Win32 API 日本語リファレンス
ホームSystem.Diagnostics.Etw › QueryTraceProcessingHandle

QueryTraceProcessingHandle

関数
トレース処理ハンドルに関する情報を照会する。
DLLADVAPI32.dll呼出規約winapi対応OSWindows 10 以降
📘 Microsoft Learn (日本語) · English

シグネチャ

// ADVAPI32.dll
#include <windows.h>

WIN32_ERROR QueryTraceProcessingHandle(
    PROCESSTRACE_HANDLE ProcessingHandle,
    ETW_PROCESS_HANDLE_INFO_TYPE InformationClass,
    void* InBuffer,   // optional
    DWORD InBufferSize,
    void* OutBuffer,   // optional
    DWORD OutBufferSize,
    DWORD* ReturnLength
);

パラメーター

名前方向
ProcessingHandlePROCESSTRACE_HANDLEin
InformationClassETW_PROCESS_HANDLE_INFO_TYPEin
InBuffervoid*inoptional
InBufferSizeDWORDin
OutBuffervoid*outoptional
OutBufferSizeDWORDin
ReturnLengthDWORD*inout

戻り値の型: WIN32_ERROR

各言語での呼び出し定義

// ADVAPI32.dll
#include <windows.h>

WIN32_ERROR QueryTraceProcessingHandle(
    PROCESSTRACE_HANDLE ProcessingHandle,
    ETW_PROCESS_HANDLE_INFO_TYPE InformationClass,
    void* InBuffer,   // optional
    DWORD InBufferSize,
    void* OutBuffer,   // optional
    DWORD OutBufferSize,
    DWORD* ReturnLength
);
[DllImport("ADVAPI32.dll", ExactSpelling = true)]
static extern uint QueryTraceProcessingHandle(
    PROCESSTRACE_HANDLE ProcessingHandle,   // PROCESSTRACE_HANDLE
    int InformationClass,   // ETW_PROCESS_HANDLE_INFO_TYPE
    IntPtr InBuffer,   // void* optional
    uint InBufferSize,   // DWORD
    IntPtr OutBuffer,   // void* optional, out
    uint OutBufferSize,   // DWORD
    ref uint ReturnLength   // DWORD* in/out
);
<DllImport("ADVAPI32.dll", ExactSpelling:=True)>
Public Shared Function QueryTraceProcessingHandle(
    ProcessingHandle As PROCESSTRACE_HANDLE,   ' PROCESSTRACE_HANDLE
    InformationClass As Integer,   ' ETW_PROCESS_HANDLE_INFO_TYPE
    InBuffer As IntPtr,   ' void* optional
    InBufferSize As UInteger,   ' DWORD
    OutBuffer As IntPtr,   ' void* optional, out
    OutBufferSize As UInteger,   ' DWORD
    ByRef ReturnLength As UInteger   ' DWORD* in/out
) As UInteger
End Function
' ProcessingHandle : PROCESSTRACE_HANDLE
' InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE
' InBuffer : void* optional
' InBufferSize : DWORD
' OutBuffer : void* optional, out
' OutBufferSize : DWORD
' ReturnLength : DWORD* in/out
Declare PtrSafe Function QueryTraceProcessingHandle Lib "advapi32" ( _
    ByVal ProcessingHandle As LongPtr, _
    ByVal InformationClass As Long, _
    ByVal InBuffer As LongPtr, _
    ByVal InBufferSize As Long, _
    ByVal OutBuffer As LongPtr, _
    ByVal OutBufferSize As Long, _
    ByRef ReturnLength As Long) As Long
' VBA7前提(PtrSafe)。32bit Office では LongPtr→Long。Integer=16bit / Long=32bit / LongLong=64bit。
import ctypes
from ctypes import wintypes

QueryTraceProcessingHandle = ctypes.windll.advapi32.QueryTraceProcessingHandle
QueryTraceProcessingHandle.restype = wintypes.DWORD
QueryTraceProcessingHandle.argtypes = [
    PROCESSTRACE_HANDLE,  # ProcessingHandle : PROCESSTRACE_HANDLE
    ctypes.c_int,  # InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE
    ctypes.POINTER(None),  # InBuffer : void* optional
    wintypes.DWORD,  # InBufferSize : DWORD
    ctypes.POINTER(None),  # OutBuffer : void* optional, out
    wintypes.DWORD,  # OutBufferSize : DWORD
    ctypes.POINTER(wintypes.DWORD),  # ReturnLength : DWORD* in/out
]
require 'fiddle'
require 'fiddle/import'

lib = Fiddle.dlopen('ADVAPI32.dll')
QueryTraceProcessingHandle = Fiddle::Function.new(
  lib['QueryTraceProcessingHandle'],
  [
    Fiddle::TYPE_VOIDP,  # ProcessingHandle : PROCESSTRACE_HANDLE
    Fiddle::TYPE_INT,  # InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE
    Fiddle::TYPE_VOIDP,  # InBuffer : void* optional
    -Fiddle::TYPE_INT,  # InBufferSize : DWORD
    Fiddle::TYPE_VOIDP,  # OutBuffer : void* optional, out
    -Fiddle::TYPE_INT,  # OutBufferSize : DWORD
    Fiddle::TYPE_VOIDP,  # ReturnLength : DWORD* in/out
  ],
  -Fiddle::TYPE_INT)
#[link(name = "advapi32")]
extern "system" {
    fn QueryTraceProcessingHandle(
        ProcessingHandle: PROCESSTRACE_HANDLE,  // PROCESSTRACE_HANDLE
        InformationClass: i32,  // ETW_PROCESS_HANDLE_INFO_TYPE
        InBuffer: *mut (),  // void* optional
        InBufferSize: u32,  // DWORD
        OutBuffer: *mut (),  // void* optional, out
        OutBufferSize: u32,  // DWORD
        ReturnLength: *mut u32  // DWORD* in/out
    ) -> u32;
}
// crates: windows-sys provides ready-made bindings for this API.
$sig = @"
[DllImport("ADVAPI32.dll")]
public static extern uint QueryTraceProcessingHandle(PROCESSTRACE_HANDLE ProcessingHandle, int InformationClass, IntPtr InBuffer, uint InBufferSize, IntPtr OutBuffer, uint OutBufferSize, ref uint ReturnLength);
"@
$api = Add-Type -MemberDefinition $sig -Name 'ADVAPI32_QueryTraceProcessingHandle' -Namespace Win32 -PassThru
# $api::QueryTraceProcessingHandle(ProcessingHandle, InformationClass, InBuffer, InBufferSize, OutBuffer, OutBufferSize, ReturnLength)
#uselib "ADVAPI32.dll"
#func global QueryTraceProcessingHandle "QueryTraceProcessingHandle" sptr, sptr, sptr, sptr, sptr, sptr, sptr
; QueryTraceProcessingHandle ProcessingHandle, InformationClass, InBuffer, InBufferSize, OutBuffer, OutBufferSize, varptr(ReturnLength)   ; 戻り値は stat
; ProcessingHandle : PROCESSTRACE_HANDLE -> "sptr"
; InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE -> "sptr"
; InBuffer : void* optional -> "sptr"
; InBufferSize : DWORD -> "sptr"
; OutBuffer : void* optional, out -> "sptr"
; OutBufferSize : DWORD -> "sptr"
; ReturnLength : DWORD* in/out -> "sptr"
; ※値渡し構造体は直接渡せません。intにパック、または var で構造体変数を渡してください。
; ※HSP3.7は #func のため戻り値はシステム変数 stat に格納されます。
出力引数: 
#uselib "ADVAPI32.dll"
#cfunc global QueryTraceProcessingHandle "QueryTraceProcessingHandle" int, int, sptr, int, sptr, int, var
; res = QueryTraceProcessingHandle(ProcessingHandle, InformationClass, InBuffer, InBufferSize, OutBuffer, OutBufferSize, ReturnLength)
; ProcessingHandle : PROCESSTRACE_HANDLE -> "int"
; InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE -> "int"
; InBuffer : void* optional -> "sptr"
; InBufferSize : DWORD -> "int"
; OutBuffer : void* optional, out -> "sptr"
; OutBufferSize : DWORD -> "int"
; ReturnLength : DWORD* in/out -> "var"
; ※値渡し構造体は直接渡せません。intにパック、または var で構造体変数を渡してください。
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。
出力引数: 
; WIN32_ERROR QueryTraceProcessingHandle(PROCESSTRACE_HANDLE ProcessingHandle, ETW_PROCESS_HANDLE_INFO_TYPE InformationClass, void* InBuffer, DWORD InBufferSize, void* OutBuffer, DWORD OutBufferSize, DWORD* ReturnLength)
#uselib "ADVAPI32.dll"
#cfunc global QueryTraceProcessingHandle "QueryTraceProcessingHandle" int, int, intptr, int, intptr, int, var
; res = QueryTraceProcessingHandle(ProcessingHandle, InformationClass, InBuffer, InBufferSize, OutBuffer, OutBufferSize, ReturnLength)
; ProcessingHandle : PROCESSTRACE_HANDLE -> "int"
; InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE -> "int"
; InBuffer : void* optional -> "intptr"
; InBufferSize : DWORD -> "int"
; OutBuffer : void* optional, out -> "intptr"
; OutBufferSize : DWORD -> "int"
; ReturnLength : DWORD* in/out -> "var"
; ※値渡し構造体は直接渡せません。intにパック、または var で構造体変数を渡してください。
; ※出力/バッファ引数は var 方式(変数を直接渡す)。varptr 方式にも切替可。
import (
	"golang.org/x/sys/windows"
	"unsafe"
)

var (
	advapi32 = windows.NewLazySystemDLL("ADVAPI32.dll")
	procQueryTraceProcessingHandle = advapi32.NewProc("QueryTraceProcessingHandle")
)

// ProcessingHandle (PROCESSTRACE_HANDLE), InformationClass (ETW_PROCESS_HANDLE_INFO_TYPE), InBuffer (void* optional), InBufferSize (DWORD), OutBuffer (void* optional, out), OutBufferSize (DWORD), ReturnLength (DWORD* in/out)
r1, _, err := procQueryTraceProcessingHandle.Call(
	uintptr(ProcessingHandle),
	uintptr(InformationClass),
	uintptr(InBuffer),
	uintptr(InBufferSize),
	uintptr(OutBuffer),
	uintptr(OutBufferSize),
	uintptr(ReturnLength),
)
_ = err  // syscall.Errno (valid when the call sets last-error)
_ = r1   // WIN32_ERROR
function QueryTraceProcessingHandle(
  ProcessingHandle: PROCESSTRACE_HANDLE;   // PROCESSTRACE_HANDLE
  InformationClass: Integer;   // ETW_PROCESS_HANDLE_INFO_TYPE
  InBuffer: Pointer;   // void* optional
  InBufferSize: DWORD;   // DWORD
  OutBuffer: Pointer;   // void* optional, out
  OutBufferSize: DWORD;   // DWORD
  ReturnLength: Pointer   // DWORD* in/out
): DWORD; stdcall;
  external 'ADVAPI32.dll' name 'QueryTraceProcessingHandle';
result := DllCall("ADVAPI32\QueryTraceProcessingHandle"
    , "Ptr", ProcessingHandle   ; PROCESSTRACE_HANDLE
    , "Int", InformationClass   ; ETW_PROCESS_HANDLE_INFO_TYPE
    , "Ptr", InBuffer   ; void* optional
    , "UInt", InBufferSize   ; DWORD
    , "Ptr", OutBuffer   ; void* optional, out
    , "UInt", OutBufferSize   ; DWORD
    , "Ptr", ReturnLength   ; DWORD* in/out
    , "UInt")   ; return: WIN32_ERROR
●QueryTraceProcessingHandle(ProcessingHandle, InformationClass, InBuffer, InBufferSize, OutBuffer, OutBufferSize, ReturnLength) = DLL("ADVAPI32.dll", "dword QueryTraceProcessingHandle(void*, int, void*, dword, void*, dword, void*)")
# 呼び出し: QueryTraceProcessingHandle(ProcessingHandle, InformationClass, InBuffer, InBufferSize, OutBuffer, OutBufferSize, ReturnLength)
# ProcessingHandle : PROCESSTRACE_HANDLE -> "void*"
# InformationClass : ETW_PROCESS_HANDLE_INFO_TYPE -> "int"
# InBuffer : void* optional -> "void*"
# InBufferSize : DWORD -> "dword"
# OutBuffer : void* optional, out -> "void*"
# OutBufferSize : DWORD -> "dword"
# ReturnLength : DWORD* in/out -> "void*"
# なでしこ1は32bit・ANSI(Shift_JIS)。文字列=char*(ANSI)、ポインタ/ハンドル=void*(4byte)。