Skip to content

Latest commit

 

History

History
68 lines (53 loc) · 4.04 KB

Readme.md

File metadata and controls

68 lines (53 loc) · 4.04 KB

DelphiEtw

This repo is an attempt to bring Event Tracing for Windows (ETW) to the Delphi world. At its core, ETW is just a plain Win32 API, but there are some important tools missing for non-MS toolchains. Currently the focus is only on producing events in Delphi. For consuming ETW events the TraceEvent C# library is recommended.

EventProvider.pas

Object-oriented wrapper for the Evntprov.h Win32 API. Can be used to manually write an ETW provider. Depends on MfPack (WinApi.Evntprov.pas and WinApi.WinApiTypes.pas).

dmc.exe

Given a manifest xml file the Delphi Message Compiler (dmc.exe) generates Delphi code to easily emit ETW events in Delphi. The generated code is based on EventProvider.pas and consist mainly of wrapper functions for each event defined by the manifest. This process is analgous to the mc.exe in the Windows SDK. Note that mc.exe is still needed, as dmc.exe can't produce the binary manifest format which needs to be included in the resources section of your providers binary.

Known issues:

Un/Install-EventProviders.ps1

Helper script to easily install or uninstall ETW providers on a system. It sets the resourceFile and messageFileName attributes before calling wevtutil.exe.

How to use?

Please see the Readme.md and the bat-files in the example folder.

Writing a manifest

ecmangen.exe is a GUI tool to write manifest files. dmc was only tested with xml files produced with ecmangen. However, any valid manifest should work just fine. Sadly ecmangen.exe is no longer shipped with the SDK starting with Windows SDK 16267. (see: blogs.windows.com/windowsdeveloper) You can find the tool in older SDKs (<16267) or e.g. in the Win 8.1 SDK.

Resources

MS resources:

TraceLogging resources (aka manifest-free logging):