I can provide only the user mode APIs in advapi32.dll and sechost.dll. I'm
bit familiar with kernel mode but not with kernel mode APIs. Most of the
user mode event tracing APIs connected to ntoskrnl!NtTraceControl(). If
someone familiar with kernel mode he/she just have to apply that function
in kernel.
Thanks for reply.