How to use ETW from a C++ Windows client

Question

I\'m researching Event Tracing for Windows (ETW) to allow a user-mode windows client to write out tracing information. The existing documentation is, to put it lightly, insanely

Answer 1

To write a Provider for ETW, you have two options:

• write it as a manifest-based provider (preferred for Windows Vista or higher). Check out an example here.

• write it as a classic provider for legacy support. You can find an example here.

I suppose you want to use a manifest-based approach, as its better and can support up to eight sessions. The first step a manifest-based provider needs to do is to register the event using EventRegister() and then write to it via the EventWrite() or EventWriteString() function.

Answer 2

Programmers Guide to Eventing (2010) from Microsoft is a good one to start with.