[Part 3] Logging with C/C++ applications



1 minute

Check out the codes in GitHub.

If you remember in part 2, we compiled our manifest file with

mc -um <manifest_file>.man

and we got a header file as one of the outputs. We just have to include that header file to our sources and we are good to go.

#include ...
#include "<manifest_file>.h"

int main(...)
    // Example of using the LastError event in our manifest file
    EventWriteLastError(L"THIS_EXE", __FILE__, __FUNC__, L"CreateFile", GetLastError());


  • Any module can use the ETW provider, be it dll or exe, simultaneously. But you can also create a provider for each module if you prefer.
  • For a dll, you can call the EventRegister() inside your DllMain -> DLL_PROCESS_ATTACH and your EventUnregister() in DLL_PROCESS_DETACH.

Check out part 4.