By default, krabsetw produces events that have their timestamps converted into system time. Specifying PROCESS_TRACE_MODE_RAW_TIMESTAMP as ProcessTraceMode in the EVENT_TRACE_LOGFILE would leave timestamps in the same raw format used by QueryPerformanceCounter(). This is desirable as there is less overhead per timestamp but would also be particularly useful to correlate krabsetw events to other profiling events timestamped with the QueryPerformanceCounter() API. Adding an option to select the timestamp type would be great.
By default, krabsetw produces events that have their timestamps converted into system time. Specifying
PROCESS_TRACE_MODE_RAW_TIMESTAMPasProcessTraceModein theEVENT_TRACE_LOGFILEwould leave timestamps in the same raw format used byQueryPerformanceCounter(). This is desirable as there is less overhead per timestamp but would also be particularly useful to correlate krabsetw events to other profiling events timestamped with theQueryPerformanceCounter()API. Adding an option to select the timestamp type would be great.See https://docs.microsoft.com/en-us/windows/win32/api/evntrace/ns-evntrace-event_trace_logfilea for more details.