How to use ETW from a C++ windows client
https://stackoverflow.com/questions/2134384
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely incomplete. What would really help is a simple C++ example that writes out tracing messages using ETW. Does such an example exist? Is there other ETW documentation you might recommend?
Solution
To write a Provider for ETW you have two options of either writing it as a manifest-based provider (preferred for Vista or higher) or a classic provider for legacy support. If manifest-based is the approach you want to go with then check out an example here. Alternatively you have find a classic provider example here.
I suppose you want to use a manifest-based approach as its better and can support up to 8 sessions. The first step for a manifest-based provider needs to do is to register the event using EventRegister and and then write to it via the EventWrite or EventWriteString function.
OTHER TIPS
This document from Microsoft is a good one to begin with here
