Skip to content

Instantly share code, notes, and snippets.

@jdu2600

jdu2600/ntoskrnl_TraceLoggingMetadata.json

Last active October 15, 2024 08:46
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jdu2600/288475bc43ea68636c28cb25ddeb934f to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jdu2600/288475bc43ea68636c28cb25ddeb934f to your computer and use it in GitHub Desktop.
Download ZIP
ntoskrnl.exe TraceLogging Metadata - Windows 11 23H2 (Build 22621.2861)
Raw
ntoskrnl_TraceLoggingMetadata.json
{
"Providers": [
{
"ProviderGUID": "0f51c5a7-0e76-47a5-bede-7cf62c5822f6",
"ProviderName": "Microsoft.Windows.Kernel.HAL",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "74093e1d-dbe3-4019-b97d-54edcb02cfed",
"ProviderName": "Microsoft.Windows.FileSystem.Cache",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "107cf38f-b01b-4ffc-bf6b-d0ed96d8ecc6",
"ProviderName": "Microsoft.Windows.Kernel.Oplocks",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "73a33ab2-1966-4999-8add-868c41415269",
"ProviderName": "Microsoft.Windows.IsolatedUserMode",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "a51ee86b-8ea5-454c-9a7d-37b6655a535d",
"ProviderName": "Microsoft.Windows.Kernel.Dump",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "30cfd418-1fbe-4bb7-a2fe-de330dfe3993",
"ProviderName": "Microsoft.Windows.Kernel.IoMgr",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "a4d16fc5-d1cf-4d72-a055-25f3eb02a70e",
"ProviderName": "Microsoft.Windows.Kernel.LiveDump",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "a9fdf37b-d72d-4051-a3cd-d422103ce079",
"ProviderName": "Microsoft.Windows.Kernel.SysEnv",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "c4e507b1-7224-4737-bde0-ced9284e7073",
"ProviderName": "AttackSurfaceMonitor",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "6c0ebbbb-c292-457d-9675-dfcc1c0d58b0",
"ProviderName": "Microsoft.Windows.Kernel.PnP",
"ProviderGroupGUID": "c7de053a-0c2e-4a44-91a2-5222ec2ecdf1"
},
{
"ProviderGUID": "c8bde9ff-f31f-59dc-6c27-ca37c516ada5",
"ProviderName": "Microsoft.Windows.Kernel.DeviceConfig",
"ProviderGroupGUID": "c7de053a-0c2e-4a44-91a2-5222ec2ecdf1"
},
{
"ProviderGUID": "6c0ebbbb-c292-457d-9675-dfcc1c0d58b0",
"ProviderName": "Microsoft.Windows.Kernel.PnP",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "f2d06f08-592d-508c-c3aa-76f396fe18bd",
"ProviderName": "Microsoft.Windows.Kernel.Timer",
"ProviderGroupGUID": null
},
{
"ProviderGUID": "061c37c3-1363-5c1b-b8ed-f3d8f74633ce",
"ProviderName": "Microsoft.Windows.Kernel.Kernel",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "f39412d1-c9fd-5e79-8a82-9c9cbd8ca809",
"ProviderName": "Microsoft.Windows.Kernel.ObjectManager",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "267e4a12-6a1e-53c3-30b0-600ce7cc3e11",
"ProviderName": "Microsoft.Windows.Superfetch",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "63bca7a1-77ec-4ea7-95d0-98d3f0c0ebf7",
"ProviderName": "Microsoft.Windows.Kernel.Power",
"ProviderGroupGUID": "c7de053a-0c2e-4a44-91a2-5222ec2ecdf1"
},
{
"ProviderGUID": "57d04b7b-550a-49a2-abcc-a7fa15598a30",
"ProviderName": "Microsoft.Windows.Kernel.Power.DiagFxAccounting",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "63bca7a1-77ec-4ea7-95d0-98d3f0c0ebf7",
"ProviderName": "Microsoft.Windows.Kernel.Power",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "0d2ed727-38a0-4b2b-9f7e-ec79b5ec4aa5",
"ProviderName": "Microsoft.Windows.Kernel.Power.DirectedDrips",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "050bf899-da06-4852-a63a-81e6b9a1c74f",
"ProviderName": "Microsoft.Windows.Kernel.Power.PowerTransitions",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "5e753e4d-2b0d-4451-b8f9-0f1253ca0b44",
"ProviderName": "Microsoft.Windows.Kernel.Ttm",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "5e753e4d-2b0d-4451-b8f9-0f1253ca0b44",
"ProviderName": "Microsoft.Windows.Kernel.Ttm",
"ProviderGroupGUID": null
},
{
"ProviderGUID": "c59673d8-b796-58df-fbf8-a70bad656dca",
"ProviderName": "Microsoft.Windows.Kernel.ProcessSubsystem",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "27a8fdf4-9b77-575b-be3b-e7163ef159bb",
"ProviderName": "Microsoft.Windows.Security.Capabilities",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "09a69a38-2680-4bfa-ad01-792ad63a4ff2",
"ProviderName": "Microsoft.Windows.Kernel.Security",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "2f125292-522c-4ea9-fda1-1d4b8f45b992",
"ProviderName": "WindowsDriverVerifierXdv",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "b7fbd4e0-fa8f-4c58-b0fb-3cc227b86ed6",
"ProviderName": "Microsoft-Windows-Kernel-Vm",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "2839ff94-8f12-4e1b-82e3-af7af77a450f",
"ProviderName": "KernelProcess",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "7614521c-4d0b-4341-bfc9-873082c0f1d3",
"ProviderName": "KernelGeneral",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "1dd9b8c9-e078-4075-b9de-4e5125071a18",
"ProviderName": "MSTelCov",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "8269d78e-14e7-50ba-64ce-dd649dfcd8c5",
"ProviderName": "TraceLogDAPIKernelProvider",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "23b76a75-ce4f-56ef-f903-c3a2d6ae3f6b",
"ProviderName": "Microsoft.Windows.Kernel.BootEnvironment",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "8944a53c-a561-4e53-a0c6-d565414745fc",
"ProviderName": "KernelExecutive",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "37e3779e-c771-40f6-8a27-648d7f3f9d14",
"ProviderName": "Microsoft.Windows.Hal",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "f7e83426-2b81-58f9-c5d4-f2db6d0ad473",
"ProviderName": "Microsoft.Windows.Kernel.FeatureConfigurationManager",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "e9eaf418-0c07-464c-ad14-a7f353349a00",
"ProviderName": "Microsoft.Windows.Kernel.Registry",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "7e9e8b9c-406c-5d73-e566-0f50ea3ade3e",
"ProviderName": "Microsoft-Windows-Kernel-Mm",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "3f771d93-e3fe-4cf4-bb9f-4c06de78c51b",
"ProviderName": "Microsoft.Windows.Security.LicensingTool",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "703fcc13-b66f-5868-ddd9-e2db7f381ffb",
"ProviderName": "Microsoft.Windows.TlgAggregateInternal",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "252d9ecc-1c9f-4917-8760-f872a83bf018",
"ProviderName": "Microsoft.Windows.Containers.RegistryVirtualization",
"ProviderGroupGUID": null
}
],
"Events": [
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "TimerHardware",
"FieldInfo": [
{
"FieldName": "ClockTimer",
"InType": "UINT32"
},
{
"FieldName": "PerformanceCounter",
"InType": "UINT32"
},
{
"FieldName": "AlwaysOnTimer",
"InType": "UINT32"
},
{
"FieldName": "VpptPhysicalTimer",
"InType": "UINT32"
},
{
"FieldName": "AlwaysOnCounter",
"InType": "UINT32"
},
{
"FieldName": "Watchdog",
"InType": "UINT32"
},
{
"FieldName": "AuxiliaryCounter",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "TimerRtcFailures",
"FieldInfo": [
{
"FieldName": "RtcFailuresDuringRuntime",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "TimerRtcFailures",
"FieldInfo": [
{
"FieldName": "RtcFailuresDuringResume",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "TimerTscSync",
"FieldInfo": [
{
"FieldName": "TscAdjustAvailable",
"InType": "UINT8"
},
{
"FieldName": "MaximumComputedSpread",
"InType": "UINT64"
},
{
"FieldName": "MaximumWaves",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NumaAddRangeProximityFailure",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "PhysicalPageNumber",
"InType": "UINT64"
},
{
"FieldName": "ProximityId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NumaAddRangeProximity",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NumaSratMaxMemory",
"FieldInfo": [
{
"FieldName": "PhysicalPageNumber",
"InType": "UINT64"
},
{
"FieldName": "LastPageDescribedBySrat",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NumaSratGap",
"FieldInfo": [
{
"FieldName": "PreviousEndPage",
"InType": "UINT64"
},
{
"FieldName": "PhysicalPageNumber",
"InType": "UINT64"
},
{
"FieldName": "CurrentBasePage",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "VolumePeriodic",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "version",
"InType": "INT16"
},
{
"FieldName": "volumeId",
"InType": "GUID"
},
{
"FieldName": "periodDurationMicroSec",
"InType": "UINT64"
},
{
"FieldName": "totalDirtyPages",
"InType": "UINT64"
},
{
"FieldName": "maxDirtyPages",
"InType": "UINT64"
},
{
"FieldName": "cumulativeDirtyPageThreshold",
"InType": "UINT64"
},
{
"FieldName": "topDirtyPageThreshold",
"InType": "UINT64"
},
{
"FieldName": "bottomDirtyPageThreshold",
"InType": "UINT64"
},
{
"FieldName": "dirtyPageSamples",
"InType": "UINT64"
},
{
"FieldName": "lazyWriterCalls",
"InType": "UINT64"
},
{
"FieldName": "totalLazyWriterLatency",
"InType": "UINT64"
},
{
"FieldName": "totalLazyWriterPagesFlushed",
"InType": "UINT64"
},
{
"FieldName": "lazyWriterAvgPagesPerSecond",
"InType": "UINT64"
},
{
"FieldName": "totalPagesQueuedToDisk",
"InType": "UINT64"
},
{
"FieldName": "maxPagesQueuedToDisk",
"InType": "UINT64"
},
{
"FieldName": "pagesQueuedToDiskSamples",
"InType": "UINT64"
},
{
"FieldName": "totalLoggedPagesQueuedToDisk",
"InType": "UINT64"
},
{
"FieldName": "maxLoggedPagesQueuedToDisk",
"InType": "UINT64"
},
{
"FieldName": "loggedPagesQueuedToDiskSamples",
"InType": "UINT64"
},
{
"FieldName": "readTotalBytes",
"InType": "UINT64"
},
{
"FieldName": "readPagedInTotalBytes",
"InType": "UINT64"
},
{
"FieldName": "cacheHitRatio",
"InType": "UINT64"
},
{
"FieldName": "readAheadTotalBytes",
"InType": "UINT64"
},
{
"FieldName": "totalWrites",
"InType": "UINT64"
},
{
"FieldName": "totalHardThrottleWrites",
"InType": "UINT64"
},
{
"FieldName": "totalSoftThrottleWrites",
"InType": "UINT64"
},
{
"FieldName": "totalSynchronousReadIoCount",
"InType": "UINT64"
},
{
"FieldName": "totalSynchronousNonBlockingReadIoCount",
"InType": "UINT64"
},
{
"FieldName": "totalFailedSynchronousNonBlockingReadIoCount",
"InType": "UINT64"
},
{
"FieldName": "synchronousReadIoMaxLatency",
"InType": "UINT64"
},
{
"FieldName": "synchronousReadIoNonBlockingMaxLatency",
"InType": "UINT64"
},
{
"FieldName": "totalSynchronousWriteIoCount",
"InType": "UINT64"
},
{
"FieldName": "totalSynchronousNonBlockingWriteIoCount",
"InType": "UINT64"
},
{
"FieldName": "totalFailedSynchronousNonBlockingWriteIoCount",
"InType": "UINT64"
},
{
"FieldName": "synchronousWriteIoMaxLatency",
"InType": "UINT64"
},
{
"FieldName": "synchronousWriteIoNonBlockingMaxLatency",
"InType": "UINT64"
},
{
"FieldName": "totalAsynchronousReadIoCount",
"InType": "UINT64"
},
{
"FieldName": "asynchronousReadIoMaxLatency",
"InType": "UINT64"
},
{
"FieldName": "lazyWriterCalls",
"InType": "UINT64"
},
{
"FieldName": "lazyWriterLatency",
"InType": "UINT64"
},
{
"FieldName": "lazyWriterPagesFlushed",
"InType": "UINT64"
},
{
"FieldName": "latencyBucketValues",
"InType": "UNICODESTRING"
},
{
"FieldName": "synchronousReadIoCounts",
"InType": "UINT64"
},
{
"FieldName": "synchronousReadTotalLatency",
"InType": "UINT64"
},
{
"FieldName": "synchronousReadNonBlockingIoCounts",
"InType": "UINT64"
},
{
"FieldName": "synchronousReadNonBlockingTotalLatency",
"InType": "UINT64"
},
{
"FieldName": "synchronousWriteIoCounts",
"InType": "UINT64"
},
{
"FieldName": "synchronousWriteTotalLatency",
"InType": "UINT64"
},
{
"FieldName": "synchronousWriteNonBlockingIoCounts",
"InType": "UINT64"
},
{
"FieldName": "synchronousWriteNonBlockingTotalLatency",
"InType": "UINT64"
},
{
"FieldName": "asynchronousReadIoCounts",
"InType": "UINT64"
},
{
"FieldName": "asynchronousReadTotalLatency",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "GlobalPeriodic",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "version",
"InType": "INT16"
},
{
"FieldName": "periodDurationMicroSec",
"InType": "UINT64"
},
{
"FieldName": "numberOfNumaNodes",
"InType": "UINT32"
},
{
"FieldName": "telemetrySamples",
"InType": "UINT64"
},
{
"FieldName": "totalNumberOfMappedVacbs",
"InType": "UINT64"
},
{
"FieldName": "totalPartitionSamples",
"InType": "UINT64"
},
{
"FieldName": "totalVolumeSamples",
"InType": "UINT64"
},
{
"FieldName": "totalPagesYetToWrite",
"InType": "UINT64"
},
{
"FieldName": "totalDirtyPages",
"InType": "UINT64"
},
{
"FieldName": "totalAvailablePages",
"InType": "UINT64"
},
{
"FieldName": "totalNumberWorkerThreads",
"InType": "UINT64"
},
{
"FieldName": "totalNumberActiveWorkerThreads",
"InType": "UINT64"
},
{
"FieldName": "totalAverageAvailablePages",
"InType": "UINT64"
},
{
"FieldName": "totalAverageDirtyPages",
"InType": "UINT64"
},
{
"FieldName": "ccCopyReadCalls",
"InType": "UINT64"
},
{
"FieldName": "ccAsyncCopyReadCalls",
"InType": "UINT64"
},
{
"FieldName": "ccCopyWriteCalls",
"InType": "UINT64"
},
{
"FieldName": "ccSetValidDataCalls",
"InType": "UINT64"
},
{
"FieldName": "ccFlushCacheCalls",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpReleaseIrpsWaitingForRH_Exit",
"FieldInfo": [
{
"FieldName": "WaitingIrpsFound",
"InType": "UINT32"
},
{
"FieldName": "NonMatchingKeysFound",
"InType": "UINT32"
},
{
"FieldName": "WaitingIrpsCompleted",
"InType": "UINT32"
},
{
"FieldName": "WaitingIrpsSkipped",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpRemoveAndCompleteWaitingIrp",
"FieldInfo": [
{
"FieldName": "WaitingIrp-\u003eIrp",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpReleaseIrpsWaitingForRH_Enter",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelOplockRHIrp_Enter",
"FieldInfo": [
{
"FieldName": "ReleaseWaitingIrps",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelOplockRHIrp_Exit",
"FieldInfo": [
{
"FieldName": "ReleaseWaitingIrps",
"InType": "UINT8"
},
{
"FieldName": "CancelledIrp",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelWaitingIrp_Exit",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelOplockRHIrp_Enter",
"FieldInfo": [
{
"FieldName": "ReleaseWaitingIrps",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelWaitingIrp_Enter",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelWaitingIrp_LoopTop",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "WaitingIrp-\u003eIrp",
"InType": "HEXINT64"
},
{
"FieldName": "Irp canceled",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpCancelWaitingIrp_Enter",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpWaitOnIrp_Exit",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "PerformedInlineWait",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpWaitOnIrp_Exit",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "PerformedInlineWait",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpWaitOnIrp_Exit",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "PerformedInlineWait",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpWaitOnIrp_Enter",
"FieldInfo": [
{
"FieldName": "Waiting Irp",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpRemoveAndBreakRHIrp_Enter",
"FieldInfo": [
{
"FieldName": "CompletionStatus",
"InType": "UINT32"
},
{
"FieldName": "NewOplockLevel",
"InType": "HEXINT32"
},
{
"FieldName": "OutputFlags",
"InType": "HEXINT32"
},
{
"FieldName": "AccessMode",
"InType": "HEXINT32"
},
{
"FieldName": "ShareMode",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpRemoveAndBreakRHIrp_Exit",
"FieldInfo": [
{
"FieldName": "CompletionStatus",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpRemoveAndCompleteReadOnlyIrp_Enter",
"FieldInfo": [
{
"FieldName": "CompletionStatus",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "NewOplockLevel",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpRemoveAndCompleteReadOnlyIrp_Exit",
"FieldInfo": [
{
"FieldName": "CompletionStatus",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_CompleteAckOnClose",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_InvalidState",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWHtoR",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWHtoNone",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWHtoRW",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWHtoRH",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWtoR",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWtoNone",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRW",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRWH",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRHtoNone",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRHtoR",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_MayWaitForAtomic",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockRH",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_OplockR",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_NothingToBreak",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags_MatchingKey",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockBreakByCacheFlags",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockCleanup_Exit",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock-\u003eWaitingIrps.Flink",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock-\u003eWaitingIrps.Blink",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockCleanup_Enter",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpOplockCleanup_RemoveWaitingIrps_CompleteAckOnClose",
"FieldInfo": [
{
"FieldName": "OriginalFileObject",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpAcknowledgeOplockBreakByCacheFlags_Exit",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpAcknowledgeOplockBreakByCacheFlags_Exit",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpAcknowledgeOplockBreakByCacheFlags_Exclusive_SetCompleteAckOnClose",
"FieldInfo": [
{
"FieldName": "OriginalFileObject",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpAcknowledgeOplockBreakByCacheFlags_Exit",
"FieldInfo": [
{
"FieldName": "NTSTATUS",
"InType": "UINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpAcknowledgeOplockBreakByCacheFlags_Enter",
"FieldInfo": [
{
"FieldName": "NewOplockLevel",
"InType": "HEXINT32"
},
{
"FieldName": "LowerOplockLevel",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpAcknowledgeOplockBreakByCacheFlags_RH_SetCompleteAckOnClose",
"FieldInfo": [
{
"FieldName": "OriginalFileObject",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpRequestShareableOplock_RH",
"FieldInfo": [
{
"FieldName": "DesiredOplock",
"InType": "HEXINT32"
},
{
"FieldName": "GrantingInAck",
"InType": "UINT8"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpGrantAnyOplockFromExclusive_SetCompleteAckOnClose",
"FieldInfo": [
{
"FieldName": "OriginalFileObject",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DenySharableOplockForWritableMappedSection",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "DesiredOplock",
"InType": "HEXINT32"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DenyExclusiveOplockForWritableMappedSection",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "NextOplockState",
"InType": "HEXINT32"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "NeedTwoBreaks",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "OplockAcquired",
"InType": "UINT8"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BreakOplockOnWritableMappedSection",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "SyncType",
"InType": "UINT32"
},
{
"FieldName": "PageProtection",
"InType": "HEXINT32"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ClosingDeleteOnClose",
"FieldInfo": [
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "CacheLevelToLose",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "IumStatus",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "IsRunning",
"InType": "BOOL32"
},
{
"FieldName": "IumEnablement",
"InType": "UINT32"
},
{
"FieldName": "IumPolicy",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "EfiRuntimeServices",
"FieldInfo": [
{
"FieldName": "Version",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PageProtection",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpLoadDumpStackFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpReconfigured",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpDumpStackInitializationFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpFreeDumpStackFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpInitializeFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpLoadDriverFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpDisabled",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpDisableFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CrashDumpDisabledByPolicy",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "AllowCrashDump",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ForceDumpDisabled",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "ForceDumpDisabled",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AllowCrashDumpPolicyChangeWNFNotificationSubscriptionFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AllowCrashDumpPolicyValueChanged",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "AllowCrashDump",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "InvalidNotificationStateName",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CreateIoRing",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "RequestorMode",
"InType": "ANSISTRING"
},
{
"FieldName": "ProcessName",
"InType": "ANSISTRING"
},
{
"FieldName": "IoRingVersion",
"InType": "INT32"
},
{
"FieldName": "IoRingCreateRequiredFlags",
"InType": "UINT32"
},
{
"FieldName": "IoRingCreateAdvisoryFlags",
"InType": "UINT32"
},
{
"FieldName": "IoRingCreateSqSize",
"InType": "UINT32"
},
{
"FieldName": "IoRingCreateCqSize",
"InType": "UINT32"
},
{
"FieldName": "ResultIoRingVersion",
"InType": "UINT32"
},
{
"FieldName": "ResultIoRingCreateRequiredFlags",
"InType": "UINT32"
},
{
"FieldName": "ResultIoRingCreateAdvisoryFlags",
"InType": "UINT32"
},
{
"FieldName": "ResultSubmissionQueueSize",
"InType": "UINT32"
},
{
"FieldName": "ResultSubmissionQueueRingMask",
"InType": "UINT32"
},
{
"FieldName": "ResultCompletionQueueSize",
"InType": "UINT32"
},
{
"FieldName": "ResultCompletionQueueRingMask",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "LiveDumpDisabledByPolicy",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "AllowLiveDump",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AllowLiveDumpPolicyChangeWNFNotificationSubscriptionFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AllowLiveDumpPolicyValueChanged",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "AllowLiveDump",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "InvalidNotificationStateName",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "OpenVMMemoryPartitionFailure",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "openPartitionFailed",
"InType": "UINT8"
},
{
"FieldName": "ntStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AllocationFromVMMemoryPartitionFailure",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "allocationFromPartitionFailed",
"InType": "UINT8"
},
{
"FieldName": "ntStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "WriteDeferredDumpDataEnded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "totalBytes",
"InType": "UINT64"
},
{
"FieldName": "writeDeferredDumpDataDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "WriteDumpDataEnded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "totalBytes",
"InType": "UINT64"
},
{
"FieldName": "writeDumpDataDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CaptureDumpEnded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "ntStatus",
"InType": "UINT32"
},
{
"FieldName": "bugCheckCode",
"InType": "HEXINT64"
},
{
"FieldName": "bugcheckParameter1",
"InType": "HEXINT64"
},
{
"FieldName": "bugcheckParameter2",
"InType": "HEXINT64"
},
{
"FieldName": "bugcheckParameter3",
"InType": "HEXINT64"
},
{
"FieldName": "bugcheckParameter4",
"InType": "HEXINT64"
},
{
"FieldName": "deferDumpFileWrite",
"InType": "UINT8"
},
{
"FieldName": "abortIfMemoryPressure",
"InType": "UINT8"
},
{
"FieldName": "selectiveDump",
"InType": "UINT8"
},
{
"FieldName": "totalDumpCreationDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "ioSpaceEnabled",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CorralProcessors",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "corralDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "disableInterruptsDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "saveSupervisorStateDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "suspendClockTimerDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "UncorralProcessors",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "uncorralDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "enableInterruptsDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "restoreSupervisorStateDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "resumeClockTimerDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CaptureDumpStarted",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CaptureProcessorContext",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "captureProcessorContextDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "MarkRequiredDumpData",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "markRequiredDumpDataDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "MarkImportantDumpData",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "markImportantDumpDataDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PopulateBitmapForDump",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "populateBitmapForDumpDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "removeSystemCacheFromDumpDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HvlPrepareLivedumpDescriptorFailure",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "hvlPrepareLivedumpDescriptorFailed",
"InType": "UINT8"
},
{
"FieldName": "ntStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CaptureDumpMemoryAllocationEnded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "allocatedPageCount",
"InType": "UINT64"
},
{
"FieldName": "addHypervisorPages",
"InType": "UINT8"
},
{
"FieldName": "hvPageCount",
"InType": "UINT64"
},
{
"FieldName": "skPageCount",
"InType": "UINT64"
},
{
"FieldName": "limitDumpFileSize",
"InType": "UINT8"
},
{
"FieldName": "dumpFileSizeLimitInBytes",
"InType": "UINT64"
},
{
"FieldName": "dumpFileSizeLimitReached",
"InType": "UINT8"
},
{
"FieldName": "memAllocDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "GenerateIptSecondaryData",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "generateIptSecondaryDataDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CaptureDumpMemoryCaptureEnded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "memoryCaptureDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "systemQuiescedDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "endMirroringPhaseEndIntervalDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "mirrorPhysicalMemoryDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "mirrorPhysicalMemorySizeInBytes_ms",
"InType": "UINT64"
},
{
"FieldName": "hvlCollectLivedumpDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "dumpDataBufferingDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "QueryHvlDumpSizeFailure",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "hvlQueryDumpSizeFailed",
"InType": "UINT8"
},
{
"FieldName": "ntStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CaptureDumpMemoryEstimateEnded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "memoryEstimateDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "systemQuiescedDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "endMirroringPhaseEndIntervalDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "mirrorPhysicalMemoryDuration_ms",
"InType": "UINT64"
},
{
"FieldName": "MirrorPhysicalMemorySizeInBytes_ms",
"InType": "UINT64"
},
{
"FieldName": "hvlCalculateLiveDumpSizeDuration_ms",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "GetVariable",
"FieldInfo": [
{
"FieldName": "variableName",
"InType": "UNICODESTRING"
},
{
"FieldName": "vendorGuid",
"InType": "GUID"
},
{
"FieldName": "valueLength",
"InType": "UINT32"
},
{
"FieldName": "attributes",
"InType": "UINT32"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "SetVariable",
"FieldInfo": [
{
"FieldName": "variableName",
"InType": "UNICODESTRING"
},
{
"FieldName": "vendorGuid",
"InType": "GUID"
},
{
"FieldName": "valueLength",
"InType": "UINT32"
},
{
"FieldName": "attributes",
"InType": "UINT32"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "EnumerateVariables",
"FieldInfo": [
{
"FieldName": "informationClass",
"InType": "UINT32"
},
{
"FieldName": "requiredLength",
"InType": "UINT32"
},
{
"FieldName": "status",
"InType": "UINT32"
},
{
"FieldName": "filterProvided",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "QueryVariables",
"FieldInfo": [
{
"FieldName": "attributes",
"InType": "UINT32"
},
{
"FieldName": "maximumVariableStorageSize",
"InType": "UINT64"
},
{
"FieldName": "remainingVariableStorageSize",
"InType": "UINT64"
},
{
"FieldName": "maximumVariableSize",
"InType": "UINT64"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
170
],
"EventName": "Ast.IoctlCalled",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceObject",
"InType": "HEXINT64"
},
{
"FieldName": "IoControlCode",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
170
],
"EventName": "Ast.DeviceCreated",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceType",
"InType": "UINT32"
},
{
"FieldName": "DeviceCharacteristics",
"InType": "UINT32"
},
{
"FieldName": "DeviceObject",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
170
],
"EventName": "Ast.DeviceSDDLChanged",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceObject",
"InType": "HEXINT64"
},
{
"FieldName": "\u0026DeviceSecurityDescriptor",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "OsloaderTime",
"FieldInfo": [
{
"FieldName": "StartTime",
"InType": "UINT64"
},
{
"FieldName": "EndTime",
"InType": "UINT64"
},
{
"FieldName": "PreloadEndTime",
"InType": "UINT64"
},
{
"FieldName": "TcbLoaderStartTime",
"InType": "UINT64"
},
{
"FieldName": "LoadVsmTime",
"InType": "UINT64"
},
{
"FieldName": "LaunchVsmTime",
"InType": "UINT64"
},
{
"FieldName": "LoadHypervisorTime",
"InType": "UINT64"
},
{
"FieldName": "LaunchHypervisorTime",
"InType": "UINT64"
},
{
"FieldName": "Frequency",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PnpCompareInterruptInformation",
"FieldInfo": [
{
"FieldName": "Reason",
"InType": "ANSISTRING"
},
{
"FieldName": "Size1",
"InType": "UINT32"
},
{
"FieldName": "Size2",
"InType": "UINT32"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PnpCompareInterruptInformation",
"FieldInfo": [
{
"FieldName": "Reason",
"InType": "ANSISTRING"
},
{
"FieldName": "Size1",
"InType": "UINT32"
},
{
"FieldName": "Size2",
"InType": "UINT32"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PnpCompareInterruptInformation",
"FieldInfo": [
{
"FieldName": "Reason",
"InType": "ANSISTRING"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "WatchdogViolation",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Type",
"InType": "UINT32"
},
{
"FieldName": "ElapsedTimeInMs",
"InType": "UINT32"
},
{
"FieldName": "InstancePath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DriverName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "SecondChanceTriggered",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DriverBlocked",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "FileName",
"InType": "UNICODESTRING"
},
{
"FieldName": "EntryGuid",
"InType": "GUID"
},
{
"FieldName": "PolicyBlockReason",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AggregateInterruptConnection",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Connected",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DeviceRemovalForResetComplete",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ServiceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DevNodeState",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "RetryCount",
"InType": "UINT32"
},
{
"FieldName": "RetryInterval",
"InType": "INT64"
},
{
"FieldName": "VetoType",
"InType": "UINT32"
},
{
"FieldName": "VetoName",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "RequestDeviceRemovalForReset",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ServiceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DevNodeState",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "Result",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DockDeviceEnumerated",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DockStatus",
"InType": "UINT32"
},
{
"FieldName": "EnumerationResult",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DmaGuardIommuDeviceProperties",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Properties",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AggregateDmaGuardDevicePolicy",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Policy",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DmaGuardSystemPolicy",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Policy",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SecureDeviceEnumerated",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "SecureDeviceState",
"InType": "UINT32"
},
{
"FieldName": "UnprotectStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "RebalanceResult",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ServiceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceCount",
"InType": "UINT32"
},
{
"FieldName": "SubtreeRootInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "SubtreeIncludesRoot",
"InType": "UINT8"
},
{
"FieldName": "RebalanceDueToDynamicPartitioning",
"InType": "UINT8"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "Failure",
"InType": "UINT32"
},
{
"FieldName": "DurationInMs",
"InType": "UINT64"
},
{
"FieldName": "EndTime",
"InType": "UINT64"
},
{
"FieldName": "Phase",
"InType": "UINT8"
},
{
"FieldName": "ResetDeviceWhileStopped",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "DeviceConfig",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Legacy",
"InType": "BOOL32"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DriverFlightIds",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "FirstHardwareId",
"InType": "UNICODESTRING"
},
{
"FieldName": "LastCompatibleId",
"InType": "UNICODESTRING"
},
{
"FieldName": "ClassGuid",
"InType": "UNICODESTRING"
},
{
"FieldName": "DriverInfName",
"InType": "UNICODESTRING"
},
{
"FieldName": "DriverProvider",
"InType": "UNICODESTRING"
},
{
"FieldName": "DriverDate",
"InType": "UNICODESTRING"
},
{
"FieldName": "DriverVersion",
"InType": "UNICODESTRING"
},
{
"FieldName": "DriverSubmissionId",
"InType": "UNICODESTRING"
},
{
"FieldName": "ExtensionDrivers",
"InType": "UNICODESTRING"
},
{
"FieldName": "DriverShimIds",
"InType": "UNICODESTRING"
},
{
"FieldName": "InboxDriver",
"InType": "UINT8"
},
{
"FieldName": "SetupMode",
"InType": "UINT8"
},
{
"FieldName": "NeedReboot",
"InType": "UINT8"
},
{
"FieldName": "RebootRequiredReason",
"InType": "HEXINT64"
},
{
"FieldName": "StatusCode",
"InType": "UINT32"
},
{
"FieldName": "InstallDate",
"InType": "FILETIME"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "AggregateSetDevNodeProblem",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ServiceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Problem",
"InType": "UINT32"
},
{
"FieldName": "ProblemStatus",
"InType": "UINT32"
},
{
"FieldName": "LastProblem",
"InType": "UINT32"
},
{
"FieldName": "LastProblemStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "AggregateClearDevNodeProblem",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "DeviceInstanceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ServiceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "LastProblem",
"InType": "UINT32"
},
{
"FieldName": "LastProblemStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ExternalNmiCallbackRegistered",
"FieldInfo": [
{
"FieldName": "DriverName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DriverBase",
"InType": "HEXINT64"
},
{
"FieldName": "DriverSize",
"InType": "UINT32"
},
{
"FieldName": "ImageChecksum",
"InType": "HEXINT32"
},
{
"FieldName": "ImageTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "NmiCallbackAddress",
"InType": "HEXINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HGS+ Configuration",
"FieldInfo": [
{
"FieldName": "WorkloadClassCount",
"InType": "UINT32"
},
{
"FieldName": "FeedbackUpdateThresholdRuntime",
"InType": "UINT32"
},
{
"FieldName": "FeedbackUpdateThresholdRuntimeCycles",
"InType": "UINT64"
},
{
"FieldName": "FeedbackUpdateThresholdNetRuntime",
"InType": "UINT32"
},
{
"FieldName": "FeedbackUpdateThresholdNetCycles",
"InType": "UINT64"
},
{
"FieldName": "InvalidFeedbackLimit",
"InType": "UINT32"
},
{
"FieldName": "InvalidFeedbackDefaultClass",
"InType": "UINT32"
},
{
"FieldName": "InvalidFeedbackDefaultClassSet",
"InType": "UINT8"
},
{
"FieldName": "MaximalClassByPerformanceScore",
"InType": "UINT8"
},
{
"FieldName": "LowerPerfClassFeedbackThreshold",
"InType": "UINT32"
},
{
"FieldName": "HigherPerfClassFeedbackThreshold",
"InType": "UINT32"
},
{
"FieldName": "ThreadCreationDefaultClass",
"InType": "UINT32"
},
{
"FieldName": "MinimumScoreDifferenceForSwap",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ClockRearmed",
"FieldInfo": [
{
"FieldName": "ClockOwner",
"InType": "UINT8"
},
{
"FieldName": "MinInterval",
"InType": "UINT32"
},
{
"FieldName": "ActualInterval",
"InType": "UINT32"
},
{
"FieldName": "OneShot",
"InType": "UINT8"
},
{
"FieldName": "TimerRearmed",
"InType": "UINT8"
},
{
"FieldName": "EarliestDeadline",
"InType": "UINT32"
},
{
"FieldName": "PeriodicInterval",
"InType": "UINT32"
},
{
"FieldName": "IntTimePrecise",
"InType": "UINT64"
},
{
"FieldName": "EarliestDueTimeWithTolerance",
"InType": "UINT64"
},
{
"FieldName": "NextPeriodicTickTime",
"InType": "UINT64"
},
{
"FieldName": "DueTimeMinusIntTimePrecise",
"InType": "INT64"
},
{
"FieldName": "NoWakesConsidered",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ClockRearmNotRequired",
"FieldInfo": [
{
"FieldName": "ClockOwner",
"InType": "UINT8"
},
{
"FieldName": "IntTimePrecise",
"InType": "UINT64"
},
{
"FieldName": "EarliestNextTickDueTime",
"InType": "UINT64"
},
{
"FieldName": "EarliestDeadline",
"InType": "UINT32"
},
{
"FieldName": "EarliestDeadlineDueTime",
"InType": "UINT64"
},
{
"FieldName": "EarliestDeadlineDueTimeWithTolerance",
"InType": "UINT64"
},
{
"FieldName": "NextTickDueTime",
"InType": "INT64"
},
{
"FieldName": "NoWakesConsidered",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "NonClockOwnerDeepIdle",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ProcessorExitDeepIdle",
"FieldInfo": [
{
"FieldName": "RearmRequired",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ClockOwnerDynamicTick",
"FieldInfo": [
{
"FieldName": "ReqInterval",
"InType": "UINT32"
},
{
"FieldName": "ActualInterval",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ClockTimerCancel",
"FieldInfo": [
{
"FieldName": "DeadlineType",
"InType": "UINT32"
},
{
"FieldName": "ForceRearm",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ClockTimerSet",
"FieldInfo": [
{
"FieldName": "DueTime",
"InType": "INT64"
},
{
"FieldName": "RelativeTimeDiff",
"InType": "INT64"
},
{
"FieldName": "AbsDueTime",
"InType": "UINT64"
},
{
"FieldName": "IntTimePrecise",
"InType": "UINT64"
},
{
"FieldName": "TolerableDelay",
"InType": "UINT32"
},
{
"FieldName": "DeadlineType",
"InType": "UINT32"
},
{
"FieldName": "NoWake",
"InType": "UINT8"
},
{
"FieldName": "ForceRearm",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "Hetero Sets",
"FieldInfo": [
{
"FieldName": "Hetero Policy",
"InType": "ANSISTRING"
},
{
"FieldName": "Workload Class",
"InType": "UINT32"
},
{
"FieldName": "Hetero Set Masks",
"InType": "STRUCT"
},
{
"FieldName": "Ideal Set Mask",
"InType": "HEXINT64"
},
{
"FieldName": "Preferred Set Mask",
"InType": "HEXINT64"
},
{
"FieldName": "Available Set Mask",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "Hetero Sets",
"FieldInfo": [
{
"FieldName": "Thread QoS Type",
"InType": "ANSISTRING"
},
{
"FieldName": "Thread Running Type",
"InType": "ANSISTRING"
},
{
"FieldName": "DynamicHeteroCpuPolicy",
"InType": "ANSISTRING"
},
{
"FieldName": "Workload Class",
"InType": "UINT32"
},
{
"FieldName": "Lower Threshold",
"InType": "UINT8"
},
{
"FieldName": "Upper Threshold",
"InType": "UINT8"
},
{
"FieldName": "Hetero Set Masks",
"InType": "STRUCT"
},
{
"FieldName": "Ideal Set Mask",
"InType": "HEXINT64"
},
{
"FieldName": "Preferred Set Mask",
"InType": "HEXINT64"
},
{
"FieldName": "Available Set Mask",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "Hetero System Properties",
"FieldInfo": [
{
"FieldName": "Hetero System",
"InType": "BOOL32"
},
{
"FieldName": "Virtual Hetero System",
"InType": "BOOL32"
},
{
"FieldName": "Ppm QoS Supported",
"InType": "BOOL32"
},
{
"FieldName": "Efficiency Class System",
"InType": "BOOL32"
},
{
"FieldName": "Multi-Core Classes Enabled",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "UserCetAppcompatOptionsUpdated",
"FieldInfo": [
{
"FieldName": "AppcompatOptions",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SymlinkTraversalBlocked",
"FieldInfo": [
{
"FieldName": "SymlinkName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "SymlinkIntegrity",
"InType": "UINT32"
},
{
"FieldName": "CallerIntegrityLevel",
"InType": "UINT32"
},
{
"FieldName": "LowILBlock",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ALPFScenarioDecision",
"FieldInfo": [
{
"FieldName": "TelemetryId",
"InType": "GUID"
},
{
"FieldName": "Id",
"InType": "UNICODESTRING"
},
{
"FieldName": "Type",
"InType": "UINT8"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "PrefetchReason",
"InType": "UINT8"
},
{
"FieldName": "TraceReason",
"InType": "UINT8"
},
{
"FieldName": "Launches",
"InType": "HEXINT32"
},
{
"FieldName": "LastLaunch100Ns",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "PhysicalPowerButtonPressInfoAtBoot",
"FieldInfo": [
{
"FieldName": "LastPressTime",
"InType": "FILETIME"
},
{
"FieldName": "LastPressBootId",
"InType": "UINT32"
},
{
"FieldName": "CumulativePressCount",
"InType": "UINT32"
},
{
"FieldName": "LastReleaseTime",
"InType": "FILETIME"
},
{
"FieldName": "LastReleaseBootId",
"InType": "UINT32"
},
{
"FieldName": "CumulativeReleaseCount",
"InType": "UINT32"
},
{
"FieldName": "ErrorCount",
"InType": "UINT32"
},
{
"FieldName": "LastPowerWatchdogStage",
"InType": "UINT32"
},
{
"FieldName": "PowerWatchdogArmed",
"InType": "UINT8"
},
{
"FieldName": "ShutdownInProgress",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "InvalidWatchdogBlamedChildCount",
"FieldInfo": [
{
"FieldName": "ChildDevice",
"InType": "UINT32"
},
{
"FieldName": "ChildDeviceCount",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "InvalidWatchdogBlamedChildCount",
"FieldInfo": [
{
"FieldName": "ChildDevice",
"InType": "UINT32"
},
{
"FieldName": "ChildDeviceCount",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SetTargetDripsDevicePowerStateFailed",
"FieldInfo": [
{
"FieldName": "FriendlyName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "TargetState",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PpmQosEnableDisableStats",
"FieldInfo": [
{
"FieldName": "elapsedTimeSeconds",
"InType": "UINT32"
},
{
"FieldName": "enabledTimeSeconds",
"InType": "UINT32"
},
{
"FieldName": "disableReasonTimesSeconds",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "PreviousShutdownWasThermalShutdown",
"FieldInfo": [
{
"FieldName": "thermalZone",
"InType": "UNICODESTRING"
},
{
"FieldName": "temperature",
"InType": "UINT32"
},
{
"FieldName": "TotalUpTimeMs",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ResiliencyPhaseExit",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "EneryDrain",
"InType": "UINT32"
},
{
"FieldName": "EneryDrainV2Value",
"InType": "INT64"
},
{
"FieldName": "EneryDrainV2Flags",
"InType": "INT64"
},
{
"FieldName": "EsStateOnEntry",
"InType": "UINT32"
},
{
"FieldName": "EsReasonOnEntry",
"InType": "UINT32"
},
{
"FieldName": "EsUpdateCount",
"InType": "UINT32"
},
{
"FieldName": "DsReason",
"InType": "UINT32"
},
{
"FieldName": "TotalTimeInUs",
"InType": "UINT64"
},
{
"FieldName": "TotalSwDripsTimeInUs",
"InType": "UINT64"
},
{
"FieldName": "TotalHwDripsTimeInUs",
"InType": "UINT64"
},
{
"FieldName": "TotalDsTimeInUs",
"InType": "UINT64"
},
{
"FieldName": "MaxActivationConcurrency",
"InType": "UINT32"
},
{
"FieldName": "MinActivationIntervalInUs",
"InType": "UINT64"
},
{
"FieldName": "MaxActivationIntervalInUs",
"InType": "UINT64"
},
{
"FieldName": "TotalActivationIntervalInUs",
"InType": "UINT64"
},
{
"FieldName": "ActivationIntervalCount",
"InType": "UINT32"
},
{
"FieldName": "MinDeviceConstraintIntervalInUs",
"InType": "UINT64"
},
{
"FieldName": "MaxDeviceConstraintIntervalInUs",
"InType": "UINT64"
},
{
"FieldName": "TotalDeviceConstraintIntervalInUs",
"InType": "UINT64"
},
{
"FieldName": "DeviceConstraintIntervalCount",
"InType": "UINT32"
},
{
"FieldName": "DeepSleepBlockerDurationsInUs",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "ElapsedTimeBsdWrite",
"FieldInfo": [
{
"FieldName": "RtlBsdItemType",
"InType": "UINT32"
},
{
"FieldName": "ElapsedTimeInBsdWriteInMs",
"InType": "UINT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "StateTransitionFailure",
"FieldInfo": [
{
"FieldName": "ThreadToken",
"InType": "HEXINT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "FailurePoint",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "UmpoALPCMessageProcessingError",
"FieldInfo": [
{
"FieldName": "NtStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "InputSuppressionMonitorOnRequestUserInput",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "MonitorRequestReason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryCommonStatusAtAlarmTrigger",
"FieldInfo": [
{
"FieldName": "action",
"InType": "ANSISTRING"
},
{
"FieldName": "isAcOnline",
"InType": "UINT8"
},
{
"FieldName": "remainingMilliPercent",
"InType": "UINT32"
},
{
"FieldName": "powerState",
"InType": "UINT32"
},
{
"FieldName": "isPowerPolicyEnabled",
"InType": "UINT8"
},
{
"FieldName": "powerPolicyBatteryLevel",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyMinSystemState",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyActionType",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyFlags",
"InType": "HEXINT32"
},
{
"FieldName": "powerPolicyEventCode",
"InType": "UINT32"
},
{
"FieldName": "triggerBatteryFlags",
"InType": "HEXINT32"
},
{
"FieldName": "triggerBatteryLevel",
"InType": "UINT32"
},
{
"FieldName": "triggerBatteryIgnoreStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryTriggerMet",
"FieldInfo": [
{
"FieldName": "dischargePolicyIndex",
"InType": "UINT32"
},
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "remainingPercentage",
"InType": "UINT32"
},
{
"FieldName": "remainingMilliPercent",
"InType": "UINT32"
},
{
"FieldName": "isAcOnline",
"InType": "UINT32"
},
{
"FieldName": "batteryActionInternalFlags",
"InType": "UINT32"
},
{
"FieldName": "isPowerActionCallIgnored",
"InType": "UINT32"
},
{
"FieldName": "isPowerPolicyEnabled",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyAction",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyBatteryLevel",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyEventCode",
"InType": "UINT32"
},
{
"FieldName": "powerPolicyMinState",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "BatteryTriggerFlagsUpdated",
"FieldInfo": [
{
"FieldName": "actionName",
"InType": "ANSISTRING"
},
{
"FieldName": "batteryTriggerSetFlag",
"InType": "UINT8"
},
{
"FieldName": "batteryTriggerSystemFlag",
"InType": "UINT8"
},
{
"FieldName": "batteryTriggerUserFlag",
"InType": "UINT8"
},
{
"FieldName": "isAcOnline",
"InType": "UINT8"
},
{
"FieldName": "remainingMilliPercent",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryStatusAtAlarmTrigger",
"FieldInfo": [
{
"FieldName": "action",
"InType": "ANSISTRING"
},
{
"FieldName": "batteryNumber",
"InType": "UINT32"
},
{
"FieldName": "fullChargeCapacity",
"InType": "UINT32"
},
{
"FieldName": "currentCapacity",
"InType": "UINT32"
},
{
"FieldName": "batteryMilliPercentCapacity",
"InType": "UINT32"
},
{
"FieldName": "defaultAlert1",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PowerButtonSuppressionOptedIn",
"FieldInfo": [
{
"FieldName": "OptIn",
"InType": "UINT8"
},
{
"FieldName": "RegistryKeyOverride",
"InType": "UINT32"
},
{
"FieldName": "COINVelocity",
"InType": "UINT8"
},
{
"FieldName": "ErrataRule",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "InputSuppressionAction",
"FieldInfo": [
{
"FieldName": "isLidStateIgnored",
"InType": "UINT8"
},
{
"FieldName": "isLidClosed",
"InType": "UINT8"
},
{
"FieldName": "isPowerStateDc",
"InType": "UINT8"
},
{
"FieldName": "isDisplayOff",
"InType": "UINT8"
},
{
"FieldName": "isNoExternalMonitorPresent",
"InType": "UINT8"
},
{
"FieldName": "isInputSuppressionOptedIn",
"InType": "UINT8"
},
{
"FieldName": "inputSuppressionFinalAction",
"InType": "UINT32"
},
{
"FieldName": "CsSessionId",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PoDirectedDripsInitialization",
"FieldInfo": [
{
"FieldName": "InitializationResult",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AllowHibernatePolicy",
"FieldInfo": [
{
"FieldName": "HibernatePolicy",
"InType": "UINT32"
},
{
"FieldName": "HibernateEnabled",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "ExecutePowerAction",
"FieldInfo": [
{
"FieldName": "TriggerType",
"InType": "HEXINT32"
},
{
"FieldName": "TriggerFlags",
"InType": "HEXINT32"
},
{
"FieldName": "UserNotify",
"InType": "HEXINT32"
},
{
"FieldName": "PowerAction",
"InType": "UINT32"
},
{
"FieldName": "PowerActionFlags",
"InType": "HEXINT32"
},
{
"FieldName": "PowerActionEventCode",
"InType": "UINT32"
},
{
"FieldName": "LightestState",
"InType": "UINT32"
},
{
"FieldName": "SubstitutionPolicy",
"InType": "UINT32"
},
{
"FieldName": "LocalAction",
"InType": "UINT32"
},
{
"FieldName": "LocalActionFlags",
"InType": "UINT32"
},
{
"FieldName": "LocalActionEventCode",
"InType": "UINT32"
},
{
"FieldName": "Disabled",
"InType": "UINT32"
},
{
"FieldName": "RequesterNameLength",
"InType": "UINT32"
},
{
"FieldName": "RequesterName",
"InType": "ANSISTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DozeToS4Deferral",
"FieldInfo": [
{
"FieldName": "Deferred",
"InType": "BOOL32"
},
{
"FieldName": "DozeDeferralDeniedReasons",
"InType": "HEXINT32"
},
{
"FieldName": "DozeDeferralStartTime",
"InType": "HEXINT64"
},
{
"FieldName": "CurrentInterruptTime",
"InType": "HEXINT64"
},
{
"FieldName": "EarliestWakeTimerDueTime",
"InType": "HEXINT64"
},
{
"FieldName": "DozeDeferralMaxSeconds",
"InType": "UINT32"
},
{
"FieldName": "WakeTimerRequester",
"InType": "UNICODESTRING"
},
{
"FieldName": "WakeTimerReason",
"InType": "UNICODESTRING"
},
{
"FieldName": "RtcWakePolicyAc",
"InType": "UINT8"
},
{
"FieldName": "RtcWakePolicyDc",
"InType": "UINT8"
},
{
"FieldName": "PlatformRole",
"InType": "INT8"
},
{
"FieldName": "IsAoac",
"InType": "BOOL32"
},
{
"FieldName": "WakeAlarmPresent",
"InType": "INT8"
},
{
"FieldName": "AcOnLineWakeCapability",
"InType": "INT8"
},
{
"FieldName": "RtcWakeCapability",
"InType": "INT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "RtcWakeInfo",
"FieldInfo": [
{
"FieldName": "wokeSystem",
"InType": "BOOL32"
},
{
"FieldName": "rejectReason",
"InType": "UINT8"
},
{
"FieldName": "uncertain",
"InType": "BOOL32"
},
{
"FieldName": "spurious",
"InType": "BOOL32"
},
{
"FieldName": "fixedWakeSource",
"InType": "UINT32"
},
{
"FieldName": "acAlarmSignaled",
"InType": "BOOL32"
},
{
"FieldName": "dcAlarmSignaled",
"InType": "BOOL32"
},
{
"FieldName": "rtcSignaled",
"InType": "BOOL32"
},
{
"FieldName": "acProgrammedTime",
"InType": "FILETIME"
},
{
"FieldName": "dcProgrammedTime",
"InType": "FILETIME"
},
{
"FieldName": "usingAcTime",
"InType": "BOOL32"
},
{
"FieldName": "wakeTime",
"InType": "FILETIME"
},
{
"FieldName": "adjustedWakeTime",
"InType": "FILETIME"
},
{
"FieldName": "fullWake",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "MonitorOnWithLidClosed",
"FieldInfo": [
{
"FieldName": "lidState",
"InType": "UINT8"
},
{
"FieldName": "externalMonitorConnectedState",
"InType": "UINT8"
},
{
"FieldName": "monitorRequestReasonCode",
"InType": "UINT32"
},
{
"FieldName": "isPowerSourceConnected",
"InType": "UINT8"
},
{
"FieldName": "CsSessionId",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "UserInitiatedDisplayBurstStatus",
"FieldInfo": [
{
"FieldName": "LidOpen",
"InType": "UINT8"
},
{
"FieldName": "ExternalMonitorConnected",
"InType": "UINT8"
},
{
"FieldName": "IsDisplayBurstSuppressed",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopDiagTraceExternalDisplayState",
"FieldInfo": [
{
"FieldName": "IsExternalMonitorConnected",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ConnectivityInStandbyUpdate",
"FieldInfo": [
{
"FieldName": "State",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SleepCheckpointInitFailed",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BackgroundActivityPolicyUpdate",
"FieldInfo": [
{
"FieldName": "PreviousPolicy",
"InType": "UINT32"
},
{
"FieldName": "NewPolicy",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ForceIdleResetReason",
"FieldInfo": [
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "WinloadFatalError",
"FieldInfo": [
{
"FieldName": "errorBootId",
"InType": "UINT32"
},
{
"FieldName": "repeatCount",
"InType": "UINT32"
},
{
"FieldName": "otherErrorCount",
"InType": "UINT32"
},
{
"FieldName": "errorCode",
"InType": "UINT32"
},
{
"FieldName": "errorStatus",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "OSStateChange",
"FieldInfo": [
{
"FieldName": "StateTransition",
"InType": "UINT16"
},
{
"FieldName": "StateTransitionSub",
"InType": "UINT16"
},
{
"FieldName": "StateDurationMS",
"InType": "UINT64"
},
{
"FieldName": "BootId",
"InType": "UINT32"
},
{
"FieldName": "BootTimeUTC",
"InType": "FILETIME"
},
{
"FieldName": "UptimeDeltaMS",
"InType": "UINT64"
},
{
"FieldName": "TotalDurationMS",
"InType": "UINT64"
},
{
"FieldName": "TotalUptimeMS",
"InType": "UINT64"
},
{
"FieldName": "LastStateTransition",
"InType": "UINT16"
},
{
"FieldName": "LastStateTransitionSub",
"InType": "UINT16"
},
{
"FieldName": "EventSequence",
"InType": "UINT32"
},
{
"FieldName": "ActualTransitions",
"InType": "UINT32"
},
{
"FieldName": "TransitionsToOn",
"InType": "UINT32"
},
{
"FieldName": "BatteryCapacity",
"InType": "UINT32"
},
{
"FieldName": "BatteryCharge",
"InType": "UINT32"
},
{
"FieldName": "EnergyChangeV2",
"InType": "INT64"
},
{
"FieldName": "EnergyChangeV2Flags",
"InType": "UINT32"
},
{
"FieldName": "AcPowerOnline",
"InType": "BOOL32"
},
{
"FieldName": "BatteryDischarging",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalZonePassiveHistogram",
"FieldInfo": [
{
"FieldName": "thermalZoneName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "zoneDescription",
"InType": "UNICODESTRING"
},
{
"FieldName": "throttleHistogram",
"InType": "UINT32"
},
{
"FieldName": "bucketThresholds",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalStandbyComplete",
"FieldInfo": [
{
"FieldName": "completionReason",
"InType": "UINT32"
},
{
"FieldName": "standbyTime",
"InType": "UINT32"
},
{
"FieldName": "firstThermalStandby",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalRequestPassiveHistogram",
"FieldInfo": [
{
"FieldName": "targetDeviceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "policyDeviceService",
"InType": "UNICODESTRING"
},
{
"FieldName": "throttleHistogram",
"InType": "UINT32"
},
{
"FieldName": "bucketThresholds",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalZoneActiveActivity",
"FieldInfo": [
{
"FieldName": "thermalZoneName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "zoneDescription",
"InType": "UNICODESTRING"
},
{
"FieldName": "totalTime",
"InType": "UINT32"
},
{
"FieldName": "activeTimes",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalRequestActiveActivity",
"FieldInfo": [
{
"FieldName": "targetDeviceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "policyDeviceService",
"InType": "UNICODESTRING"
},
{
"FieldName": "totalTime",
"InType": "UINT32"
},
{
"FieldName": "activeTime",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PowerReconfigNotification",
"FieldInfo": [
{
"FieldName": "timeStampUTC",
"InType": "FILETIME"
},
{
"FieldName": "batteryCount",
"InType": "UINT32"
},
{
"FieldName": "batteryCapacity",
"InType": "UINT32"
},
{
"FieldName": "batteryCharge",
"InType": "UINT32"
},
{
"FieldName": "acPowerOnline",
"InType": "BOOL32"
},
{
"FieldName": "batteryDischarging",
"InType": "BOOL32"
},
{
"FieldName": "batteryChargingState",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "Cr3Mitigated",
"FieldInfo": [
{
"FieldName": "generationId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "Cr3Tripped",
"FieldInfo": [
{
"FieldName": "generationId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalStandbyInitiated",
"FieldInfo": [
{
"FieldName": "firstThermalStandby",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SmbiosChange",
"FieldInfo": [
{
"FieldName": "OldTableAddr",
"InType": "UINT64"
},
{
"FieldName": "OldTableLen",
"InType": "UINT32"
},
{
"FieldName": "NewTableAddr",
"InType": "UINT64"
},
{
"FieldName": "NewTableLen",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ZoneCr3Mitigated",
"FieldInfo": [
{
"FieldName": "generationId",
"InType": "UINT32"
},
{
"FieldName": "temperature",
"InType": "UINT32"
},
{
"FieldName": "zoneName",
"InType": "UNICODESTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ZoneCr3Tripped",
"FieldInfo": [
{
"FieldName": "generationId",
"InType": "UINT32"
},
{
"FieldName": "policyDriver",
"InType": "UINT8"
},
{
"FieldName": "passiveEngaged",
"InType": "UINT8"
},
{
"FieldName": "activeEngaged",
"InType": "UINT8"
},
{
"FieldName": "temperature",
"InType": "UINT32"
},
{
"FieldName": "tripPointTemperature",
"InType": "UINT32"
},
{
"FieldName": "zoneName",
"InType": "UNICODESTRING"
},
{
"FieldName": "zoneDescription",
"InType": "UNICODESTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "EnergySaverEngagementChanged",
"FieldInfo": [
{
"FieldName": "engagementReason",
"InType": "UINT32"
},
{
"FieldName": "duration",
"InType": "UINT64"
},
{
"FieldName": "batteryDelta",
"InType": "INT32"
},
{
"FieldName": "acPowerOnline",
"InType": "BOOL32"
},
{
"FieldName": "energySaverMode",
"InType": "UINT32"
},
{
"FieldName": "batteryThreshold",
"InType": "UINT32"
},
{
"FieldName": "userAway",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "EnergySaverSettingChanged",
"FieldInfo": [
{
"FieldName": "energySaverMode",
"InType": "UINT32"
},
{
"FieldName": "batteryThreshold",
"InType": "UINT32"
},
{
"FieldName": "userAway",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PoFxDefaultPepWorkerOrphaned",
"FieldInfo": [
{
"FieldName": "NumExtraDevices",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PoFxDefaultPepWorkerRecovered",
"FieldInfo": [
{
"FieldName": "NumExtraDevices",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CsEnterReason",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "MonitorRequestReason",
"InType": "UINT32"
},
{
"FieldName": "LidOpenState",
"InType": "UINT32"
},
{
"FieldName": "ExternalMonitorConnectedState",
"InType": "UINT32"
},
{
"FieldName": "BatteryRemainingCapacityOnEnter",
"InType": "UINT32"
},
{
"FieldName": "BatteryFullCapacityOnEnter",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DripsHistogram",
"FieldInfo": [
{
"FieldName": "csSessionId",
"InType": "UINT64"
},
{
"FieldName": "CsDurationInMinutes",
"InType": "UINT16"
},
{
"FieldName": "DripsPercentage",
"InType": "UINT8"
},
{
"FieldName": "Bucket2s",
"InType": "UINT8"
},
{
"FieldName": "Bucket16s",
"InType": "UINT8"
},
{
"FieldName": "Bucket1m",
"InType": "UINT8"
},
{
"FieldName": "BucketMaxim",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CsExitReason",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "EnergyDrain",
"InType": "UINT32"
},
{
"FieldName": "ActiveResidency",
"InType": "UINT64"
},
{
"FieldName": "NonDripsTimeActivated",
"InType": "UINT64"
},
{
"FieldName": "FirstDripsEntry",
"InType": "UINT64"
},
{
"FieldName": "DripsResidency",
"InType": "UINT64"
},
{
"FieldName": "Duration",
"InType": "UINT64"
},
{
"FieldName": "DripsTransitions",
"InType": "UINT32"
},
{
"FieldName": "FullChargeCapacityRatio",
"InType": "UINT8"
},
{
"FieldName": "AudioPlayed",
"InType": "UINT32"
},
{
"FieldName": "MonitorRequestReason",
"InType": "UINT32"
},
{
"FieldName": "AudioPlayback",
"InType": "UINT64"
},
{
"FieldName": "NonActivatedCpuActivity",
"InType": "UINT64"
},
{
"FieldName": "PowerStateAc",
"InType": "UINT32"
},
{
"FieldName": "TotalHwDripsResidency",
"InType": "UINT64"
},
{
"FieldName": "ExitLatency",
"InType": "UINT64"
},
{
"FieldName": "DisconnectedStandby",
"InType": "UINT32"
},
{
"FieldName": "AoAcCompliantNic",
"InType": "UINT32"
},
{
"FieldName": "NonAttributedCpuActivity",
"InType": "UINT64"
},
{
"FieldName": "LidOpenState",
"InType": "UINT32"
},
{
"FieldName": "ExternalMonitorConnectedState",
"InType": "UINT32"
},
{
"FieldName": "BatteryRemainingCapacityOnExit",
"InType": "UINT32"
},
{
"FieldName": "BatteryFullChargeCapacityOnExit",
"InType": "UINT32"
},
{
"FieldName": "EtwPoolAllocationStatus",
"InType": "UINT32"
},
{
"FieldName": "InputSuppressionCount",
"InType": "UINT32"
},
{
"FieldName": "NonResiliencyTime",
"InType": "UINT64"
},
{
"FieldName": "ResiliencyDripsTime",
"InType": "UINT64"
},
{
"FieldName": "ResiliencyHwDripsTime",
"InType": "UINT64"
},
{
"FieldName": "GdiOnTime",
"InType": "UINT64"
},
{
"FieldName": "DwiSyncFlushTime",
"InType": "UINT64"
},
{
"FieldName": "MonitorPowerOnTime",
"InType": "UINT64"
},
{
"FieldName": "PowerButtonSuppressionCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PopDiagFxDeviceAccounting",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT64"
},
{
"FieldName": "InstancePath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "CsActiveTime",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimeBuckets",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimePerBucket",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimeUnattributed",
"InType": "UINT64"
},
{
"FieldName": "DeviceClassName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceClassGuid",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "FriendlyName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PopDiagFxComponentAccounting",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT64"
},
{
"FieldName": "InstancePath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Component",
"InType": "UINT32"
},
{
"FieldName": "CsActiveTime",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimeBuckets",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimePerBucket",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimeUnattributed",
"InType": "UINT64"
},
{
"FieldName": "DeviceClassName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceClassGuid",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "FriendlyName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PopDiagFxGlobalDeviceAccounting",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTime",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimeBuckets",
"InType": "UINT64"
},
{
"FieldName": "CsActiveTimePerBucket",
"InType": "UINT64"
},
{
"FieldName": "CsUnattributedTime",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PowerSettingChangeRegistration",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Process",
"InType": "UNICODESTRING"
},
{
"FieldName": "SessionID",
"InType": "UINT32"
},
{
"FieldName": "SettingGuid",
"InType": "GUID"
},
{
"FieldName": "SettingFound",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AdaptiveTimeoutOverrideTriggered",
"FieldInfo": [
{
"FieldName": "TriggerTimestamp",
"InType": "UINT64"
},
{
"FieldName": "CurrentTimestamp",
"InType": "UINT64"
},
{
"FieldName": "OverrideType",
"InType": "UINT32"
},
{
"FieldName": "DisplayTimeout",
"InType": "UINT32"
},
{
"FieldName": "DimTimeout",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AdaptiveTimeoutOverrideClear",
"FieldInfo": [
{
"FieldName": "OverrideType",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "AbnormalShutdown",
"FieldInfo": [
{
"FieldName": "BootStatValid",
"InType": "UINT8"
},
{
"FieldName": "CurrentBootId",
"InType": "UINT32"
},
{
"FieldName": "LastShutdownBootId",
"InType": "UINT32"
},
{
"FieldName": "Bugcheck",
"InType": "STRUCT"
},
{
"FieldName": "BugcheckCode",
"InType": "HEXINT64"
},
{
"FieldName": "BugcheckParam1",
"InType": "HEXINT64"
},
{
"FieldName": "BugcheckParam2",
"InType": "HEXINT64"
},
{
"FieldName": "BugcheckParam3",
"InType": "HEXINT64"
},
{
"FieldName": "BugcheckParam4",
"InType": "HEXINT64"
},
{
"FieldName": "BugcheckInfoFromEFI",
"InType": "UINT32"
},
{
"FieldName": "SystemStateTransition",
"InType": "STRUCT"
},
{
"FieldName": "OnAc",
"InType": "UINT8"
},
{
"FieldName": "LidState",
"InType": "UINT8"
},
{
"FieldName": "DisplayState",
"InType": "UINT8"
},
{
"FieldName": "BatteryPercentage",
"InType": "UINT8"
},
{
"FieldName": "LastBatteryLevel",
"InType": "UINT8"
},
{
"FieldName": "SystemRunning",
"InType": "UINT8"
},
{
"FieldName": "AutoChkCausedReboot",
"InType": "UINT8"
},
{
"FieldName": "SetupInProgress",
"InType": "UINT8"
},
{
"FieldName": "OOBEInProgress",
"InType": "UINT8"
},
{
"FieldName": "IsLidReliable",
"InType": "UINT8"
},
{
"FieldName": "InputSuppressionState",
"InType": "UINT8"
},
{
"FieldName": "PowerButtonSuppressionState",
"InType": "UINT8"
},
{
"FieldName": "LastStateTransitionBootId",
"InType": "UINT32"
},
{
"FieldName": "SleepInProgress",
"InType": "UINT32"
},
{
"FieldName": "SleepTransitionsToOn",
"InType": "UINT16"
},
{
"FieldName": "UserShutdownInProgress",
"InType": "UINT8"
},
{
"FieldName": "SystemShutdownInProgress",
"InType": "UINT8"
},
{
"FieldName": "ShutdownDeviceType",
"InType": "UINT8"
},
{
"FieldName": "ConnectedStandbyInProgress",
"InType": "UINT8"
},
{
"FieldName": "CsEntryScenarioInstanceId",
"InType": "UINT64"
},
{
"FieldName": "CsEntryReasonCategory",
"InType": "UINT8"
},
{
"FieldName": "CsEntryReason",
"InType": "UINT8"
},
{
"FieldName": "CsExitReasonCategory",
"InType": "UINT8"
},
{
"FieldName": "CsExitReason",
"InType": "UINT8"
},
{
"FieldName": "PowerButtonTimestamp",
"InType": "FILETIME"
},
{
"FieldName": "LastReferenceTime",
"InType": "FILETIME"
},
{
"FieldName": "LastReferenceTimeCheckSum",
"InType": "UINT32"
},
{
"FieldName": "SleepCheckpoint",
"InType": "UINT8"
},
{
"FieldName": "SleepCheckpointStatus",
"InType": "UINT8"
},
{
"FieldName": "SleepCheckpointSource",
"InType": "UINT8"
},
{
"FieldName": "LongPowerButtonHold",
"InType": "STRUCT"
},
{
"FieldName": "LastPressBootId",
"InType": "UINT16"
},
{
"FieldName": "LastPressTime",
"InType": "FILETIME"
},
{
"FieldName": "LastReleaseBootId",
"InType": "UINT16"
},
{
"FieldName": "LastReleaseTime",
"InType": "FILETIME"
},
{
"FieldName": "CumulativePressCount",
"InType": "UINT32"
},
{
"FieldName": "CumulativeReleaseCount",
"InType": "UINT32"
},
{
"FieldName": "ErrorCount",
"InType": "UINT16"
},
{
"FieldName": "ShutdownInProgress",
"InType": "UINT8"
},
{
"FieldName": "PowerWatchdogArmed",
"InType": "UINT8"
},
{
"FieldName": "LastPowerWatchdogStage",
"InType": "UINT8"
},
{
"FieldName": "CurrentCsPhase",
"InType": "UINT8"
},
{
"FieldName": "TransitionLatestCheckpointId",
"InType": "UINT32"
},
{
"FieldName": "TransitionLatestCheckpointType",
"InType": "UINT32"
},
{
"FieldName": "TransitionLatestCheckpointSeqNumber",
"InType": "UINT32"
},
{
"FieldName": "LongPowerButtonPressDetected",
"InType": "UINT8"
},
{
"FieldName": "LongPowerButtonPressInstanceGuid",
"InType": "GUID"
},
{
"FieldName": "BootEnvironment",
"InType": "STRUCT"
},
{
"FieldName": "BootAppDiagStatus",
"InType": "UINT32"
},
{
"FieldName": "BootAppDiagCode",
"InType": "UINT32"
},
{
"FieldName": "FirmwareType",
"InType": "UINT8"
},
{
"FieldName": "CrashDump",
"InType": "STRUCT"
},
{
"FieldName": "CrashDumpEnabled",
"InType": "UINT32"
},
{
"FieldName": "FilterPages",
"InType": "UINT32"
},
{
"FieldName": "Version",
"InType": "UINT32"
},
{
"FieldName": "BugcheckBootId",
"InType": "UINT32"
},
{
"FieldName": "BugcheckProgress",
"InType": "UINT32"
},
{
"FieldName": "BugcheckCode",
"InType": "UINT32"
},
{
"FieldName": "BugcheckParameter1",
"InType": "UINT64"
},
{
"FieldName": "OriginalDumpType",
"InType": "UINT32"
},
{
"FieldName": "OtherSettings",
"InType": "UINT32"
},
{
"FieldName": "ContextFlags",
"InType": "UINT32"
},
{
"FieldName": "CrashCount",
"InType": "UINT32"
},
{
"FieldName": "Watchdog",
"InType": "STRUCT"
},
{
"FieldName": "WatchdogPresent",
"InType": "UINT8"
},
{
"FieldName": "WatchdogFired",
"InType": "UINT8"
},
{
"FieldName": "WatchdogInfoClass",
"InType": "UINT32"
},
{
"FieldName": "FirmwareReset",
"InType": "STRUCT"
},
{
"FieldName": "FirmwareResetReasonSupplied",
"InType": "UINT8"
},
{
"FieldName": "Pch",
"InType": "UINT8"
},
{
"FieldName": "PchAdditional",
"InType": "UINT32"
},
{
"FieldName": "EmbeddedController",
"InType": "UINT8"
},
{
"FieldName": "EmbeddedControllerAdditional",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "SpuriousManualPowerButtonBugcheck",
"FieldInfo": [
{
"FieldName": "Timeout",
"InType": "UINT32"
},
{
"FieldName": "CumulativePressCount",
"InType": "UINT32"
},
{
"FieldName": "CumulativeReleaseCount",
"InType": "UINT32"
},
{
"FieldName": "SpuriousEvent",
"InType": "UINT8"
},
{
"FieldName": "CummulativeLogger",
"InType": "UINT64"
},
{
"FieldName": "ProcessedPressCount",
"InType": "UINT32"
},
{
"FieldName": "ProcessedReleaseCount",
"InType": "UINT32"
},
{
"FieldName": "ProcessedLogger",
"InType": "UINT64"
},
{
"FieldName": "LidState",
"InType": "UINT32"
},
{
"FieldName": "BugcheckEnabled",
"InType": "UINT8"
},
{
"FieldName": "ManualBugcheckRegistryConfig",
"InType": "UINT32"
},
{
"FieldName": "OneSettingBugcheckRegistryConfig",
"InType": "UINT32"
},
{
"FieldName": "LiveDumpConfig",
"InType": "UINT32"
},
{
"FieldName": "ManualLiveDumpConfig",
"InType": "UINT32"
},
{
"FieldName": "OneSettingLiveDumpConfig",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ManualPowerButtonBugcheck",
"FieldInfo": [
{
"FieldName": "Timeout",
"InType": "UINT32"
},
{
"FieldName": "CumulativePressCount",
"InType": "UINT32"
},
{
"FieldName": "CumulativeReleaseCount",
"InType": "UINT32"
},
{
"FieldName": "SpuriousEvent",
"InType": "UINT8"
},
{
"FieldName": "CummulativeLogger",
"InType": "UINT64"
},
{
"FieldName": "ProcessedPressCount",
"InType": "UINT32"
},
{
"FieldName": "ProcessedReleaseCount",
"InType": "UINT32"
},
{
"FieldName": "ProcessedLogger",
"InType": "UINT64"
},
{
"FieldName": "LidState",
"InType": "UINT32"
},
{
"FieldName": "BugcheckEnabled",
"InType": "UINT8"
},
{
"FieldName": "ManualBugcheckRegistryConfig",
"InType": "UINT32"
},
{
"FieldName": "OneSettingBugcheckRegistryConfig",
"InType": "UINT32"
},
{
"FieldName": "LiveDumpConfig",
"InType": "UINT32"
},
{
"FieldName": "ManualLiveDumpConfig",
"InType": "UINT32"
},
{
"FieldName": "OneSettingLiveDumpConfig",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SleepReliabilityDetailedDiag",
"FieldInfo": [
{
"FieldName": "DiagEnabled",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "BootStatIntegrity",
"FieldInfo": [
{
"FieldName": "CurrentBootId",
"InType": "UINT32"
},
{
"FieldName": "FailedBsdItemMask",
"InType": "HEXINT32"
},
{
"FieldName": "FailureCode",
"InType": "UINT32"
},
{
"FieldName": "Integrity",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DeviceIrpIssuedAfterSxCompletion",
"FieldInfo": [
{
"FieldName": "DeviceState",
"InType": "UINT32"
},
{
"FieldName": "DriverName",
"InType": "UNICODESTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PoIrpFinish",
"FieldInfo": [
{
"FieldName": "ElapsedTime",
"InType": "UINT32"
},
{
"FieldName": "StartTime",
"InType": "UINT64"
},
{
"FieldName": "FinishTime",
"InType": "UINT64"
},
{
"FieldName": "Driver",
"InType": "UNICODESTRING"
},
{
"FieldName": "WatchdogTimeout",
"InType": "UINT32"
},
{
"FieldName": "PowerStateType",
"InType": "UINT32"
},
{
"FieldName": "PowerState",
"InType": "UINT32"
},
{
"FieldName": "IrpStatus",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "TimeAndAlarmCapabilities",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "AcWakeSupported",
"InType": "UINT8"
},
{
"FieldName": "DcWakeSupported",
"InType": "UINT8"
},
{
"FieldName": "S4AcWakeSupported",
"InType": "UINT8"
},
{
"FieldName": "S4DcWakeSupported",
"InType": "UINT8"
},
{
"FieldName": "S5AcWakeSupported",
"InType": "UINT8"
},
{
"FieldName": "S5DcWakeSupported",
"InType": "UINT8"
},
{
"FieldName": "S4S5WakeStatusSupported",
"InType": "UINT8"
},
{
"FieldName": "DeepestWakeSystemState",
"InType": "UINT32"
},
{
"FieldName": "RealTimeFeaturesSupported",
"InType": "UINT8"
},
{
"FieldName": "RealTimeResolution",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "BatteryEnergyChange",
"FieldInfo": [
{
"FieldName": "deviceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "energyCountermW",
"InType": "UINT64"
},
{
"FieldName": "isEnergyCounterUnavailable",
"InType": "ANSISTRING"
},
{
"FieldName": "isCapacityRelative",
"InType": "ANSISTRING"
},
{
"FieldName": "isFccUnavailable",
"InType": "ANSISTRING"
},
{
"FieldName": "isCapacityUnavailable",
"InType": "ANSISTRING"
},
{
"FieldName": "energyChangemW",
"InType": "INT64"
},
{
"FieldName": "lastStateOfCharge",
"InType": "UINT32"
},
{
"FieldName": "lastStateOfChargeFccAdjusted",
"InType": "UINT32"
},
{
"FieldName": "lastFullChargedCapacity",
"InType": "UINT32"
},
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "isPowerOnlineBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isDischargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isChargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isCriticalBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargeLimitingFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStatePowerSupplyPresentFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStateAdequateFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isPlatformBClEnabled",
"InType": "ANSISTRING"
},
{
"FieldName": "percentCapacity",
"InType": "UINT32"
},
{
"FieldName": "milliPercentCapacity",
"InType": "UINT32"
},
{
"FieldName": "stateOfCharge",
"InType": "UINT32"
},
{
"FieldName": "fullChargedCapacity",
"InType": "UINT32"
},
{
"FieldName": "instantaneousVoltage",
"InType": "UINT32"
},
{
"FieldName": "instantaneousRate",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "CompositeBatteryEnergyChange",
"FieldInfo": [
{
"FieldName": "energyCountermW",
"InType": "UINT64"
},
{
"FieldName": "isEnergyCounterUnavailable",
"InType": "ANSISTRING"
},
{
"FieldName": "isCapacityRelative",
"InType": "ANSISTRING"
},
{
"FieldName": "isFccUnavailable",
"InType": "ANSISTRING"
},
{
"FieldName": "isCapacityUnavailable",
"InType": "ANSISTRING"
},
{
"FieldName": "energyChangemW",
"InType": "INT64"
},
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "isPowerOnlineBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isDischargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isChargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isCriticalBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargeLimitingFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStatePowerSupplyPresentFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStateAdequateFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isPlatformBClEnabled",
"InType": "ANSISTRING"
},
{
"FieldName": "percentCapacity",
"InType": "UINT32"
},
{
"FieldName": "milliPercentCapacity",
"InType": "UINT32"
},
{
"FieldName": "stateOfCharge",
"InType": "UINT32"
},
{
"FieldName": "fullChargedCapacity",
"InType": "UINT32"
},
{
"FieldName": "instantaneousVoltage",
"InType": "UINT32"
},
{
"FieldName": "instantaneousRate",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryWeakCharger",
"FieldInfo": [
{
"FieldName": "WeakChargerState",
"InType": "UINT8"
},
{
"FieldName": "MpWeakCharger",
"InType": "UINT32"
},
{
"FieldName": "UsbWeakCharger",
"InType": "UINT32"
},
{
"FieldName": "SoftwareMeasuredWeakChargerState",
"InType": "UINT8"
},
{
"FieldName": "NowOnAC",
"InType": "UINT8"
},
{
"FieldName": "WNFPublished",
"InType": "UINT8"
},
{
"FieldName": "WNFPublishStatus",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PowerStateChange",
"FieldInfo": [
{
"FieldName": "wnfPublishStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryChargePercentageChange",
"FieldInfo": [
{
"FieldName": "RemainingPercentage",
"InType": "UINT32"
},
{
"FieldName": "PercentageChange",
"InType": "INT32"
},
{
"FieldName": "AcDcState",
"InType": "UINT32"
},
{
"FieldName": "ElapsedTimeMs",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ChargeTimeEstimate",
"FieldInfo": [
{
"FieldName": "capacity",
"InType": "UINT64"
},
{
"FieldName": "estimate",
"InType": "UINT64"
},
{
"FieldName": "maxRate",
"InType": "UINT64"
},
{
"FieldName": "path",
"InType": "UINT8"
},
{
"FieldName": "rate",
"InType": "UINT64"
},
{
"FieldName": "state",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "SpoilBatteryEstimation",
"FieldInfo": [
{
"FieldName": "isSpoiledIndefinate",
"InType": "BOOL32"
},
{
"FieldName": "spoilerType",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryDischarging",
"FieldInfo": [
{
"FieldName": "isKernelDetectedBatteryDischarging",
"InType": "BOOL32"
},
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "isPowerOnlineBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isDischargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isChargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isCriticalBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargeLimitingFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStatePowerSupplyPresentFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStateAdequateFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isPlatformBClEnabled",
"InType": "ANSISTRING"
},
{
"FieldName": "percentCapacity",
"InType": "UINT32"
},
{
"FieldName": "milliPercentCapacity",
"InType": "UINT32"
},
{
"FieldName": "stateOfCharge",
"InType": "UINT32"
},
{
"FieldName": "fullChargedCapacity",
"InType": "UINT32"
},
{
"FieldName": "instantaneousVoltage",
"InType": "UINT32"
},
{
"FieldName": "instantaneousRate",
"InType": "INT32"
},
{
"FieldName": "wnfPublishStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryChargeLimitingMode",
"FieldInfo": [
{
"FieldName": "IsBatteryChargeLimitingMode",
"InType": "UINT8"
},
{
"FieldName": "wnfPublishStatus",
"InType": "UINT32"
},
{
"FieldName": "powerSettingPublishStatus",
"InType": "UINT32"
},
{
"FieldName": "isBclDc",
"InType": "ANSISTRING"
},
{
"FieldName": "isBclAc",
"InType": "ANSISTRING"
},
{
"FieldName": "isNobclDc",
"InType": "ANSISTRING"
},
{
"FieldName": "isNoBclAc",
"InType": "ANSISTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "RateBasedDischargePrediction",
"FieldInfo": [
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "isPowerOnlineBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isDischargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isChargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isCriticalBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargeLimitingFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStatePowerSupplyPresentFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStateAdequateFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isPlatformBClEnabled",
"InType": "ANSISTRING"
},
{
"FieldName": "percentCapacity",
"InType": "UINT32"
},
{
"FieldName": "milliPercentCapacity",
"InType": "UINT32"
},
{
"FieldName": "stateOfCharge",
"InType": "UINT32"
},
{
"FieldName": "fullChargedCapacity",
"InType": "UINT32"
},
{
"FieldName": "instantaneousVoltage",
"InType": "UINT32"
},
{
"FieldName": "instantaneousRate",
"InType": "INT32"
},
{
"FieldName": "dischargeEstimateDisabled",
"InType": "UINT32"
},
{
"FieldName": "dischargeEstimate",
"InType": "UINT64"
},
{
"FieldName": "IsDischargeEstimateSpoiled",
"InType": "BOOL32"
},
{
"FieldName": "wnfPublishStatus",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CompositeBattery",
"FieldInfo": [
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "isPowerOnlineBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isDischargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isChargingBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isCriticalBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargeLimitingFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStatePowerSupplyPresentFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isBatteryChargingStateAdequateFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "isPlatformBClEnabled",
"InType": "ANSISTRING"
},
{
"FieldName": "percentCapacity",
"InType": "UINT32"
},
{
"FieldName": "milliPercentCapacity",
"InType": "UINT32"
},
{
"FieldName": "stateOfCharge",
"InType": "UINT32"
},
{
"FieldName": "fullChargedCapacity",
"InType": "UINT32"
},
{
"FieldName": "instantaneousVoltage",
"InType": "UINT32"
},
{
"FieldName": "instantaneousRate",
"InType": "INT32"
},
{
"FieldName": "globalBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "activeBatteryCount",
"InType": "UINT32"
},
{
"FieldName": "isCapacityRelativeBatteryFlag",
"InType": "ANSISTRING"
},
{
"FieldName": "designedCapacity",
"InType": "UINT32"
},
{
"FieldName": "wnfPublishStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "BatteryChargeLevel",
"FieldInfo": [
{
"FieldName": "batteryLevel",
"InType": "ANSISTRING"
},
{
"FieldName": "wnfPublishStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BatteryStateNotification",
"FieldInfo": [
{
"FieldName": "batteryLow",
"InType": "BOOL32"
},
{
"FieldName": "batteryLevel",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanUpdateStatistics_UpdateBucket",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "LastUpdate",
"InType": "UINT64"
},
{
"FieldName": "CurrentTime",
"InType": "UINT64"
},
{
"FieldName": "Speed",
"InType": "UINT32"
},
{
"FieldName": "BucketIndex",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanReadFanNoiseInfo",
"FieldInfo": [
{
"FieldName": "InternalLevel",
"InType": "UINT32"
},
{
"FieldName": "NoiseImpactFanCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanUpdateSpeed_UpdatedNoiseLevel",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "OldFanNoiseLevel",
"InType": "INT32"
},
{
"FieldName": "NewFanNoiseLevel",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanUpdateSpeed_UnexpectedNoiseImpactFanCount",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "NoiseImpactFanCount",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanUpdateSpeed_TripPoint",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "LowTripPoint",
"InType": "UINT32"
},
{
"FieldName": "HighTripPoint",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanUpdateSpeed_Done",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "Speed",
"InType": "UINT32"
},
{
"FieldName": "NoiseImpactSupport",
"InType": "UINT8"
},
{
"FieldName": "AccountingDisabled",
"InType": "UINT8"
},
{
"FieldName": "TripPointUpdatedNeeded",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorkerIoctlFail",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "FanWorkerState",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorker_TripPoint_Failed",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorkerNextState",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "NextState",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorkerUnexpectedNextState",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "NextState",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanSetupRpmBucketsInvalidGranularity",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "Granularity",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanSetupRpmBucketsInvalidZones",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "ZoneMaxRpm",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanSetupRpmBucketsFailure",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "RpmIndex",
"InType": "UINT32"
},
{
"FieldName": "ZoneMaxRpm",
"InType": "UINT32"
},
{
"FieldName": "BucketMaxRpm",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanSetupRpmBucketsDone",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "ZoneMaxRpm",
"InType": "UINT32"
},
{
"FieldName": "BucketMaxRpm",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorkerIoctlSuccess",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "FanWorkerState",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorker_FanStatus",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "Engaged",
"InType": "UINT32"
},
{
"FieldName": "Speed",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorker_TripPoints",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
},
{
"FieldName": "LowTripPoint",
"InType": "UINT32"
},
{
"FieldName": "HighTripPoint",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorker_NoState",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorker_Stop",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PopFanWorker_UnknownState",
"FieldInfo": [
{
"FieldName": "Fan",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PopDripsWakeSpuriousBuckets",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "SpuriousWakeBucketCounts",
"InType": "UINT32"
},
{
"FieldName": "SpuriousWakeBucketTimesMs",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "PopDripsWakeProcessStatistics",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "WorkerDelayTimeMs",
"InType": "UINT64"
},
{
"FieldName": "WorkerRunTimeMs",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PoDripsWakeSource",
"FieldInfo": [
{
"FieldName": "CsSessionId",
"InType": "UINT64"
},
{
"FieldName": "Type",
"InType": "UINT32"
},
{
"FieldName": "Reason1",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Reason2",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Reason3",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Count",
"InType": "UINT32"
},
{
"FieldName": "IdleMinDurationInUs",
"InType": "UINT64"
},
{
"FieldName": "IdleMaxDurationInUs",
"InType": "UINT64"
},
{
"FieldName": "IdleTotalDurationInUs",
"InType": "UINT64"
},
{
"FieldName": "CpuWakeMasks",
"InType": "STRUCT"
},
{
"FieldName": "Group",
"InType": "UINT16"
},
{
"FieldName": "Mask",
"InType": "UINT64"
},
{
"FieldName": "IdleIntervalCountBucketLimitsInMs",
"InType": "UINT64"
},
{
"FieldName": "IdleIntervalCountBuckets",
"InType": "UINT32"
},
{
"FieldName": "PeriodIntervalCountBucketLimitsInMs",
"InType": "UINT64"
},
{
"FieldName": "PeriodIntervalCountBuckets",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "ActiveTotalTimeUs",
"InType": "UINT64"
},
{
"FieldName": "ActiveBucketCounts",
"InType": "UINT32"
},
{
"FieldName": "ActiveBucketTimesUs",
"InType": "UINT64"
},
{
"FieldName": "ActivatorTotalTimeUs",
"InType": "UINT64"
},
{
"FieldName": "ActivatorBucketCounts",
"InType": "UINT32"
},
{
"FieldName": "ActivatorBucketTimesUs",
"InType": "UINT64"
},
{
"FieldName": "DeviceTotalTimeUs",
"InType": "UINT64"
},
{
"FieldName": "DeviceBucketCounts",
"InType": "UINT32"
},
{
"FieldName": "DeviceBucketTimesUs",
"InType": "UINT64"
},
{
"FieldName": "ExcessTotalTimeUs",
"InType": "UINT64"
},
{
"FieldName": "ExcessBucketCounts",
"InType": "UINT32"
},
{
"FieldName": "ExcessBucketTimesUs",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DeviceDiagnostics",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT8"
},
{
"FieldName": "FriendlyName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "HardwareId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceClassName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceClassGuid",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "BroadcastTreeId",
"InType": "UINT32"
},
{
"FieldName": "DfxTransitionCount",
"InType": "UINT32"
},
{
"FieldName": "Ps4TransitionCount",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "InstancePath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ScenarioIdV2",
"InType": "UINT64"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "ServiceName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BroadcastTreeErrorRecord",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT64"
},
{
"FieldName": "RootDeviceId",
"InType": "UINT32"
},
{
"FieldName": "BroadcastTreeId",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "ErrorDeviceId",
"InType": "UINT32"
},
{
"FieldName": "ReasonCode",
"InType": "UINT32"
},
{
"FieldName": "Count",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BroadcastTreeStatistics",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT64"
},
{
"FieldName": "RootDeviceId",
"InType": "UINT32"
},
{
"FieldName": "DeviceMarkedCount",
"InType": "UINT32"
},
{
"FieldName": "BroadcastTreeId",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "MitigatedActiveTimeBuckets",
"InType": "UINT32"
},
{
"FieldName": "MitigatedActiveTimePerBucket",
"InType": "UINT64"
},
{
"FieldName": "FailureReasonCounts",
"InType": "UINT32"
},
{
"FieldName": "PoweredDownTimeBuckets",
"InType": "UINT32"
},
{
"FieldName": "PoweredDownTimePerBucket",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SessionStatistics",
"FieldInfo": [
{
"FieldName": "ScenarioId",
"InType": "UINT64"
},
{
"FieldName": "EnabledMitigations",
"InType": "UINT32"
},
{
"FieldName": "AllowedMitigations",
"InType": "UINT32"
},
{
"FieldName": "EngagedMitigations",
"InType": "UINT32"
},
{
"FieldName": "PnpDisengageTime",
"InType": "UINT64"
},
{
"FieldName": "RequestCountsTotal",
"InType": "UINT32"
},
{
"FieldName": "RequestBlockingTimes",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlPowerPlaneComponentProfile",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "ComponentGuid",
"InType": "GUID"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PowerPlaneId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "FxPower",
"InType": "STRUCT"
},
{
"FieldName": "ExclusivePowerMw",
"InType": "UINT32"
},
{
"FieldName": "PeakPowerMw",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlPowerPlaneDeviceProfile",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PowerPlaneId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ComponentCount",
"InType": "UINT32"
},
{
"FieldName": "PowerDrawMw",
"InType": "INT32"
},
{
"FieldName": "DxPower",
"InType": "STRUCT"
},
{
"FieldName": "ExclusivePowerMw",
"InType": "UINT32"
},
{
"FieldName": "PeakPowerMw",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlPowerPlaneProfile",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "PowerPlaneId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DeviceCount",
"InType": "UINT32"
},
{
"FieldName": "DevicePowerMw",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlRegisterComponent",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "ComponentGuid",
"InType": "GUID"
},
{
"FieldName": "PowerProfileRegistered",
"InType": "BOOL32"
},
{
"FieldName": "IdleStateCount",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlRegisterDevice",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PowerProfileRegistered",
"InType": "BOOL32"
},
{
"FieldName": "ComponentCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlRegisterUnregisteredFxDevice",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DevicePowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "DevicePowerMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerMw",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlRegisterFxDevice",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DevicePowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "DevicePowerMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerMw",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlRegisterPowerPlaneStatus",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "ParsingStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlPublishSystemPowerChange",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "PowerPlaneId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "SystemPowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerMw",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlNotifyDeviceFState",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "ComponentGuid",
"InType": "GUID"
},
{
"FieldName": "TransactionState",
"InType": "ANSISTRING"
},
{
"FieldName": "FxState",
"InType": "UINT32"
},
{
"FieldName": "DevicePowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "DevicePowerMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerMw",
"InType": "INT32"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlNotifyDeviceDState",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "TransactionState",
"InType": "ANSISTRING"
},
{
"FieldName": "DxState",
"InType": "ANSISTRING"
},
{
"FieldName": "DevicePowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "DevicePowerMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerMw",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlUnregisterComponent",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "ComponentGuid",
"InType": "GUID"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PlUnregisterDevice",
"FieldInfo": [
{
"FieldName": "MessageVersion",
"InType": "UINT16"
},
{
"FieldName": "DeviceId",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "DevicePowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "DevicePowerMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerDeltaMw",
"InType": "INT32"
},
{
"FieldName": "SystemPowerMw",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PowerTransitionReliability",
"FieldInfo": [
{
"FieldName": "successFailure",
"InType": "UINT32"
},
{
"FieldName": "sleepState",
"InType": "UINT32"
},
{
"FieldName": "attributes",
"InType": "UINT32"
},
{
"FieldName": "statusCode",
"InType": "UNICODESTRING"
},
{
"FieldName": "WakeSourceClassName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "WakeSourceFriendlyName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "FullWake",
"InType": "UINT32"
},
{
"FieldName": "DeviceWakeSourceCount",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PowerTransitionReliability",
"FieldInfo": [
{
"FieldName": "successFailure",
"InType": "UINT32"
},
{
"FieldName": "sleepState",
"InType": "UINT32"
},
{
"FieldName": "attributes",
"InType": "UINT32"
},
{
"FieldName": "statusCode",
"InType": "UNICODESTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThermalZoneEnumeration",
"FieldInfo": [
{
"FieldName": "deviceInstance",
"InType": "UNICODESTRING"
},
{
"FieldName": "activeTripPoint0",
"InType": "UINT32"
},
{
"FieldName": "activeTripPoint1",
"InType": "UINT32"
},
{
"FieldName": "criticalTripPoint",
"InType": "UINT32"
},
{
"FieldName": "passiveTripPoint",
"InType": "UINT32"
},
{
"FieldName": "thermalstandbyTripPoint",
"InType": "UINT32"
},
{
"FieldName": "s4TransitionTripPoint",
"InType": "UINT32"
},
{
"FieldName": "samplingPeriod",
"InType": "UINT32"
},
{
"FieldName": "thermalConstant1",
"InType": "UINT32"
},
{
"FieldName": "thermalConstant2",
"InType": "UINT32"
},
{
"FieldName": "zoneDescription",
"InType": "UNICODESTRING"
},
{
"FieldName": "suggestedPollingPeriod",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "ThermalUsermodeEvent",
"FieldInfo": [
{
"FieldName": "tripPoint",
"InType": "UINT32"
},
{
"FieldName": "temperature",
"InType": "UINT32"
},
{
"FieldName": "mitigationType",
"InType": "UINT32"
},
{
"FieldName": "initiator",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "ThermalCriticalEvent",
"FieldInfo": [
{
"FieldName": "policyDriver",
"InType": "UINT8"
},
{
"FieldName": "passiveEngaged",
"InType": "UINT8"
},
{
"FieldName": "activeEngaged",
"InType": "UINT8"
},
{
"FieldName": "mitigationType",
"InType": "UINT32"
},
{
"FieldName": "temperature",
"InType": "UINT32"
},
{
"FieldName": "tripPointTemperature",
"InType": "UINT32"
},
{
"FieldName": "temperatureAboveTripPoint",
"InType": "UINT8"
},
{
"FieldName": "zoneName",
"InType": "UNICODESTRING"
},
{
"FieldName": "zoneDescription",
"InType": "UNICODESTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "FanEnumerated",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "PoAggregatorTargetStateChange",
"FieldInfo": [
{
"FieldName": "Intent",
"InType": "UINT32"
},
{
"FieldName": "RequestCause",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "CurrentTargetState",
"InType": "UINT32"
},
{
"FieldName": "NextTargetState",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceAssignedTerminalEvent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "AssignedTerminalId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceArrived",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "ProviderDeviceType",
"InType": "HEXINT32"
},
{
"FieldName": "StatusOut",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalDisplayStateChangedEvent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "DisplayState",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceSetInputWakeCapability",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "Enable",
"InType": "BOOL32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "TTM_Error",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Function",
"InType": "ANSISTRING"
},
{
"FieldName": "Line",
"InType": "UINT32"
},
{
"FieldName": "StatusIn",
"InType": "UINT32"
},
{
"FieldName": "StatusOut",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_ProximityPowerPress",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Escaped",
"InType": "UINT8"
},
{
"FieldName": "SpanSinceLastPress",
"InType": "UINT64"
},
{
"FieldName": "PowerPressCount",
"InType": "UINT32"
},
{
"FieldName": "ScenarioCount",
"InType": "UINT32"
},
{
"FieldName": "EscapeCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_InactivityTimeoutUpdate",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "NewTimeout",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_EnterProximity",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "ScenarioCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalTimeouts",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "DimTimeoutSeconds",
"InType": "UINT32"
},
{
"FieldName": "OffTimeoutSeconds",
"InType": "UINT32"
},
{
"FieldName": "SanitizedDimIntTime",
"InType": "UINT64"
},
{
"FieldName": "SanitizedOffIntTime",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceCalloutWatchdogCrashSkipped",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "PowerAction",
"InType": "UINT32"
},
{
"FieldName": "Code",
"InType": "UINT32"
},
{
"FieldName": "Parameter1",
"InType": "UINT64"
},
{
"FieldName": "Parameter2",
"InType": "UINT64"
},
{
"FieldName": "Parameter3",
"InType": "UINT64"
},
{
"FieldName": "Parameter4",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalOnRequest",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "PathTag",
"InType": "COUNTEDANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalRundown",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "TerminalState",
"InType": "UINT32"
},
{
"FieldName": "DisplayState",
"InType": "UINT32"
},
{
"FieldName": "DisplayStateReason",
"InType": "UINT32"
},
{
"FieldName": "FilteredInput",
"InType": "UINT32"
},
{
"FieldName": "PendingOnOff",
"InType": "UINT32"
},
{
"FieldName": "PendingOnOffReason",
"InType": "UINT32"
},
{
"FieldName": "DimTimeoutSeconds",
"InType": "UINT64"
},
{
"FieldName": "OffTimeoutSeconds",
"InType": "UINT64"
},
{
"FieldName": "ZeroTime",
"InType": "UINT64"
},
{
"FieldName": "PrxmSpanSinceLastPress",
"InType": "UINT64"
},
{
"FieldName": "PrxmPowerPressCount",
"InType": "UINT32"
},
{
"FieldName": "PrxmScenarioCount",
"InType": "UINT32"
},
{
"FieldName": "PrxmEscapeCount",
"InType": "UINT32"
},
{
"FieldName": "PrxmDisplayState",
"InType": "UINT32"
},
{
"FieldName": "PrxmDisplayStateReason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalOffRequest",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "PathTag",
"InType": "COUNTEDANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_InitiateModernStandbyTransitionStart",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Enter",
"InType": "UINT8"
},
{
"FieldName": "Reason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceToTerminalAssigned",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalCleanup",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "Terminal",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_QueueHandleClosed",
"FieldInfo": [
{
"FieldName": "Queue",
"InType": "HEXINT64"
},
{
"FieldName": "ProcessId",
"InType": "HEXINT64"
},
{
"FieldName": "SystemHandleCount",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceCallout",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "CalloutTag",
"InType": "COUNTEDANSISTRING"
},
{
"FieldName": "Data",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionCsExitComplete",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionMonitorControl",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "Type",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_QueueCreated",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Queue",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerRequestCreated",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "PowerRequestId",
"InType": "INT32"
},
{
"FieldName": "Tracking",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_ConsoleUserPresent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceFromTerminalRemoved",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceEnumeratedTerminalEvent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "AssignedTerminalId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "ProviderSpecificType",
"InType": "UINT32"
},
{
"FieldName": "Identity",
"InType": "UNICODESTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_QueueHandleCreated",
"FieldInfo": [
{
"FieldName": "Queue",
"InType": "HEXINT64"
},
{
"FieldName": "ProcessId",
"InType": "HEXINT64"
},
{
"FieldName": "OpenReason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerRequestUpdated",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "PowerRequestId",
"InType": "INT32"
},
{
"FieldName": "WasUpdateSuccessful",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceAssignmentPolicySet",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "AutoAssignToTerminal0",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalDestroyed",
"FieldInfo": [
{
"FieldName": "Terminal",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_CleanupCurrentSession",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerControlStart",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "On",
"InType": "UINT8"
},
{
"FieldName": "Reason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_QueueEventEnqueued",
"FieldInfo": [
{
"FieldName": "Queue",
"InType": "HEXINT64"
},
{
"FieldName": "Event",
"InType": "HEXINT64"
},
{
"FieldName": "Type",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerRequestDeleted",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "PowerRequestId",
"InType": "INT32"
},
{
"FieldName": "WasValidEntry",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_InitiateModernStandbyTransitionStop",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_ProximityBlockedRequest",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "On",
"InType": "UINT8"
},
{
"FieldName": "Reason",
"InType": "UINT32"
},
{
"FieldName": "PathTag",
"InType": "COUNTEDANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000400000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceCallout",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "ProviderDeviceType",
"InType": "HEXINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "CalloutTag",
"InType": "COUNTEDANSISTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Duration",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionDisplayRequiredReference",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Count",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionDisplayRequiredDereference",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Count",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_QueueDestroyed",
"FieldInfo": [
{
"FieldName": "Queue",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerRequestPresent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "PowerRequestId",
"InType": "INT32"
},
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "PowerRequestHandle",
"InType": "HEXINT64"
},
{
"FieldName": "CoreWindowHandle",
"InType": "HEXINT64"
},
{
"FieldName": "Count",
"InType": "UINT32"
},
{
"FieldName": "Attributed",
"InType": "UINT8"
},
{
"FieldName": "Tracking",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_ExitProximity",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "ScenarioCount",
"InType": "UINT32"
},
{
"FieldName": "EscapeCount",
"InType": "UINT32"
},
{
"FieldName": "Escaped",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceDepartedTerminalEvent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_QueueEventDequeued",
"FieldInfo": [
{
"FieldName": "Queue",
"InType": "HEXINT64"
},
{
"FieldName": "Event",
"InType": "HEXINT64"
},
{
"FieldName": "Type",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalStateMachine",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "PreviousDisplayState",
"InType": "UINT32"
},
{
"FieldName": "PreviousZeroTime",
"InType": "UINT64"
},
{
"FieldName": "NowTime",
"InType": "UINT64"
},
{
"FieldName": "DimTimeoutSpan",
"InType": "UINT64"
},
{
"FieldName": "OffTimeoutSpan",
"InType": "UINT64"
},
{
"FieldName": "DisplayRequestActive",
"InType": "UINT8"
},
{
"FieldName": "DisplayRequestEnded",
"InType": "UINT8"
},
{
"FieldName": "OnOffRequest",
"InType": "UINT32"
},
{
"FieldName": "OnOffRequestReason",
"InType": "UINT32"
},
{
"FieldName": "DisplayState",
"InType": "UINT32"
},
{
"FieldName": "DisplayStateChanged",
"InType": "UINT8"
},
{
"FieldName": "DisplayStateChangedReason",
"InType": "UINT32"
},
{
"FieldName": "ZeroTime",
"InType": "UINT64"
},
{
"FieldName": "NextEvaluationSpan",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceArrivedTerminalEvent",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "AssignedTerminalId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "ProviderSpecificType",
"InType": "UINT32"
},
{
"FieldName": "Identity",
"InType": "UNICODESTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceCallout",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "ProviderDeviceType",
"InType": "HEXINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "CalloutTag",
"InType": "COUNTEDANSISTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Duration",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceDeparted",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "DeviceFound",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_InitCurrentSession",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceInput",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "InputFlags",
"InType": "UINT32"
},
{
"FieldName": "DeviceFound",
"InType": "UINT8"
},
{
"FieldName": "WillEvaluate",
"InType": "UINT8"
},
{
"FieldName": "Wake",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionWorker",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerControlStop",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DispatchApi",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Level",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalHandleClosed",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "ProcessId",
"InType": "HEXINT64"
},
{
"FieldName": "SystemHandleCount",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionActivate",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionWorkerPass",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "WorkToDo",
"InType": "UINT32"
},
{
"FieldName": "Iteration",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionDeactivate",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalCreated",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "Terminal",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionWorker",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_InactivityTimerReset",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Reason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DispatchApi",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Level",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionPowerStateChange",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "On",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalDisplayPowerRequest",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "RequestId",
"InType": "INT32"
},
{
"FieldName": "Active",
"InType": "BOOL32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_InitCurrentSession",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_SessionRundown",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "SessionState",
"InType": "UINT32"
},
{
"FieldName": "RefCnt",
"InType": "INT32"
},
{
"FieldName": "TerminalCnt",
"InType": "UINT32"
},
{
"FieldName": "DeviceCnt",
"InType": "UINT32"
},
{
"FieldName": "ActivateReason",
"InType": "UINT32"
},
{
"FieldName": "DeactivateReason",
"InType": "UINT32"
},
{
"FieldName": "DisplayCount",
"InType": "UINT32"
},
{
"FieldName": "DisplayDimTimeout",
"InType": "UINT32"
},
{
"FieldName": "DisplayOffTimeout",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_CleanupCurrentSession",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_TerminalHandleCreated",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "ProcessId",
"InType": "HEXINT64"
},
{
"FieldName": "OpenReason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TTM_DeviceRundown",
"FieldInfo": [
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "TerminalId",
"InType": "UINT32"
},
{
"FieldName": "Provider",
"InType": "UINT32"
},
{
"FieldName": "Token",
"InType": "HEXINT64"
},
{
"FieldName": "DeviceId",
"InType": "UINT32"
},
{
"FieldName": "ProviderDeviceType",
"InType": "HEXINT32"
},
{
"FieldName": "LastInputTime",
"InType": "UINT64"
},
{
"FieldName": "DeviceState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ProcessOpenFailedForForcedAccessCheck",
"FieldInfo": [
{
"FieldName": "TargetProcessId",
"InType": "UINT32"
},
{
"FieldName": "DesiredAccess",
"InType": "HEXINT32"
},
{
"FieldName": "ObjectAttributes",
"InType": "HEXINT32"
},
{
"FieldName": "ProbeMode",
"InType": "UINT8"
},
{
"FieldName": "AccessMode",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ThreadOpenFailedForForcedAccessCheck",
"FieldInfo": [
{
"FieldName": "TargetThreadId",
"InType": "UINT32"
},
{
"FieldName": "TargetProcessId",
"InType": "UINT32"
},
{
"FieldName": "DesiredAccess",
"InType": "HEXINT32"
},
{
"FieldName": "ObjectAttributes",
"InType": "HEXINT32"
},
{
"FieldName": "ProbeMode",
"InType": "UINT8"
},
{
"FieldName": "AccessMode",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "RtlCapabilityCheckLatency",
"FieldInfo": [
{
"FieldName": "Latency",
"InType": "INT64"
},
{
"FieldName": "IsAdmin",
"InType": "UINT8"
},
{
"FieldName": "IsInteractiveUser",
"InType": "UINT8"
},
{
"FieldName": "IsAdminCapability",
"InType": "UINT8"
},
{
"FieldName": "HasCapability",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "CriticalAceChanged",
"FieldInfo": [
{
"FieldName": "Process",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "LimitedToNonLimitedTokenSessionImpersonation",
"FieldInfo": [
{
"FieldName": "primaryTokenSessionFlags",
"InType": "UINT32"
},
{
"FieldName": "impersonationTokenSessionFlags",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "XdvLoaded",
"FieldInfo": [
{
"FieldName": "XdvTipTag",
"InType": "UINT32"
},
{
"FieldName": "VerifierExtLoadAddress",
"InType": "UINT64"
},
{
"FieldName": "VerifyDrivers",
"InType": "UNICODESTRING"
},
{
"FieldName": "XdvRuleSuppress",
"InType": "UNICODESTRING"
},
{
"FieldName": "XdvExtensionOption",
"InType": "UINT32"
},
{
"FieldName": "XdvVerifierOptions",
"InType": "UINT32"
},
{
"FieldName": "XdvVerifierFlags",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "XdvBugCheck",
"FieldInfo": [
{
"FieldName": "MinCount",
"InType": "UINT32"
},
{
"FieldName": "TriageContext",
"InType": "UINT32"
},
{
"FieldName": "XdvTipTag",
"InType": "UINT32"
},
{
"FieldName": "Irql",
"InType": "UINT8"
},
{
"FieldName": "Module",
"InType": "UNICODESTRING"
},
{
"FieldName": "ErrorMessage",
"InType": "ANSISTRING"
},
{
"FieldName": "BugcheckCode",
"InType": "HEXINT32"
},
{
"FieldName": "ErrorCode",
"InType": "HEXINT32"
},
{
"FieldName": "RuleClasses",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "XdvDriverLoad",
"FieldInfo": [
{
"FieldName": "XdvTipTag",
"InType": "UINT32"
},
{
"FieldName": "DriverName",
"InType": "UNICODESTRING"
},
{
"FieldName": "BaseAddress",
"InType": "HEXINT64"
},
{
"FieldName": "TimeDateStamp",
"InType": "HEXINT64"
},
{
"FieldName": "CheckSum",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "XdvDriverLoad",
"FieldInfo": [
{
"FieldName": "XdvTipTag",
"InType": "UINT32"
},
{
"FieldName": "DriverName",
"InType": "UNICODESTRING"
},
{
"FieldName": "BaseAddress",
"InType": "HEXINT64"
},
{
"FieldName": "TimeDateStamp",
"InType": "HEXINT64"
},
{
"FieldName": "CheckSum",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "XdvLiveDump",
"FieldInfo": [
{
"FieldName": "CarTipTag",
"InType": "UINT32"
},
{
"FieldName": "Violation ID",
"InType": "UINT32"
},
{
"FieldName": "ViolationString",
"InType": "ANSISTRING"
},
{
"FieldName": "Violation Hash",
"InType": "HEXINT32"
},
{
"FieldName": "Violating Drivername",
"InType": "UNICODESTRING"
},
{
"FieldName": "Driver CheckSum",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "XdvBugCheck",
"FieldInfo": [
{
"FieldName": "MinCount",
"InType": "UINT32"
},
{
"FieldName": "XdvTipTag",
"InType": "UINT32"
},
{
"FieldName": "Irql",
"InType": "UINT8"
},
{
"FieldName": "Module",
"InType": "UNICODESTRING"
},
{
"FieldName": "ErrorMessage",
"InType": "ANSISTRING"
},
{
"FieldName": "ErrorCode",
"InType": "HEXINT32"
},
{
"FieldName": "LoadAddress",
"InType": "HEXINT64"
},
{
"FieldName": "DriverSize",
"InType": "HEXINT32"
},
{
"FieldName": "CurrentCallStack",
"InType": "HEXINT64"
},
{
"FieldName": "SavedCallStack",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "AccessFault",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "FaultTypeFlags",
"InType": "HEXINT32"
},
{
"FieldName": "AllowedPromotionFlags",
"InType": "HEXINT32"
},
{
"FieldName": "DesiredNumaNode",
"InType": "HEXINT32"
},
{
"FieldName": "RangeCount",
"InType": "HEXINT64"
},
{
"FieldName": "TotalPageCount",
"InType": "HEXINT64"
},
{
"FieldName": "BatchCountMax",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "FillSlatSparse",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "PageCount",
"InType": "HEXINT64"
},
{
"FieldName": "HvGpaMapping",
"InType": "STRUCT"
},
{
"FieldName": "Gpn",
"InType": "HEXINT64"
},
{
"FieldName": "Spn",
"InType": "HEXINT64"
},
{
"FieldName": "MapFlags",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000010",
"Extension": [
128
],
"EventName": "AccessFaultRange",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "BaseSystemVpn",
"InType": "HEXINT64"
},
{
"FieldName": "BaseGpn",
"InType": "HEXINT64"
},
{
"FieldName": "PageCount",
"InType": "HEXINT64"
},
{
"FieldName": "FaultTypeFlags",
"InType": "HEXINT32"
},
{
"FieldName": "AllowedPromotionFlags",
"InType": "HEXINT32"
},
{
"FieldName": "DesiredNumaNode",
"InType": "HEXINT32"
},
{
"FieldName": "FaultRangeCount",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "ColdHint",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "BaseGpn",
"InType": "HEXINT64"
},
{
"FieldName": "BaseSystemVpn",
"InType": "HEXINT64"
},
{
"FieldName": "PageCount",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "FillSlatLargePage",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "BaseGpn",
"InType": "HEXINT64"
},
{
"FieldName": "BaseSpn",
"InType": "HEXINT64"
},
{
"FieldName": "MapFlags",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "TbFlushSlatInvalidate",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "StartVpn",
"InType": "HEXINT64"
},
{
"FieldName": "StartGpn",
"InType": "HEXINT64"
},
{
"FieldName": "NumberOfPages",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SystemShutdown",
"FieldInfo": [
{
"FieldName": "StateEventType",
"InType": "UINT32"
},
{
"FieldName": "ShutdownTime",
"InType": "INT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HvInfo",
"FieldInfo": [
{
"FieldName": "HypervisorLevel",
"InType": "INT32"
},
{
"FieldName": "CpuManager",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000003",
"Extension": [
128
],
"EventName": "ProcessStarted",
"FieldInfo": [
{
"FieldName": "InstanceStartTime",
"InType": "INT64"
},
{
"FieldName": "InstanceId",
"InType": "UINT32"
},
{
"FieldName": "ParentPid",
"InType": "UINT32"
},
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "ImageFileName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ProcessStartKey",
"InType": "UINT64"
},
{
"FieldName": "ProcessSequence",
"InType": "UINT64"
},
{
"FieldName": "CreateInterruptTime",
"InType": "UINT64"
},
{
"FieldName": "SessionCreateTime",
"InType": "UINT64"
},
{
"FieldName": "ImageChecksum",
"InType": "UINT32"
},
{
"FieldName": "ImageTimeDateStamp",
"InType": "UINT32"
},
{
"FieldName": "PackageName",
"InType": "UNICODESTRING"
},
{
"FieldName": "PRAID",
"InType": "UNICODESTRING"
},
{
"FieldName": "UserSid",
"InType": "SID"
},
{
"FieldName": "CommandLine",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000001",
"Extension": [
128
],
"EventName": "AppStateChange",
"FieldInfo": [
{
"FieldName": "AppStateChange",
"InType": "UINT8"
},
{
"FieldName": "PreviousState",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_TargetAppId",
"InType": "GUID"
},
{
"FieldName": "UTCReplace_TargetAppVer",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_TargetAppType",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_LicenseType",
"InType": "UINT8"
},
{
"FieldName": "AppSessionGuid",
"InType": "GUID"
},
{
"FieldName": "TargetAsId",
"InType": "UINT32"
},
{
"FieldName": "StateDurationMS",
"InType": "UINT64"
},
{
"FieldName": "UptimeDeltaMS",
"InType": "UINT64"
},
{
"FieldName": "TotalDurationMS",
"InType": "UINT64"
},
{
"FieldName": "TotalUptimeMS",
"InType": "UINT64"
},
{
"FieldName": "TotalSuspendedMS",
"InType": "UINT64"
},
{
"FieldName": "UTCReplace_CommandLineHash",
"InType": "UINT8"
},
{
"FieldName": "EventSequence",
"InType": "UINT64"
},
{
"FieldName": "ProcessSequence",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "AppStateChangeSummary",
"FieldInfo": [
{
"FieldName": "LaunchCount",
"InType": "INT64"
},
{
"FieldName": "SuspendCount",
"InType": "INT64"
},
{
"FieldName": "ResumeCount",
"InType": "INT64"
},
{
"FieldName": "TerminateCount",
"InType": "INT64"
},
{
"FieldName": "CrashCount",
"InType": "INT64"
},
{
"FieldName": "HeartbeatCount",
"InType": "INT64"
},
{
"FieldName": "HeartbeatSuspendedCount",
"InType": "INT64"
},
{
"FieldName": "ProcessDurationMS_Sum",
"InType": "INT64"
},
{
"FieldName": "RunningDurationMS_Sum",
"InType": "INT64"
},
{
"FieldName": "HangCount_Sum",
"InType": "INT64"
},
{
"FieldName": "GhostCount_Sum",
"InType": "INT64"
},
{
"FieldName": "HandleCountAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "CommitChargeAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "CommitChargePeakAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "ReadCountAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "ReadSizeInKBAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "WriteCountAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "WriteSizeInKBAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "CycleCountAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "ExitStatusNegativeCount",
"InType": "INT64"
},
{
"FieldName": "ExitStatusZeroCount",
"InType": "INT64"
},
{
"FieldName": "ExitStatusOneCount",
"InType": "INT64"
},
{
"FieldName": "HitPrefilterUECount",
"InType": "INT64"
},
{
"FieldName": "HardFaultCountAtExit_Sum",
"InType": "INT64"
},
{
"FieldName": "UTCMetadata_ImageFileName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "UTCMetadata_PackageName",
"InType": "UNICODESTRING"
},
{
"FieldName": "UTCMetadata_PRAID",
"InType": "UNICODESTRING"
},
{
"FieldName": "UTCMetadata_ImageChecksum",
"InType": "UINT32"
},
{
"FieldName": "UTCMetadata_ImageTimeDateStamp",
"InType": "UINT32"
},
{
"FieldName": "UTCMetadata_Commandline",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ExtraInfoFlags",
"InType": "HEXINT64"
},
{
"FieldName": "UTCReplace_TargetAppId_FromEventData",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_TargetAppVer_FromEventData",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_TargetAppType_FromEventData",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_LicenseType_FromEventData",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_CommandLineHash_FromEventData",
"InType": "UINT8"
},
{
"FieldName": "ContainerId",
"InType": "GUID"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000003",
"Extension": [
128
],
"EventName": "AppStateChange",
"FieldInfo": [
{
"FieldName": "AppStateChange",
"InType": "UINT8"
},
{
"FieldName": "PreviousState",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_TargetAppId",
"InType": "GUID"
},
{
"FieldName": "UTCReplace_TargetAppVer",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_TargetAppType",
"InType": "UINT8"
},
{
"FieldName": "UTCReplace_LicenseType",
"InType": "UINT8"
},
{
"FieldName": "AppSessionGuid",
"InType": "GUID"
},
{
"FieldName": "TargetAsId",
"InType": "UINT32"
},
{
"FieldName": "StateDurationMS",
"InType": "UINT64"
},
{
"FieldName": "UptimeDeltaMS",
"InType": "UINT64"
},
{
"FieldName": "TotalDurationMS",
"InType": "UINT64"
},
{
"FieldName": "TotalUptimeMS",
"InType": "UINT64"
},
{
"FieldName": "TotalSuspendedMS",
"InType": "UINT64"
},
{
"FieldName": "UTCReplace_CommandLineHash",
"InType": "UINT8"
},
{
"FieldName": "EventSequence",
"InType": "UINT64"
},
{
"FieldName": "ProcessSequence",
"InType": "UINT64"
},
{
"FieldName": "InstanceId",
"InType": "UINT32"
},
{
"FieldName": "ProcessStartKey",
"InType": "UINT64"
},
{
"FieldName": "ExitStatus",
"InType": "UINT32"
},
{
"FieldName": "Crashed",
"InType": "UINT8"
},
{
"FieldName": "HangCount",
"InType": "UINT8"
},
{
"FieldName": "GhostCount",
"InType": "UINT8"
},
{
"FieldName": "HitPrefilterUE",
"InType": "UINT8"
},
{
"FieldName": "HandleCount",
"InType": "UINT32"
},
{
"FieldName": "CommitCharge",
"InType": "UINT64"
},
{
"FieldName": "CommitChargePeak",
"InType": "UINT64"
},
{
"FieldName": "CPUCycleCount",
"InType": "UINT64"
},
{
"FieldName": "ReadCount",
"InType": "UINT32"
},
{
"FieldName": "WriteCount",
"InType": "UINT32"
},
{
"FieldName": "ReadSizeInKB",
"InType": "UINT32"
},
{
"FieldName": "WriteSizeInKB",
"InType": "UINT32"
},
{
"FieldName": "HardFaultCount",
"InType": "UINT32"
},
{
"FieldName": "SharedCommitCharge",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "TimeZoneBiasChange",
"FieldInfo": [
{
"FieldName": "NewBias",
"InType": "INT32"
},
{
"FieldName": "OldBias",
"InType": "INT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "LeapSecondDataParseFailed",
"FieldInfo": [
{
"FieldName": "FailureResult",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "SystemStart",
"FieldInfo": [
{
"FieldName": "MajorVersion",
"InType": "UINT32"
},
{
"FieldName": "MinorVersion",
"InType": "UINT32"
},
{
"FieldName": "BuildNumber",
"InType": "UINT32"
},
{
"FieldName": "StateEventType",
"InType": "UINT32"
},
{
"FieldName": "QFE",
"InType": "UINT32"
},
{
"FieldName": "ServicePack",
"InType": "UINT16"
},
{
"FieldName": "BootMode",
"InType": "UINT32"
},
{
"FieldName": "BootTime",
"InType": "INT64"
},
{
"FieldName": "InbvMode",
"InType": "UINT32"
},
{
"FieldName": "MeasuredLaunch",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "TimeZoneInformationRefresh",
"FieldInfo": [
{
"FieldName": "ExitReason",
"InType": "UINT32"
},
{
"FieldName": "CurrentTimeZoneBias",
"InType": "INT32"
},
{
"FieldName": "NewTimeZoneId",
"InType": "UINT8"
},
{
"FieldName": "TimeZoneInfoCacheUpdated",
"InType": "UINT8"
},
{
"FieldName": "FirstRefresh",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "LeapSecondDataUpdate",
"FieldInfo": [
{
"FieldName": "UpdateReason",
"InType": "UINT32"
},
{
"FieldName": "EnabledNew",
"InType": "UINT32"
},
{
"FieldName": "CountNew",
"InType": "UINT32"
},
{
"FieldName": "CountOld",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SystemTimeChange",
"FieldInfo": [
{
"FieldName": "NewTime",
"InType": "INT64"
},
{
"FieldName": "OldTime",
"InType": "INT64"
},
{
"FieldName": "TimeDeltaInMs",
"InType": "INT64"
},
{
"FieldName": "ChangeReason",
"InType": "UINT32"
},
{
"FieldName": "Process",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PID",
"InType": "UINT32"
},
{
"FieldName": "CmosTime",
"InType": "INT64"
},
{
"FieldName": "TimeZoneBias",
"InType": "INT32"
},
{
"FieldName": "RealTimeIsUniversal",
"InType": "UINT32"
},
{
"FieldName": "ClockInCmosMode",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "Cov",
"FieldInfo": [
{
"FieldName": "RoundId",
"InType": "UINT32"
},
{
"FieldName": "FailuresInRound",
"InType": "UINT32"
},
{
"FieldName": "SinceLastFlushMS",
"InType": "UINT32"
},
{
"FieldName": "SinceLastResetMS",
"InType": "UINT32"
},
{
"FieldName": "Recorded",
"InType": "BOOL32"
},
{
"FieldName": "AlreadySet",
"InType": "BOOL32"
},
{
"FieldName": "CoverageId",
"InType": "ANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CovSum",
"FieldInfo": [
{
"FieldName": "RoundId",
"InType": "UINT32"
},
{
"FieldName": "FailuresInRound",
"InType": "UINT32"
},
{
"FieldName": "SinceLastFlushMS",
"InType": "UINT32"
},
{
"FieldName": "SinceLastResetMS",
"InType": "UINT32"
},
{
"FieldName": "Entries",
"InType": "ANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "Cov",
"FieldInfo": [
{
"FieldName": "RoundId",
"InType": "UINT32"
},
{
"FieldName": "FailuresInRound",
"InType": "UINT32"
},
{
"FieldName": "SinceLastFlushMS",
"InType": "UINT32"
},
{
"FieldName": "SinceLastResetMS",
"InType": "UINT32"
},
{
"FieldName": "Recorded",
"InType": "BOOL32"
},
{
"FieldName": "AlreadySet",
"InType": "BOOL32"
},
{
"FieldName": "CoverageId",
"InType": "ANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "CovNew",
"FieldInfo": [
{
"FieldName": "RoundId",
"InType": "UINT32"
},
{
"FieldName": "FailuresInRound",
"InType": "UINT32"
},
{
"FieldName": "SinceLastFlushMS",
"InType": "UINT32"
},
{
"FieldName": "SinceLastResetMS",
"InType": "UINT32"
},
{
"FieldName": "CoverageId",
"InType": "ANSISTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
192
],
"EventName": "ProhibitChildProcessCreation",
"FieldInfo": [
{
"FieldName": "mode",
"InType": "UINT32"
},
{
"FieldName": "parentImagePathName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "parentCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "parentProcessStartKey",
"InType": "HEXINT64"
},
{
"FieldName": "childImagePathName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "childCommandLine",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
192
],
"EventName": "ProhibitLowILImageMap",
"FieldInfo": [
{
"FieldName": "mode",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processStartKey",
"InType": "HEXINT64"
},
{
"FieldName": "imageName",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
192
],
"EventName": "GenericMitigationForProcess",
"FieldInfo": [
{
"FieldName": "mitigationId",
"InType": "UINT32"
},
{
"FieldName": "mode",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processStartKey",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000001",
"Extension": [
192
],
"EventName": "DeniedTokenCreation",
"FieldInfo": [
{
"FieldName": "FullImageFileName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ParentCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ChildImagePathName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ChildCommandLine",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
144
],
"EventName": "ControlProtectionKernelModeReturnMismatch",
"FieldInfo": [
{
"FieldName": "loggingType",
"InType": "UINT32"
},
{
"FieldName": "controlPcImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "rspContentsImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "controlPc",
"InType": "HEXINT64"
},
{
"FieldName": "controlPcOffset",
"InType": "HEXINT64"
},
{
"FieldName": "rspContents",
"InType": "HEXINT64"
},
{
"FieldName": "rspContentsOffset",
"InType": "HEXINT64"
},
{
"FieldName": "shadowStackOverflowReset",
"InType": "BOOL32"
},
{
"FieldName": "errorCode",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
192
],
"EventName": "BlockNonCetBinaries",
"FieldInfo": [
{
"FieldName": "logMode",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processStartKey",
"InType": "HEXINT64"
},
{
"FieldName": "mappedImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "imageCetShadowStacksReady",
"InType": "BOOL32"
},
{
"FieldName": "imageEHContinuationTablePresent",
"InType": "BOOL32"
},
{
"FieldName": "nonEhcontMode",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
144
],
"EventName": "RedirectionTrustPolicy",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Type",
"InType": "UINT32"
},
{
"FieldName": "Mode",
"InType": "UINT32"
},
{
"FieldName": "Impersonating",
"InType": "UINT8"
},
{
"FieldName": "Module 2",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
144
],
"EventName": "RedirectionTrustPolicy",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "Type",
"InType": "UINT32"
},
{
"FieldName": "Mode",
"InType": "UINT32"
},
{
"FieldName": "Impersonating",
"InType": "UINT8"
},
{
"FieldName": "Module 2",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Offset 2",
"InType": "UINT64"
},
{
"FieldName": "Module 3",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Offset 3",
"InType": "UINT64"
},
{
"FieldName": "Module 4",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Offset 4",
"InType": "UINT64"
},
{
"FieldName": "Module 5",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Offset 5",
"InType": "UINT64"
},
{
"FieldName": "Module 6",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Offset 6",
"InType": "UINT64"
},
{
"FieldName": "Module 7",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Offset 7",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
192
],
"EventName": "ProhibitNonMicrosoftBinaries",
"FieldInfo": [
{
"FieldName": "mode",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processStartKey",
"InType": "HEXINT64"
},
{
"FieldName": "imageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "requiredSignatureLevel",
"InType": "UINT8"
},
{
"FieldName": "signatureLevel",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
192
],
"EventName": "UserCetSetContextIpValidationFailure",
"FieldInfo": [
{
"FieldName": "logMode",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processStartKey",
"InType": "HEXINT64"
},
{
"FieldName": "targetIpImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "strictMode",
"InType": "BOOL32"
},
{
"FieldName": "continueType",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
192
],
"EventName": "ControlProtectionUserModeReturnMismatch",
"FieldInfo": [
{
"FieldName": "loggingType",
"InType": "UINT32"
},
{
"FieldName": "processPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processCommandLine",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "processStartKey",
"InType": "HEXINT64"
},
{
"FieldName": "controlPcImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "rspContentsImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "strictMode",
"InType": "BOOL32"
},
{
"FieldName": "userCetAppcompatOptions",
"InType": "UINT32"
},
{
"FieldName": "controlPc",
"InType": "HEXINT64"
},
{
"FieldName": "controlPcOffset",
"InType": "HEXINT64"
},
{
"FieldName": "controlPcCetCompat",
"InType": "BOOL32"
},
{
"FieldName": "rspContents",
"InType": "HEXINT64"
},
{
"FieldName": "rspContentsOffset",
"InType": "HEXINT64"
},
{
"FieldName": "rspContentsCetCompat",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000800",
"Extension": [
128
],
"EventName": "KernelCallbackTiming",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "DurationInMS",
"InType": "INT64"
},
{
"FieldName": "ProviderGuid",
"InType": "GUID"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "EtwpFileModeCompress",
"FieldInfo": [
{
"FieldName": "CompressDurationIn10ns",
"InType": "INT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "FirmwareTableAccessDenied",
"FieldInfo": [
{
"FieldName": "ProviderSignature",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "FirmwareBootData",
"FieldInfo": [
{
"FieldName": "ResetEnd",
"InType": "UINT64"
},
{
"FieldName": "LoadImageStart",
"InType": "UINT64"
},
{
"FieldName": "StartImageStart",
"InType": "UINT64"
},
{
"FieldName": "ExitBootServicesEntry",
"InType": "UINT64"
},
{
"FieldName": "ExitBootServicesExit",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "RefreshTimeZoneInfoCutoverFail",
"FieldInfo": [
{
"FieldName": "ExitReason",
"InType": "UINT8"
},
{
"FieldName": "RefreshFailures",
"InType": "UINT32"
},
{
"FieldName": "LastTimeZoneBias",
"InType": "INT32"
},
{
"FieldName": "LastTimeZoneId",
"InType": "INT32"
},
{
"FieldName": "RealTimeIsUniversal",
"InType": "UINT8"
},
{
"FieldName": "FirstTimeRefresh",
"InType": "UINT8"
},
{
"FieldName": "StandardBoundaryInLocalTime",
"InType": "UINT64"
},
{
"FieldName": "TimeZoneKeyName",
"InType": "UNICODESTRING"
},
{
"FieldName": "DynamicDaylightTimeDisabled",
"InType": "UINT8"
},
{
"FieldName": "Bias",
"InType": "INT32"
},
{
"FieldName": "StandardBias",
"InType": "INT32"
},
{
"FieldName": "DaylightBias",
"InType": "INT32"
},
{
"FieldName": "StandardStart",
"InType": "STRUCT"
},
{
"FieldName": "StandardStartYear",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMonth",
"InType": "UINT16"
},
{
"FieldName": "StandardStartDay",
"InType": "UINT16"
},
{
"FieldName": "StandardStartHour",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMinute",
"InType": "UINT16"
},
{
"FieldName": "StandardStartSecond",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMilliseconds",
"InType": "UINT16"
},
{
"FieldName": "StandardStartWeekday",
"InType": "UINT16"
},
{
"FieldName": "DaylightStart",
"InType": "STRUCT"
},
{
"FieldName": "DaylightStartYear",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMonth",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartDay",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartHour",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMinute",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartSecond",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMilliseconds",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartWeekday",
"InType": "UINT16"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "RefreshTimeZoneInfoSuccess",
"FieldInfo": [
{
"FieldName": "RefreshFailures",
"InType": "UINT32"
},
{
"FieldName": "ActiveTimeZoneBias",
"InType": "INT32"
},
{
"FieldName": "ActiveTimeZoneId",
"InType": "INT32"
},
{
"FieldName": "RealTimeIsUniversal",
"InType": "UINT8"
},
{
"FieldName": "FirstTimeRefresh",
"InType": "UINT8"
},
{
"FieldName": "StandardBoundaryInLocalTime",
"InType": "UINT64"
},
{
"FieldName": "DaylightBoundaryInLocalTime",
"InType": "UINT64"
},
{
"FieldName": "NextCutoverInLocalTime",
"InType": "UINT64"
},
{
"FieldName": "TimeZoneKeyName",
"InType": "UNICODESTRING"
},
{
"FieldName": "DynamicDaylightTimeDisabled",
"InType": "UINT8"
},
{
"FieldName": "Bias",
"InType": "INT32"
},
{
"FieldName": "StandardBias",
"InType": "INT32"
},
{
"FieldName": "DaylightBias",
"InType": "INT32"
},
{
"FieldName": "StandardStart",
"InType": "STRUCT"
},
{
"FieldName": "StandardStartYear",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMonth",
"InType": "UINT16"
},
{
"FieldName": "StandardStartDay",
"InType": "UINT16"
},
{
"FieldName": "StandardStartHour",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMinute",
"InType": "UINT16"
},
{
"FieldName": "StandardStartSecond",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMilliseconds",
"InType": "UINT16"
},
{
"FieldName": "StandardStartWeekday",
"InType": "UINT16"
},
{
"FieldName": "DaylightStart",
"InType": "STRUCT"
},
{
"FieldName": "DaylightStartYear",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMonth",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartDay",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartHour",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMinute",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartSecond",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMilliseconds",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartWeekday",
"InType": "UINT16"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "TimeZoneInformationAtBoot",
"FieldInfo": [
{
"FieldName": "RefreshFailures",
"InType": "UINT32"
},
{
"FieldName": "ActiveTimeZoneBias",
"InType": "INT32"
},
{
"FieldName": "ActiveTimeZoneId",
"InType": "INT32"
},
{
"FieldName": "RealTimeIsUniversal",
"InType": "UINT8"
},
{
"FieldName": "NextCutoverInLocalTime",
"InType": "UINT64"
},
{
"FieldName": "TimeZoneKeyName",
"InType": "UNICODESTRING"
},
{
"FieldName": "DynamicDaylightTimeDisabled",
"InType": "UINT8"
},
{
"FieldName": "Bias",
"InType": "INT32"
},
{
"FieldName": "StandardBias",
"InType": "INT32"
},
{
"FieldName": "DaylightBias",
"InType": "INT32"
},
{
"FieldName": "StandardStart",
"InType": "STRUCT"
},
{
"FieldName": "StandardStartYear",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMonth",
"InType": "UINT16"
},
{
"FieldName": "StandardStartDay",
"InType": "UINT16"
},
{
"FieldName": "StandardStartHour",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMinute",
"InType": "UINT16"
},
{
"FieldName": "StandardStartSecond",
"InType": "UINT16"
},
{
"FieldName": "StandardStartMilliseconds",
"InType": "UINT16"
},
{
"FieldName": "StandardStartWeekday",
"InType": "UINT16"
},
{
"FieldName": "DaylightStart",
"InType": "STRUCT"
},
{
"FieldName": "DaylightStartYear",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMonth",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartDay",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartHour",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMinute",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartSecond",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartMilliseconds",
"InType": "UINT16"
},
{
"FieldName": "DaylightStartWeekday",
"InType": "UINT16"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "RefreshTimeZoneInfoQueryFail",
"FieldInfo": [
{
"FieldName": "Failure status",
"InType": "UINT32"
},
{
"FieldName": "RefreshFailures",
"InType": "UINT32"
},
{
"FieldName": "LastTimeZoneBias",
"InType": "INT32"
},
{
"FieldName": "LastTimeZoneId",
"InType": "INT32"
},
{
"FieldName": "RealTimeIsUniversal",
"InType": "UINT8"
},
{
"FieldName": "FirstTimeRefresh",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000800000000000",
"Extension": [
128
],
"EventName": "PlatformRecords",
"FieldInfo": [
{
"FieldName": "Source",
"InType": "UINT32"
},
{
"FieldName": "RecordType",
"InType": "UINT32"
},
{
"FieldName": "CpuFms",
"InType": "UINT32"
},
{
"FieldName": "CpuMetaData",
"InType": "UINT32"
},
{
"FieldName": "FirmwareRecordVersion",
"InType": "UINT32"
},
{
"FieldName": "PreviousRecordVersion",
"InType": "UINT32"
},
{
"FieldName": "CurrentRecordVersion",
"InType": "UINT32"
},
{
"FieldName": "PreferredRecordVersion",
"InType": "UINT32"
},
{
"FieldName": "PatchConfigUsed",
"InType": "UINT8"
},
{
"FieldName": "UpdateStatus",
"InType": "UINT32"
},
{
"FieldName": "Environment",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CmpSaveBootControlSetSucceeded",
"FieldInfo": [
{
"FieldName": "openKeysInvalidated",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CmpSaveBootControlSetFailed",
"FieldInfo": [
{
"FieldName": "status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CmSaveMergedKeysAttemptToSaveMasterHive",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NtReplaceKeyFailed",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NtReplaceKeySucceeded",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "HiveLoadAppHiveImpersonationRequired",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "BootLoaderDiagnosticInformation",
"FieldInfo": [
{
"FieldName": "OriginalBootStatusState",
"InType": "UINT8"
},
{
"FieldName": "NewBootStatusState",
"InType": "UINT8"
},
{
"FieldName": "ConfigurationLoaded",
"InType": "UINT8"
},
{
"FieldName": "Flags",
"InType": "UINT32"
},
{
"FieldName": "ConfigurationComparisonStatus",
"InType": "UINT32"
},
{
"FieldName": "CurrentConfigurationLoadStatus",
"InType": "UINT32"
},
{
"FieldName": "LkgConfigurationLoadStatus",
"InType": "UINT32"
},
{
"FieldName": "UsageSubscriptionLoadStatus",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HiveFlush",
"FieldInfo": [
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HiveFlushPhase",
"FieldInfo": [
{
"FieldName": "phase",
"InType": "UINT8"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HiveFlushPhase",
"FieldInfo": [
{
"FieldName": "phase",
"InType": "UINT8"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HiveFlush",
"FieldInfo": [
{
"FieldName": "mountPoint",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "filePath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "flags",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HiveFlushControlDataGenerated",
"FieldInfo": [
{
"FieldName": "controlFlags",
"InType": "UINT32"
},
{
"FieldName": "logFileStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "BounceBufferNeeded",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Reason",
"InType": "UINT8"
},
{
"FieldName": "SizeBucket",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "RegistryLockThreadInfoIsNULL(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "StackTraceOffsets",
"InType": "HEXINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "ServerSiloSymbolicLinkTrustCheckFailed",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000010000",
"Extension": [
128
],
"EventName": "ServerSiloSymbolicLinkTrustCheckFailed(Aggregate)",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "CmLoadAppKeyFailed(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "HiveLoadFailure",
"InType": "STRUCT"
},
{
"FieldName": "UnrecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "RecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLinkFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "RecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "UnrecoverableLinkFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "CmLoadAppKeyFailedNoInfo(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "CmLoadAppKeySucceeded(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "HiveAlreadyLoaded",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "CmLoadAppKeyFailed",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "HiveLoadFailure",
"InType": "STRUCT"
},
{
"FieldName": "UnrecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "RecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLinkFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "RecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "UnrecoverableLinkFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "CmLoadKeyFailed(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "HiveLoadFailure",
"InType": "STRUCT"
},
{
"FieldName": "UnrecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "RecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLinkFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "RecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "UnrecoverableLinkFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "CmLoadKeyFailedNoInfo(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "CmLoadKeySucceeded(Aggregate)",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "CmLoadKeyFailed",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "HiveLoadFailure",
"InType": "STRUCT"
},
{
"FieldName": "UnrecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "RecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLinkFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "RecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "UnrecoverableLinkFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "SecurityDescriptorChanging",
"FieldInfo": [
{
"FieldName": "KeyPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "OriginalSD",
"InType": "BINARY"
},
{
"FieldName": "InformationToChange",
"InType": "UINT32"
},
{
"FieldName": "ChangeSD",
"InType": "BINARY"
},
{
"FieldName": "ResultingSD",
"InType": "BINARY"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpPrepareLightWeightTransaction",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpCommitPreparedLightWeightTransaction",
"FieldInfo": [
{
"FieldName": "UoW Count",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpCommitPreparedLightWeightTransaction",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpPrepareLightWeightTransaction",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpTransLightWeightRollback",
"FieldInfo": [
{
"FieldName": "UowCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpTransLightWeightRollback",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HiveReorganizationFailed",
"FieldInfo": [
{
"FieldName": "status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HiveReorganized",
"FieldInfo": [
{
"FieldName": "lastReorganizeTime",
"InType": "UINT64"
},
{
"FieldName": "oldSize",
"InType": "UINT32"
},
{
"FieldName": "newSize",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HiveSelfHealed",
"FieldInfo": [
{
"FieldName": "CheckRegistryReturnCode",
"InType": "UINT32"
},
{
"FieldName": "HiveLoadFailure",
"InType": "STRUCT"
},
{
"FieldName": "UnrecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "RecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLinkFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "RecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "UnrecoverableLinkFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadFileInaccessibleOther",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 0,
"Keyword": "0x0000200000000008",
"Extension": [
128
],
"EventName": "HiveLoadFileInaccessible_Aggregate",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 3,
"Opcode": 0,
"Keyword": "0x0000200000000008",
"Extension": [
128
],
"EventName": "HiveLoadFileInaccessibleNoAccess",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "SecurityDescriptor",
"InType": "UNICODESTRING"
},
{
"FieldName": "UserSID",
"InType": "SID"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HiveReorganizationResultedInDifferentKeyCount",
"FieldInfo": [
{
"FieldName": "oldKeyCount",
"InType": "UINT32"
},
{
"FieldName": "newKeyCount",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HiveReorganizationValidationFailed",
"FieldInfo": [
{
"FieldName": "checkRegistryReturnCode",
"InType": "UINT32"
},
{
"FieldName": "hiveLoadFailure",
"InType": "STRUCT"
},
{
"FieldName": "UnrecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "RecoverableLoadFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLinkFailureCount",
"InType": "UINT16"
},
{
"FieldName": "UnrecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "RecoverableLoadFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Type",
"InType": "INT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "UnrecoverableLinkFailureLocations",
"InType": "STRUCT"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Point",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "TruncatedPrimaryHiveRecovered",
"FieldInfo": [
{
"FieldName": "hiveLengthFromHeader",
"InType": "UINT32"
},
{
"FieldName": "hiveLengthOnDisk",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "HiveLoadRecoverDataOrRecoverHeaderFailed",
"FieldInfo": [
{
"FieldName": "RESULT",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpTransMgrCommit",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpTransMgrCommit",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpTransMgrCommitUoW",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpTransMgrCommitUoW",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 4,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "TransactionAborted",
"FieldInfo": [
{
"FieldName": "keyPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "reason",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpLogCheckpoint",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "LogContainerLimitReached",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "AddLogContainer",
"FieldInfo": [
{
"FieldName": "Location",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "AddLogContainer",
"FieldInfo": [
{
"FieldName": "Location",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "HiveLoadErrorDetected",
"FieldInfo": [
{
"FieldName": "isRecoverable",
"InType": "UINT8"
},
{
"FieldName": "failureType",
"InType": "UINT32"
},
{
"FieldName": "status",
"InType": "UINT32"
},
{
"FieldName": "location",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "UnsupportedOperation",
"FieldInfo": [
{
"FieldName": "Operation",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "UnsupportedOperation(Aggregate)",
"FieldInfo": [
{
"FieldName": "Operation",
"InType": "UINT32"
},
{
"FieldName": "Count",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HiveLoadFailedToQueryLogFileSize",
"FieldInfo": [
{
"FieldName": "fileType",
"InType": "UINT8"
},
{
"FieldName": "status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "LogFileSwap",
"FieldInfo": [
{
"FieldName": "swapReason",
"InType": "UINT8"
},
{
"FieldName": "hiveLength",
"InType": "UINT32"
},
{
"FieldName": "volumeLogSizeCap",
"InType": "UINT32"
},
{
"FieldName": "effectiveLogSizeCap",
"InType": "UINT32"
},
{
"FieldName": "logDataLength",
"InType": "UINT32"
},
{
"FieldName": "logFileSize",
"InType": "UINT32"
},
{
"FieldName": "logEntries",
"InType": "UINT32"
},
{
"FieldName": "timeSinceLastSwap",
"InType": "INT64"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 2,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadFromFile",
"FieldInfo": [
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 1,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadFromFile",
"FieldInfo": [
{
"FieldName": "filePath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000001",
"Extension": [
128
],
"EventName": "FeatureConfigurationUpdateCorruptedBuffer",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000001",
"Extension": [
128
],
"EventName": "FeatureConfigurationOverwriteCorruptedBuffer",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000001",
"Extension": [
128
],
"EventName": "UsageSubscriptionUpdateCorruptedBuffer",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "Commit delete UOW failed",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadLogsFound",
"FieldInfo": [
{
"FieldName": "validLogs",
"InType": "UINT8"
},
{
"FieldName": "log1Type",
"InType": "UINT8"
},
{
"FieldName": "log2Type",
"InType": "UINT8"
},
{
"FieldName": "log1Sequence",
"InType": "UINT32"
},
{
"FieldName": "log2Sequence",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadLogInvalid",
"FieldInfo": [
{
"FieldName": "logType",
"InType": "UINT8"
},
{
"FieldName": "signature",
"InType": "UINT32"
},
{
"FieldName": "sequence1",
"InType": "UINT32"
},
{
"FieldName": "sequence2",
"InType": "UINT32"
},
{
"FieldName": "timestamp",
"InType": "UINT64"
},
{
"FieldName": "expectedTimestamp",
"InType": "UINT64"
},
{
"FieldName": "type",
"InType": "UINT32"
},
{
"FieldName": "length",
"InType": "UINT32"
},
{
"FieldName": "checksum",
"InType": "UINT32"
},
{
"FieldName": "expectedChecksum",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadLogUnreadable",
"FieldInfo": [
{
"FieldName": "logType",
"InType": "UINT8"
},
{
"FieldName": "status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "UnclassifiedReadError",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "HiveLoadLogsEmpty",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "HiveLoadLogMismatch",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "LogSequenceNumberGapDetected",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000008",
"Extension": [
128
],
"EventName": "HiveLoadLogIneligible",
"FieldInfo": [
{
"FieldName": "logType",
"InType": "UINT8"
},
{
"FieldName": "minimumSequence",
"InType": "UINT32"
},
{
"FieldName": "sequence",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "CmpAddRemoveContainerToCLFSLog",
"FieldInfo": [
{
"FieldName": "AddOperation",
"InType": "UINT8"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "ContainerName",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000008",
"Extension": [
128
],
"EventName": "CommitSavedProcessInSwapTrigger",
"FieldInfo": [
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Pid",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "ProcessCommitReacquireSkip",
"FieldInfo": [
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Pid",
"InType": "UINT32"
},
{
"FieldName": "CommitPagesReleased",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "ProcessCommitReacquire",
"FieldInfo": [
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Pid",
"InType": "UINT32"
},
{
"FieldName": "CommitPagesReleased",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "ProcessResetPagesCommitRelease",
"FieldInfo": [
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Pid",
"InType": "UINT32"
},
{
"FieldName": "ResetPagesReleased",
"InType": "UINT64"
},
{
"FieldName": "NewCommitDebt",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "ProcessCommitRelease",
"FieldInfo": [
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Pid",
"InType": "UINT32"
},
{
"FieldName": "CommitPagesReleased",
"InType": "UINT64"
},
{
"FieldName": "ResetPagesNotReleased",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000004",
"Extension": [
128
],
"EventName": "ProcessCommitReacquireFail",
"FieldInfo": [
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Pid",
"InType": "UINT32"
},
{
"FieldName": "CommitPagesReleased",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000100",
"Extension": [
128
],
"EventName": "AddPhysicalMemoryStart",
"FieldInfo": [
{
"FieldName": "PartitionId",
"InType": "HEXINT32"
},
{
"FieldName": "StartAddress",
"InType": "HEXINT64"
},
{
"FieldName": "NumberOfBytes",
"InType": "HEXINT64"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000100",
"Extension": [
128
],
"EventName": "AddPhysicalMemoryStop",
"FieldInfo": [
{
"FieldName": "PartitionId",
"InType": "HEXINT32"
},
{
"FieldName": "StartAddress",
"InType": "HEXINT64"
},
{
"FieldName": "NumberOfBytes",
"InType": "HEXINT64"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ProcessReserveMemFailed",
"FieldInfo": [
{
"FieldName": "AppSessionGuid",
"InType": "GUID"
},
{
"FieldName": "SizeOfRangeBytes",
"InType": "UINT64"
},
{
"FieldName": "VirtualSizeBytes",
"InType": "UINT64"
},
{
"FieldName": "PeakVirtualSizeBytes",
"InType": "UINT64"
},
{
"FieldName": "HighestUserAddress",
"InType": "UINT64"
},
{
"FieldName": "Alignment",
"InType": "UINT64"
},
{
"FieldName": "LowestStartingAddress",
"InType": "UINT64"
},
{
"FieldName": "HighestEndingAddress",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ImageFileMapFailure",
"FieldInfo": [
{
"FieldName": "FailureReason",
"InType": "ANSISTRING"
},
{
"FieldName": "FileName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Checksum",
"InType": "UINT32"
},
{
"FieldName": "Timestamp",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HvciDriverLoadFail",
"FieldInfo": [
{
"FieldName": "Record-\u003eFailureReason",
"InType": "ANSISTRING"
},
{
"FieldName": "BaseName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Checksum",
"InType": "UINT32"
},
{
"FieldName": "Timestamp",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "HvciDriverLoadFail",
"FieldInfo": [
{
"FieldName": "FailureReason",
"InType": "ANSISTRING"
},
{
"FieldName": "BaseName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Checksum",
"InType": "UINT32"
},
{
"FieldName": "Timestamp",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000080",
"Extension": [
128
],
"EventName": "BadPhysicalMemoryMapAggregate",
"FieldInfo": [
{
"FieldName": "PageFrameIndexMin",
"InType": "INT64"
},
{
"FieldName": "PageFrameIndexMax",
"InType": "INT64"
},
{
"FieldName": "CallerId",
"InType": "UINT32"
},
{
"FieldName": "DriverNames",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000080",
"Extension": [
128
],
"EventName": "BadPhysicalMemoryMap",
"FieldInfo": [
{
"FieldName": "PageFrameIndex",
"InType": "UINT64"
},
{
"FieldName": "CallerId",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "WsAging",
"FieldInfo": [
{
"FieldName": "WorkingSetType",
"InType": "UINT8"
},
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Key",
"InType": "UINT32"
},
{
"FieldName": "NumberExamined",
"InType": "UINT64"
},
{
"FieldName": "AgedCount",
"InType": "UINT64"
},
{
"FieldName": "RemovedCount",
"InType": "UINT64"
},
{
"FieldName": "ClearedCount",
"InType": "UINT64"
},
{
"FieldName": "AgeFlags",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "WsTrim",
"FieldInfo": [
{
"FieldName": "WorkingSetType",
"InType": "UINT8"
},
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Key",
"InType": "UINT32"
},
{
"FieldName": "NumberExamined",
"InType": "UINT64"
},
{
"FieldName": "PagesTrimmed",
"InType": "UINT64"
},
{
"FieldName": "AvailablePages",
"InType": "UINT64"
},
{
"FieldName": "ModifiedPages",
"InType": "UINT64"
},
{
"FieldName": "ModifiedPagefilePages",
"InType": "UINT64"
},
{
"FieldName": "MinTrimAge",
"InType": "UINT32"
},
{
"FieldName": "TrimFlags",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "ProcessWorkingSets",
"FieldInfo": [
{
"FieldName": "AvailablePages",
"InType": "UINT64"
},
{
"FieldName": "ModifiedPages",
"InType": "UINT64"
},
{
"FieldName": "ModifiedPagefilePages",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "ProcessWorkingSets",
"FieldInfo": [
{
"FieldName": "TrimReason",
"InType": "UINT8"
},
{
"FieldName": "AgePercent",
"InType": "UINT16"
},
{
"FieldName": "WorkingSetRequestFlags",
"InType": "UINT32"
},
{
"FieldName": "PagesToTrim",
"InType": "UINT64"
},
{
"FieldName": "DesiredFreeGoal",
"InType": "UINT64"
},
{
"FieldName": "AvailablePages",
"InType": "UINT64"
},
{
"FieldName": "ModifiedPages",
"InType": "UINT64"
},
{
"FieldName": "ModifiedPagefilePages",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000001",
"Extension": [
128
],
"EventName": "ContinueTrimPasses",
"FieldInfo": [
{
"FieldName": "NumPasses",
"InType": "UINT32"
},
{
"FieldName": "PagesTrimmed",
"InType": "UINT64"
},
{
"FieldName": "PagesToTrim",
"InType": "UINT64"
},
{
"FieldName": "DesiredFreeGoal",
"InType": "UINT64"
},
{
"FieldName": "AvailablePages",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "NonRetpolineSystemImageLoadedAggregate",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "BaseDllName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ImageCheckSum",
"InType": "UINT32"
},
{
"FieldName": "ImageTimeDateStamp",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "RegisterHotPatchOperationStatus",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "ImageHotPatchThreadOperationStatus",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "ProcessName",
"InType": "ANSISTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "BaseAddress",
"InType": "HEXINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "SessionHotPatchLoadStatus",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "SessionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "UnloadPatchForUser",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "UserSid",
"InType": "SID"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "UnloadPatch",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "LoadPatchForUser",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "UserSid",
"InType": "SID"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "LoadPatch",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "RegisteredUserSidPatchRundown",
"FieldInfo": [
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "UserSid",
"InType": "SID"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "RegisteredPatchRundown",
"FieldInfo": [
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "ImageHotPatchLockedPagesFound",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "StartVirtualAddress",
"InType": "HEXINT64"
},
{
"FieldName": "LastVirtualAddress",
"InType": "HEXINT64"
},
{
"FieldName": "ImageCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "ImageTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "NumberOfLockedPages",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "ApplyImagePatch",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "Flags",
"InType": "HEXINT32"
},
{
"FieldName": "BaseImageAddress",
"InType": "HEXINT64"
},
{
"FieldName": "PatchImageAddress",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "ActiveUserPatchRundown",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "ProcessName",
"InType": "ANSISTRING"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "PatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "HpatEntryCount",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "ActiveKernelPatchRundown",
"FieldInfo": [
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "PatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000020",
"Extension": [
128
],
"EventName": "ActiveSecureKernelPatchRundown",
"FieldInfo": [
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "PatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchMinSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "ImageHotPatchOperationStatus",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "ProcessName",
"InType": "ANSISTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "ImageHotPatchOperationReverseOnly",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "ProcessName",
"InType": "ANSISTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "OldPatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "OldPatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "OldPatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "OldPatchSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "NewPatchSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "NewPatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "NewPatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "NewPatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "HpatEntryCount",
"InType": "UINT32"
},
{
"FieldName": "EntryDeleted",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "ImageHotPatchOperation",
"FieldInfo": [
{
"FieldName": "ProcessId",
"InType": "UINT32"
},
{
"FieldName": "ProcessName",
"InType": "ANSISTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "OldPatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "OldPatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "OldPatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "OldPatchSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "NewPatchSequenceNumber",
"InType": "UINT32"
},
{
"FieldName": "NewPatchCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "NewPatchTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "NewPatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "HpatEntryCount",
"InType": "UINT32"
},
{
"FieldName": "EntryDeleted",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "SecureKernelHotPatchOperationStatus",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "AppliedByBootLoader",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000020",
"Extension": [
128
],
"EventName": "KernelHotPatchOperationStatus",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "BaseCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "BaseTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PatchPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "AppliedByBootLoader",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000010",
"Extension": [
128
],
"EventName": "WsEmptyControl",
"FieldInfo": [
{
"FieldName": "WorkingSetType",
"InType": "UINT8"
},
{
"FieldName": "ImageFileName",
"InType": "ANSISTRING"
},
{
"FieldName": "Key",
"InType": "UINT32"
},
{
"FieldName": "ControlFlags",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000040",
"Extension": [
128
],
"EventName": "MemoryColdHint",
"FieldInfo": [
{
"FieldName": "RangeCount",
"InType": "UINT32"
},
{
"FieldName": "TotalNumberOfPages",
"InType": "HEXINT64"
},
{
"FieldName": "FirstRangePfn",
"InType": "HEXINT64"
},
{
"FieldName": "FirstRangeNumberOfPages",
"InType": "HEXINT32"
},
{
"FieldName": "FirstRangePageSize",
"InType": "UINT32"
},
{
"FieldName": "RangeArray",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000040",
"Extension": [
128
],
"EventName": "MemoryHotHint",
"FieldInfo": [
{
"FieldName": "RangeCount",
"InType": "UINT32"
},
{
"FieldName": "TotalNumberOfPages",
"InType": "HEXINT64"
},
{
"FieldName": "FirstRangePfn",
"InType": "HEXINT64"
},
{
"FieldName": "FirstRangeNumberOfPages",
"InType": "HEXINT32"
},
{
"FieldName": "FirstRangePageSize",
"InType": "UINT32"
},
{
"FieldName": "RangeArray",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "ProcessCommitFailure",
"FieldInfo": [
{
"FieldName": "AppSessionGuid",
"InType": "GUID"
},
{
"FieldName": "FailedSizePages",
"InType": "UINT64"
},
{
"FieldName": "Location",
"InType": "UINT32"
},
{
"FieldName": "ProcessPageFileLimitPages",
"InType": "UINT64"
},
{
"FieldName": "ProcessPageFileUsagePages",
"InType": "UINT64"
},
{
"FieldName": "ProcessCommitLimitPages",
"InType": "UINT64"
},
{
"FieldName": "ProcessCommitUsedPages",
"InType": "UINT64"
},
{
"FieldName": "JobPrivateCommitLimitPages",
"InType": "UINT64"
},
{
"FieldName": "JobTotalCommitLimitPages",
"InType": "UINT64"
},
{
"FieldName": "JobPrivateCommitUsedPages",
"InType": "UINT64"
},
{
"FieldName": "JobSharedCommitUsedPages",
"InType": "UINT64"
},
{
"FieldName": "PartitionCommitLimitPages",
"InType": "UINT64"
},
{
"FieldName": "PartitionCommitUsagePages",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "SlabEntryDemotionAggregateSpecificType",
"FieldInfo": [
{
"FieldName": "NumberOfSlabEntries",
"InType": "INT64"
},
{
"FieldName": "SlabType",
"InType": "UINT32"
},
{
"FieldName": "NumaIndex",
"InType": "UINT32"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "SlabEntryDemotionAggregateByType",
"FieldInfo": [
{
"FieldName": "NumberOfSlabEntries",
"InType": "INT64"
},
{
"FieldName": "SlabType",
"InType": "UINT32"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "SlabEntryDemotionAggregateTotal",
"FieldInfo": [
{
"FieldName": "NumberOfSlabEntries",
"InType": "INT64"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "SlabEntryAllocateFailureAggregate",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "SlabType",
"InType": "UINT32"
},
{
"FieldName": "NumaNodeIndex",
"InType": "UINT32"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "FailureReason",
"InType": "UINT32"
},
{
"FieldName": "NodeAvailablePercent",
"InType": "UINT32"
},
{
"FieldName": "NodePhysicalPages",
"InType": "HEXINT64"
},
{
"FieldName": "EntryAllocationFlags",
"InType": "HEXINT32"
},
{
"FieldName": "AllocationFlags",
"InType": "HEXINT32"
},
{
"FieldName": "FailedFast",
"InType": "UINT8"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000002",
"Extension": [
128
],
"EventName": "StoreCorruptionFixed",
"FieldInfo": [
{
"FieldName": "SourcePointer",
"InType": "HEXINT64"
},
{
"FieldName": "CompressedSize",
"InType": "HEXINT32"
},
{
"FieldName": "TotalFixed",
"InType": "UINT32"
},
{
"FieldName": "SourcePageFrame1",
"InType": "UINT64"
},
{
"FieldName": "SourcePageFrame2",
"InType": "UINT64"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "StoreWriteDisabled",
"FieldInfo": [
{
"FieldName": "DisableCount",
"InType": "UINT32"
},
{
"FieldName": "PagesWritten",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000002",
"Extension": [
128
],
"EventName": "PageNotStoreCandidate",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "StorePageFileOffset",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "StorePageFileFull",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "StoreWriteCompleteFailure",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "StoreWriteIssueFailure",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
},
{
"FieldName": "ContainerKey",
"InType": "HEXINT64"
},
{
"FieldName": "SubKeyAddress",
"InType": "HEXINT64"
},
{
"FieldName": "StorePageFileOffset",
"InType": "HEXINT32"
},
{
"FieldName": "RetryCount",
"InType": "UINT32"
},
{
"FieldName": "WaitAllowed",
"InType": "UINT32"
},
{
"FieldName": "TotalWriteFailures",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000002",
"Extension": [
128
],
"EventName": "StoreWriteIssueRetry",
"FieldInfo": [
{
"FieldName": "ContainerKey",
"InType": "HEXINT64"
},
{
"FieldName": "SubKeyAddress",
"InType": "HEXINT64"
},
{
"FieldName": "StorePageFileOffset",
"InType": "HEXINT32"
},
{
"FieldName": "RetryCount",
"InType": "UINT32"
},
{
"FieldName": "WaitAllowed",
"InType": "UINT32"
},
{
"FieldName": "TotalWriteFailures",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "SlabStatsAggregateByType",
"FieldInfo": [
{
"FieldName": "SlabEntryCountMin",
"InType": "INT64"
},
{
"FieldName": "SlabEntryCountMax",
"InType": "INT64"
},
{
"FieldName": "FreePageCountMin",
"InType": "INT64"
},
{
"FieldName": "FreePageCountMax",
"InType": "INT64"
},
{
"FieldName": "ChargedPageCountMin",
"InType": "INT64"
},
{
"FieldName": "ChargedPageCountMax",
"InType": "INT64"
},
{
"FieldName": "StandbyPageCountMin",
"InType": "INT64"
},
{
"FieldName": "StandbyPageCountMax",
"InType": "INT64"
},
{
"FieldName": "SlabEntriesAllocatedMax",
"InType": "INT64"
},
{
"FieldName": "SlabEntriesDemotedMax",
"InType": "INT64"
},
{
"FieldName": "SlabEntriesFailedFastMax",
"InType": "INT64"
},
{
"FieldName": "SlabEntriesFailedSlowMax",
"InType": "INT64"
},
{
"FieldName": "SlabPagesFreedNonZeroed",
"InType": "INT64"
},
{
"FieldName": "SlabType",
"InType": "UINT32"
},
{
"FieldName": "NumaNodeIndex",
"InType": "UINT32"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "NonSlabPagesForCombinedInPageAggregate",
"FieldInfo": [
{
"FieldName": "CountCumulative",
"InType": "INT64"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SystemImagePinAddressDroppedAggregate",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "CallerId",
"InType": "UINT32"
},
{
"FieldName": "AboveDispatch",
"InType": "BOOL32"
},
{
"FieldName": "KdEnabled",
"InType": "BOOL32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "SystemImagePinAddressAggregate",
"FieldInfo": [
{
"FieldName": "Count",
"InType": "INT64"
},
{
"FieldName": "CallerId",
"InType": "UINT32"
},
{
"FieldName": "PteInvalid",
"InType": "BOOL32"
},
{
"FieldName": "PteWriteable",
"InType": "BOOL32"
},
{
"FieldName": "PteExecutable",
"InType": "BOOL32"
},
{
"FieldName": "AlreadyLocked",
"InType": "BOOL32"
},
{
"FieldName": "IrqlState",
"InType": "UINT32"
},
{
"FieldName": "KdState",
"InType": "UINT32"
},
{
"FieldName": "BootPhase",
"InType": "UINT32"
},
{
"FieldName": "ImageName",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "ImageCheckSum",
"InType": "HEXINT32"
},
{
"FieldName": "ImageTimeDateStamp",
"InType": "HEXINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "NonSlabPagesForDriversAggregate",
"FieldInfo": [
{
"FieldName": "CountCumulative",
"InType": "INT64"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000400",
"Extension": [
128
],
"EventName": "NonPagedSlabStatsAggregate",
"FieldInfo": [
{
"FieldName": "MdlPagesByListsTotal",
"InType": "INT64"
},
{
"FieldName": "MdlPagesByListsFromSlab",
"InType": "INT64"
},
{
"FieldName": "MdlPagesByListsSlabNotEligible",
"InType": "INT64"
},
{
"FieldName": "MdlPagesPreferContiguousSlabEligible",
"InType": "INT64"
},
{
"FieldName": "MdlPagesPreferContiguousFromSlab",
"InType": "INT64"
},
{
"FieldName": "MdlSlabPagesFreeZeroedTotal",
"InType": "INT64"
},
{
"FieldName": "MdlSlabPagesFreeZeroedBucket0",
"InType": "INT64"
},
{
"FieldName": "MdlSlabPagesFreeZeroedBucket1",
"InType": "INT64"
},
{
"FieldName": "MdlSlabPagesFreeZeroedBucket2",
"InType": "INT64"
},
{
"FieldName": "MdlSlabPagesFreeZeroedBucket3",
"InType": "INT64"
},
{
"FieldName": "SystemPageTablePagesNoSlab",
"InType": "INT64"
},
{
"FieldName": "PartitionId",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "UnknownIoCtl",
"FieldInfo": [
{
"FieldName": "IoControlCode",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "IoCtl",
"FieldInfo": [
{
"FieldName": "IoControlCode",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "IOCTL Called from inside Container",
"FieldInfo": [
{
"FieldName": "IoControlCode",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 4,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "IoCtlComplete",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "DriverUnload",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreQueryKeyNameFailed",
"FieldInfo": [
{
"FieldName": "ContainerPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostEnumerateKey",
"FieldInfo": [
{
"FieldName": "InformationClass",
"InType": "HEXINT32"
},
{
"FieldName": "EnumeratedKey_ContainerPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostQueryKeyFailed",
"FieldInfo": [
{
"FieldName": "ContainerPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FlushKey Success",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreLoadKeyFailed",
"FieldInfo": [
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostQueryKey",
"FieldInfo": [
{
"FieldName": "InformationClass",
"InType": "HEXINT32"
},
{
"FieldName": "ContainerPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreQueryKeyNameSuccess",
"FieldInfo": [
{
"FieldName": "ContainerPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostOpenOrCreateReparseDetected",
"FieldInfo": [
{
"FieldName": "HostPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostEnumerateKeyFailed",
"FieldInfo": [
{
"FieldName": "InformationClass",
"InType": "HEXINT32"
},
{
"FieldName": "EnumeratedKey_ContainerPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "FullEnumeratedKey_ContainerPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreLoadKey",
"FieldInfo": [
{
"FieldName": "AbsolutePath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostOpenOrCreateFailed",
"FieldInfo": [
{
"FieldName": "HostPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreOpenOrCreateFailed",
"FieldInfo": [
{
"FieldName": "Key",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreLoadKeySuccess",
"FieldInfo": [
{
"FieldName": "AbsolutePath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "HostMountPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PostQueryKeyFinished",
"FieldInfo": [
{
"FieldName": "ContainerPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "InformationClass",
"InType": "HEXINT32"
},
{
"FieldName": "PostInfo-\u003eReturnStatus",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreQueryKeyName",
"FieldInfo": [
{
"FieldName": "ContainerPath",
"InType": "COUNTEDSTRING"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "PreOpenOrCreateGlobalReparse",
"FieldInfo": [
{
"FieldName": "NewPath",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Status",
"InType": "UINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FlushKey Bypassed",
"FieldInfo": []
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "VhdAutoAttachFailed",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "VhdPath",
"InType": "UNICODESTRING"
},
{
"FieldName": "VhdId",
"InType": "GUID"
},
{
"FieldName": "AttachFlags",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpComputeShareableOplockState_Exit",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
},
{
"FieldName": "Oplock-\u003eWaitingIrps.Flink",
"InType": "HEXINT64"
},
{
"FieldName": "Oplock-\u003eWaitingIrps.Blink",
"InType": "HEXINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000000000000000",
"Extension": [
128
],
"EventName": "FsRtlpComputeShareableOplockState_Enter",
"FieldInfo": [
{
"FieldName": "Oplock_ptr",
"InType": "HEXINT64"
},
{
"FieldName": "OplockState",
"InType": "HEXINT32"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"Extension": [
128
],
"EventName": "DisablePointerParameterAlignmentValidation",
"FieldInfo": [
{
"FieldName": "DisablePointerParameterAlignmentValidation",
"InType": "UINT32"
},
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
}
]
},
{
"EventId": 0,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"Extension": [
128
],
"EventName": "TlgAggregateSummary",
"FieldInfo": [
{
"FieldName": "PartA_PrivTags",
"InType": "UINT64"
},
{
"FieldName": "UtcAggParams",
"InType": "STRUCT"
},
{
"FieldName": "Period",
"InType": "UINT32"
},
{
"FieldName": "MaxEvents",
"InType": "UINT32"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "Provider",
"InType": "GUID"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT64"
},
{
"FieldName": "Mode",
"InType": "UINT8"
},
{
"FieldName": "UtcAggVal",
"InType": "STRUCT"
},
{
"FieldName": "Name",
"InType": "COUNTEDSTRING"
},
{
"FieldName": "Value",
"InType": "UINT32"
},
{
"FieldName": "Mode",
"InType": "UINT8"
}
]
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment