Windows Kernel Trace

141 events across 1 channel

Event ID	Title	Channel
0		ETW Trace
1		ETW Trace
2		ETW Trace
3		ETW Trace
4		ETW Trace
5		ETW Trace
8		ETW Trace
10		ETW Trace
11		ETW Trace
12		ETW Trace
13		ETW Trace
14		ETW Trace
15		ETW Trace
16		ETW Trace
17		ETW Trace
18		ETW Trace
19		ETW Trace
20		ETW Trace
21		ETW Trace
22		ETW Trace
23		ETW Trace
24		ETW Trace
25		ETW Trace
26		ETW Trace
27		ETW Trace
28		ETW Trace
29		ETW Trace
30		ETW Trace
31		ETW Trace
32		ETW Trace
33		ETW Trace
34		ETW Trace
35		ETW Trace
36		ETW Trace
37		ETW Trace
38		ETW Trace
39		ETW Trace
40		ETW Trace
41		ETW Trace
42		ETW Trace
43		ETW Trace
44		ETW Trace
45		ETW Trace
46		ETW Trace
47		ETW Trace
48		ETW Trace
49		ETW Trace
50		ETW Trace
51		ETW Trace
52		ETW Trace
53		ETW Trace
55		ETW Trace
56		ETW Trace
57		ETW Trace
58		ETW Trace
59		ETW Trace
60		ETW Trace
61		ETW Trace
62		ETW Trace
63		ETW Trace
64		ETW Trace
65		ETW Trace
66		ETW Trace
67		ETW Trace
68		ETW Trace
69		ETW Trace
70		ETW Trace
71		ETW Trace
72		ETW Trace
73		ETW Trace
74		ETW Trace
75		ETW Trace
76		ETW Trace
77		ETW Trace
79		ETW Trace
80		ETW Trace
81		ETW Trace
82		ETW Trace
83		ETW Trace
84		ETW Trace
92		ETW Trace
93		ETW Trace
94		ETW Trace
95		ETW Trace
96		ETW Trace
97		ETW Trace
98		ETW Trace
99		ETW Trace
100		ETW Trace
101		ETW Trace
102		ETW Trace
103		ETW Trace
104		ETW Trace
105		ETW Trace
106		ETW Trace
107		ETW Trace
108		ETW Trace
114		ETW Trace
122		ETW Trace
123		ETW Trace
127		ETW Trace
128		ETW Trace
129		ETW Trace
130		ETW Trace
131		ETW Trace
132		ETW Trace
133		ETW Trace
134		ETW Trace
135		ETW Trace
144		ETW Trace
145		ETW Trace
146		ETW Trace
147		ETW Trace
148		ETW Trace
149		ETW Trace
150		ETW Trace
160		ETW Trace
161		ETW Trace
162		ETW Trace
163		ETW Trace
164		ETW Trace
165		ETW Trace
166		ETW Trace
167		ETW Trace
168		ETW Trace
169		ETW Trace
170		ETW Trace
171		ETW Trace
172		ETW Trace
173		ETW Trace
174		ETW Trace
176		ETW Trace
177		ETW Trace
192		ETW Trace
193		ETW Trace
208		ETW Trace
209		ETW Trace
210		ETW Trace
211		ETW Trace
212		ETW Trace
213		ETW Trace

Event ID 0 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`FileObject` mof:UInt32	—
`FileName` mof:String	—

Event ID 1 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ProcessId` mof:UInt32	—
`TThreadId` mof:UInt32	—
`StackBase` mof:UInt32	—
`StackLimit` mof:UInt32	—
`UserStackBase` mof:UInt32	—
`UserStackLimit` mof:UInt32	—
`Affinity` mof:UInt32	—
`Win32StartAddr` mof:UInt32	—
`TebBase` mof:UInt32	—
`SubProcessTag` mof:UInt32	—
`BasePriority` mof:UInt8	—
`PagePriority` mof:UInt8	—
`IoPriority` mof:UInt8	—
`ThreadFlags` mof:UInt8	—
`ThreadName` mof:String	—

Event ID 2 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ProcessId` mof:UInt32	—
`TThreadId` mof:UInt32	—
`StackBase` mof:UInt32	—
`StackLimit` mof:UInt32	—
`UserStackBase` mof:UInt32	—
`UserStackLimit` mof:UInt32	—
`Affinity` mof:UInt32	—
`Win32StartAddr` mof:UInt32	—
`TebBase` mof:UInt32	—
`SubProcessTag` mof:UInt32	—
`BasePriority` mof:UInt8	—
`PagePriority` mof:UInt8	—
`IoPriority` mof:UInt8	—
`ThreadFlags` mof:UInt8	—
`ThreadName` mof:String	—

Event ID 3 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ProcessId` mof:UInt32	—
`TThreadId` mof:UInt32	—
`StackBase` mof:UInt32	—
`StackLimit` mof:UInt32	—
`UserStackBase` mof:UInt32	—
`UserStackLimit` mof:UInt32	—
`Affinity` mof:UInt32	—
`Win32StartAddr` mof:UInt32	—
`TebBase` mof:UInt32	—
`SubProcessTag` mof:UInt32	—
`BasePriority` mof:UInt8	—
`PagePriority` mof:UInt8	—
`IoPriority` mof:UInt8	—
`ThreadFlags` mof:UInt8	—
`ThreadName` mof:String	—

Event ID 4 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ProcessId` mof:UInt32	—
`TThreadId` mof:UInt32	—
`StackBase` mof:UInt32	—
`StackLimit` mof:UInt32	—
`UserStackBase` mof:UInt32	—
`UserStackLimit` mof:UInt32	—
`Affinity` mof:UInt32	—
`Win32StartAddr` mof:UInt32	—
`TebBase` mof:UInt32	—
`SubProcessTag` mof:UInt32	—
`BasePriority` mof:UInt8	—
`PagePriority` mof:UInt8	—
`IoPriority` mof:UInt8	—
`ThreadFlags` mof:UInt8	—
`ThreadName` mof:String	—

Event ID 5 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`GroupMask1` mof:UInt32	—
`GroupMask2` mof:UInt32	—
`GroupMask3` mof:UInt32	—
`GroupMask4` mof:UInt32	—
`GroupMask5` mof:UInt32	—
`GroupMask6` mof:UInt32	—
`GroupMask7` mof:UInt32	—
`GroupMask8` mof:UInt32	—
`KernelEventVersion` mof:UInt32	—

Event ID 8 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 10 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`MHz` mof:UInt32	—
`NumberOfProcessors` mof:UInt32	—
`MemSize` mof:UInt32	—
`PageSize` mof:UInt32	—
`AllocationGranularity` mof:UInt32	—
`ComputerName` mof:Char16	—
`DomainName` mof:Char16	—
`HyperThreadingFlag` mof:UInt32	—
`HighestUserAddress` mof:UInt32	—
`ProcessorArchitecture` mof:UInt16	—
`ProcessorLevel` mof:UInt16	—
`ProcessorRevision` mof:UInt16	—
`PaeEnabled` mof:UInt8	—
`NxEnabled` mof:UInt8	—
`MemorySpeed` mof:UInt32	—

Event ID 11 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DiskNumber` mof:UInt32	—
`IrpFlags` mof:UInt32	—
`TransferSize` mof:UInt32	—
`Reserved` mof:UInt32	—
`ByteOffset` mof:UInt64	—
`FileObject` mof:UInt32	—
`Irp` mof:UInt32	—
`HighResResponseTime` mof:UInt64	—
`IssuingThreadId` mof:UInt32	—

Event ID 12 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 13 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 14 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DiskNumber` mof:UInt32	—
`IrpFlags` mof:UInt32	—
`HighResResponseTime` mof:UInt64	—
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 15 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ProcessId` mof:UInt32	—
`ServiceState` mof:UInt32	—
`SubProcessTag` mof:UInt32	—
`ServiceName` mof:String	—
`DisplayName` mof:String	—
`ProcessName` mof:String	—
`LoadOrderGroup` mof:String	—
`SvchostGroup` mof:String	—

Event ID 16 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`S1` mof:UInt8	—
`S2` mof:UInt8	—
`S3` mof:UInt8	—
`S4` mof:UInt8	—
`S5` mof:UInt8	—
`Pad1` mof:UInt8	—
`Pad2` mof:UInt8	—
`Pad3` mof:UInt8	—

Event ID 17 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:SInt64	—
`Status` mof:UInt32	— NTSTATUS reference
`Index` mof:UInt32	—
`KeyHandle` mof:UInt32	—
`KeyName` mof:String	—

Event ID 18 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DiskNumber` mof:UInt16	—
`BusType` mof:UInt16	—
`DeviceType` mof:UInt16	—
`MediaType` mof:UInt16	—
`StartingOffset` mof:UInt64	—
`Size` mof:UInt64	—
`NumberOfFreeBlocks` mof:UInt64	—
`TotalNumberOfBlocks` mof:UInt64	—
`NextWritableAddress` mof:UInt64	—
`NumberOfSessions` mof:UInt32	—
`NumberOfTracks` mof:UInt32	—
`BytesPerSector` mof:UInt32	—
`DiscStatus` mof:UInt16	—
`LastSessionStatus` mof:UInt16	—
`DriveLetter` mof:String	—
`FileSystemName` mof:String	—
`DeviceName` mof:String	—
`ManufacturerName` mof:String	—

Event ID 19 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:SInt64	—
`Status` mof:UInt32	— NTSTATUS reference
`Index` mof:UInt32	—
`KeyHandle` mof:UInt32	—
`KeyName` mof:String	—

Event ID 20 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:SInt64	—
`Status` mof:UInt32	— NTSTATUS reference
`Index` mof:UInt32	—
`KeyHandle` mof:UInt32	—
`KeyName` mof:String	—

Event ID 21 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IRQAffinity` mof:UInt64	—
`IRQGroup` mof:UInt16	—
`Reserved` mof:UInt16	—
`IRQNum` mof:UInt32	—
`DeviceDescriptionLen` mof:UInt32	—
`DeviceDescription` mof:String	—

Event ID 22 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ClassGuid` mof:Object	—
`UpperFiltersCount` mof:UInt32	—
`LowerFiltersCount` mof:UInt32	—
`DevStatus` mof:UInt32	—
`DevProblem` mof:UInt32	—
`DeviceID` mof:String	—
`DeviceDescription` mof:String	—
`FriendlyName` mof:String	—
`PdoName` mof:String	—
`ServiceName` mof:String	—
`UpperFilters` mof:String	—
`LowerFilters` mof:String	—

Event ID 23 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`TargetId` mof:UInt32	—
`DeviceType` mof:UInt32	—
`DeviceTimingMode` mof:UInt32	—
`LocationInformationLen` mof:UInt32	—
`LocationInformation` mof:String	—

Event ID 24 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:SInt64	—
`Status` mof:UInt32	— NTSTATUS reference
`Index` mof:UInt32	—
`KeyHandle` mof:UInt32	—
`KeyName` mof:String	—

Event ID 25 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:SInt64	—
`Status` mof:UInt32	— NTSTATUS reference
`Index` mof:UInt32	—
`KeyHandle` mof:UInt32	—
`KeyName` mof:String	—

Event ID 26 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`PID` mof:UInt32	—
`size` mof:UInt32	—
`daddr` mof:Object	—
`saddr` mof:Object	—
`dport` mof:Object	—
`sport` mof:Object	—
`startime` mof:UInt32	—
`endtime` mof:UInt32	—
`seqnum` mof:UInt32	—
`connid` mof:UInt32	—

Event ID 27 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`PID` mof:UInt32	—
`size` mof:UInt32	—
`daddr` mof:Object	—
`saddr` mof:Object	—
`dport` mof:Object	—
`sport` mof:Object	—
`seqnum` mof:UInt32	—
`connid` mof:UInt32	—

Event ID 28 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`PID` mof:UInt32	—
`size` mof:UInt32	—
`daddr` mof:Object	—
`saddr` mof:Object	—
`dport` mof:Object	—
`sport` mof:Object	—
`mss` mof:UInt16	—
`sackopt` mof:UInt16	—
`tsopt` mof:UInt16	—
`wsopt` mof:UInt16	—
`rcvwin` mof:UInt32	—
`rcvwinscale` mof:SInt16	—
`sndwinscale` mof:SInt16	—
`seqnum` mof:UInt32	—
`connid` mof:UInt32	—

Event ID 29 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`PID` mof:UInt32	—
`size` mof:UInt32	—
`daddr` mof:Object	—
`saddr` mof:Object	—
`dport` mof:Object	—
`sport` mof:Object	—
`seqnum` mof:UInt32	—
`connid` mof:UInt32	—

Event ID 30 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`PID` mof:UInt32	—
`size` mof:UInt32	—
`daddr` mof:Object	—
`saddr` mof:Object	—
`dport` mof:Object	—
`sport` mof:Object	—
`seqnum` mof:UInt32	—
`connid` mof:UInt32	—

Event ID 31 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`AlignmentClusters` mof:UInt64	—
`AvgFreeSpaceSize` mof:UInt64	—
`ClustersPerSlab` mof:UInt64	—
`FragmentedDirectoryExtents` mof:UInt64	—
`FragmentedExtents` mof:UInt64	—
`FreeSpaceCount` mof:UInt64	—
`LargestFreeSpaceSize` mof:UInt64	—
`LastRunActualPurgeClusters` mof:UInt64	—
`LastRunClustersTrimmed` mof:UInt64	—
`LastRunFullDefragTime` mof:UInt64	—
`LastRunTime` mof:UInt64	—
`MFTSize` mof:UInt64	—
`TotalClusters` mof:UInt64	—
`TotalUsedClusters` mof:UInt64	—
`AvgFragmentsPerFile` mof:UInt32	—
`BytesPerCluster` mof:UInt32	—
`DirectoryCount` mof:UInt32	—
`FragmentedDirectories` mof:UInt32	—
`FragmentedFiles` mof:UInt32	—
`FragmentedSpace` mof:UInt32	—
`HardwareIssue` mof:UInt32	—
`InUseMFTRecords` mof:UInt32	—
`InUseSlabs` mof:UInt32	—
`LastRunActualPurgeSlabs` mof:UInt32	—
`LastRunInitialBackedSlabs` mof:UInt32	—
`LastRunPercentFragmentation` mof:UInt32	—
`LastRunPinnedSlabs` mof:UInt32	—
`LastRunPotentialPurgeSlabs` mof:UInt32	—
`LastRunSpaceInefficientSlabs` mof:UInt32	—
`LastRunTrimmedSlabs` mof:UInt32	—
`LastRunUnknownEvictFailSlabs` mof:UInt32	—
`LastRunVolsnapPinnedSlabs` mof:UInt32	—
`MFTFragmentCount` mof:UInt32	—
`MovableFiles` mof:UInt32	—
`TotalMFTRecords` mof:UInt32	—
`TotalSlabs` mof:UInt32	—
`UnmovableFiles` mof:UInt32	—
`VolumeId` mof:Object	—
`VolumePathNames` mof:String	—

Event ID 32 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DeviceManufacturer` mof:String	—
`DeviceManufacturerDisplayName` mof:String	—
`DeviceModel` mof:String	—
`DeviceModelDisplayName` mof:String	—
`MobileOperator` mof:String	—
`SocVersion` mof:String	—
`BspVersion` mof:String	—

Event ID 33 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ProcessId` mof:UInt32	—
`PageFaultCount` mof:UInt32	—
`HandleCount` mof:UInt32	—
`Reserved` mof:UInt32	—
`PeakVirtualSize` mof:Object	—
`PeakWorkingSetSize` mof:Object	—
`PeakPagefileUsage` mof:Object	—
`QuotaPeakPagedPoolUsage` mof:Object	—
`QuotaPeakNonPagedPoolUsage` mof:Object	—
`VirtualSize` mof:Object	—
`WorkingSetSize` mof:Object	—
`PagefileUsage` mof:Object	—
`QuotaPagedPoolUsage` mof:Object	—
`QuotaNonPagedPoolUsage` mof:Object	—
`PrivatePageCount` mof:Object	—

Event ID 34 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Counter1` mof:UInt64	—
`Counter2` mof:UInt64	—
`Counter3` mof:UInt64	—
`Counter4` mof:UInt64	—
`Counter5` mof:UInt64	—
`Counter6` mof:UInt64	—
`Counter7` mof:UInt64	—
`Counter8` mof:UInt64	—
`Counter9` mof:UInt64	—
`Counter10` mof:UInt64	—
`Counter11` mof:UInt64	—

Event ID 35 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`FileObject` mof:UInt32	—
`FileName` mof:String	—

Event ID 36 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`NewThreadId` mof:UInt32	—
`OldThreadId` mof:UInt32	—
`NewThreadPriority` mof:SInt8	—
`OldThreadPriority` mof:SInt8	—
`PreviousCState` mof:UInt8	—
`SpareByte` mof:SInt8	—
`OldThreadWaitReason` mof:SInt8	—
`ThreadFlags` mof:SInt8	—
`OldThreadState` mof:SInt8	—
`OldThreadWaitIdealProcessor` mof:SInt8	—
`NewThreadWaitTime` mof:UInt32	—
`Reserved` mof:UInt32	—

Event ID 37 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BootFlags` mof:UInt64	—
`FirmwareType` mof:UInt32	—
`SecureBootEnabled` mof:UInt8	—
`SecureBootCapable` mof:UInt8	—
`Reserved1` mof:UInt8	—
`Reserved2` mof:UInt8	—

Event ID 38 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Object` mof:UInt32	—
`ProcessId` mof:UInt32	—
`Handle` mof:UInt32	—
`ObjectType` mof:UInt16	—
`ObjectName` mof:String	—

Event ID 39 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`UniqueProcessKey` mof:UInt32	—
`ProcessId` mof:UInt32	—
`ParentId` mof:UInt32	—
`SessionId` mof:UInt32	—
`ExitStatus` mof:SInt32	—
`DirectoryTableBase` mof:UInt32	—
`Flags` mof:UInt32	—
`UserSID` mof:Object	—
`ImageFileName` mof:String	—
`CommandLine` mof:String	—
`PackageFullName` mof:String	—
`ApplicationId` mof:String	—
`ExitTime` mof:UInt64	—

Event ID 40 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ViewBase` mof:UInt32	—
`FileObject` mof:UInt32	—
`MiscInfo` mof:UInt64	—
`ViewSize` mof:Object	—
`ProcessId` mof:UInt32	—

Event ID 41 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`SpinLockAddress` mof:UInt32	—
`CallerAddress` mof:UInt32	—
`AcquireTime` mof:UInt64	—
`ReleaseTime` mof:UInt64	—
`WaitTimeInCycles` mof:UInt32	—
`SpinCount` mof:UInt32	—
`ThreadId` mof:UInt32	—
`InterruptCount` mof:UInt32	—
`Irql` mof:UInt8	—
`AcquireDepth` mof:UInt8	—
`Flag` mof:UInt8	—
`Reserved` mof:UInt8	—

Event ID 42 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 43 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 44 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 45 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 46 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InstructionPointer` mof:UInt32	—
`ThreadId` mof:UInt32	—
`Count` mof:UInt16	—
`Reserved` mof:UInt16	—

Event ID 47 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InstructionPointer` mof:UInt32	—
`ThreadId` mof:UInt32	—
`ProfileSource` mof:UInt16	—
`Reserved` mof:UInt16	—

Event ID 48 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ThreadId` mof:UInt32	—
`OldPriority` mof:UInt8	—
`NewPriority` mof:UInt8	—
`Reserved` mof:UInt16	—

Event ID 49 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ThreadId` mof:UInt32	—
`OldPriority` mof:UInt8	—
`NewPriority` mof:UInt8	—
`Reserved` mof:UInt16	—

Event ID 50 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:Object	—
`Routine` mof:UInt32	—
`ReturnValue` mof:UInt8	—
`Vector` mof:UInt16	—
`Reserved` mof:UInt8	—
`MessageNumber` mof:UInt32	—

Event ID 51 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ThreadId` mof:UInt32	—
`OldPriority` mof:UInt8	—
`NewPriority` mof:UInt8	—
`Reserved` mof:UInt16	—

Event ID 52 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ThreadId` mof:UInt32	—
`OldPriority` mof:UInt8	—
`NewPriority` mof:UInt8	—
`Reserved` mof:UInt16	—

Event ID 53 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Affinity` mof:UInt32	—
`ThreadId` mof:UInt32	—
`Group` mof:UInt16	—
`Reserved` mof:UInt16	—

Event ID 55 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DiskNumber` mof:UInt32	—
`IrpFlags` mof:UInt32	—
`TransferSize` mof:UInt32	—
`Reserved` mof:UInt32	—
`ByteOffset` mof:UInt64	—
`FileObject` mof:UInt32	—
`Irp` mof:UInt32	—
`HighResResponseTime` mof:UInt64	—
`IssuingThreadId` mof:UInt32	—

Event ID 56 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DiskNumber` mof:UInt32	—
`IrpFlags` mof:UInt32	—
`TransferSize` mof:UInt32	—
`Reserved` mof:UInt32	—
`ByteOffset` mof:UInt64	—
`FileObject` mof:UInt32	—
`Irp` mof:UInt32	—
`HighResResponseTime` mof:UInt64	—
`IssuingThreadId` mof:UInt32	—

Event ID 57 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DiskNumber` mof:UInt32	—
`IrpFlags` mof:UInt32	—
`HighResResponseTime` mof:UInt64	—
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 58 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 59 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 60 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Irp` mof:UInt32	—
`IssuingThreadId` mof:UInt32	—

Event ID 61 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ThreadId` mof:UInt32	—
`SourceProcessorIndex` mof:UInt16	—
`TargetProcessorIndex` mof:UInt16	—
`Priority` mof:UInt8	—
`IdealProcessorAdjust` mof:Boolean	—
`OldIdealProcessorIndex` mof:UInt16	—

Event ID 62 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Entry` mof:UInt32	—
`ThreadId` mof:UInt32	—

Event ID 63 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`ThreadId` mof:UInt32	—
`EntryCount` mof:UInt32	—
`Entries` mof:UInt32	—

Event ID 64 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`TTID` mof:UInt32	—
`CreateOptions` mof:UInt32	—
`FileAttributes` mof:UInt32	—
`ShareAccess` mof:UInt32	—
`OpenPath` mof:String	—

Event ID 65 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—

Event ID 66 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—

Event ID 67 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Offset` mof:UInt64	—
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—
`IoSize` mof:UInt32	—
`IoFlags` mof:UInt32	—

Event ID 68 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Offset` mof:UInt64	—
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—
`IoSize` mof:UInt32	—
`IoFlags` mof:UInt32	—

Event ID 69 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—

Event ID 70 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—

Event ID 71 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—

Event ID 72 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—
`Length` mof:UInt32	—
`InfoClass` mof:UInt32	—
`FileIndex` mof:UInt32	—
`FileName` mof:String	—

Event ID 73 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—

Event ID 74 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—

Event ID 75 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—

Event ID 76 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`SpinLockSpinThreshold` mof:UInt32	—
`SpinLockContentionSampleRate` mof:UInt32	—
`SpinLockAcquireSampleRate` mof:UInt32	—
`SpinLockHoldThreshold` mof:UInt32	—

Event ID 77 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`TTID` mof:UInt32	—
`Length` mof:UInt32	—
`InfoClass` mof:UInt32	—
`FileIndex` mof:UInt32	—
`FileName` mof:String	—

Event ID 79 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—
`FileName` mof:String	—

Event ID 80 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—
`FileName` mof:String	—

Event ID 81 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`IrpPtr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileKey` mof:UInt32	—
`ExtraInfo` mof:UInt32	—
`TTID` mof:UInt32	—
`InfoClass` mof:UInt32	—
`FileName` mof:String	—

Event ID 82 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Object` mof:UInt32	—
`Tag` mof:UInt32	—
`ProcessId` mof:UInt32	—
`Count` mof:UInt32	—

Event ID 83 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Object` mof:UInt32	—
`Tag` mof:UInt32	—
`ProcessId` mof:UInt32	—
`Count` mof:UInt32	—

Event ID 84 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Object` mof:UInt32	—
`Tag` mof:UInt32	—
`ProcessId` mof:UInt32	—
`Count` mof:UInt32	—

Event ID 92 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Vector` mof:UInt16	—

Event ID 93 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DeviceObject` mof:UInt32	—
`TimerRoutine` mof:UInt32	—

Event ID 94 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DeviceObject` mof:UInt32	—
`TimerRoutine` mof:UInt32	—

Event ID 95 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:Object	—
`Routine` mof:UInt32	—
`ReturnValue` mof:UInt8	—
`Vector` mof:UInt16	—
`Reserved` mof:UInt8	—

Event ID 96 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`RoutineAddr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileContext` mof:UInt32	—
`IrpPtr` mof:UInt32	—
`CallbackDataPtr` mof:UInt32	—
`MajorFunction` mof:UInt32	—

Event ID 97 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`RoutineAddr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileContext` mof:UInt32	—
`IrpPtr` mof:UInt32	—
`CallbackDataPtr` mof:UInt32	—
`MajorFunction` mof:UInt32	—

Event ID 98 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:Object	—
`RoutineAddr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileContext` mof:UInt32	—
`IrpPtr` mof:UInt32	—
`CallbackDataPtr` mof:UInt32	—
`MajorFunction` mof:UInt32	—

Event ID 99 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`InitialTime` mof:Object	—
`RoutineAddr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileContext` mof:UInt32	—
`IrpPtr` mof:UInt32	—
`CallbackDataPtr` mof:UInt32	—
`MajorFunction` mof:UInt32	—

Event ID 100 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`HeapHandle` mof:UInt32	—
`HRFlags` mof:UInt32	—
`HRPid` mof:UInt32	—
`HRRangeCount` mof:UInt32	—
`HRHeapTag` mof:UInt64	—

Event ID 101 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`RoutineAddr` mof:UInt32	—
`FileObject` mof:UInt32	—
`FileContext` mof:UInt32	—
`IrpPtr` mof:UInt32	—
`CallbackDataPtr` mof:UInt32	—
`MajorFunction` mof:UInt32	—
`Status` mof:UInt32	— NTSTATUS reference

Event ID 102 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`HeapHandle` mof:UInt32	—
`HRAddress` mof:UInt32	—
`HRSize` mof:Object	—

Event ID 103 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`HeapHandle` mof:UInt32	—
`HRAddress` mof:UInt32	—
`HRSize` mof:Object	—

Event ID 104 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DueTime` mof:UInt64	—
`MaximumDueTime` mof:UInt64	—
`Period` mof:UInt64	—
`Timer` mof:UInt32	—
`Callback` mof:UInt32	—
`CallbackContext` mof:UInt32	—
`TimerFlags` mof:UInt8	—

Event ID 105 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`DueTime` mof:UInt64	—
`MaximumDueTime` mof:UInt64	—
`Period` mof:UInt64	—
`Timer` mof:UInt32	—
`Callback` mof:UInt32	—
`CallbackContext` mof:UInt32	—
`TimerFlags` mof:UInt8	—

Event ID 106 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Timer` mof:UInt32	—

Event ID 107 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Timer` mof:UInt32	—
`DisableCallback` mof:UInt32	—
`DisableContext` mof:UInt32	—
`TimerFlags` mof:UInt8	—

Event ID 108 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Timer` mof:UInt32	—
`DisableCallback` mof:UInt32	—
`DisableContext` mof:UInt32	—

Event ID 114 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`CallCode` mof:UInt32	—
`IsFast` mof:UInt8	—
`IsNested` mof:UInt8	—

Event ID 122 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Rip` mof:UInt64	—
`Rax` mof:UInt64	—
`Rcx` mof:UInt64	—
`Rdx` mof:UInt64	—
`Rbx` mof:UInt64	—
`Rsp` mof:UInt64	—
`Rsi` mof:UInt64	—
`Rdi` mof:UInt64	—
`R8` mof:UInt64	—
`R9` mof:UInt64	—
`R10` mof:UInt64	—
`R11` mof:UInt64	—
`R12` mof:UInt64	—
`R13` mof:UInt64	—
`R14` mof:UInt64	—
`R15` mof:UInt64	—

Event ID 123 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`Cpsr` mof:UInt32	—
`X0` mof:UInt64	—
`X1` mof:UInt64	—
`X2` mof:UInt64	—
`X3` mof:UInt64	—
`X4` mof:UInt64	—
`X5` mof:UInt64	—
`X6` mof:UInt64	—
`X7` mof:UInt64	—
`X8` mof:UInt64	—
`X9` mof:UInt64	—
`X10` mof:UInt64	—
`X11` mof:UInt64	—
`X12` mof:UInt64	—
`X13` mof:UInt64	—
`X14` mof:UInt64	—
`X15` mof:UInt64	—
`X16` mof:UInt64	—
`X17` mof:UInt64	—
`X18` mof:UInt64	—
`X19` mof:UInt64	—
`X20` mof:UInt64	—
`X21` mof:UInt64	—
`X22` mof:UInt64	—
`X23` mof:UInt64	—
`X24` mof:UInt64	—
`X25` mof:UInt64	—
`X26` mof:UInt64	—
`X27` mof:UInt64	—
`X28` mof:UInt64	—
`Fp` mof:UInt64	—
`Lr` mof:UInt64	—
`Sp` mof:UInt64	—
`Pc` mof:UInt64	—

Event ID 127 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt32	—
`SizeInBytes` mof:Object	—
`Flags` mof:UInt32	—

Event ID 128 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt32	—
`RegionSize` mof:Object	—
`ProcessId` mof:UInt32	—
`Flags` mof:UInt32	—
`CommitSizeInBytes` mof:Object	—

Event ID 129 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt32	—
`RegionSize` mof:Object	—
`ProcessId` mof:UInt32	—
`Flags` mof:UInt32	—
`CommitSizeInBytes` mof:Object	—

Event ID 130 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 131 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 132 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 133 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 134 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt32	—
`SizeInBytes` mof:Object	—
`Flags` mof:UInt32	—

Event ID 135 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Event ID 144 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 145 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 146 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 147 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 148 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 149 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 150 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—

Event ID 160 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 161 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 162 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 163 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 164 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 165 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 166 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 167 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 168 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 169 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 170 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 171 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 172 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 173 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 174 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 176 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`NewDllBaseAddress` mof:UInt32	—
`ParentDllBaseAddress` mof:UInt32	—
`LoadReason` mof:UInt32	—
`FilePath` mof:String	—

Event ID 177 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`NewDllBaseAddress` mof:UInt32	—
`ParentDllBaseAddress` mof:UInt32	—
`LoadReason` mof:UInt32	—
`FilePath` mof:String	—

Event ID 192 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String1` mof:String	—
`String2` mof:String	—

Event ID 193 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String1` mof:String	—
`String2` mof:String	—

Event ID 208 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 209 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 210 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 211 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`BaseAddress` mof:UInt64	—
`ErrorOpcode` mof:UInt8	—
`Code` mof:SInt8	—
`String` mof:String	—

Event ID 212 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`LdrLoadFlags` mof:UInt32	—
`LdrSearchFlags` mof:UInt32	—
`SearchInfo` mof:UInt32	—
`LoadReason` mof:UInt32	—
`FullDllName` mof:String	—

Event ID 213 —

Provider: Windows Kernel Trace
Channel: ETW Trace
Source: Trace

Fields #

Name	Description
`SearchInfo` mof:UInt32	—
`Cwd` mof:String	—
`AppDir` mof:String	—
`DllDir` mof:String	—
`DllLoadDir` mof:String	—