Geoff Chappell, Software Analyst
PLACEHOLDER FOR WORK THAT MAY NEVER BE DONE - PREVIEW ONLY
When given 0x22 as its FunctionCode argument, the NtTraceControl function gets a provider group’s disallow list. Microsoft’s name for this function code is not known. This note deals only with the function’s behaviour that is specific to this function code. The function’s general behaviour is here taken as assumed knowledge.
If the input buffer does not provide exactly 8 bytes, the function returns STATUS_INVALID_PARAMETER.
TO BE DONE?