Trace Provider
A trace provider is a component of a user-mode application or kernel-mode driver that uses Event Tracing for Windows (ETW) technology to generate trace messages or trace events. Typically, the trace events and messages report discrete actions of the provider. Reading a record of the events helps you to understand what the provider is doing in actual operating conditions.
A trace session can include more than one trace provider. This is especially useful for tracing drivers or applications that implement more than one provider component, as well as for tracing multiple drivers or applications that interact.
To start a trace session with more than one trace provider, you must specify the control GUIDs of all of the desired providers in the GUID (.guid extension) or control file that you submit to a trace controller. The trace messages generated by the providers are interspersed in the event trace log (.etl) file.
A kernel-mode driver or user-mode application, can support more than one trace provider component, even within a single source file. This feature is useful for tracing specific operations in a driver or application. To implement multiple trace providers, you must use a different control GUID in the WPP_CONTROL_GUIDS macro for each provider.
Similarly, multiple drivers or applications can be a part of a single trace provider and share its resources. This feature is useful when tracing related applications and drivers, such as port and miniport drivers. To implement this feature, specify the same control GUID in the WPP_CONTROL_GUIDS macro for each provider.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for