Skip to content
/ rusttrace Public

A simple manifest-based ETW wrapper library for Rust in Windows.

License

MIT license
5 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

flowerinthenight/rusttrace

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
assets
assets
 
 
bin
bin
 
 
libtrace
libtrace
 
 
manifest
manifest
 
 
src
src
 
 
.gitignore
.gitignore
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
appveyor.yml
appveyor.yml
 
 
build.rs
build.rs
 
 

Repository files navigation

Build status

Overview

This library provides Rust bindings to ETW event call APIs generated from an ETW manifest file. Currently, three functions are provided in the manifest for reference: __rt_trace, __rt_init, and __rt_cleanup. These functions are then exposed in libtrace.dll to be called in Rust.

Setup

Install the manifest file

A simple manifest file is provided. For more information on how to create the manifest file, check out this link. To install the manifest file, run the following command in administrator mode:

wevtutil im rtrace.man /rf:"<full_path_to_libtrace.dll>" /mf:"<full_path_to_libtrace.dll>"

The header file rtrace.h was generated using mc.exe using the command mc.exe -um rtrace.man. This header file is then used in libtrace.dll.

libtrace.dll is written in Visual Studio 2015. The ETW provider registration/deregistration is done during dll load/unload events. Pre-built binaries are already provided in the bin folder.

Build the test binary

A main.rs is provided alongside lib.rs for testing. To build, just run cargo build in the root folder. This should generate a rusttrace.exe binary in target/debug folder. Do not forget to copy libtrace.dll to the binary location.

Real-time event capture

For real-time log capture, I usually use mftrace.exe. You can find this tool from the Windows SDK bin folder (usually in C:\Program Files (x86)\Windows Kits\10\bin\x86). Note that this tool needs mfdetours.dll as well, in case you copy it to a different location. To start capture, run the following command in either command prompt or Powershell in administrator mode:

mftrace.exe -c config.xml

*** config.xml is also provided.

mftrace

Using PerfView

For analysis, I use both PerfView and Windows Performance Analyzer tools. To capture using PerfView:

  1. Run PerfView.exe.
  2. Go to Collect menu and select Collect (or Alt+C).
  3. Expand Advanced Options and click Provider Browser, search for RustTrace under Provider Filter, make sure Verbose level is selected, and click Add Provider.
  4. Click Start Collection.
  5. Run rusttrace.exe binary.
  6. Click Stop Collection in PerfView. This will generate, by default, a zip file called PerfViewData.etl.zip in the same directory as PerfView.exe binary.

perfview

Analysis using Windows Performance Analyzer

When you unzip the file generated from PerfView, there is a file called PerfViewData.etl that you can open using Windows Performance Analyzer.

wpa

FAQ

I don't need the provider anymore. How do I uninstall it?

wevtutil um rtrace.man

License

The MIT License

About

A simple manifest-based ETW wrapper library for Rust in Windows.

Topics

rust etw

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages