84 lines
2.7 KiB
Markdown
84 lines
2.7 KiB
Markdown
---
|
|
page_type: sample
|
|
languages:
|
|
- cpp
|
|
products:
|
|
- windows-api-win32
|
|
name: ETW Consumer sample
|
|
urlFragment: etw-consumer-sample
|
|
description: Demonstrates the use of the ETW consumer APIs (for example, TDH) for translating events logged to the binary ETL format into simple message strings or XML.
|
|
extendedZipContent:
|
|
- path: LICENSE
|
|
target: LICENSE
|
|
---
|
|
|
|
# ETW Consumer API sample
|
|
|
|
## Description
|
|
|
|
This sample demonstrates the use of the ETW consumer APIs (for example, TDH) for translating events logged to the binary ETL format into simple message strings or XML.
|
|
|
|
## Sample language implementations
|
|
|
|
This sample is available in the following language implementations:
|
|
|
|
C++
|
|
|
|
|
|
## Files
|
|
|
|
| File | Description |
|
|
|------|-------------|
|
|
| *EtwConsumer.cpp* | Main program. Allows the user to specify an ETL file to translate into simple strings or XML.|
|
|
| *TdhUtil.h* | Header file containing #includes for required libraries, user-defined structures, and helper function prototypes. |
|
|
| *common.h* | Header file containing prototypes for the formatting functions for various TDH in-types and out-types. |
|
|
| *TdhUtil.cpp* | Contains the implementation of the functions defined in *TdhUtil.h*. |
|
|
| *common.cpp* | Contains the implementation of the functions defined in *common.h*. |
|
|
|
|
## Build
|
|
|
|
### To build the sample using msbuild
|
|
|
|
1. Open a Command Prompt window and navigate to the *Samples\WinBase\Eventing\EtwConsumer* directory.
|
|
1. Type **msbuild EtwConsumer.sln**.
|
|
|
|
### To build the sample using Visual Studio
|
|
|
|
1. Open Windows Explorer and navigate to the *Samples\WinBase\Eventing\EtwConsumer* directory.
|
|
2. Double-click the icon for the *EtwConsumer.sln* solution file to open the file in Visual Studio.
|
|
3. In the **Build** menu, select **Build Solution**.
|
|
|
|
### To build the sample using the makefile
|
|
|
|
1. Open a Command Prompt window and navigate to the *Samples\WinBase\Eventing\EtwConsumer* directory.
|
|
1. Type **nmake** to build the sample.
|
|
|
|
## Run
|
|
|
|
### To generate an ETL file for consumption
|
|
|
|
1. From an elevated CMD prompt, navigate to the *Samples\WinBase\Eventing\EtwConsumer\Output*.
|
|
1. Run the following to start logging to the *LogFile.etl* file.
|
|
|
|
`logman start "NT Kernel Logger" -o LogFile.etl -ets`
|
|
|
|
1. Run the following to stop logging.
|
|
|
|
`logman stop "NT Kernel Logger" -ets`
|
|
|
|
### To translate events logged to the ETL file into simple message strings
|
|
|
|
1. From a CMD prompt, navigate to the *Samples\WinBase\Eventing\EtwConsumer\Output* directory.
|
|
1. Run the following command.
|
|
|
|
`EtwConsumer LogFile.etl`
|
|
|
|
### To translate events logged to the ETL file into XML
|
|
|
|
1. From a CMD prompt, navigate to the *Samples\WinBase\Eventing\EtwConsumer\Output* directory.
|
|
1. Run the following command.
|
|
|
|
`EtwConsumer LogFile.etl -xml`
|
|
|
|
|