ETW is fast—probably faster than most custom solutions that are implemented as part of an app
Good tools support with Xperf, Windows Performance Toolkit, and so on.
Traces are stored in kernel buffer—any traces your app has written aren’t lost if your app terminates unexpectedly
Your support staff can work with other support organizations, such as Microsoft CSS, seamlessly, because ETW is a common infrastructure
Dan Ruder has provided a sample C++ application covering how to add Event Tracing for Windows (Logging) to a Windows application and has also written an article on how to add Event Tracing for Windows to a C++ Application (copied below).
See Also
Download the Windows SDK
Use this not this
The following article, authored by Dan Ruder to compliment the aforementioned sample, covers how to add ETW to your app:
How to Add High-Performance Runtime Tracing to your Application
Applies To
Windows API programming for the following versions of Windows:
Client: Windows 7, Windows Vista
Server: Windows Server 2008 R2, Windows Server 2008
Summary
This article explains how to use the Event Tracing for Windows (ETW) functions to add runtime trace logging to your application. The ETW system provides high-speed logging that can be enabled and disabled dynamically without restarting the application. This makes ETW useful for diagnosing application behavior without invasive debugging. It can be used to:
Record how users interact with your application
Record resource consumption and release patterns
Record performance statistics
Create a history of operations to verify correct application behavior
Create a history to troubleshoot incorrect application behavior
Enable advanced end-to-end diagnostics across multiple software layers
This article will focus on the manifest-based ETW functions which are available starting in Windows Vista and Windows Server 2008.
Prerequisites
List of technologies and software that you need to understand or install in order to create and run this code.
Microsoft Windows 7 Software Development Kit
Solution
The design of the Event Tracing for Windows (ETW) API is that an application does not write the whole trace message at runtime; instead, it writes an event descriptor plus parameter data to a trace session which saves the data into a log. Later, the trace log is processed by matching the event descriptors with a list of events in an XML manifest file and formatting message strings with event parameter data. Therefore, the steps to use the ETW API in your application are:
Design the trace events your application will report.
Create an event manifest to describe the event messages.
Add tracing functions to your source code.
Add the event manifest to your project.
Build the project.
Read more: See Also:
QR: