DebugViewPP icon indicating copy to clipboard operation
DebugViewPP copied to clipboard

Published 20 hours ago verified publisher icon CobaltFusion

Support Event Tracing for Windows (ETW)

Open janwilmans opened this issue 10 years ago • 8 comments

http://msdn.microsoft.com/en-us/library/windows/desktop/bb968803(v=vs.85).aspx

I think we should have at least one use case before we implement this, so posepone for now.

janwilmans avatar Mar 11 '14 19:03 janwilmans

Windows driver developers (including Windows kernel developers) tend to prefer Windows software trace preprocessor (WPP), which is backed by the ETW technology, over debug prints in production code, since it runs fast, does not leave hard-coded strings in compiled files (they are instead, stored in PDB files), and as straightforward to use as debug prints.

If DebugView++ implements a capability to view WPP logs in real-time, that would be attractive for such developers because the only tools that support it are: TraceView, which UI was written 15 years ago and pain to use, and TraceView Plus, which is not free, as far as I am aware of.

This will still be somewhat large work but at least you do not need any driver file, unlike support of the kernel-mode debug message capturing.

tandasat avatar Oct 07 '18 14:10 tandasat

I did a first attempt to understand how to use ETW, I couldn't even figure out how to use to from C++... do you have any working examples?

janwilmans avatar Oct 07 '18 18:10 janwilmans

I would like to support ETW because it seems to be the OutputDebugString replacement for modern windows development?

janwilmans avatar Oct 07 '18 18:10 janwilmans

@janwilmans Here're some examples: https://github.com/Microsoft/Windows-classic-samples/tree/master/Samples/Win7Samples/winbase/Eventing (Didn't test, but they are from Microsoft)

harriv avatar Oct 07 '18 19:10 harriv

@harriv thanks! I will try this, at first glance this looks like the 'receiving part' right? the side I would need to do, which is perfect to have an example of, however, what about the sending side ? any example in c++ and/or C#?

janwilmans avatar Oct 07 '18 20:10 janwilmans

@janwilmans I think this is the simple example: https://github.com/Microsoft/Windows-classic-samples/tree/master/Samples/Win7Samples/winbase/Eventing/Provider/Simple/CPP

Here's overview of the system: https://docs.microsoft.com/en-us/windows/desktop/etw/about-event-tracing

harriv avatar Oct 07 '18 20:10 harriv

Hi @janwilmans

I also quickly coded the provider part with WPP and TraceLogging: etw.zip

Some instructions and brief explanations are there as comments. Those are expected ouputs from the sample programs.

WPP wpp

TraceLogging (which, I care less) tracelogging

tandasat avatar Oct 07 '18 20:10 tandasat

wow thanks! I will have to examine this!

janwilmans avatar Oct 07 '18 20:10 janwilmans