Event tracing using WPP from user mode, native application using Visual Studio
https://stackoverflow.com/questions/4482107
-
11-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm looking for an example of utilizing "Event Tracing for Windows" (ETW) using WPP (a pre-processor) for applications developed in the Visual Studio environment. Whilst MSDN documentation promise that WPP is usable also for user mode, native application, it contains only examples of doing so for a device driver and also relies heavily on integrating with makefiles.
So I wonder if someone was able to have this working and if he's willing to share his findings or working sample code. Thanks! Uri Cohen
Solution 2
Found the answer I was looking for in the article: "WPP Tracing in Visual C++ 2010 Projects" by Trey Nash!
OTHER TIPS
WPP can definitely be used in user-mode, you just need to grab out the TraceWPP.exe from the WDK.
However, if you're not working with a lot of legacy code or you're interested in monitoring app performance, I'd consider using manifest-based ETW events instead; since each message is explicitly described as a structure, it's easier to analyze in XPerf or write other tooling around it. WPP literally just logs strings to the ETL trace that you'll have to parse later.
You can also use both WPP and manifest-based ETW in the same application - the guidance is, use WPP for private-only / one-off debug strings, and manifest events for more public, "official" events that you want to trace.
