Update ETW batch files

etwrecord.bat and etwcommonsettings.bat have not been changed in a *long* time. The Amcache_temp.hve and Chrome symbol hacks are unnecessary clutter at this point so I removed them. I also updated the user-mode providers to better match UIforETW. This avoids wasting trace-space with excessive UserCrit events, and records some extra memory and power data which is occasionally useful.
google · Aug 20, 2019 · 984b58a · 984b58a
1 parent 1f6d9a7
commit 984b58a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 20 deletions.
diff --git a/bin/etwcommonsettings.bat b/bin/etwcommonsettings.bat
@@ -59,11 +59,11 @@ set _NT_SYMBOL_PATH=SRV*c:\symbols*http://msdl.microsoft.com/download/symbols;SR
 @rem Windows 7+
 @echo Windows 7+ settings
 @rem Microsoft-Windows-Win32k adds Window focus events. This is available only
-@rem on Windows 7 and above.
-@set UserProviders=Microsoft-Windows-Win32k
-@rem Theoretically better power monitoring, Windows 7+, not proven to
-@rem actually work!
-@rem @set UserProviders=%UserProviders%+Microsoft-Windows-Kernel-Processor-Power+Microsoft-Windows-Kernel-Power
+@rem on Windows 7 and above. The filtering is to avoid excessive traffic from
+@rem the UserCrit events.
+@set UserProviders=Microsoft-Windows-Win32k:0xfdffffffefffffff
+@rem Memory and power monitoring, copied from UIforETW.
+@set UserProviders=%UserProviders%+Microsoft-Windows-Kernel-Memory:0xE0+Microsoft-Windows-Kernel-Power
 
 @ver | find "6.1."
 @if %errorlevel% == 0 goto Windows7

diff --git a/bin/etwrecord.bat b/bin/etwrecord.bat
@@ -114,29 +114,14 @@ xperf -stop %SessionName% -stop
 @rem New method -- allows requesting trace compression. This is a NOP on
 @rem Windows 7 but on Windows 8 creates 5-7x smaller traces (that don't load on Windows 7)
 
-@rem Rename c:\Windows\AppCompat\Programs\amcache.hve to avoid serious merge
-@rem performance problems (up to six minutes!)
-@set HVEDir=c:\Windows\AppCompat\Programs
-@rename %HVEDir%\Amcache.hve Amcache_temp.hve 2>nul
-@set RenameErrorCode=%errorlevel%
-
 xperf -merge "%kernelfile%" "%userfile%" %FileAndCompressFlags%
 
-@rem Rename the file back
-@if not "%RenameErrorCode%" equ "0" goto SkipRename
-@rename %HVEDir%\Amcache_temp.hve Amcache.hve
-:SkipRename
-
 @if not %errorlevel% equ 0 goto FailureToRecord
 @rem Delete the temporary ETL files
 @del "%kernelfile%""
 @del "%userfile%"
 @echo Trace data is in %FileName% -- load it with wpa or xperfview or gpuview.
 @dir "%FileName%" | find /i ".etl"
-@rem Preprocessing symbols to avoid delays with Chrome's huge symbols
-@pushd "%batchdir%"
-python StripChromeSymbols.py "%FileName%"
-@popd
 start wpa "%FileName%"
 @exit /b