What's New in Event Tracing
This section describes the new features that were added to Event Tracing for Windows in each release.
The following features have been added to Event Tracing on Windows 8.1 and Windows Server 2012 R2.
Functions that support using event payload, scope, and stack walk filters used by the EnableTraceEx2 function and the ENABLE_TRACE_PARAMETERS and EVENT_FILTER_DESCRIPTOR structures to filter on specific conditions in a logger session. For more information, see:
A structure that defines an event payload filter predicate that describes how to filter on a single field in a trace session used by the new TdhCreatePayloadFilter function and a new structure used by event ID and stack walk filters. For more information, see:
Functions that retrieve information on events present in the provider manifest. For more information, see:
A structure that defines an array of events in a provider manifest used by the new TdhEnumerateManifestProviderEvents function. For more information, see:
The following features have been added to the Event Tracing on Windows 8 and Windows Server 2012.
Functions that performs operations on a registration object, provide event payload parsing, provide trace provider browsing, query event tracing session settings, and process a relogged trace file. For more information, see:
Interfaces that provide information to the relogger on the tracing process and when events are logged, access to data for a specific event, and access to relogger features that allow the manipulation of Event Trace Log (ETL) files. For more information, see:
Additional enumerations used by the new functions and interfaces. For more information, see:
The following features were added in this release:
- The ability for providers to define filters in the manifest. In Windows Vista, controllers could pass filter data to the provider. However, the layout of the filter data was not defined in the manifest, so the provider would have to use other means to provide the filter definition to controllers. With this release, providers can define the filter definition in the manifest (see the filters attribute of the ProviderType complex type). Controllers can then use the TdhEnumerateProviderFilters function to determine the filter definition. Providers that use filters should use the EventWriteEx function to write the event.
- The ability to use a single buffer to gather events generated on multiple processors. Using a single buffer eliminates events from appearing out of order on multi-processors computers. For details, see the EVENT_TRACE_NO_PER_PROCESSOR_BUFFERING logging mode. By default, ETW uses per-processor buffers.
- The ability to capture a stack trace for events. To enable stack tracing for kernel events, see the TraceSetInformation function. To enable stack tracing for user events, see the EVENT_ENABLE_PROPERTY_STACK_TRACE flag for the EnableProperty member of ENABLE_TRACE_PARAMETERS.
- The ability to specify the EVENT_TRACE_BUFFERING_MODE or EVENT_TRACE_FILE_MODE_NEWFILE logging mode with the EVENT_TRACE_PRIVATE_LOGGER_MODE logging mode (see Logging Mode Constants).
- The ability to enable a provider synchronously. By default, providers are enabled asynchronously. To enable a provider synchronously, set the Timeout parameter of EnableTraceEx2.
- The ability for the controller to request that the provider log its state. For details, see the EVENT_CONTROL_CODE_CAPTURE_STATE flag for the ControlCode parameter of EnableTraceEx2.
- The ability for consumers to format event data using the TdhFormatProperty function.
- The ability to decode manifested events on computers that do not contain the provider. For details, see the TdhLoadManifest function.
The following functions were added in this release:
The following structures were added in this release:
The following enumerations were added in this release:
The following MOF classes were added in this release: