EvtCreate - Infinite Lexicon - Infinite Lexicon

EvtCreate

EvtCreate is a function in the Microsoft Windows Event Log API that allows applications to create new event records in the Windows event log. It is part of the Event Tracing for Windows (ETW) and the newer event logging system that replaces the older EventLog functions (such as ReportEvent). EvtCreate is documented in the Windows Software Development Kit (SDK) and is used primarily by event providers that publish events to the Windows Event Log.

The function signature is:

int EvtCreate( \

_In_ PVOID SessionHandle, \

_In_ HANDLE LoggerHandle, \

_In_ LPCWSTR SettingsPath, \

_In_ PVOID LogFileHandle, \

_In_ HANDLE EventHandle, \

_In_ DWORD Flags, \

_In_ LPPWSTR Data, \

_In_ DWORD DataCount, \

_Out_ PVOID EventDataPointer );

A typical call to EvtCreate creates a new event record and writes it to a log file.

EvtCreate is often used by custom event providers that need to create structured event records before

In summary, EvtCreate provides a programmatic mechanism for constructing and recording event data in the Windows

a

a

a

EvtOpenPublisherMetadata,

a