I'm researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely incomplete. What would really help is a simple C++ example that writes out tracing messages using ETW. Does such an example exist? Is there other ETW documentation you might recommend?
Asked
Active
Viewed 1.3k times
2 Answers
20
To write a Provider for ETW, you have two options:
write it as a manifest-based provider (preferred for Windows Vista or higher). Check out an example here.
write it as a classic provider for legacy support. You can find an example here.
I suppose you want to use a manifest-based approach, as its better and can support up to eight sessions. The first step a manifest-based provider needs to do is to register the event using EventRegister() and then write to it via the EventWrite() or EventWriteString() function.
Peter Mortensen
- 30,738
- 21
- 105
- 131
bahree
- 586
- 5
- 13
8
Programmers Guide to Eventing (2010) from Microsoft is a good one to start with.
Peter Mortensen
- 30,738
- 21
- 105
- 131
proton
- 658
- 1
- 7
- 26
-
Can you provide a summary (this is currently a link-only answer)? – Peter Mortensen Jan 28 '20 at 22:24