All geek questions in one place

Tracking multiple ETW providers using WPP

I am trying to use Event Tracking for Windows using WPP instumentation. In the documentation "Getting Started with Software Tracing in Windows Drivers", you can transfer traces to several providers from the same driver, but I did not see an example for doing this:

A driver can specify multiple control GUIDs. Each management GUID identifies a unique provider. For example, if a driver defines two control GUIDs, one for a shared library and one for a driver, the library and driver can be included as two different providers. Tracing can be enabled either for the library, or for the driver, or for both.

I tried to create two header files, each with WPP_CONTROL_GUIDS using a different guid. Then I include the various header files from the c / cpp files, which, I assume, provide traces to various providers. But it seems that the definition in the main file overrides this separation, and all traces go to the provider he uses ...

Any suggestion? Any sample? Thanks!!

+4
source share
1 answer

I avoid WPP tracing like a plague, but the trace patterns serve as an example of how to do this. You should see this comment somewhere in one of your TMH files:

 // template C:\WinDDK\7600.16385.1\bin\wppconfig\rev1\control.tpl // // Defines a set of macro that expand control model specified // with WPP_CONTROL_GUIDS (example shown below) // into an enum of trace levels and required structures that // contain the mask of levels, logger handle and some information // required for registration. // /////////////////////////////////////////////////////////////////////////////////// // // #define WPP_CONTROL_GUIDS \ // WPP_DEFINE_CONTROL_GUID(Regular,(81b20fea,73a8,4b62,95bc,354477c97a6f), \ // WPP_DEFINE_BIT(Error) \ // WPP_DEFINE_BIT(Unusual) \ // WPP_DEFINE_BIT(Noise) \ // ) \ // WPP_DEFINE_CONTROL_GUID(HiFreq,(91b20fea,73a8,4b62,95bc,354477c97a6f), \ // WPP_DEFINE_BIT(Entry) \ // WPP_DEFINE_BIT(Exit) \ // WPP_DEFINE_BIT(ApiCalls) \ // WPP_DEFINE_BIT(RandomJunk) \ // WPP_DEFINE_BIT(LovePoem) \ // )

So, you must define both GUIDs in the same WPP_CONTROL_GUIDS macro.

+1
source

Source: https://habr.com/ru/post/1432377/

More articles:


All Articles