Is there a Microsoft (built-in) ETW Provider for tracing ETW lifecycle events?

Question

I can't seem to find an ETW provider for tracing ETW lifecycle events, such as:

• when is a trace event session created (name, options)
• when is a trace event session disposed
• when is a provider enabled for a trace event session (provider name, guid, options)
• when is a provider disabled for a trace event session (provider name, guid, options)

This is self-tracing - using ETW to trace itself. I can't just make such an ETW provider, it has to have been made already by Microsoft, as the events must originate from within the Windows kernel.

Answer 1

Microsoft-Windows-Kernel-EventTracing is the provider for ETW lifecycle events