I'm researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely incomplete. What would really help is a simple C++ example that writes out tracing messages using ETW. Does such an example exist? Is there other ETW documentation you might recommend?
+1
A:
To write a Provider for EWT you have two options of either writing it as a manifest-based provider (preferred for Vista or higher) or a classic provider for legacy support. If manifest-based is the approach you want to go with then check out an example here. Alternatively you have find a classic provider example here.
I suppose you want to use a manifest-based approach as its better and can support up to 8 sessions. The first step for a manifest-based provider needs to do is to register the event using EventRegister and and then write to it via the EventWrite or EventWriteString function.
bahree
2010-01-25 19:02:53