WPP_TRACING

I am trying to implement WPP_TRACING in my Win 32 application. But I could not find "WPP Tracing " option under the “configuration properties” of my *.vcxproj. I am ble to do tracing on my KMDF driver

Here is my trace .h for win 32 app

**************************************************************************
#include <evntrace.h> // For TRACE_LEVEL definitions
#define WPP_CHECK_FOR_NULL_STRING //to prevent exceptions due to NULL strings

#define WPP_CONTROL_GUIDS <br> WPP_DEFINE_CONTROL_GUID(TestmidhunGuid, (28EE579B, CF67, 43b6, 9D19,8930E7AAA131), <br> WPP_DEFINE_BIT(DBG_INIT) /* bit 0 = 0x00000001 / <br> WPP_DEFINE_BIT(DBG_PNP) / bit 1 = 0x00000002 / <br> WPP_DEFINE_BIT(DBG_POWER) / bit 2 = 0x00000004 / <br> WPP_DEFINE_BIT(DBG_WMI) / bit 3 = 0x00000008 / <br> WPP_DEFINE_BIT(DBG_CREATE_CLOSE) / bit 4 = 0x00000010 / <br> WPP_DEFINE_BIT(DBG_IOCTL) / bit 5 = 0x00000020 / <br> WPP_DEFINE_BIT(DBG_WRITE) / bit 6 = 0x00000040 / <br> WPP_DEFINE_BIT(DBG_READ) / bit 7 = 0x00000080 / <br> WPP_DEFINE_BIT(DBG_SDP) / bit 8 = 0x00000100 / <br> WPP_DEFINE_BIT(DBG_CONNECT) / bit 9 = 0x00000200 / <br> WPP_DEFINE_BIT(DBG_UTIL) / bit 9 = 0x00000400 / <br> WPP_DEFINE_BIT(DBG_CONT_READER) / bit 9 = 0x00008000 / <br> / You can have up to 32 defines. If you want more than that,<br>you have to provide another trace control GUID /<br> )

#define WPP_LEVEL_FLAGS_LOGGER(lvl,flags) WPP_LEVEL_LOGGER(flags)
#define WPP_LEVEL_FLAGS_ENABLED(lvl, flags) (WPP_LEVEL_ENABLED(flags) && WPP_CONTROL(WPP_BIT_ ## flags).Level >= lvl)

//
// This comment block is scanned by the trace preprocessor to define the
// TraceEvents function and conversion for KdPrint. Note the double parentheses for the KdPrint message, for compatiblility with the KdPrint function.
//
// begin_wpp config
// FUNC TraceEvents(LEVEL, FLAGS, MSG, …);
// end_wpp
//

********

I put only one print statement in my application.

TraceEvents(TRACE_LEVEL_ERROR, DBG_INIT, “I am good \n”);

But it gives the following compilation error.



Error 7 error C2065: ‘DBG_INIT’ : undeclared identifier c:\swapwas\swapwas\swapwas.cpp 678 1 SwapWAS
Error 8 error C3861: ‘TraceEvents’: identifier not found c:\swapwas\swapwas\swapwas.cpp 678 1 SwapWAS
9 IntelliSense: identifier “TraceEvents” is undefined c:\SwapWAS\SwapWAS\SwapWAS.cpp 678 2 SwapWAS
10 IntelliSense: identifier “DBG_INIT” is undefined c:\SwapWAS\SwapWAS\SwapWAS.cpp 678 33 SwapWAS

********************************************************************
I have done my research in MSDN , but there is no document helping me to implement WPP TRACING on win 32 application. (all documents are related to KMDF and UMDF drivers where we can find WPP Tracing option in *.vcxproj files)

Questions
1. Is it possible to implement WPP tracing on win 32 application?
2. I need to capture logs when my tablet goes to connected stand by. Is it possible using tracelog.exe or traceview?

I request you to help me on this

THANKS
MIDHUN.K</evntrace.h>

I *could* be mistaken (I don’t program in user-mode) but IIRC, WPP tracing is strictly a kernel mode feature.

Peter
OSR
@OSRDrivers

Take a look at ETW see
https://msdn.microsoft.com/en-us/library/windows/desktop/bb968803(v=vs.85).a
spx As Peter noted WPP tracing is for drivers, ETW is the underlying
mechanism for user space.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Friday, October 09, 2015 12:48 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WPP_TRACING

I am trying to implement WPP_TRACING in my Win 32 application. But I could
not find "WPP Tracing " option under the “configuration properties” of my
*.vcxproj. I am ble to do tracing on my KMDF driver

Here is my trace .h for win 32 app

**************************************************************************
#include <evntrace.h> // For TRACE_LEVEL definitions #define
WPP_CHECK_FOR_NULL_STRING //to prevent exceptions due to NULL strings

#define WPP_CONTROL_GUIDS <br> WPP_DEFINE_CONTROL_GUID(TestmidhunGuid, (28EE579B, CF67, 43b6,
9D19,8930E7AAA131), <br> WPP_DEFINE_BIT(DBG_INIT) /* bit 0 = 0x00000001 / <br> WPP_DEFINE_BIT(DBG_PNP) / bit 1 = 0x00000002 / <br> WPP_DEFINE_BIT(DBG_POWER) / bit 2 = 0x00000004 / <br> WPP_DEFINE_BIT(DBG_WMI) / bit 3 = 0x00000008 / <br> WPP_DEFINE_BIT(DBG_CREATE_CLOSE) / bit 4 = 0x00000010 / <br> WPP_DEFINE_BIT(DBG_IOCTL) / bit 5 = 0x00000020 / <br> WPP_DEFINE_BIT(DBG_WRITE) / bit 6 = 0x00000040 / <br> WPP_DEFINE_BIT(DBG_READ) / bit 7 = 0x00000080 / <br> WPP_DEFINE_BIT(DBG_SDP) / bit 8 = 0x00000100 / <br> WPP_DEFINE_BIT(DBG_CONNECT) / bit 9 = 0x00000200 / <br> WPP_DEFINE_BIT(DBG_UTIL) / bit 9 = 0x00000400 / <br> WPP_DEFINE_BIT(DBG_CONT_READER) / bit 9 = 0x00008000 / <br> / You can have up to 32 defines. If you want more than that,\ you
have to provide another trace control GUID /<br> )

#define WPP_LEVEL_FLAGS_LOGGER(lvl,flags) WPP_LEVEL_LOGGER(flags) #define
WPP_LEVEL_FLAGS_ENABLED(lvl, flags) (WPP_LEVEL_ENABLED(flags) &&
WPP_CONTROL(WPP_BIT_ ## flags).Level >= lvl)

//
// This comment block is scanned by the trace preprocessor to define the //
TraceEvents function and conversion for KdPrint. Note the double parentheses
for the KdPrint message, for compatiblility with the KdPrint function.
//
// begin_wpp config
// FUNC TraceEvents(LEVEL, FLAGS, MSG, …); // end_wpp //

********

I put only one print statement in my application.

TraceEvents(TRACE_LEVEL_ERROR, DBG_INIT, “I am good \n”);

But it gives the following compilation error.



Error 7 error C2065: ‘DBG_INIT’ : undeclared identifier
c:\swapwas\swapwas\swapwas.cpp 678 1 SwapWAS
Error 8 error C3861: ‘TraceEvents’: identifier not found
c:\swapwas\swapwas\swapwas.cpp 678 1 SwapWAS
9 IntelliSense: identifier “TraceEvents” is undefined
c:\SwapWAS\SwapWAS\SwapWAS.cpp 678 2 SwapWAS
10 IntelliSense: identifier “DBG_INIT” is undefined
c:\SwapWAS\SwapWAS\SwapWAS.cpp 678 33 SwapWAS

********************************************************************
I have done my research in MSDN , but there is no document helping me to
implement WPP TRACING on win 32 application. (all documents are related to
KMDF and UMDF drivers where we can find WPP Tracing option in *.vcxproj
files)

Questions
1. Is it possible to implement WPP tracing on win 32 application?
2. I need to capture logs when my tablet goes to connected stand by. Is it
possible using tracelog.exe or traceview?

I request you to help me on this

THANKS
MIDHUN.K


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</evntrace.h>

Wpp works for user mode, all the right templates are there. A normal vs app or dll project won’t have the wpp confab uk as it isn’t wired into the STD msbuild toolset. You need to use the app for driver toolset

Sent from Mailhttp: for Windows 10

From: xxxxx@osr.com
Sent: Friday, October 9, 2015 5:51 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] WPP_TRACING



I could be mistaken (I don’t program in user-mode) but IIRC, WPP tracing is strictly a kernel mode feature.

Peter
OSR
@OSRDrivers


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</http:>

xxxxx@osr.com wrote:

I *could* be mistaken (I don’t program in user-mode) but IIRC, WPP tracing is strictly a kernel mode feature.

Almost correct. WPP works in user-mode drivers, like WPD drivers, but
it is not intended for applications. The fact that it can be used in a
user-mode driver implies that it COULD be made to work, but as Don said,
the correct solution is ETW. WPP is a driver-oriented wrapper around ETW.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

WPP is generic. There are templates that driver per “silo” usage. There are templates for drivers, EXEs, DLLs.

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Friday, October 9, 2015 10:51 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WPP_TRACING

xxxxx@osr.com wrote:
>


>
> I could be mistaken (I don’t program in user-mode) but IIRC, WPP tracing is strictly a kernel mode feature.

Almost correct. WPP works in user-mode drivers, like WPD drivers, but it is not intended for applications. The fact that it can be used in a user-mode driver implies that it COULD be made to work, but as Don said, the correct solution is ETW. WPP is a driver-oriented wrapper around ETW.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

> the correct solution is ETW. WPP is a driver-oriented wrapper around ETW.

More so: preprocessor-oriented wrapper around ETW.

Designed for debug traces.

If you need to log some perf/mgmt info, or use advanced Windows event logs - use raw ETW.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

“raw ETW”? Does that mean ETW messages from user-mode without having to manifest the messages?

That would be nice. The PROBLEM with ETW in user mode is having create a freakin’ description for every message you want to log. Not so bad if you want to write a few basic things to the event log (well, actually, it still sucks for writing to the event log, but let’s say that’s OK)… But really terrible if you want to use it to trace our random crap.

Can you do that with ETW?

Or, Doron says “just use WPP”… which works for apps apparently?

Peter
OSR
@OSRDrivers

On 09-Oct-2015 15:51, xxxxx@osr.com wrote:

I *could* be mistaken (I don’t program in user-mode) but IIRC, WPP tracing is strictly a kernel mode feature.

WPP (the preprocessor, macros…) works for user mode as well, and
there’s the plumbing for it. See this old thread. (haven’t tested it on
Win10, though)

http://www.osronline.com/showThread.cfm?link=161650

Regards,
– pa

assuming we have downloaded the simple window tutorial by forger from
winprog (source.zip -> simplewindow.c) and renamed it as
wppwindow.cpp

stick these two lines in the top of the file

#define WPP_CONTROL_GUIDS WPP_DEFINE_CONTROL_GUID( CtlGuid,
(11223344,AAAA,BBBB,CCCC,DDFFFF112233 ), WPP_DEFINE_BIT(mymsg) )
#include “wppwindow.tmh”

inside WinMain
add WPP_INIT_TRACING(NULL); at the start
add WPP_CLEANUP(); before returning from WinMain

and where ever you want to add trace messages add
DoTraceMessage();

once you are done
run the cpp file under tracewpp.exe from wdk to create the tmh file
using the default cfgdir
and compile and link normally
to capture traces use traceview.exe

a bat file showing the whole process of creating tmh file using
windows 7 wdk and compiling and linking with visual studio 2010
express is shown below

compile and link with

if “%vcinstalldir%” == “” ( @call “C:\Program Files\Microsoft Visual
Studio 10.0\VC\vcvarsall.bat” x86 )
c:\WinDDK\7600.16385.1\bin\x86\tracewpp.exe
-cfgdir:c:\WinDDK\7600.16385.1\bin\WppConfig\Rev1 -odir:. *.cpp
cl /Zi /EHsc /nologo /W4 /analyze *.cpp /link /RELEASE kernel32.lib
user32.lib advapi32.lib
pause

the complete sample src file (src is #winprog forgers simple window
tutorial renamed and wpp trace messages added to it)
executed under the watch of traceview.exe to capture the traces to an
etl file and summary of the traces pasted below for referance

#define WPP_CONTROL_GUIDS WPP_DEFINE_CONTROL_GUID( CtlGuid,
(11223344,AAAA,BBBB,CCCC,DDFFFF112233 ), WPP_DEFINE_BIT(mymsg) )
#include “wppwindow.tmh”
#include <windows.h>
const char g_szClassName = “myWindowClass”;

// Step 4: the Window Procedure
LRESULT CALLBACK WndProc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam)
{
switch(msg)
{
case WM_CLOSE:
DestroyWindow(hwnd);
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
default:
DoTraceMessage( mymsg, " hello peter gv wpp in user mode is
simply inserting DoTraceMessage Calls");
return DefWindowProc(hwnd, msg, wParam, lParam);
}
return 0;
}

int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE , LPSTR , int nCmdShow)
{
WPP_INIT_TRACING(NULL);
WNDCLASSEX wc;
HWND hwnd;
MSG Msg;

//Step 1: Registering the Window Class
wc.cbSize = sizeof(WNDCLASSEX);
wc.style = 0;
wc.lpfnWndProc = WndProc;
wc.cbClsExtra = 0;
wc.cbWndExtra = 0;
wc.hInstance = hInstance;
wc.hIcon = LoadIcon(NULL, IDI_APPLICATION);
wc.hCursor = LoadCursor(NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH)(COLOR_WINDOW+1);
wc.lpszMenuName = NULL;
wc.lpszClassName = g_szClassName;
wc.hIconSm = LoadIcon(NULL, IDI_APPLICATION);

if(!RegisterClassEx(&wc))
{
MessageBox(NULL, “Window Registration Failed!”, “Error!”,
MB_ICONEXCLAMATION | MB_OK);
return 0;
}

// Step 2: Creating the Window
hwnd = CreateWindowEx(
WS_EX_CLIENTEDGE,
g_szClassName,
“The title of my window”,
WS_OVERLAPPEDWINDOW,
CW_USEDEFAULT, CW_USEDEFAULT, 240, 120,
NULL, NULL, hInstance, NULL);

if(hwnd == NULL)
{
MessageBox(NULL, “Window Creation Failed!”, “Error!”,
MB_ICONEXCLAMATION | MB_OK);
return 0;
}

ShowWindow(hwnd, nCmdShow);
UpdateWindow(hwnd);

// Step 3: The Message Loop
while(GetMessage(&Msg, NULL, 0, 0) > 0)
{
DoTraceMessage( mymsg, “Windows Message => HWND: 0x%p, MSG: 0x%X,
WParam: 0x%p, lParam: 0x%p”,
Msg.hwnd, Msg.message, (void*) Msg.wParam, (void*) Msg.lParam );
TranslateMessage(&Msg);
DispatchMessage(&Msg);
}
WPP_CLEANUP();
return Msg.wParam;

}

head -n 1 forpgv.out
wppwindow wppwindow_cpp18 WndProc F50 FE8 0 1 10\11\2015-02:14:54 01\01\1970-10:
30:00 01\01\1970-10:30:00 mymsg hello peter gv wpp in user mode is simply i
nserting DoTraceMessage Calls

tail -n 1 forpgv.out
wppwindow wppwindow_cpp18 WndProc F50 FE8 0 381 10\11\2015-02:15:02 01\01\1970-1
0:30:00 01\01\1970-10:30:00 mymsg hello peter gv wpp in user mode is simply
inserting DoTraceMessage Calls

trace message generated when i right clicked on the window

grep -i 0x201 forpgv.out
wppwindow wppwindow_cpp74 WinMain F50 FE8 0 235 10\11\2015-02:14:59 01\01\1970-1
0:30:00 01\01\1970-10:30:00 mymsg Windows Message => HWND: 0x0040026A, MSG:
0x201, WParam: 0x00000001, lParam: 0x003200A6

On 10/10/15, Pavel A. wrote:
> On 09-Oct-2015 15:51, xxxxx@osr.com wrote:
>>


>>
>> I could be mistaken (I don’t program in user-mode) but IIRC, WPP tracing
>> is strictly a kernel mode feature.
>>
>
> WPP (the preprocessor, macros…) works for user mode as well, and
> there’s the plumbing for it. See this old thread. (haven’t tested it on
> Win10, though)
>
> http://www.osronline.com/showThread.cfm?link=161650
>
>
> Regards,
> – pa
>
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></windows.h>

HI All
Thank you so much for your replay. After carefully reading all the comments., It feel it would be better if I implement ETW in my driver.
Thank you very much
Midhun

WPP is getting outdated
consider
TraceLogging for kernel-mode drivers and components
https://msdn.microsoft.com/en-us/library/windows/hardware/dn701955(v=vs.85).aspx

With self contained etl files - no need for .pdb/tmf

newer netsh can convert etl to text.

xxxxx@yahoo.com wrote:

WPP is getting outdated
consider
TraceLogging for kernel-mode drivers and components
https://msdn.microsoft.com/en-us/library/windows/hardware/dn701955(v=vs.85).aspx

With self contained etl files - no need for .pdb/tmf

newer netsh can convert etl to text.

Very interesting. I had not encountered this before. It seems to be
easier to configure than WPP, although a bit more verbose for the trace
messages themselves. Plus, it looks like the interface is identical for
kernel and user components. And, it says that most of it works clear
back to Vista.

I sense the need for an NT Insider article.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Hi Tim,

Where do you read that TraceLogging works on anything other than Windows 10? On the page referred to at the MSDN link the first prerequisite is listed as “Windows 10”.

I’ve never been a big fan of WPP, and doing full ETW is sometimes more work than I prefer. I’m very interested if there is another option that works on Win 7 and later OSs.

Jan

On 10/13/15, 11:03 AM, “xxxxx@lists.osr.com on behalf of Tim Roberts” wrote:

>xxxxx@yahoo.com wrote:
>> WPP is getting outdated
>> consider
>> TraceLogging for kernel-mode drivers and components
>> https://msdn.microsoft.com/en-us/library/windows/hardware/dn701955(v=vs.85).aspx
>>
>> With self contained etl files - no need for .pdb/tmf
>>
>> newer netsh can convert etl to text.
>
>Very interesting. I had not encountered this before. It seems to be
>easier to configure than WPP, although a bit more verbose for the trace
>messages themselves. Plus, it looks like the interface is identical for
>kernel and user components. And, it says that most of it works clear
>back to Vista.
>
>I sense the need for an NT Insider article.
>
>–
>Tim Roberts, xxxxx@probo.com
>Providenza & Boekelheide, Inc.
>
>
>—
>NTDEV is sponsored by OSR
>
>Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
>OSR is HIRING!! See http://www.osr.com/careers
>
>For our schedule of WDF, WDM, debugging and other seminars visit:
>http://www.osr.com/seminars
>
>To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

> newer netsh can convert etl to text.

So is older tracerpt.exe :slight_smile:


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

Jan Bottorff wrote:

Where do you read that TraceLogging works on anything other than Windows 10? On the page referred to at the MSDN link the first prerequisite is listed as “Windows 10”.

I suspect the trace-related MSDN pages are a work-in-progress. The page
on capturing and viewing the data says “You can capture and view
TraceLogging data using the latest internal version of the Windows
Performance Tools (WPT),” suggesting that this is an internal
development tool now being rolled out to the public.

This text is contained in <traceloggingprovider.h> itself:

Compatibility note:

Depending on its configuration, TraceLoggingProvider.h can be
backwards-compatible (compatible with Vista or later), or can be
optimized for
later OS versions. TraceLoggingProvider.h uses WINVER (user mode) and
NTDDI_VERSION (kernel mode) to determine whether it should be
compatible with
earlier OS versions or be optimized for newer OS versions.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.</traceloggingprovider.h>

I have tested it working on win7/win8.
Just the netsh for conversion needs to come from win10.

tracefmt can convert etl file to .txt

anyway fwiw i just dumped the bat into solution dir in a vs project
pre-build event and i can simply press f7 to build a gui project with
wpp trace messages

start->programs->msvc+±>newproject->win32->wpptest->ok

project->properties->allconfigurations->c/c++ debuginformationformat pdb /Zi

project->properties->allconfigurations->pre-buildevent->commandline->
call $(solutiondir)runwpp.bat

f7 and the project is built with tracemessages included

the runwpp.bat contains

echo deleting old tmh files
del *.tmh
echo running tracewpp.exe to regenerate the tmh files on all source files
c:\WinDDK\7600.16385.1\bin\x86\tracewpp.exe
-cfgdir:c:\WinDDK\7600.16385.1\bin\WppConfig\Rev1 -odir:. *
echo generated all these tmh files
dir /b *.tmh

build output

------ Build started: Project: wppvsp, Configuration: Debug Win32 ------
deleting old tmh files
running tracewpp.exe to regenerate the tmh files on all source files
generated all these tmh files
stdafx.tmh
wppvsp.tmh
stdafx.cpp
wppvsp.cpp
wppvsp.vcxproj -> C:\xxxx\wppvsp\Debug\wppvsp.exe
========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========

src file is a single cpp file autogenerated by wizard

to that src file i added the
wpp #define and wpp include file as the last include entry (after
lettting the precompiled magic finish its work like this

#include “stdafx.h”
#include “wppvsp.h”
#define WPP_CONTROL_GUIDS WPP_DEFINE_CONTROL_GUID( CtlGuid,
(11223344,AAAA,BBBB,CCCC,DDFFFF112233 ), WPP_DEFINE_BIT(mymsg) )
#include “wppvsp.tmh”

added WPP_INIT_TRACING(NULL); at start of winmain
added WPP_CLEANUP to end of winmain
added DoTraceMessage in the messagge loop to capture the WINDOW_MESSAGE

opened traceview (trace view can show realtime as well as log to etl
file and at the same time can convert etl to .txt and provide a
summary also

Files processed:
C:\xxxx\wppvsp\Debug\wppvsp.etl
Total Buffers Processed 26
Total Events Processed 734
Total Events Lost 0
Elapsed Time 0 sec
±-------------------------------------------------------------------------------------+
|EventCount EventName EventType Guid
|
±-------------------------------------------------------------------------------------+
| 734 wppvsp wppvsp_cpp51
066dd553-1084-0050-2e6e-0442a3783efb|
±-------------------------------------------------------------------------------------+

out of 734 events 574 are mosuemove messages

:\>grep -c . wppvsp.out & grep -c 200 wppvsp.out
734
574

On 10/14/15, Tim Roberts wrote:
> Jan Bottorff wrote:
>> Where do you read that TraceLogging works on anything other than Windows
>> 10? On the page referred to at the MSDN link the first prerequisite is
>> listed as “Windows 10”.
>
> I suspect the trace-related MSDN pages are a work-in-progress. The page
> on capturing and viewing the data says “You can capture and view
> TraceLogging data using the latest internal version of the Windows
> Performance Tools (WPT),” suggesting that this is an internal
> development tool now being rolled out to the public.
>
> This text is contained in <traceloggingprovider.h> itself:
>
> Compatibility note:
>
> Depending on its configuration, TraceLoggingProvider.h can be
> backwards-compatible (compatible with Vista or later), or can be
> optimized for
> later OS versions. TraceLoggingProvider.h uses WINVER (user mode) and
> NTDDI_VERSION (kernel mode) to determine whether it should be
> compatible with
> earlier OS versions or be optimized for newer OS versions.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></traceloggingprovider.h>

Hi All
i have an interesting issue. I will explain it to you in greater details so that it will be crystal clear to every one who reads this

Tools used : Ms VS 2013 & WDK 8.1
I tried to create an empty Dll (Vs 2013->new ->project->EmptyDLL for drivers). My intention is to implement WPP tracing on that. Project name is

“DllForDrivers1” here is the code.
***************************** Midhun . cpp ********************************
#include <windows.h>
#include <winnt.h>
#define EXPORTING_DLL

#define WPP_OLDCC
#include “mytrace.h”
#include “SampleDLL.h”
#include “Midhun.tmh”

BOOL APIENTRY DllMain(
HANDLE hModule, // Handle to DLL module
DWORD ul_reason_for_call,
LPVOID lpReserved) // Reserved
{
UNREFERENCED_PARAMETER(hModule);
UNREFERENCED_PARAMETER(lpReserved);
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
WPP_INIT_TRACING(L"DllForDrivers1");
TraceEvents(TRACE_LEVEL_ERROR, DBG_INIT, “DllMain Midhun\n”);
// A process is loading the DLL.
break;

case DLL_THREAD_ATTACH:
// A process is creating a new thread.
break;

case DLL_THREAD_DETACH:
// A thread exits normally.
break;

case DLL_PROCESS_DETACH:
WPP_CLEANUP();
// A process unloads the DLL.
break;
}
return TRUE;
}

void HelloWorld()
{
TraceEvents(TRACE_LEVEL_ERROR, DBG_INIT, “HelloWorld\n”);

}

SampleDll.h
#ifndef INDLL_H
#define INDLL_H

#ifdef EXPORTING_DLL
extern __declspec(dllexport) void HelloWorld();
#else
extern__declspec(dllimport) void HelloWorld();
#endif

#endif

mytrace.h


#define WPP_CONTROL_GUIDS <br> WPP_DEFINE_CONTROL_GUID(TestmidhunGuid, (28D2B84D,12FF,4883,AC4F,AA7BE6343242), <br> WPP_DEFINE_BIT(DBG_INIT) /
bit 0 = 0x00000001 / <br> WPP_DEFINE_BIT(DBG_PNP) / bit 1 = 0x00000002 / <br> WPP_DEFINE_BIT(DBG_POWER) / bit 2 = 0x00000004 / <br> WPP_DEFINE_BIT(DBG_WMI) / bit 3 = 0x00000008 / <br> WPP_DEFINE_BIT(DBG_CREATE_CLOSE) / bit 4 = 0x00000010 / <br> WPP_DEFINE_BIT(DBG_IOCTL) / bit 5 = 0x00000020 / <br> WPP_DEFINE_BIT(DBG_WRITE) / bit 6 = 0x00000040 / <br> WPP_DEFINE_BIT(DBG_READ) / bit 7 = 0x00000080 / <br> WPP_DEFINE_BIT(DBG_SDP) / bit 8 = 0x00000100 / <br> WPP_DEFINE_BIT(DBG_CONNECT) / bit 9 = 0x00000200 / <br> WPP_DEFINE_BIT(DBG_UTIL) / bit 9 = 0x00000400 / <br> WPP_DEFINE_BIT(DBG_CONT_READER) / bit 9 = 0x00008000 / <br> / You can have up to 32 defines. If you want more than that,<br>you have to provide another trace control GUID /<br> )

#define WPP_LEVEL_FLAGS_LOGGER(lvl,flags) WPP_LEVEL_LOGGER(flags)
#define WPP_LEVEL_FLAGS_ENABLED(lvl, flags) (WPP_LEVEL_ENABLED(flags) && WPP_CONTROL(WPP_BIT_ ## flags).Level >= lvl)

Settings done on VS project DllForDrivers1.vcxproj
**
(Important Note : The platform tool set : “WindowsApplicationForDrivers8.1”)
DllForDrivers1.vcxproj->Configuration Properties->Wpp tracing->All options
RunWPPTracing: Yes
Function To Generate Trace Messages: TraceEvents(LEVEL,FALGS,MSG,…)

Thats aLL**
The code compiles well!!!. .

But I have an existing DLL project (MyDLLProj.vcxproj), where I want to implement WPP Tracing. There are 8 cpp files. I want to implement WPP Tracing in one of the

file,myfile.cpp.So, I included mytrace.h and myfile.tmh the file (myfile.cpp) and added the other necessary things.
When i checked the project Configuration properties. I could not see WPP tracing oprion. Also, The platform tool set was “Visual Studio 2013 (v120)”. When I changed it to

“WindowsApplicationForDrivers8.1”, WPP_TRACING option appeared (courtesy: Doron Holon, earlier in this post). I made the above setting and tried to compile.

I GOT COMPILATION ERROR:

Description line column Project
Error 1 error C2065: ‘DBG_INIT’ : undeclared identifier c:\DllForDrivers1\myfile.cpp 391 1 MyDLLProj
Error 2 error C3861: ‘WPP_CALL_TosBdAPI_cpp’: identifier not found c:\DllForDrivers1\myfile.cpp 391 1 MyDLLProj

I am sure I did not make any mistake. I have done my reaserch and I found one thread in OSR which discuss similer issue.

https://www.osronline.com/showthread.cfm?link=253836
But still I am not able to find the root cause.

Questions
1. Did I miss anything?
2. Is it okay to change the platform tool set ? (code compiles successfully without WPP)?
3. I need to capture logs when the system goes to connected standby. Is there any other way ?(ETW is complex to implement…i feel)

Important Observations:
1. In the configuration manager of the sample project (“DllForDrivers1” ), I can see Win 8.1. winn 8 , win7 under active solution configuration(Both Debug And Release).

But in my Dll(MyDLLProj.vcxproj), i could see only debug and release option under configuration manager.
2. I could see on einclude statement in my project, #include “stdafx.h”. If place my WPP Header files (mytrace.h,myfile.tmh) above this statementy, then I get these

warning and lots of errors
warning C4627: ‘#include “…\Common.Inc\mytrace.h”’: skipped when looking for precompiled header use
warning C4627: ‘#include “mufile.tmh”’: skipped when looking for precompiled header

Do I have to suspect stadfx.h ?

I cannot create an empty project and add all source and header files, becuase we are at the final stage of our project.I request you to help me.Thanks in advance</winnt.h></windows.h>

>

Questions

  1. Did I miss anything?
  2. Is it okay to change the platform tool set ? (code compiles
    successfully without WPP)?
  3. I need to capture logs when the system goes to connected
    standby. Is there any other way ?(ETW is complex to implement…i feel)

Important Observations:

  1. In the configuration manager of the sample project
    (“DllForDrivers1” ), I can see Win 8.1. winn 8 , win7 under active
    solution configuration(Both Debug And Release).

But in my Dll(MyDLLProj.vcxproj), i could see only debug and
release option under configuration manager.

It’s OK to change the toolset to get the correct toolset for the task, but you will need to adjust the configuration accordingly.

Your existing project only has the configurations it came with - changing its toolset won’t change that. You will need to add the appropriate configurations to your project. Use the sample project as a guide, remembering to check the props files for the project’s configurations in the Property Manager.

  1. I could see on einclude statement in my project, #include
    “stdafx.h”. If place my WPP Header files (mytrace.h,myfile.tmh) above
    this statementy, then I get these

warning and lots of errors
warning C4627: ‘#include “…\Common.Inc\mytrace.h”’: skipped when
looking for precompiled header use
warning C4627: ‘#include “mufile.tmh”’: skipped when looking for
precompiled header

Do I have to suspect stadfx.h ?

Your stdafx.h is not the direct cause of those warnings: it’s because you’ve moved your WPP headers in front of it.

Your project is being compiled with precompiled headers, and stdafx.h (which is the default header file name for this) must be the first #include file in your sources.

This needs to be fixed first (move your WPP headers to after #include “stdafx.h”).
This email message has been delivered safely and archived online by Mimecast.

For more information please visit http://www.mimecast.com