Check out the codes in GitHub.
If you remember in part 2, we compiled our manifest file with
mc -um <manifest_file>.man
and we got a header file as one of the outputs. We just have to include that header file to our sources and we are good to go.
#include ...
#include "<manifest_file>.h"
int main(...)
{
EventRegister<provider_name_in_manifest>();
...
CreateFile(...);
// Example of using the LastError event in our manifest file
EventWriteLastError(L"THIS_EXE", __FILE__, __FUNC__, L"CreateFile", GetLastError());
...
EventUnregister<provider_name_in_manifest>();
}
Notes
- Any module can use the ETW provider, be it dll or exe, simultaneously. But you can also create a provider for each module if you prefer.
- For a dll, you can call the
EventRegister()inside yourDllMain->DLL_PROCESS_ATTACHand yourEventUnregister()inDLL_PROCESS_DETACH.
Check out part 4.