How to use ETW from a C++ Windows client

Programmers Guide to Eventing (2010) from Microsoft is a good one to start with.

To write a Provider for ETW, you have two options:

write it as a manifest-based provider (preferred for Windows Vista or higher). Check out an example here.
write it as a classic provider for legacy support. You can find an example here.

I suppose you want to use a manifest-based approach, as its better and can support up to eight sessions. The first step a manifest-based provider needs to do is to register the event using EventRegister() and then write to it via the EventWrite() or EventWriteString() function.

How to use ETW from a C++ Windows client

Tags:

C++

Etw

Related

Recent Posts