I need to start Logging session when my app is being started. I wrote logging init / deinit functions, *.etl file is created but it's empty after the session. I'm using WPP tracing (for kernel as well as for user space). I can't figure out what I did wrong. I've read a lot of articles and docs about this API but couldn't have come up with solution.
I'm using VERBOSE flag to write everything related to my app, also I define guid for trace session (ToolSessionGuid) and GUID related to my application (GUID_APP).
Here is my realization of Init/deinit functions:
void traceLoggerDeinit(TRACEHANDLE* sessionHandle, EVENT_TRACE_PROPERTIES* sessionProperties) {
if (!sessionHandle)
return;
if (*sessionHandle) {
uint64_t retval = EnableTraceEx2(*sessionHandle, (GUID*)&GUID_APP, EVENT_CONTROL_CODE_DISABLE_PROVIDER, TRACE_LEVEL_INFORMATION, 0, 0, 0, NULL);
if (retval != ERROR_SUCCESS)
traceErr("Failed to disable trace, error %llu", retval);
retval = ControlTrace(*sessionHandle, LOGSESSION_NAME, sessionProperties, EVENT_TRACE_CONTROL_STOP);
if (retval != ERROR_SUCCESS)
traceErr("Failed to stop trace, error %llu", retval);
}
sessionHandle = nullptr;
}
uint64_t traceLoggerInit(TRACEHANDLE* sessionHandle, EVENT_TRACE_PROPERTIES* sessionProperties, uint32_t bufferSize)
{
sessionProperties->Wnode.BufferSize = bufferSize;
sessionProperties->Wnode.Flags = WNODE_FLAG_TRACED_GUID;
sessionProperties->Wnode.ClientContext = 1;
sessionProperties->Wnode.Guid = ToolSessionGuid;
sessionProperties->LogFileMode = EVENT_TRACE_FILE_MODE_SEQUENTIAL;
sessionProperties->MaximumFileSize = 1;
sessionProperties->LoggerNameOffset = sizeof(EVENT_TRACE_PROPERTIES);
sessionProperties->LogFileNameOffset = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(LOGSESSION_NAME);
StringCbCopy((wchar_t*)((char*)sessionProperties + sessionProperties->LogFileNameOffset), sizeof(LOGFILE_PATH), LOGFILE_PATH);
uint64_t retval = StartTrace((TRACEHANDLE*)sessionHandle, LOGSESSION_NAME, sessionProperties);
if (retval == ERROR_ALREADY_EXISTS) {
traceErr("Trace logging already enabled. Disabling and enabling again");
return ERROR_ALREADY_EXISTS;
}
if (retval != ERROR_SUCCESS) {
traceErr("StartTrace() failed, error %llu", retval);
return -1;
}
retval = EnableTraceEx2(*sessionHandle, (GUID*)&GUID_APP, EVENT_CONTROL_CODE_ENABLE_PROVIDER, TRACE_LEVEL_VERBOSE, 0, 0, 0, NULL);
if (retval != ERROR_SUCCESS) {
traceErr("EnableTrace() failed, error %llu", retval);
return -1;
}
return 0;
}
In main function I'm initializing the structure and the handle:
uint32_t size = sizeof(EVENT_TRACE_PROPERTIES) + sizeof(LOGFILE_PATH) + sizeof(LOGSESSION_NAME) + 1024 * sizeof(wchar_t);
TRACEHANDLE sessionHandle = 0;
EVENT_TRACE_PROPERTIES* sessionProperties = (EVENT_TRACE_PROPERTIES*)malloc(size);
if (!sessionProperties) {
traceErr("Unable to allocate %lu bytes for properties structure", size);
return -1;
}
memset(sessionProperties, 0, size);
uint64_t retVal = traceLoggerInit(&sessionHandle, sessionProperties, size);
if (retVal == ERROR_ALREADY_EXISTS) {
traceLoggerDeinit(&sessionHandle, sessionProperties);
retVal = traceLoggerInit(&sessionHandle, sessionProperties, size);
if (retVal != 0) {
traceErr("Failed to enable trace Logging");
traceLoggerDeinit(&sessionHandle, sessionProperties);
free(sessionProperties);
return -1;
}
}
if (retVal != 0) {
traceErr("Failed to enable trace Logging");
traceLoggerDeinit(&sessionHandle, sessionProperties);
free(sessionProperties);
return -1;
}
Then do some stuffs with wpp trace and close the session with deinit function: