-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathREADME.TXT
39 lines (28 loc) · 1.27 KB
/
README.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
ETW Tracing & Manifest file:
----------------------------
As of May 26, 2015, there is no mechanism to have the Win32 build environment
call the $(MC) command with the right parameters against the ETW Manifest file.
So, if you make changes to the ETW manifest file, you'll need to hand-execute
the $(MC) command with the right parameters, and check in the changed files.
Command to execute (in the pecl\wincache directory):
mc -um -e h -h .\ -r .\ wincache_etw.man
Files generated by 'mc':
wincache_etw.h
wincache_etw.rc
MSG00001.bin
wincache_etwTEMP.BIN
To register the manifest, open an admin cmd window, and execute the following
command:
wevtutil im wincache_etw.man
If you've previously registered a manifest, you'll have to unregister the
manifest, and then re-register it.
wevtutil um wincache_etw.man
wevtutil im wincache_etw.man
To capture ETW traces, you can create a log profile with logman:
logman create trace wincache_etw -p "{F7AD0093-D5C3-46B9-BEEA-A9FCEC7E1408}" -o c:\temp\wincache_etw
logman start wincache_etw
<...do your repro...>
logman stop wincache_etw
tracerpt wincache_etw_000001.etl -import wincache_etw.man
You'll need to copy the wincache_etw.man to the machine where you're executing
wincache, and wherever you're running tracerpt.exe.