我试图用自己的事件和一些通用网络事件捕获HoloLens上的etl跟踪。在我的PC上使用WPR,我可以选择Networking I/O activity,当我在WPA中进行分析时,会显示Microsoft-Windows-TCPIP之类的事件。我无法弄清楚如何在HoloLens上看到这些事件,或者成功地将它们放入我的wprp文件中。
即使在Windows上,我也尝试过以下操作但没有成功。我自己的活动很好。
<EventProvider Id="Microsoft.Windows.TCPIP" Name="2F07E2EE-15DB-40F1-90EF-9D7BA282188A"/>
...
<EventProviderId Value="Microsoft.Windows.TCPIP"/>
答案 0 :(得分:1)
这是一个WPRP文件,用于捕获&#34; Microsoft-Windows-TCPIP&#34;和&#34; Microsoft-Windows-Kernel-Network"事件。
<?xml version="1.0" encoding="utf-8"?>
<WindowsPerformanceRecorder Version="1.0" Author="MagicAndre1981" Copyright="MagicAndre1981" Company="MagicAndre1981">
<Profiles>
<SystemCollector Id="SystemCollector" Name="NT Kernel Logger">
<BufferSize Value="1024" />
<Buffers Value="512" />
</SystemCollector>
<EventCollector Id="EventCollector_UserModeEvents_Session" Name="UserModeEvents_Session">
<BufferSize Value="1024" />
<Buffers Value="512" />
</EventCollector>
<SystemProvider Id="SystemProvider">
<Keywords>
<Keyword Value="ProcessThread" />
<Keyword Value="Loader" />
<Keyword Value="SampledProfile" />
<Keyword Value="Interrupt"/>
<Keyword Value="DPC"/>
<Keyword Value="ReadyThread" />
<Keyword Value="CSwitch" />
<Keyword Value="NetworkTrace" />
</Keywords>
<Stacks>
<Stack Value="SampledProfile" />
<Stack Value="CSwitch" />
<Stack Value="ReadyThread" />
<Stack Value="ImageLoad" />
<Stack Value="ImageUnload" />
</Stacks>
</SystemProvider>
<EventProvider Id="NetworkingCorrelation" Name="Microsoft-Windows-Networking-Correlation" Level="5" Stack="true">
<Keywords>
<Keyword Value="0x7FFF0000000F"/>
</Keywords>
</EventProvider>
<EventProvider Id="KernelNetwork" Name="Microsoft-Windows-Kernel-Network" Level="5" Stack="true" NonPagedMemory="true"/>
<EventProvider Id="TCP" Name="Microsoft-Windows-TCPIP" Level="5" Stack="true" NonPagedMemory="true">
<Keywords>
<Keyword Value="0x0000000400000000"/>
</Keywords>
</EventProvider>
<Profile Id="NetworkProfile.Verbose.File" Name="NetworkProfile" Description="Network Profile" LoggingMode="File" DetailLevel="Verbose">
<Collectors>
<SystemCollectorId Value="SystemCollector">
<SystemProviderId Value="SystemProvider" />
</SystemCollectorId>
<EventCollectorId Value="EventCollector_UserModeEvents_Session">
<EventProviders>
<EventProviderId Value="NetworkingCorrelation" />
<EventProviderId Value="KernelNetwork" />
<EventProviderId Value="TCP" />
</EventProviders>
</EventCollectorId>
</Collectors>
</Profile>
<Profile Id="NetworkProfile.Verbose.Memory" Name="NetworkProfile" Description="Network Profile" Base="NetworkProfile.Verbose.File" LoggingMode="Memory" DetailLevel="Verbose" />
</Profiles>
<TraceMergeProperties>
<TraceMergeProperty Id="BaseVerboseTraceMergeProperties" Name="BaseTraceMergeProperties" Base="">
<FileCompression Value="true" />
<CustomEvents>
<CustomEvent Value="ImageId"/>
<CustomEvent Value="BuildInfo"/>
<CustomEvent Value="VolumeMapping"/>
<CustomEvent Value="EventMetadata"/>
<CustomEvent Value="PerfTrackMetadata"/>
<CustomEvent Value="NetworkInterface"/>
</CustomEvents>
</TraceMergeProperty>
</TraceMergeProperties>
</WindowsPerformanceRecorder>
通过"C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\wpr.exe" -start network.wprp和下一个"C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\wpr.exe" -stop NetworkData.etl