What better choice for logging in driver - ETW or WPP and what more safely?
I can use ETW(WPP) in wdm driver?
What type of logging? For dbgprint replacement, WPP is the one you want. ETW requires a manifest per event you log, so it is not ideal for adhoc logging where you want to dump something
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Wednesday, February 27, 2013 12:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Logging in driver
What better choice for logging in driver - ETW or WPP and what more safely?
I can use ETW(WPP) in wdm driver?
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
My opinion is “neither”.
Mark Roddy
On Wed, Feb 27, 2013 at 4:01 PM, Doron Holan wrote:
> What type of logging? For dbgprint replacement, WPP is the one you want.
> ETW requires a manifest per event you log, so it is not ideal for adhoc
> logging where you want to dump something
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
> Sent: Wednesday, February 27, 2013 12:23 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Logging in driver
>
> What better choice for logging in driver - ETW or WPP and what more safely?
> I can use ETW(WPP) in wdm driver?
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
WPP is sort of a wrapper for printf like ad hoc messages. My current preference is to be able to flip between debug prints going to dbgprint with a few macros, which gives immediate windbg output (handy when there is driver developer brining up new driver code), or going through the WPP trace facility, which is super handy when you give things to QA and they want to store a log file. A big downside of WPP traces, even if you display them in the debugger, is they are buffered, so you might step past some trace statements and get NO trace message output until later. A plus of WPP traces is they have lower overhead, as they move the text formatting out of the potentially time critical path.
ETW tracing is not really for ad hoc tracing. It generates structured data logs that are more useful for things in customer problem determination or performance analysis. For example, the network stack can record network packets as ETW trace data, which you can then look at the Microsoft network sniffer. Looking at hex dumps of network packets is not much fun.
For many drivers BOTH WPP/dbgprint and ETW are appropriate. WPP/dbgprint is basically text, ETW is basically structured data records with no descriptive text. Based on the metadata for ETW traces, you can produce text dumps of ETW logs or you can feed the data into something like a database or programmatically analyze it. I suppose you could define an ETW trace event that just contained text, and do snprintf to create the text you log.
WPP defers the formatting of ad hoc trace data, logging only the variable parts, not the constant text, which is then merged in by a tool or the debugger.
Jan
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Wednesday, February 27, 2013 12:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Logging in driver
What better choice for logging in driver - ETW or WPP and what more safely?
I can use ETW(WPP) in wdm driver?
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
+1 to everything Jan said.
I’d add that ETW is used by the OS itself and you can trace some pretty cool
stuff - IRP’s et c.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jan Bottorff
Sent: Wednesday, February 27, 2013 2:34 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Logging in driver
WPP is sort of a wrapper for printf like ad hoc messages. My current
preference is to be able to flip between debug prints going to dbgprint with
a few macros, which gives immediate windbg output (handy when there is
driver developer brining up new driver code), or going through the WPP trace
facility, which is super handy when you give things to QA and they want to
store a log file. A big downside of WPP traces, even if you display them in
the debugger, is they are buffered, so you might step past some trace
statements and get NO trace message output until later. A plus of WPP traces
is they have lower overhead, as they move the text formatting out of the
potentially time critical path.
ETW tracing is not really for ad hoc tracing. It generates structured data
logs that are more useful for things in customer problem determination or
performance analysis. For example, the network stack can record network
packets as ETW trace data, which you can then look at the Microsoft network
sniffer. Looking at hex dumps of network packets is not much fun.
For many drivers BOTH WPP/dbgprint and ETW are appropriate. WPP/dbgprint is
basically text, ETW is basically structured data records with no descriptive
text. Based on the metadata for ETW traces, you can produce text dumps of
ETW logs or you can feed the data into something like a database or
programmatically analyze it. I suppose you could define an ETW trace event
that just contained text, and do snprintf to create the text you log.
WPP defers the formatting of ad hoc trace data, logging only the variable
parts, not the constant text, which is then merged in by a tool or the
debugger.
Jan
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@gmail.com
Sent: Wednesday, February 27, 2013 12:23 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Logging in driver
What better choice for logging in driver - ETW or WPP and what more safely?
I can use ETW(WPP) in wdm driver?
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
+1 for Mr. Roddy.
WPP is ass and has cost me more time and effort than I care to even recall.
ETW itself is very cool, IF you need to create machine-readable logs that are consumable by arbitrary applications that you write.
DbgPrint ?ber alles.
Peter
OSR
On 28-Feb-2013 01:03, xxxxx@osr.com wrote:
DbgPrint über alles.
and DebugView for the QA (unless when DebugView fails mysteriously…)
– pa
On Wed, Feb 27, 2013 at 6:03 PM, wrote:
> WPP is ass
^ this ^
Mark Roddy