Skip to end of banner
Go to start of banner

Event Tracing for Windows

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Event Tracing for Windows

Event tracing in its simplest form uses the system Event Log. (Computer Management, Event Viewer).

A more complex use is WPA/WPR Windows Performance Recorder and Analyser, available on the Windows Performance Toolkit

https://learn.microsoft.com/en-us/windows-hardware/test/wpt/

Architecture:


A driver which produces such logs is registered with the system with an xml file, which identifies the source of the logs, and the form they take (data types), names, and other details.

Registering:


This xml file is copied with the driver to the system32\drivers directory, and needs to be registered with the system on install with wevtutil.exe im Wperf_DriverETW_schema.xml from the drivers directory.

To unregister call wevtutil.exe um Wperf_DriverETW_schema.xml.

Viewing logs:

Open Event Viewer. Right click Custom View and select Create Custom View.




Click OK, give it a useful name, and OK again.

You will be presented with logs like this


WPR / WPA

  • No labels