Skip to content

Instantly share code, notes, and snippets.

@leechristensen

leechristensen/MicrosoftAccountTokenProvider.dll ETW Providers.txt

Created July 11, 2020 00:46
Show Gist options
  • Save leechristensen/d0e1fdc1fef666e7f4b6cc3a3e7caee3 to your computer and use it in GitHub Desktop.
Save leechristensen/d0e1fdc1fef666e7f4b6cc3a3e7caee3 to your computer and use it in GitHub Desktop.
Download ZIP
MicrosoftAccountTokenProvider.dll ETW Providers
Raw
MicrosoftAccountTokenProvider.dll ETW Providers.txt
# Download from TLGMetadataParser.psm1 from https://gist.github.com/mattifestation/edbac1614694886c8ef4583149f53658
PS C:\> Import-Module TLGMetadataParser.psm1
PS C:\> Get-TraceLoggingMetadata -Path C:\Windows\system32\MicrosoftAccountTokenProvider.dll | ConvertTo-Json
{
"FilePath": "C:\\Windows\\system32\\MicrosoftAccountTokenProvider.dll",
"Providers": [
{
"ProviderGUID": "05f02597-fe85-4e67-8542-69567ab8fd4f",
"ProviderName": "MSAClientTraceLoggingProvider",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
},
{
"ProviderGUID": "05f02597-fe85-4e67-8542-69567ab8fd4f",
"ProviderName": "MSAClientTraceLoggingProvider",
"ProviderGroupGUID": "4f50731a-89cf-4782-b3e0-dce8c90476ba"
}
],
"Events": [
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000400000000000",
"KeywordName": "MS.MEASURES",
"Extension": "0",
"EventName": "ActivityStoppedAutomatically",
"FieldInfo": ""
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000200000000000",
"KeywordName": "MS.TELEMETRY",
"Extension": "0",
"EventName": "ActivityStoppedAutomatically",
"FieldInfo": ""
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"KeywordName": "MS.MEASURES",
"Extension": "0",
"EventName": "ActivityIntermediateStop",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000400000000000",
"KeywordName": "MS.MEASURES",
"Extension": "0",
"EventName": "ActivityError",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000600000000000",
"KeywordName": null,
"Extension": "0",
"EventName": "ActivityError",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"KeywordName": null,
"Extension": "0",
"EventName": "CheckPackageSidForAadSSOCookieCallDetails",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"KeywordName": "MS.TELEMETRY",
"Extension": "0",
"EventName": "GetCookieInfoForUriCall_AADSSO",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"KeywordName": "MS.TELEMETRY",
"Extension": "0",
"EventName": "GetCookieInfoForUriCall_Cache",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000200000000000",
"KeywordName": "MS.TELEMETRY",
"Extension": "0",
"EventName": "GetCookieInfoForUriCall_Start",
"FieldInfo": ""
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000200000000000",
"KeywordName": "MS.TELEMETRY",
"Extension": "0",
"EventName": "GetCookieInfoForUriCall_Stop",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 1,
"Keyword": "0x0000400000000000",
"KeywordName": "MS.MEASURES",
"Extension": "0",
"EventName": "GetCookieInfoWithUriForAccount",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000400000000000",
"KeywordName": "MS.MEASURES",
"Extension": "0",
"EventName": "GetCookieInfoWithUriForAccount",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 5,
"Opcode": 2,
"Keyword": "0x0000400000000000",
"KeywordName": "MS.MEASURES",
"Extension": "0",
"EventName": "GetCookieInfoWithUriForAccount",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000000000000000",
"KeywordName": null,
"Extension": "0",
"EventName": "FallbackError",
"FieldInfo": " "
},
{
"EventId": 0,
"Channel": 11,
"Level": 2,
"Opcode": 0,
"Keyword": "0x0000200000000000",
"KeywordName": "MS.TELEMETRY",
"Extension": "0",
"EventName": "FallbackError",
"FieldInfo": " "
}
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment