ETW,是Event Tracing for Windows的缩写。
本文采用的例子来自于Universal Windows Platform Logging Example。 也就是Logging。
安装Windows Performance Toolkit
Windows Performance Toolkit属于Windows Assessment and Deployment Kit (Windows ADK)的一部分,可以从Download and install the Windows ADK下载ADK。安装程序里面有很多选项,选择Windows Performance Kit即可。
xperf的简单使用方法:
- xperf -start MySession -f MyFile.etl -on eff1e128-4903-5093-096a-bdc29b38456f,开启一个会话
- xperf -stop MySession,结束这个会话,log保存在MyFile.etl
- tracerpt MyFile.etl,解码并生成dumpfile.xml和summary.txt两个log文件
xperf的一些例子:
- xperf -merge MyFile.etl … merged.etl,合并多个文件,生成merged.etl
tracerpt的一些例子:
- tracerpt.exe -of XML -o MyLog.xml MyFile.etl,将MyFile.etl翻译成MyLog.xml
Windows Performance Toolkit还带有Windows Performance Analyzer和Windows Performance Recorder,可以分析和记录数据。
Windows.System.Diagnostics提供跟App相关的诊断信息采集。UWP App Diagnostics
使用UIforETW
UIforETW – Windows Performance Made Easier
安装: scoop install uiforetw
其他
- How to output to console in UWP on Windows 10?
- Using Device Portal to view debug logs for UWP
- Device Portal for Windows Desktop
- Using the App File Explorer to see your app data
- Event Tracing Tools
- microsoft / perfview
- microsoft / ETW2JSON
- smourier / TraceSpy
- How to Log to Event Trace for Windows (ETW)
- Log Parser 2.2 , XML files and CSV files
- Can you suggest some good ETW readers?
- https://github.com/lowleveldesign/wtrace
- Microsoft.Diagnostics.Tracing.EventSource is now stable
- Tampering with Windows Event Tracing: Background, Offense, and Defense
- 如何利用ETW(Event Tracing for Windows)记录日志
- Logging in Universal Windows applications
- Event Tracing Portal
- VSPerfReport
- FAQ: Common Questions for ETW and Windows Event Log RRS feed
- microsoft / Tx
- Logging Keystrokes with Event Tracing for Windows (ETW)
- ETW Central
- Instrumenting Your Code with ETW
- TraceView included in Download the Windows Driver Kit (WDK)
- Hidden Treasure: Intrusion Detection with ETW, Part 2
- microsoft / krabsetw
- MGTEK TraceView Plus 3
- LTTNg, Dtrace
Survey of Software Tracing Tools
Tracelog and TraceView can redirect trace messages to KD or Windbg, whichever is attached. For more information, see the Tracelog -kd parameter and the TraceView Windbg option.
(草草收尾)