Skip to main content

EventTrace

windows_erg::etw

Struct EventTrace 

Source 
pub struct EventTrace { /* private fields */ }
Expand description

A running ETW trace session.

Created by EventTraceBuilder::start. Automatically stops the trace when dropped (RAII).

Use EventTrace::builder to configure and start a session.

Implementations§

Source§

impl EventTrace

Source

pub fn builder(name: impl Into<String>) -> EventTraceBuilder

Create a builder to configure and start an ETW trace session.

No validation happens here — all checks run in EventTraceBuilder::start so the builder can always be constructed without a Result.

§Example
use windows_erg::etw::{EventTrace, SystemProvider};

let mut trace = EventTrace::builder("ProcessMonitor")
    .system_provider(SystemProvider::Process)
    .start()?;
Source

pub fn name(&self) -> &str

The active ETW session name.

Kernel sessions always use NT Kernel Logger; user-mode sessions use the builder name.

Source

pub fn events_processed(&self) -> usize

Total events delivered so far across all next_batch calls.

Source

pub fn stop_handle(&self) -> Wait

Get a clone of the stop signal for external cancellation coordination.

Source

pub fn next_batch(&mut self, out_events: &mut Vec<TraceEvent>) -> Result<usize>

Fetch the next batch of events into the output buffer.

Clears out_events before filling it. Returns the number of events added.

Source

pub fn next_batch_or_stopped( &mut self, out_events: &mut Vec<TraceEvent>, ) -> Result<usize>

Fetch the next batch unless the session stop signal has been set.

Returns 0 when stop was requested.

Source

pub fn run_until_stopped( &mut self, out_events: &mut Vec<TraceEvent>, poll_interval: Duration, ) -> Result<()>

Continuously drain batches until the stop signal is set.

The output buffer is reused on each iteration.

Source

pub fn next_batch_with_filter<F>( &mut self, out_events: &mut Vec<TraceEvent>, filter: F, ) -> Result<usize>
where F: Fn(&TraceEvent) -> bool,

Fetch the next batch of events, keeping only those that pass filter.

Clears out_events before filling it. Returns the number of events added.

Filtering happens during enumeration, so rejected events are never pushed to the buffer.

Source

pub fn next_batch_decoded( &mut self, out_events: &mut Vec<DecodedEvent>, ) -> Result<usize>

Fetch the next batch of decoded events into the output buffer.

Clears out_events before filling it. Returns the number of events added.

Source

pub fn next_batch_decoded_with_filter<F>( &mut self, out_events: &mut Vec<DecodedEvent>, filter: F, ) -> Result<usize>
where F: Fn(&DecodedEvent) -> bool,

Fetch the next batch of decoded events, keeping only those that pass filter.

Clears out_events before filling it. Returns the number of events added.

Source

pub fn stop(&mut self) -> Result<()>

Stop the trace session explicitly.

Also called automatically when EventTrace is dropped.

Trait Implementations§

Source§

impl Drop for EventTrace

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl Send for EventTrace

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.