[原]how to view custom provider's events(collected without provider registered) by wpa
最近想使用etw作为高效的日志机制,也不想暴露机密信息(关键信息在msnifest文件中)。也就是不能在客户机器上注册自己的provider,那需要manifest文件。这样采集回来的.etl文件如果直接在wpa中打开,会很难看,基本看不出什么有用的信息,如图1
下面一段是我在stackoverflow上给自己的回答
I found answer at msdn forums, here is the same question asked by myself.
xperf -merge is the key!
whole steps as follow:
-
install my software and start collect event data on custom's machine. (no need to register my provider.) call
xperf -start mysession -on MY_PROVIDER_GUID
start collecting event data. -
after run some time, call
xperf -stop mysession -d poor.etl
to stop collecting and save to poor.etl file. -
copy poor.etl to my dev machine(my provider already registered) and call
xperf -merge poor.etl good.etl
-
open good.etl with wpa, I can see every details as I expected.
that's all. hope it will help other guy like me. thanks everyone.
具体参考
2. 我在stackoverflow上的帖子