Win32 API 日本語リファレンス
ホームSystem.Diagnostics.Etw › ProcessTrace

ProcessTrace

関数
開いたトレースを処理し、コールバックにイベントを順次配信する。
DLLADVAPI32.dll呼出規約winapi対応OSWindows 2000 以降
📘 Microsoft Learn (日本語) · English

シグネチャ

// ADVAPI32.dll
#include <windows.h>

WIN32_ERROR ProcessTrace(
    PROCESSTRACE_HANDLE* HandleArray,
    DWORD HandleCount,
    FILETIME* StartTime,   // optional
    FILETIME* EndTime   // optional
);

パラメーター

名前方向
HandleArrayPROCESSTRACE_HANDLE*in
HandleCountDWORDin
StartTimeFILETIME*inoptional
EndTimeFILETIME*inoptional

戻り値の型: WIN32_ERROR

各言語での呼び出し定義

// ADVAPI32.dll
#include <windows.h>

WIN32_ERROR ProcessTrace(
    PROCESSTRACE_HANDLE* HandleArray,
    DWORD HandleCount,
    FILETIME* StartTime,   // optional
    FILETIME* EndTime   // optional
);
[DllImport("ADVAPI32.dll", ExactSpelling = true)]
static extern uint ProcessTrace(
    IntPtr HandleArray,   // PROCESSTRACE_HANDLE*
    uint HandleCount,   // DWORD
    IntPtr StartTime,   // FILETIME* optional
    IntPtr EndTime   // FILETIME* optional
);
<DllImport("ADVAPI32.dll", ExactSpelling:=True)>
Public Shared Function ProcessTrace(
    HandleArray As IntPtr,   ' PROCESSTRACE_HANDLE*
    HandleCount As UInteger,   ' DWORD
    StartTime As IntPtr,   ' FILETIME* optional
    EndTime As IntPtr   ' FILETIME* optional
) As UInteger
End Function
' HandleArray : PROCESSTRACE_HANDLE*
' HandleCount : DWORD
' StartTime : FILETIME* optional
' EndTime : FILETIME* optional
Declare PtrSafe Function ProcessTrace Lib "advapi32" ( _
    ByVal HandleArray As LongPtr, _
    ByVal HandleCount As Long, _
    ByVal StartTime As LongPtr, _
    ByVal EndTime As LongPtr) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。
import ctypes
from ctypes import wintypes

ProcessTrace = ctypes.windll.advapi32.ProcessTrace
ProcessTrace.restype = wintypes.DWORD
ProcessTrace.argtypes = [
    ctypes.c_void_p,  # HandleArray : PROCESSTRACE_HANDLE*
    wintypes.DWORD,  # HandleCount : DWORD
    ctypes.c_void_p,  # StartTime : FILETIME* optional
    ctypes.c_void_p,  # EndTime : FILETIME* optional
]
require 'fiddle'
require 'fiddle/import'

lib = Fiddle.dlopen('ADVAPI32.dll')
ProcessTrace = Fiddle::Function.new(
  lib['ProcessTrace'],
  [
    Fiddle::TYPE_VOIDP,  # HandleArray : PROCESSTRACE_HANDLE*
    -Fiddle::TYPE_INT,  # HandleCount : DWORD
    Fiddle::TYPE_VOIDP,  # StartTime : FILETIME* optional
    Fiddle::TYPE_VOIDP,  # EndTime : FILETIME* optional
  ],
  -Fiddle::TYPE_INT)
#[link(name = "advapi32")]
extern "system" {
    fn ProcessTrace(
        HandleArray: *mut PROCESSTRACE_HANDLE,  // PROCESSTRACE_HANDLE*
        HandleCount: u32,  // DWORD
        StartTime: *mut FILETIME,  // FILETIME* optional
        EndTime: *mut FILETIME  // FILETIME* optional
    ) -> u32;
}
// crates: windows-sys provides ready-made bindings for this API.
$sig = @"
[DllImport("ADVAPI32.dll")]
public static extern uint ProcessTrace(IntPtr HandleArray, uint HandleCount, IntPtr StartTime, IntPtr EndTime);
"@
$api = Add-Type -MemberDefinition $sig -Name 'ADVAPI32_ProcessTrace' -Namespace Win32 -PassThru
# $api::ProcessTrace(HandleArray, HandleCount, StartTime, EndTime)
#uselib "ADVAPI32.dll"
#func global ProcessTrace "ProcessTrace" sptr, sptr, sptr, sptr
; ProcessTrace varptr(HandleArray), HandleCount, varptr(StartTime), varptr(EndTime)   ; 戻り値は stat
; HandleArray : PROCESSTRACE_HANDLE* -> "sptr"
; HandleCount : DWORD -> "sptr"
; StartTime : FILETIME* optional -> "sptr"
; EndTime : FILETIME* optional -> "sptr"
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。
出力引数: 
#uselib "ADVAPI32.dll"
#cfunc global ProcessTrace "ProcessTrace" var, int, var, var
; res = ProcessTrace(HandleArray, HandleCount, StartTime, EndTime)
; HandleArray : PROCESSTRACE_HANDLE* -> "var"
; HandleCount : DWORD -> "int"
; StartTime : FILETIME* optional -> "var"
; EndTime : FILETIME* optional -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。
出力引数: 
; WIN32_ERROR ProcessTrace(PROCESSTRACE_HANDLE* HandleArray, DWORD HandleCount, FILETIME* StartTime, FILETIME* EndTime)
#uselib "ADVAPI32.dll"
#cfunc global ProcessTrace "ProcessTrace" var, int, var, var
; res = ProcessTrace(HandleArray, HandleCount, StartTime, EndTime)
; HandleArray : PROCESSTRACE_HANDLE* -> "var"
; HandleCount : DWORD -> "int"
; StartTime : FILETIME* optional -> "var"
; EndTime : FILETIME* optional -> "var"
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。
import (
	"golang.org/x/sys/windows"
	"unsafe"
)

var (
	advapi32 = windows.NewLazySystemDLL("ADVAPI32.dll")
	procProcessTrace = advapi32.NewProc("ProcessTrace")
)

// HandleArray (PROCESSTRACE_HANDLE*), HandleCount (DWORD), StartTime (FILETIME* optional), EndTime (FILETIME* optional)
r1, _, err := procProcessTrace.Call(
	uintptr(HandleArray),
	uintptr(HandleCount),
	uintptr(StartTime),
	uintptr(EndTime),
)
_ = err  // syscall.Errno (valid when the call sets last-error)
_ = r1   // WIN32_ERROR
function ProcessTrace(
  HandleArray: Pointer;   // PROCESSTRACE_HANDLE*
  HandleCount: DWORD;   // DWORD
  StartTime: Pointer;   // FILETIME* optional
  EndTime: Pointer   // FILETIME* optional
): DWORD; stdcall;
  external 'ADVAPI32.dll' name 'ProcessTrace';
result := DllCall("ADVAPI32\ProcessTrace"
    , "Ptr", HandleArray   ; PROCESSTRACE_HANDLE*
    , "UInt", HandleCount   ; DWORD
    , "Ptr", StartTime   ; FILETIME* optional
    , "Ptr", EndTime   ; FILETIME* optional
    , "UInt")   ; return: WIN32_ERROR
●ProcessTrace(HandleArray, HandleCount, StartTime, EndTime) = DLL("ADVAPI32.dll", "dword ProcessTrace(void*, dword, void*, void*)")
# 呼び出し: ProcessTrace(HandleArray, HandleCount, StartTime, EndTime)
# HandleArray : PROCESSTRACE_HANDLE* -> "void*"
# HandleCount : DWORD -> "dword"
# StartTime : FILETIME* optional -> "void*"
# EndTime : FILETIME* optional -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。