最近想使用etw作为高效的日志机制,也不想暴露机密信息(关键信息在msnifest文件中)。也就是不能在客户机器上注册自己的provider,那需要manifest文件。这样采集回来的.etl文件如果直接在wpa中打开,会很难看,基本看不出什么有用的信息,如图1
图1 用wpa打开poor.etl文件(在未注册过provider的机器上采集的,也未经过experf -merge处理的.etl文件)
如何使得到的信息能像下图这样详细呢?
图2 用wpa打开good.etl文件(在注册过provider的机器上采集的)
下面一段是我在stackoverflow上给自己的回答
I found answer at msdn forums, here is the same question asked by myself.
xperf -merge is the key!
whole steps as follow:
- install my software and start collect event data on custom‘s machine. (no need to register my provider.)
callxperf -start mysession -on MY_PROVIDER_GUIDstart collecting event data. - after run some time, call
xperf -stop mysession -d poor.etlto stop collecting and save to poor.etl file. - copy poor.etl to my dev machine(my provider already registered) and call
xperf -merge poor.etl good.etl - open good.etl with wpa, I can see every details as I expected.
that‘s all. hope it will help other guy like me. thanks everyone.
具体参考
2. 我在stackoverflow上的帖子
3. 我在msdn forum上的帖子
[原]how to view custom provider's events(collected without provider registered) by wpa
时间: 2024-10-12 22:34:57