェストベースのETWイベントを記録する。
DLLADVAPI32.dll呼出規約winapi対応OSWindows Vista 以降
📘 Microsoft Learn (日本語) · English

シグネチャ

// ADVAPI32.dll
#include <windows.h>

DWORD EventWrite(
    REGHANDLE RegHandle,
    const EVENT_DESCRIPTOR* EventDescriptor,
    DWORD UserDataCount,
    EVENT_DATA_DESCRIPTOR* UserData   // optional
);

パラメーター

名前方向
RegHandleREGHANDLEin
EventDescriptorEVENT_DESCRIPTOR*in
UserDataCountDWORDin
UserDataEVENT_DATA_DESCRIPTOR*inoptional

戻り値の型: DWORD

各言語での呼び出し定義

// ADVAPI32.dll
#include <windows.h>

DWORD EventWrite(
    REGHANDLE RegHandle,
    const EVENT_DESCRIPTOR* EventDescriptor,
    DWORD UserDataCount,
    EVENT_DATA_DESCRIPTOR* UserData   // optional
);
[DllImport("ADVAPI32.dll", ExactSpelling = true)]
static extern uint EventWrite(
    long RegHandle,   // REGHANDLE
    IntPtr EventDescriptor,   // EVENT_DESCRIPTOR*
    uint UserDataCount,   // DWORD
    IntPtr UserData   // EVENT_DATA_DESCRIPTOR* optional
);
<DllImport("ADVAPI32.dll", ExactSpelling:=True)>
Public Shared Function EventWrite(
    RegHandle As Long,   ' REGHANDLE
    EventDescriptor As IntPtr,   ' EVENT_DESCRIPTOR*
    UserDataCount As UInteger,   ' DWORD
    UserData As IntPtr   ' EVENT_DATA_DESCRIPTOR* optional
) As UInteger
End Function
' RegHandle : REGHANDLE
' EventDescriptor : EVENT_DESCRIPTOR*
' UserDataCount : DWORD
' UserData : EVENT_DATA_DESCRIPTOR* optional
Declare PtrSafe Function EventWrite Lib "advapi32" ( _
    ByVal RegHandle As LongLong, _
    ByVal EventDescriptor As LongPtr, _
    ByVal UserDataCount As Long, _
    ByVal UserData As LongPtr) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。
import ctypes
from ctypes import wintypes

EventWrite = ctypes.windll.advapi32.EventWrite
EventWrite.restype = wintypes.DWORD
EventWrite.argtypes = [
    ctypes.c_longlong,  # RegHandle : REGHANDLE
    ctypes.c_void_p,  # EventDescriptor : EVENT_DESCRIPTOR*
    wintypes.DWORD,  # UserDataCount : DWORD
    ctypes.c_void_p,  # UserData : EVENT_DATA_DESCRIPTOR* optional
]
require 'fiddle'
require 'fiddle/import'

lib = Fiddle.dlopen('ADVAPI32.dll')
EventWrite = Fiddle::Function.new(
  lib['EventWrite'],
  [
    Fiddle::TYPE_LONG_LONG,  # RegHandle : REGHANDLE
    Fiddle::TYPE_VOIDP,  # EventDescriptor : EVENT_DESCRIPTOR*
    -Fiddle::TYPE_INT,  # UserDataCount : DWORD
    Fiddle::TYPE_VOIDP,  # UserData : EVENT_DATA_DESCRIPTOR* optional
  ],
  -Fiddle::TYPE_INT)
#[link(name = "advapi32")]
extern "system" {
    fn EventWrite(
        RegHandle: i64,  // REGHANDLE
        EventDescriptor: *const EVENT_DESCRIPTOR,  // EVENT_DESCRIPTOR*
        UserDataCount: u32,  // DWORD
        UserData: *mut EVENT_DATA_DESCRIPTOR  // EVENT_DATA_DESCRIPTOR* optional
    ) -> u32;
}
// crates: windows-sys provides ready-made bindings for this API.
$sig = @"
[DllImport("ADVAPI32.dll")]
public static extern uint EventWrite(long RegHandle, IntPtr EventDescriptor, uint UserDataCount, IntPtr UserData);
"@
$api = Add-Type -MemberDefinition $sig -Name 'ADVAPI32_EventWrite' -Namespace Win32 -PassThru
# $api::EventWrite(RegHandle, EventDescriptor, UserDataCount, UserData)
#uselib "ADVAPI32.dll"
#func global EventWrite "EventWrite" sptr, sptr, sptr, sptr
; EventWrite RegHandle, varptr(EventDescriptor), UserDataCount, varptr(UserData)   ; 戻り値は stat
; RegHandle : REGHANDLE -> "sptr"
; EventDescriptor : EVENT_DESCRIPTOR* -> "sptr"
; UserDataCount : DWORD -> "sptr"
; UserData : EVENT_DATA_DESCRIPTOR* optional -> "sptr"
; ※HSP3.7は int64 引数(64bit値渡し)に非対応です。
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。
出力引数: 
#uselib "ADVAPI32.dll"
#cfunc global EventWrite "EventWrite" int64, var, int, var
; res = EventWrite(RegHandle, EventDescriptor, UserDataCount, UserData)
; RegHandle : REGHANDLE -> "int64"
; EventDescriptor : EVENT_DESCRIPTOR* -> "var"
; UserDataCount : DWORD -> "int"
; UserData : EVENT_DATA_DESCRIPTOR* optional -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。
; ※int64 引数の DLL 値渡しは x64 ランタイム(hsp3_64)のみ対応(x86 は未対応)。
出力引数: 
; DWORD EventWrite(REGHANDLE RegHandle, EVENT_DESCRIPTOR* EventDescriptor, DWORD UserDataCount, EVENT_DATA_DESCRIPTOR* UserData)
#uselib "ADVAPI32.dll"
#cfunc global EventWrite "EventWrite" int64, var, int, var
; res = EventWrite(RegHandle, EventDescriptor, UserDataCount, UserData)
; RegHandle : REGHANDLE -> "int64"
; EventDescriptor : EVENT_DESCRIPTOR* -> "var"
; UserDataCount : DWORD -> "int"
; UserData : EVENT_DATA_DESCRIPTOR* optional -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。
import (
	"golang.org/x/sys/windows"
	"unsafe"
)

var (
	advapi32 = windows.NewLazySystemDLL("ADVAPI32.dll")
	procEventWrite = advapi32.NewProc("EventWrite")
)

// RegHandle (REGHANDLE), EventDescriptor (EVENT_DESCRIPTOR*), UserDataCount (DWORD), UserData (EVENT_DATA_DESCRIPTOR* optional)
r1, _, err := procEventWrite.Call(
	uintptr(RegHandle),
	uintptr(EventDescriptor),
	uintptr(UserDataCount),
	uintptr(UserData),
)
_ = err  // syscall.Errno (valid when the call sets last-error)
_ = r1   // DWORD
function EventWrite(
  RegHandle: Int64;   // REGHANDLE
  EventDescriptor: Pointer;   // EVENT_DESCRIPTOR*
  UserDataCount: DWORD;   // DWORD
  UserData: Pointer   // EVENT_DATA_DESCRIPTOR* optional
): DWORD; stdcall;
  external 'ADVAPI32.dll' name 'EventWrite';
result := DllCall("ADVAPI32\EventWrite"
    , "Int64", RegHandle   ; REGHANDLE
    , "Ptr", EventDescriptor   ; EVENT_DESCRIPTOR*
    , "UInt", UserDataCount   ; DWORD
    , "Ptr", UserData   ; EVENT_DATA_DESCRIPTOR* optional
    , "UInt")   ; return: DWORD
●EventWrite(RegHandle, EventDescriptor, UserDataCount, UserData) = DLL("ADVAPI32.dll", "dword EventWrite(int64, void*, dword, void*)")
# 呼び出し: EventWrite(RegHandle, EventDescriptor, UserDataCount, UserData)
# RegHandle : REGHANDLE -> "int64"
# EventDescriptor : EVENT_DESCRIPTOR* -> "void*"
# UserDataCount : DWORD -> "dword"
# UserData : EVENT_DATA_DESCRIPTOR* optional -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。