search

microsoft / krabsetw

KrabsETW provides a modern C++ wrapper and a .NET wrapper around the low-level ETW trace consumption functions.
Other
588 stars 147 forks source link

Add optional trace::create() method #171

Closed pierricgimmig closed 2 years ago

pierricgimmig commented 3 years ago

Some providers are configured through the use of "TraceSetInformation" which takes in a session handle. The session handle is available after the call to "StartTrace" in "register_trace()". Add a "create()" method that calls "register_trace" independently from "start()" to give an opportunity to use "TraceSetInformation" with the returned handle before the blocking call to "start()". Note that "create()" is optional. If not called, the trace session will be created automatically when calling "start()", as before.

Note that we could have used "ControlTrace" to obtain the handle of an existing trace. However, since the session handle was assigned through the "start()" method, which runs in its own thread, there is a race condition.

Tests: all tests pass.

pierricgimmig commented 2 years ago

Ping. Any thoughts on this? Do you see a better way to retrieve the session handle? To give more context, I need the trace handle in order to initialize stack tracing with TraceSetInformation:

...
size_t data_size = ids_.size() * sizeof(STACK_TRACING_EVENT_ID);
  ULONG error = TraceSetInformation(trace_handle_, TraceStackTracingInfo, ids_.data(),
                                    static_cast<ULONG>(data_size));

I also need to call TraceSetInformation with the session handle to set the sampling frequency: 

...
ULONG error = TraceSetInformation(trace_handle, TraceSampledProfileIntervalInfo, (void*)&interval,
                                    sizeof(TRACE_PROFILE_INTERVAL));
pierricgimmig commented 2 years ago

@swannman , sounds good, thanks, it works indeed. Closing this PR in favor of #181