Chapter 12. Inside ETW
In this chapter
| ETW Architecture |
| Existing ETW Instrumentation in Windows |
| Understanding ETW Stack-Walk Events |
| Adding ETW Logging to Your Code |
| Boot Tracing in ETW |
| Summary |
This chapter delves into how the Event Tracing for Windows (ETW) framework is designed, and it explains important concepts that will help you understand how to best use Xperf and other ETW-based tools in your profiling and tracing investigations.
After a brief introduction to the basic components that drive the operations of ETW, this chapter covers the existing instrumentation in the operating system (OS). Although ETW has been around since the Microsoft Windows 2000 release, it wasn’t until Windows Vista that important parts of the operating system got heavily ...
Get Inside Windows® Debugging now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
