Листинг 1. Создание сессии Event Tracing

ULONG uRet = 0;
PEVENT_TRACE_PROPERTIES lpTraceProperties;
TRACEHANDLE tHandle = 0;
lpTraceProperties = (PEVENT_TRACE_PROPERTIES) AllocSessionProperties();
if( !lpTraceProperties ) 
	return ERROR_OUTOFMEMORY;
LPTSTR szLoggerName = (LPTSTR)((char*)lpTraceProperties + lpTraceProperties->LoggerNameOffset);
	strcpy( szLoggerName,KERNEL_LOGGER_NAME );
lpTraceProperties->LogFileMode = EVENT_TRACE_REAL_TIME_MODE;
lpTraceProperties->Wnode.Guid = SystemTraceControlGuid;
lpTraceProperties->EnableFlags = EVENT_TRACE_FLAG_REGISTRY; 
uRet = StartTrace( &tHandle,KERNEL_LOGGER_NAME,lpTraceProperties );
LocalFree( lpTraceProperties );