Enum ferrisetw::provider::EventFilter

pub enum EventFilter {
    ByPids(Vec<u16>),
    ByEventIds(Vec<u16>),
}

Expand description

Specifies how this provider will filter its events

Some filters are not effective prior to Windows 8.1 (source)

Variants§

ByPids(Vec<u16>)

Filter by PID. This is only effective on kernel mode logger session. TODO: even for KernelTrace, this does not seem to work. Maybe there’s a distinction between “a trace run in kernel-mode” and a “System trace”? See https://github.com/n4r1b/ferrisetw/issues/51

ByEventIds(Vec<u16>)

Filter by ETW Event ID.

Implementations§

impl EventFilter

pub fn to_event_filter_descriptor( &self ) -> Result<EventFilterDescriptor, Box<dyn Error>>

Builds an EventFilterDescriptor (which can in turn generate an EVENT_FILTER_DESCRIPTOR)

Trait Implementations§

impl Debug for EventFilter

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

impl RefUnwindSafe for EventFilter

impl Send for EventFilter

impl Sync for EventFilter

impl Unpin for EventFilter

impl UnwindSafe for EventFilter

Blanket Implementations§

impl<T> Any for Twhere T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere T: ?Sized,

const: unstable · source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source§

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for Twhere U: From<T>,

const: unstable · source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, U> TryFrom<U> for Twhere U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for Twhere U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<V, T> VZip<V> for Twhere V: MultiLane<T>,

fn vzip(self) -> V