heap alloc etw don't work

[chena1982]

I want use etw to record a process's heap alloc, but it don't work. Don't get any EVENT, the callbak function nerver beed called. My os is win10. Already set process TracingFlags to 1.

    krabs::user_trace trace(L"My magic trace");
    // Heap Trace Provider
krabs::provider<> provider(krabs::guid(L"{222962AB-6180-4B88-A825-346B75F2A24A}"));

// Enable Stack Trace
provider.trace_flags(EVENT_ENABLE_PROPERTY_STACK_TRACE);

krabs::event_filter filter(krabs::predicates::process_id_is(dwProcessId));
filter.add_on_event_callback([](const EVENT_RECORD &record, const krabs::trace_context &trace_context) {
    // Get Stack trace from events
    krabs::schema schema(record, trace_context.schema_locator);
    for (USHORT i = 0; i < record.ExtendedDataCount; i++)
    {
        EVENT_HEADER_EXTENDED_DATA_ITEM data_item = record.ExtendedData[i];

        // Made assumtion here it's a 64-bit trace
        PEVENT_EXTENDED_ITEM_STACK_TRACE64 pst64 = (PEVENT_EXTENDED_ITEM_STACK_TRACE64)data_item.DataPtr;
        uint32_t size = (data_item.DataSize - sizeof(ULONG64)) / sizeof(ULONG64);
        wprintf(L"Stack Trace Size: %d \n", size);
        for (size_t x = 0; x < size; x++)
        {
            ULONG64 addr = pst64->Address[x];
            printf("Stack Trace addr: 0x%llx\n", addr);
        }
        printf("--------------------------\n");
    }
});

// Start ETW Session
provider.add_filter(filter);
trace.enable(provider);
printf("Starting trace...\n");
trace.start();

[chena1982]

Sometimes it worked. but EVENT_ENABLE_PROPERTY_STACK_TRACE still don't work. record.ExtendedDataCount == 0