Menu
I'm researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely incomplete. What would really help is a simple C++ example that writes out tracing messages using ETW. Does such an example exist? Is there other ETW documentation you might recommend?
408
Event Tracing for Windows (ETW) is an efficient kernel-level tracing facility that lets you log kernel or application-defined events to a log file. You can consume the events in real time or from a log file and use them to debug an application or to determine where performance issues are occurring in the application.
ETW Provider — provides events to an event tracing session. A provider defines its interpretation of being enabled or disabled. In general, an enabled provider generates events, whereas a disabled provider does not. ETW Consumer — consumes the events from an event tracing session.
The Trace Window provides extra flexibility for organizing measurement traces. The Trace Window is a regular application window with menus and toolbars, similar to the main VSA application window, except that the Trace Window contains a subset of the menu items available in the VSA application window.
To write a Provider for ETW, you have two options:
write it as a manifest-based provider (preferred for Windows Vista or higher). Check out an example here.
write it as a classic provider for legacy support. You can find an example here.
I suppose you want to use a manifest-based approach, as its better and can support up to eight sessions. The first step a manifest-based provider needs to do is to register the event using EventRegister() and then write to it via the EventWrite() or EventWriteString() function.
200
Programmers Guide to Eventing (2010) from Microsoft is a good one to start with.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
