ETW - 使用C ++的CLR事件跟踪 [英] ETW - CLR Event Tracing using C++

问题描述

我试图通过C ++代码消耗CLR事件（ETW - 实时模式）。目前我试图得到 

使用GUID  {e13c0d23-ccbc-4e12-931b-d9cc2eee27e4}的CLR事件和使用关键字0x10000的线程池事件。我可以在回拨方式中使用数据。

我的代码如下，



$
//步骤1：开始跟踪会话

Hi,

I trying to consume the CLR events through C++ code (ETW - Real time mode).Currently I tried to get 
the CLR events using GUID  {e13c0d23-ccbc-4e12-931b-d9cc2eee27e4} and thread pool events using Keyword 0x10000 . I can able to consume the data in my call back method.
my code is like below,


// Step 1: starting the Trace session

_pSessionProperties->LogFileMode = EVENT_TRACE_REAL_TIME_MODE;
_status = StartTrace(&hSession, _szSessionName, _pSessionProperties);

//步骤2：启用提供程序GUID的跟踪为{e13c0d23-ccbc-4e12-931b-d9cc2eee27e4}，关键字为0x10000以过滤线程池事件。我不确定这是否正确。

//Step 2: Enable the trace with provider GUID is {e13c0d23-ccbc-4e12-931b-d9cc2eee27e4} and keyword is 0x10000 to filter the Thread pool events. i am not sure this is correct.

_status = EnableTraceEx2(this->hSession, &providerId, EVENT_CONTROL_CODE_ENABLE_PROVIDER, TRACE_LEVEL_VERBOSE, 0x10000, 0x10000, 0, NULL);

//步骤3：使用实时模式而不是日志文件写入打开跟踪。

// Step 3: Opening the Trace with Real time mode instead of log file writing.

_logFile.ProcessTraceMode = PROCESS_TRACE_MODE_REAL_TIME;
_logFile.EventCallback = &ProcessEvent;
_logFile.Context = NULL;
_hTrace = ::OpenTrace(&_logFile);

¥ b $ b

//步骤4：处理跟踪

//Step 4: Process the Trace

_status = ProcessTrace(&_hTrace, 1, NULL, NULL);

//第5步：回调方法

//Step 5 : Call back method

VOID WINAPI ProcessEvent(_In_ PEVENT_TRACE pEvent)
{if (pEvent->Header.Guid == CLR_PROVIDER_GUID){Threadpool_events *thread_events = (Threadpool_events*)pEvent->MofData;}
}

我的问题是 



1.在步骤2中，如何仅启用Threadpool事件而不是接收其他事件CLR事件？

2.在步骤5（回调）中，如何验证收到的数据（pEvent-> MofData）是否正好出现在线程池事件中？

3 。事件ID的目的是什么，我可以在哪里使用它？请参阅以下链接

https://msdn.microsoft.com/en-us/library/ff356163(v=vs.110).aspx

My questions is 

1. In step 2 , How to enable only the Threadpool events instead of receiving other CLR events?
2. In Step 5(call back) , How to verify the received data (pEvent->MofData) exactly came the Thread pool events?
3. What is the purpose of Event ID ,where can i use it? refer below link
https://msdn.microsoft.com/en-us/library/ff356163(v=vs.110).aspx

谢谢&问候，

Durai

推荐答案

嗨Durai，

Hi Durai,

由于您的代码是C ++，我将帮助您将案例移至C ++论坛以获得更好的支持。

Since your code is C++, I will help move your case to C++ forum for better support.

祝你好运，

Kristin

这篇关于ETW - 使用C ++的CLR事件跟踪的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！