Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
stylenone

Event tracing in its simplest form uses the system Event Log

...

(Computer Management, Event Viewer).

A more complex use is WPA/WPR Windows Performance Recorder and Analyser, available on the Windows Performance Toolkit https://learn.microsoft.com/en-us/windows-hardware/test/wpt/

Download Windows Performance Toolkit

Note: You can download the Windows Performance Toolkit through https://learn.microsoft.com/en-gb/windows-hardware/get-started/adk-install.

Do not forget to read What's new in the Windows ADK and ADK tools | Microsoft Learn article for more details.

Architecture

A driver which produces such logs is registered with the system with an xml XML file, which identifies the source of the logs, and the form they take (data types), names, and other details.

The xml XML file is in the project Resource Files folder.

The xml XML is processed by the Message Compiler by adding this to the project file in each ItemDefinitionGroup (ie, Debug|ARM64 and Release|ARM64)

...

Code Block
LANGUAGE 0x9,0x1
1 11 "Wperf_DriverETW_schema_MSG00001.bin"
1 WEVT_TEMPLATE "Wperf_driverETW_schemaTEMP.BIN"

Registering


This xml XML file is copied with the driver to the system32\drivers directory, and needs to be registered with the system on install with wevtutil.exe im Wperf_DriverETW_schema.xml from the drivers directory.
To unregister call wevtutil.exe um Wperf_DriverETW_schema.xml.

...