I'm researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely incomplete. What would really help is a simple C++ example that writes out tracing messages using ETW. Does such an example exist? Is there other ETW documentation you might recommend?
To write a Provider for ETW you have two options of either writing it as a manifest-based provider (preferred for Vista or higher) or a classic provider for legacy support. If manifest-based is the approach you want to go with then check out an example here. Alternatively you have find a classic provider example here.
I suppose you want to use a manifest-based approach as its better and can support up to 8 sessions. The first step for a manifest-based provider needs to do is to register the event using EventRegister and and then write to it via the EventWrite or EventWriteString function.
This document from Microsoft is a good one to begin with here
来源:https://stackoverflow.com/questions/2134384/how-to-use-etw-from-a-c-windows-client