On MSDN you will find the extended format strings that WPP supports,
some cool ones like printing your enum names not criptic hex values.
So WPP scans your code and finds the trace statements, and generates the
required code for logging the event. At this point there is type
checking, so the tracing code is not def out like its normally done for
debug code. What WPP passes to ETW are then pointer and size of the
arguments. You can see all this stuff if you look at the generated code
in the TMH file.
Sample, assuming my trace function is printf this is user mode but
similar in kermel mode.
printf(“Pointer %%p:%p\n”, ptr); //logging the pointer value
TraceMessage(Logger, WPP_TRACE_OPTIONS, (LPGUID)TraceGuid, id,
(&(_a1)),((SIZE_T)sizeof(const void*)), 0);
You can see here that we are not logging the format string that is
stripped of and placed in the PDB, which later are extracted as TMF
files.
An Autologger is a trace session that is started at boot time and is
configured by the user, it requires resources. This is OK if you want
to trace a problem with your driver at boot time. But for performance
reason we do not encourage having loggers running all the time, the
comment was referring to services. There is the cost of the buffers that
need to be allocated for the session this value is configurable. Then
there is the frequency and length of the data been logged to the session
by providers. So if frequency is high you will get a performance hit
depending on those valued.
More on this if you look at ETW on MSD.
Thanks,
Jose Sua
Microsoft Corporation
This posting is provided “AS IS” with no warranties and confers no
rights.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Michal Vodicka
Sent: Wednesday, February 07, 2007 4:20 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Tracing - WPP, ETW, TraceView, WinDbg
From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
] on behalf of Jose Sua[SMTP:xxxxx@windows.microsoft.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, February 08, 2007 12:40 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Tracing - WPP, ETW, TraceView, WinDbg
Testing is part of the business, you need to test your code…
Sure but my point is different. Debug prints are usually always enabled
during development and they’re very thoroughly tested. If I understand
correctly, for the same conditions you’d have to have WPP/ETW loggers
running all the time.
For the basic types there is no problem, and for strings WPP checks
that
they are not null or length = 0. That covers most of the cases.
What about *p, rogue pointer, an attempt to dump memory longer than
available etc.? Something can be catched by lint or prefast but not
everything.
You should give it a try Michal.
Maybe I should. But the initial time investment seems to big and I don’t
see a gain which’d justify it when we already have good and working
solution. Recently, new WDK compiler allowed me to improve it using
variable argument macros so I can add prefix, format string and add
final “\n” using one DbgPrint() call within a macro 
Also take a look at the new ETW API on Vista.
I just read about AutoLoggers. Could you explain what exactly following
paragraph means? Thanks.
The AutoLogger sessions increase the system boot time and should be used
sparingly. Services that want to capture information during the boot
process should consider adding controller logic to itself instead of
using the AutoLogger session.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer