问题
I'm trying to capture an etl trace on the HoloLens with my own events, and some generic networking events. Using WPR on my PC, I can choose Networking I/O activity, which will show events like Microsoft-Windows-TCPIP when I analyze in WPA. I can't figure out how to see these events on a HoloLens, or successfully put them in my wprp file.
I've tried the following with no success, even on Windows. My own events work fine.
<EventProvider Id="Microsoft.Windows.TCPIP" Name="2F07E2EE-15DB-40F1-90EF-9D7BA282188A"/>
...
<EventProviderId Value="Microsoft.Windows.TCPIP"/>
回答1:
Here is an WPRP file that captures "Microsoft-Windows-TCPIP" and "Microsoft-Windows-Kernel-Network" events.
<?xml version="1.0" encoding="utf-8"?>
<WindowsPerformanceRecorder Version="1.0" Author="MagicAndre1981" Copyright="MagicAndre1981" Company="MagicAndre1981">
<Profiles>
<SystemCollector Id="SystemCollector" Name="NT Kernel Logger">
<BufferSize Value="1024" />
<Buffers Value="512" />
</SystemCollector>
<EventCollector Id="EventCollector_UserModeEvents_Session" Name="UserModeEvents_Session">
<BufferSize Value="1024" />
<Buffers Value="512" />
</EventCollector>
<SystemProvider Id="SystemProvider">
<Keywords>
<Keyword Value="ProcessThread" />
<Keyword Value="Loader" />
<Keyword Value="SampledProfile" />
<Keyword Value="Interrupt"/>
<Keyword Value="DPC"/>
<Keyword Value="ReadyThread" />
<Keyword Value="CSwitch" />
<Keyword Value="NetworkTrace" />
</Keywords>
<Stacks>
<Stack Value="SampledProfile" />
<Stack Value="CSwitch" />
<Stack Value="ReadyThread" />
<Stack Value="ImageLoad" />
<Stack Value="ImageUnload" />
</Stacks>
</SystemProvider>
<EventProvider Id="NetworkingCorrelation" Name="Microsoft-Windows-Networking-Correlation" Level="5" Stack="true">
<Keywords>
<Keyword Value="0x7FFF0000000F"/>
</Keywords>
</EventProvider>
<EventProvider Id="KernelNetwork" Name="Microsoft-Windows-Kernel-Network" Level="5" Stack="true" NonPagedMemory="true"/>
<EventProvider Id="TCP" Name="Microsoft-Windows-TCPIP" Level="5" Stack="true" NonPagedMemory="true">
<Keywords>
<Keyword Value="0x0000000400000000"/>
</Keywords>
</EventProvider>
<Profile Id="NetworkProfile.Verbose.File" Name="NetworkProfile" Description="Network Profile" LoggingMode="File" DetailLevel="Verbose">
<Collectors>
<SystemCollectorId Value="SystemCollector">
<SystemProviderId Value="SystemProvider" />
</SystemCollectorId>
<EventCollectorId Value="EventCollector_UserModeEvents_Session">
<EventProviders>
<EventProviderId Value="NetworkingCorrelation" />
<EventProviderId Value="KernelNetwork" />
<EventProviderId Value="TCP" />
</EventProviders>
</EventCollectorId>
</Collectors>
</Profile>
<Profile Id="NetworkProfile.Verbose.Memory" Name="NetworkProfile" Description="Network Profile" Base="NetworkProfile.Verbose.File" LoggingMode="Memory" DetailLevel="Verbose" />
</Profiles>
<TraceMergeProperties>
<TraceMergeProperty Id="BaseVerboseTraceMergeProperties" Name="BaseTraceMergeProperties" Base="">
<FileCompression Value="true" />
<CustomEvents>
<CustomEvent Value="ImageId"/>
<CustomEvent Value="BuildInfo"/>
<CustomEvent Value="VolumeMapping"/>
<CustomEvent Value="EventMetadata"/>
<CustomEvent Value="PerfTrackMetadata"/>
<CustomEvent Value="NetworkInterface"/>
</CustomEvents>
</TraceMergeProperty>
</TraceMergeProperties>
</WindowsPerformanceRecorder>
Run it via "C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\wpr.exe" -start network.wprp and next "C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\wpr.exe" -stop NetworkData.etl
来源:https://stackoverflow.com/questions/38598884/how-can-i-add-windows-networking-events-to-my-custom-wprp-file