Geoff Chappell, Software Analyst
PLACEHOLDER FOR WORK THAT MAY NEVER BE DONE - PREVIEW ONLY
When given 0x18 as its FunctionCode argument, the NtTraceControl function registers the current process as the provider of security events. Microsoft’s name for this function code is not known. This note deals only with the function’s behaviour that is specific to this function code. The function’s general behaviour is here taken as assumed knowledge.
This function expects no input and produces no output: if given either, the function returns STATUS_INVALID_PARAMETER.
TO BE DONE?