LiveStacks
LiveStacks copied to clipboard
goldshtn
Collect, aggregate, and display live stack traces for ETW events, including CPU sampling, of native and .NET processes.
Hi how can we print events with their stack trace from a specific provider using their GUID e.g. '{7426A56B-E2D5-4B30-BDEF-B31815C1A74A}' for Microsoft-Windows-USB-USBHUB? Somewhat like `LiveStacks.exe -K -e '{7426A56B-E2D5-4B30-BDEF-B31815C1A74A}'`
Users can find kernel event keywords easily partially fix #5
Hi, If I run LiveStacks against a .NET Core app I don't get any callstacks. If the dotnet process has a pid of 11108 and I run .\LiveStacks.exe -p 11108...
Need to find a reasonable format for specifying the provider name, keywords, and level on the command line. Otherwise, it's just calling `EnableProvider` with `TraceEventOptions.Stacks`.
It looks like it doesn't work in a VM (try with PMU virtualization?). In any case, if it works on a physical box, consider making it configurable for lower-overhead profiling....
When targeting 32-bit processes on WoW64, the 64-bit ntdll is resolved but the 32-bit ntdll doesn't have symbols properly loaded, which causes its frames to not be resolved.
Currently we check if the address is < 0x8000000000000000, which works for 64-bit processes but not 32-bit processes.
The stack data would then include the event name, and the printed output would have the event name as well. This would also be handy when the user doesn't know...
Otherwise, users have to figure out what they can trace by looking at ETW recordings from elsewhere.