search

CobaltFusion / DebugViewPP

DebugView++, collects, views, filters your application logs, and highlights information that is important to you!
Boost Software License 1.0
1.01k stars 148 forks source link

Support Event Tracing for Windows (ETW) #126

Open janwilmans opened 10 years ago

janwilmans commented 10 years ago

http://msdn.microsoft.com/en-us/library/windows/desktop/bb968803(v=vs.85).aspx

I think we should have at least one use case before we implement this, so posepone for now.

tandasat commented 5 years ago

Windows driver developers (including Windows kernel developers) tend to prefer Windows software trace preprocessor (WPP), which is backed by the ETW technology, over debug prints in production code, since it runs fast, does not leave hard-coded strings in compiled files (they are instead, stored in PDB files), and as straightforward to use as debug prints.

If DebugView++ implements a capability to view WPP logs in real-time, that would be attractive for such developers because the only tools that support it are: TraceView, which UI was written 15 years ago and pain to use, and TraceView Plus, which is not free, as far as I am aware of.

This will still be somewhat large work but at least you do not need any driver file, unlike support of the kernel-mode debug message capturing.

janwilmans commented 5 years ago

I did a first attempt to understand how to use ETW, I couldn't even figure out how to use to from C++... do you have any working examples?

janwilmans commented 5 years ago

I would like to support ETW because it seems to be the OutputDebugString replacement for modern windows development?

harriv commented 5 years ago

@janwilmans Here're some examples: https://github.com/Microsoft/Windows-classic-samples/tree/master/Samples/Win7Samples/winbase/Eventing (Didn't test, but they are from Microsoft)

janwilmans commented 5 years ago

@harriv thanks! I will try this, at first glance this looks like the 'receiving part' right? the side I would need to do, which is perfect to have an example of, however, what about the sending side ? any example in c++ and/or C#?

harriv commented 5 years ago

@janwilmans I think this is the simple example: https://github.com/Microsoft/Windows-classic-samples/tree/master/Samples/Win7Samples/winbase/Eventing/Provider/Simple/CPP

Here's overview of the system: https://docs.microsoft.com/en-us/windows/desktop/etw/about-event-tracing

tandasat commented 5 years ago

Hi @janwilmans

I also quickly coded the provider part with WPP and TraceLogging: etw.zip

Some instructions and brief explanations are there as comments. Those are expected ouputs from the sample programs.

WPP wpp

TraceLogging (which, I care less) tracelogging

janwilmans commented 5 years ago

wow thanks! I will have to examine this!