Before you can ask ETW to collect PMCs, you have to know the indexes of those PMCs, since ETW wants to talk about PMCs by index (not by name). How do you find these indexes?

That’s the subject of today’s hint: ETW doesn’t provide an API for mapping a PMC name to a PMC index. To do so, you will need to retrieve the list of PMCs from ETW and search it yourself.

To retrieve the list, use TraceQueryInformation with TraceProfileSourceListInfo. Call it once to get the total size of the list, then call it a second time to have it copy the list into a properly-sized buffer you’ve allocated:

ULONG BufferSize;
TraceQueryInformation(0, TraceProfileSourceListInfo, 0, 0, &BufferSize);
BYTE *Buffer = // ... allocate BufferSize worth of space here ...
TraceQueryInformation(0, TraceProfileSourceListInfo, Buffer, BufferSize, &BufferSize);

The resulting buffer will contain the PROFILE_SOURCE_INFO structures you need to do the PMC name-to-index mapping.

That concludes today’s hint. Until tomorrow, good luck making progress on the Spooktacular Challenge!

I will post additional hints here every day until Halloween. If you’d like the rest of the Spooktacular Challenge to be delivered automatically to your inbox, you can select a subscription option here: