问题
I'm researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely incomplete. What would really help is a simple C++ example that writes out tracing messages using ETW. Does such an example exist? Is there other ETW documentation you might recommend?
回答1:
To write a Provider for ETW, you have two options:
write it as a manifest-based provider (preferred for Vista or higher). Check out an example here.
write it as a classic provider for legacy support. You can find an example here.
I suppose you want to use a manifest-based approach, as its better and can support up to 8 sessions. The first step a manifest-based provider needs to do is to register the event using EventRegister() and then write to it via the EventWrite() or EventWriteString() function.
回答2:
This document from Microsoft is a good one to begin with here
来源:https://stackoverflow.com/questions/2134384/how-to-use-etw-from-a-c-windows-client