Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


ETW - runtime linking of manifest file

anshul_makkar-3anshul_makkar-3 Member Posts: 81
Hi,


I am have generated an etl without the string information by not including
the manifet's resouce file in the ETW project. Now I want to dynamically
link the etl file with the resource so that I am able to see all the string
message.

Is it possible. Please throw some light on this experiment.

Thanks
Anshul Makkar

Comments

  • anshul_makkar-3anshul_makkar-3 Member Posts: 81
    Hi,

    I generated an etl file by starting the tracing session (through xperf) and
    generating the event.

    Now the etl file that is generated contains the debug strings that I defined
    in the manifest . (This is due to the inclusion of the resource file in the
    exe).

    Now what I want is that the etl file should only cotain the resource/message
    ids and not the complete messages.

    Please give some suggestion as to what I am thinking is possible or not, or
    give some possible hints.
    Thanks
    Anshul Makkar

    On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar <
    [email protected]> wrote:

    > Hi,
    >
    >
    > I am have generated an etl without the string information by not including
    > the manifet's resouce file in the ETW project. Now I want to dynamically
    > link the etl file with the resource so that I am able to see all the string
    > message.
    >
    > Is it possible. Please throw some light on this experiment.
    >
    > Thanks
    > Anshul Makkar
    >
    >
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi,
    If you use tracerpt.exe to process you etl file on Win7 there in an "-import" switch which allows you to specify a manifest containing your event schema (you can also do this programmatically through TDH (trace data helper) TdhLoadManifest API). Note that even if you had linked your manifest into the resources the content of the ETL file would not change. Note that what xperf does is after stopping the trace it injects additional data into the trace to allow cross machine decoding, but this step is custom to xperf and only xperf knows how to decipher information it injected. XPerf approach would not help you in this case since you are not linking with the resource and not running "wevtutil im" on your box.
    Thanks,
    Alex

    From: [email protected] [mailto:[email protected]] On Behalf Of anshul makkar
    Sent: Monday, July 27, 2009 7:09 AM
    To: Windows System Software Devs Interest List
    Subject: Re:[ntdev] ETW - runtime linking of manifest file


    Hi,

    I generated an etl file by starting the tracing session (through xperf) and generating the event.

    Now the etl file that is generated contains the debug strings that I defined in the manifest . (This is due to the inclusion of the resource file in the exe).

    Now what I want is that the etl file should only cotain the resource/message ids and not the complete messages.

    Please give some suggestion as to what I am thinking is possible or not, or give some possible hints.
    Thanks
    Anshul Makkar

    On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar > wrote:
    Hi,


    I am have generated an etl without the string information by not including the manifet's resouce file in the ETW project. Now I want to dynamically link the etl file with the resource so that I am able to see all the string message.

    Is it possible. Please throw some light on this experiment.

    Thanks
    Anshul Makkar



    --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
  • anshul_makkar-3anshul_makkar-3 Member Posts: 81
    Thanks a lot for that.

    Now furhter , describing the problem, I dont want that debug messages in etl
    file should be visible to end user. So, what I am planning to do is to
    compile the application without the manifest's rc or header file .

    When the application runs and generates the etl file.. I will try to decode
    it through "tracerpt -import " (as pointed in another post).

    But the question is as the rc file will not be included in the application,
    so will the proper events will be generated. From where the definitin of
    events, keywords, opcode, levels etc will come.

    And another problem, I tried to port the windows 7 tracerpt to vista, but
    again that is not working. How can the compatabiltiy be achieved.

    Please throw some light on this.
    On Mon, Jul 27, 2009 at 7:58 PM, Alex Bendetov wrote:

    > Hi,
    >
    > If you use tracerpt.exe to process you etl file on Win7 there in an
    > ?-import? switch which allows you to specify a manifest containing your
    > event schema (you can also do this programmatically through TDH (trace data
    > helper) TdhLoadManifest API). Note that even if you had linked your manifest
    > into the resources the content of the ETL file would not change. Note that
    > what xperf does is after stopping the trace it injects additional data into
    > the trace to allow cross machine decoding, but this step is custom to xperf
    > and only xperf knows how to decipher information it injected. XPerf approach
    > would not help you in this case since you are not linking with the resource
    > and not running ?wevtutil im? on your box.
    >
    > Thanks,
    >
    > Alex
    >
    >
    >
    > *From:* [email protected] [mailto:
    > [email protected]] *On Behalf Of *anshul makkar
    > *Sent:* Monday, July 27, 2009 7:09 AM
    > *To:* Windows System Software Devs Interest List
    > *Subject:* Re:[ntdev] ETW - runtime linking of manifest file
    >
    >
    >
    >
    > Hi,
    >
    >
    >
    > I generated an etl file by starting the tracing session (through xperf) and
    > generating the event.
    >
    >
    >
    > Now the etl file that is generated contains the debug strings that I
    > defined in the manifest . (This is due to the inclusion of the resource file
    > in the exe).
    >
    >
    >
    > Now what I want is that the etl file should only cotain the
    > resource/message ids and not the complete messages.
    >
    >
    >
    > Please give some suggestion as to what I am thinking is possible or not, or
    > give some possible hints.
    >
    > Thanks
    >
    > Anshul Makkar
    >
    >
    >
    > On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar <
    > [email protected]> wrote:
    >
    > Hi,
    >
    >
    >
    >
    >
    > I am have generated an etl without the string information by not including
    > the manifet's resouce file in the ETW project. Now I want to dynamically
    > link the etl file with the resource so that I am able to see all the string
    > message.
    >
    >
    >
    > Is it possible. Please throw some light on this experiment.
    >
    >
    >
    > Thanks
    >
    > Anshul Makkar
    >
    >
    >
    >
    >
    >
    > --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
    > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
    > the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    When your manifest is processed by message compiler (mc.exe) several files are generated. One of them is a header file which you include in your code which contains EVENT_DESCRIPTOR structures for your events. The binary resource file (which you are supposed to link into your module) is only needed to enable decoding and is not used for logging. Mc from Win7 SDK will also generate logging macros to make logging events easier (you no longer need to create EventDataDescriptors, we do it for you). So if you have Event1 taking an integer defined in your manifest if you use code generated by MC and will call EventWriteEvent1(Int1) to log your event.
    About tracerpt: taking it downlevel is not supported consequently import/export is a Win7 and forward functionality.
    I still think you might want to look into WPP as a viable solution for what you are trying to do.
    Thanks,
    Alex

    From: [email protected] [mailto:[email protected]] On Behalf Of anshul makkar
    Sent: Monday, July 27, 2009 9:12 AM
    To: Windows System Software Devs Interest List
    Subject: Re: Re:[ntdev] ETW - runtime linking of manifest file

    Thanks a lot for that.

    Now furhter , describing the problem, I dont want that debug messages in etl file should be visible to end user. So, what I am planning to do is to compile the application without the manifest's rc or header file .

    When the application runs and generates the etl file.. I will try to decode it through "tracerpt -import " (as pointed in another post).

    But the question is as the rc file will not be included in the application, so will the proper events will be generated. From where the definitin of events, keywords, opcode, levels etc will come.

    And another problem, I tried to port the windows 7 tracerpt to vista, but again that is not working. How can the compatabiltiy be achieved.

    Please throw some light on this.
    On Mon, Jul 27, 2009 at 7:58 PM, Alex Bendetov > wrote:

    Hi,

    If you use tracerpt.exe to process you etl file on Win7 there in an "-import" switch which allows you to specify a manifest containing your event schema (you can also do this programmatically through TDH (trace data helper) TdhLoadManifest API). Note that even if you had linked your manifest into the resources the content of the ETL file would not change. Note that what xperf does is after stopping the trace it injects additional data into the trace to allow cross machine decoding, but this step is custom to xperf and only xperf knows how to decipher information it injected. XPerf approach would not help you in this case since you are not linking with the resource and not running "wevtutil im" on your box.

    Thanks,

    Alex



    From: [email protected] [mailto:[email protected]] On Behalf Of anshul makkar
    Sent: Monday, July 27, 2009 7:09 AM
    To: Windows System Software Devs Interest List
    Subject: Re:[ntdev] ETW - runtime linking of manifest file



    Hi,



    I generated an etl file by starting the tracing session (through xperf) and generating the event.



    Now the etl file that is generated contains the debug strings that I defined in the manifest . (This is due to the inclusion of the resource file in the exe).



    Now what I want is that the etl file should only cotain the resource/message ids and not the complete messages.



    Please give some suggestion as to what I am thinking is possible or not, or give some possible hints.

    Thanks

    Anshul Makkar



    On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar > wrote:

    Hi,





    I am have generated an etl without the string information by not including the manifet's resouce file in the ETW project. Now I want to dynamically link the etl file with the resource so that I am able to see all the string message.



    Is it possible. Please throw some light on this experiment.



    Thanks

    Anshul Makkar





    --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

    ---
    NTDEV is sponsored by OSR

    For our schedule of WDF, WDM, debugging and other seminars visit:
    http://www.osr.com/seminars

    To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

    --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
  • anshul_makkar-3anshul_makkar-3 Member Posts: 81
    Hi,

    Thanks a lot for the reply. Now the things are pretty much clear.

    I have to make a common binary across all platform. Will it be not possible
    to achieve the same functionality in XP/Vista ?

    I tried to port tracerpt to Vista but its not possble due to its dependency
    on ntdll.dll

    Does WPP works for application layer stuff also or its only for drivers?

    Thanks
    Anshul Makkar

    On Mon, Jul 27, 2009 at 9:35 AM, Alex Bendetov wrote:

    > When your manifest is processed by message compiler (mc.exe) several
    > files are generated. One of them is a header file which you include in your
    > code which contains EVENT_DESCRIPTOR structures for your events. The binary
    > resource file (which you are supposed to link into your module) is only
    > needed to enable decoding and is not used for logging. Mc from Win7 SDK will
    > also generate logging macros to make logging events easier (you no longer
    > need to create EventDataDescriptors, we do it for you). So if you have
    > Event1 taking an integer defined in your manifest if you use code generated
    > by MC and will call EventWriteEvent1(Int1) to log your event.
    >
    > About tracerpt: taking it downlevel is not supported consequently
    > import/export is a Win7 and forward functionality.
    >
    > I still think you might want to look into WPP as a viable solution for what
    > you are trying to do.
    >
    > Thanks,
    >
    > Alex
    >
    >
    >
    > *From:* [email protected] [mailto:
    > [email protected]] *On Behalf Of *anshul makkar
    > *Sent:* Monday, July 27, 2009 9:12 AM
    > *To:* Windows System Software Devs Interest List
    > *Subject:* Re: Re:[ntdev] ETW - runtime linking of manifest file
    >
    >
    >
    > Thanks a lot for that.
    >
    >
    >
    > Now furhter , describing the problem, I dont want that debug messages in
    > etl file should be visible to end user. So, what I am planning to do is to
    > compile the application without the manifest's rc or header file .
    >
    >
    >
    > When the application runs and generates the etl file.. I will try to decode
    > it through "tracerpt -import " (as pointed in another post).
    >
    >
    >
    > But the question is as the rc file will not be included in the application,
    > so will the proper events will be generated. From where the definitin of
    > events, keywords, opcode, levels etc will come.
    >
    >
    >
    > And another problem, I tried to port the windows 7 tracerpt to vista, but
    > again that is not working. How can the compatabiltiy be achieved.
    >
    >
    >
    > Please throw some light on this.
    >
    > On Mon, Jul 27, 2009 at 7:58 PM, Alex Bendetov
    > wrote:
    >
    > Hi,
    >
    > If you use tracerpt.exe to process you etl file on Win7 there in an
    > ?-import? switch which allows you to specify a manifest containing your
    > event schema (you can also do this programmatically through TDH (trace data
    > helper) TdhLoadManifest API). Note that even if you had linked your manifest
    > into the resources the content of the ETL file would not change. Note that
    > what xperf does is after stopping the trace it injects additional data into
    > the trace to allow cross machine decoding, but this step is custom to xperf
    > and only xperf knows how to decipher information it injected. XPerf approach
    > would not help you in this case since you are not linking with the resource
    > and not running ?wevtutil im? on your box.
    >
    > Thanks,
    >
    > Alex
    >
    >
    >
    > *From:* [email protected] [mailto:
    > [email protected]] *On Behalf Of *anshul makkar
    > *Sent:* Monday, July 27, 2009 7:09 AM
    > *To:* Windows System Software Devs Interest List
    > *Subject:* Re:[ntdev] ETW - runtime linking of manifest file
    >
    >
    >
    >
    > Hi,
    >
    >
    >
    > I generated an etl file by starting the tracing session (through xperf) and
    > generating the event.
    >
    >
    >
    > Now the etl file that is generated contains the debug strings that I
    > defined in the manifest . (This is due to the inclusion of the resource file
    > in the exe).
    >
    >
    >
    > Now what I want is that the etl file should only cotain the
    > resource/message ids and not the complete messages.
    >
    >
    >
    > Please give some suggestion as to what I am thinking is possible or not, or
    > give some possible hints.
    >
    > Thanks
    >
    > Anshul Makkar
    >
    >
    >
    > On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar <
    > [email protected]> wrote:
    >
    > Hi,
    >
    >
    >
    >
    >
    > I am have generated an etl without the string information by not including
    > the manifet's resouce file in the ETW project. Now I want to dynamically
    > link the etl file with the resource so that I am able to see all the string
    > message.
    >
    >
    >
    > Is it possible. Please throw some light on this experiment.
    >
    >
    >
    > Thanks
    >
    > Anshul Makkar
    >
    >
    >
    >
    >
    >
    > --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
    > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
    > the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    >
    > --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
    > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
    > the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    EventWrite API's exist in Vista, but are not present in XP. MessageCompiler from Win7 SDK has an option to generate XP compatible code which will dynamically choose between EventWrite and TraceEvent API's but there are some problems with this approach such as you will not have a formatted message on XP.

    WPP on the other hand uses TraceMessage API which works uniformly all the way back to W2K and it does have user mode support.
    Thanks,
    Alex


    From: anshul makkar [mailto:[email protected]]
    Sent: Tuesday, July 28, 2009 7:42 AM
    To: Windows System Software Devs Interest List
    Cc: Alex Bendetov
    Subject: Re: Re:[ntdev] ETW - runtime linking of manifest file

    Hi,

    Thanks a lot for the reply. Now the things are pretty much clear.

    I have to make a common binary across all platform. Will it be not possible to achieve the same functionality in XP/Vista ?

    I tried to port tracerpt to Vista but its not possble due to its dependency on ntdll.dll

    Does WPP works for application layer stuff also or its only for drivers?

    Thanks
    Anshul Makkar
    On Mon, Jul 27, 2009 at 9:35 AM, Alex Bendetov > wrote:

    When your manifest is processed by message compiler (mc.exe) several files are generated. One of them is a header file which you include in your code which contains EVENT_DESCRIPTOR structures for your events. The binary resource file (which you are supposed to link into your module) is only needed to enable decoding and is not used for logging. Mc from Win7 SDK will also generate logging macros to make logging events easier (you no longer need to create EventDataDescriptors, we do it for you). So if you have Event1 taking an integer defined in your manifest if you use code generated by MC and will call EventWriteEvent1(Int1) to log your event.

    About tracerpt: taking it downlevel is not supported consequently import/export is a Win7 and forward functionality.

    I still think you might want to look into WPP as a viable solution for what you are trying to do.

    Thanks,

    Alex



    From: [email protected] [mailto:[email protected]] On Behalf Of anshul makkar
    Sent: Monday, July 27, 2009 9:12 AM

    To: Windows System Software Devs Interest List
    Subject: Re: Re:[ntdev] ETW - runtime linking of manifest file



    Thanks a lot for that.



    Now furhter , describing the problem, I dont want that debug messages in etl file should be visible to end user. So, what I am planning to do is to compile the application without the manifest's rc or header file .



    When the application runs and generates the etl file.. I will try to decode it through "tracerpt -import " (as pointed in another post).



    But the question is as the rc file will not be included in the application, so will the proper events will be generated. From where the definitin of events, keywords, opcode, levels etc will come.



    And another problem, I tried to port the windows 7 tracerpt to vista, but again that is not working. How can the compatabiltiy be achieved.



    Please throw some light on this.

    On Mon, Jul 27, 2009 at 7:58 PM, Alex Bendetov > wrote:

    Hi,

    If you use tracerpt.exe to process you etl file on Win7 there in an "-import" switch which allows you to specify a manifest containing your event schema (you can also do this programmatically through TDH (trace data helper) TdhLoadManifest API). Note that even if you had linked your manifest into the resources the content of the ETL file would not change. Note that what xperf does is after stopping the trace it injects additional data into the trace to allow cross machine decoding, but this step is custom to xperf and only xperf knows how to decipher information it injected. XPerf approach would not help you in this case since you are not linking with the resource and not running "wevtutil im" on your box.

    Thanks,

    Alex



    From: [email protected] [mailto:[email protected]] On Behalf Of anshul makkar
    Sent: Monday, July 27, 2009 7:09 AM
    To: Windows System Software Devs Interest List
    Subject: Re:[ntdev] ETW - runtime linking of manifest file



    Hi,



    I generated an etl file by starting the tracing session (through xperf) and generating the event.



    Now the etl file that is generated contains the debug strings that I defined in the manifest . (This is due to the inclusion of the resource file in the exe).



    Now what I want is that the etl file should only cotain the resource/message ids and not the complete messages.



    Please give some suggestion as to what I am thinking is possible or not, or give some possible hints.

    Thanks

    Anshul Makkar



    On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar > wrote:

    Hi,





    I am have generated an etl without the string information by not including the manifet's resouce file in the ETW project. Now I want to dynamically link the etl file with the resource so that I am able to see all the string message.



    Is it possible. Please throw some light on this experiment.



    Thanks

    Anshul Makkar





    --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

    ---
    NTDEV is sponsored by OSR

    For our schedule of WDF, WDM, debugging and other seminars visit:
    http://www.osr.com/seminars

    To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

    --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

    ---
    NTDEV is sponsored by OSR

    For our schedule of WDF, WDM, debugging and other seminars visit:
    http://www.osr.com/seminars

    To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
  • anshul_makkar-3anshul_makkar-3 Member Posts: 81
    Please can you give me some link etc where I can find WPP support for
    application layer.

    All the links I have searched are pointing towards WPP support at driver
    layer.

    Please if you can post some links for WPP support at app layer.

    Thanks

    Anshul Makkar
    On Tue, Jul 28, 2009 at 10:27 AM, Alex Bendetov wrote:

    > EventWrite API?s exist in Vista, but are not present in XP.
    > MessageCompiler from Win7 SDK has an option to generate XP compatible code
    > which will dynamically choose between EventWrite and TraceEvent API?s but
    > there are some problems with this approach such as you will not have a
    > formatted message on XP.
    >
    >
    >
    > WPP on the other hand uses TraceMessage API which works uniformly all the
    > way back to W2K and it does have user mode support.
    >
    > Thanks,
    > Alex
    >
    >
    >
    >
    >
    > *From:* anshul makkar [mailto:[email protected]]
    > *Sent:* Tuesday, July 28, 2009 7:42 AM
    > *To:* Windows System Software Devs Interest List
    > *Cc:* Alex Bendetov
    >
    > *Subject:* Re: Re:[ntdev] ETW - runtime linking of manifest file
    >
    >
    >
    > Hi,
    >
    >
    >
    > Thanks a lot for the reply. Now the things are pretty much clear.
    >
    >
    >
    > I have to make a common binary across all platform. Will it be not possible
    > to achieve the same functionality in XP/Vista ?
    >
    >
    >
    > I tried to port tracerpt to Vista but its not possble due to its dependency
    > on ntdll.dll
    >
    >
    >
    > Does WPP works for application layer stuff also or its only for drivers?
    >
    >
    >
    > Thanks
    >
    > Anshul Makkar
    >
    > On Mon, Jul 27, 2009 at 9:35 AM, Alex Bendetov
    > wrote:
    >
    > When your manifest is processed by message compiler (mc.exe) several files
    > are generated. One of them is a header file which you include in your code
    > which contains EVENT_DESCRIPTOR structures for your events. The binary
    > resource file (which you are supposed to link into your module) is only
    > needed to enable decoding and is not used for logging. Mc from Win7 SDK will
    > also generate logging macros to make logging events easier (you no longer
    > need to create EventDataDescriptors, we do it for you). So if you have
    > Event1 taking an integer defined in your manifest if you use code generated
    > by MC and will call EventWriteEvent1(Int1) to log your event.
    >
    > About tracerpt: taking it downlevel is not supported consequently
    > import/export is a Win7 and forward functionality.
    >
    > I still think you might want to look into WPP as a viable solution for what
    > you are trying to do.
    >
    > Thanks,
    >
    > Alex
    >
    >
    >
    > *From:* [email protected] [mailto:
    > [email protected]] *On Behalf Of *anshul makkar
    > *Sent:* Monday, July 27, 2009 9:12 AM
    >
    >
    > *To:* Windows System Software Devs Interest List
    >
    > *Subject:* Re: Re:[ntdev] ETW - runtime linking of manifest file
    >
    >
    >
    > Thanks a lot for that.
    >
    >
    >
    > Now furhter , describing the problem, I dont want that debug messages in
    > etl file should be visible to end user. So, what I am planning to do is to
    > compile the application without the manifest's rc or header file .
    >
    >
    >
    > When the application runs and generates the etl file.. I will try to decode
    > it through "tracerpt -import " (as pointed in another post).
    >
    >
    >
    > But the question is as the rc file will not be included in the application,
    > so will the proper events will be generated. From where the definitin of
    > events, keywords, opcode, levels etc will come.
    >
    >
    >
    > And another problem, I tried to port the windows 7 tracerpt to vista, but
    > again that is not working. How can the compatabiltiy be achieved.
    >
    >
    >
    > Please throw some light on this.
    >
    > On Mon, Jul 27, 2009 at 7:58 PM, Alex Bendetov
    > wrote:
    >
    > Hi,
    >
    > If you use tracerpt.exe to process you etl file on Win7 there in an
    > ?-import? switch which allows you to specify a manifest containing your
    > event schema (you can also do this programmatically through TDH (trace data
    > helper) TdhLoadManifest API). Note that even if you had linked your manifest
    > into the resources the content of the ETL file would not change. Note that
    > what xperf does is after stopping the trace it injects additional data into
    > the trace to allow cross machine decoding, but this step is custom to xperf
    > and only xperf knows how to decipher information it injected. XPerf approach
    > would not help you in this case since you are not linking with the resource
    > and not running ?wevtutil im? on your box.
    >
    > Thanks,
    >
    > Alex
    >
    >
    >
    > *From:* [email protected] [mailto:
    > [email protected]] *On Behalf Of *anshul makkar
    > *Sent:* Monday, July 27, 2009 7:09 AM
    > *To:* Windows System Software Devs Interest List
    > *Subject:* Re:[ntdev] ETW - runtime linking of manifest file
    >
    >
    >
    >
    > Hi,
    >
    >
    >
    > I generated an etl file by starting the tracing session (through xperf) and
    > generating the event.
    >
    >
    >
    > Now the etl file that is generated contains the debug strings that I
    > defined in the manifest . (This is due to the inclusion of the resource file
    > in the exe).
    >
    >
    >
    > Now what I want is that the etl file should only cotain the
    > resource/message ids and not the complete messages.
    >
    >
    >
    > Please give some suggestion as to what I am thinking is possible or not, or
    > give some possible hints.
    >
    > Thanks
    >
    > Anshul Makkar
    >
    >
    >
    > On Sun, Jul 26, 2009 at 10:07 PM, anshul makkar <
    > [email protected]> wrote:
    >
    > Hi,
    >
    >
    >
    >
    >
    > I am have generated an etl without the string information by not including
    > the manifet's resouce file in the ETW project. Now I want to dynamically
    > link the etl file with the resource so that I am able to see all the string
    > message.
    >
    >
    >
    > Is it possible. Please throw some light on this experiment.
    >
    >
    >
    > Thanks
    >
    > Anshul Makkar
    >
    >
    >
    >
    >
    >
    > --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
    > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
    > the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    >
    > --- NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
    > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
    > the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    >
    > ---
    > NTDEV is sponsored by OSR
    >
    > For our schedule of WDF, WDM, debugging and other seminars visit:
    > http://www.osr.com/seminars
    >
    > To unsubscribe, visit the List Server section of OSR Online at
    > http://www.osronline.com/page.cfm?name=ListServer
    >
    >
    >
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE