Fix provider removals

itoleck · May 18, 2022 · 1c87451 · 1c87451
1 parent cfb3b99
commit 1c87451
Show file tree

Hide file tree

Showing 3 changed files with 194 additions and 45 deletions.
diff --git a/My Project/launchSettings.json b/My Project/launchSettings.json
@@ -1,8 +1,7 @@
 {
   "profiles": {
     "ETLSmasher": {
-      "commandName": "Project",
-      "commandLineArgs": "--infile:\"z:\\temp\\I9.04-14-2022.12-44-03.etl\" --outfile:\"z:\\temp\\I9.04-14-2022.12-44-03_compress.etl\" --compress:true"
+      "commandName": "Project"
     }
   }
 }
diff --git a/Program.vb b/Program.vb
@@ -109,7 +109,11 @@ Module Program
                 RelogByCompressOnly()
             Else
                 If providers.Length > 0 Then
-                    Relog()
+                    If relogtime = -1 Then
+                        RelogProviders()
+                    Else
+                        RelogProvidersAndTime()
+                    End If
                 End If
             End If
 
@@ -129,19 +133,6 @@ Module Program
         Using relogger As New ETWReloggerTraceEventSource(infile, TraceEventSourceType.FileOnly, outfile)
             relogger.OutputUsesCompressedFormat = compress
 
-            'Keeping around so I remember the other evetns
-            'AddHandler relogger.Dynamic.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
-            '                                     relogger.WriteEvent(data)
-            '                                 End Function
-
-            'AddHandler relogger.Kernel.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
-            '                                    relogger.WriteEvent(data)
-            '                                End Function
-
-            'AddHandler relogger.Clr.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
-            '                                 relogger.WriteEvent(data)
-            '                             End Function
-
             AddHandler relogger.AllEvents, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
                                                relogger.WriteEvent(data)
                                                totalevents += 1
@@ -151,53 +142,210 @@ Module Program
         End Using
     End Sub
 
-    Private Sub Relog()
+    Private Sub RelogProviders()
 
         Console.WriteLine("Re-Logging trace: " + infile)
+        Console.WriteLine("Removing providers: " + providers.Length.ToString)
 
         Using relogger As New ETWReloggerTraceEventSource(infile, TraceEventSourceType.FileOnly, outfile)
             relogger.OutputUsesCompressedFormat = compress
 
-            AddHandler relogger.AllEvents, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+            AddHandler relogger.UnhandledEvents, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+                                                     Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                     Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                     Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                     Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                     Dim bidx As Boolean = True
+                                                     Dim bidx2 As Boolean = True
+
+                                                     If idx < 0 Then bidx = False
+                                                     If idx2 < 0 Then bidx2 = False
+
+                                                     If bidx = True Or bidx2 = True Then
+
+                                                     Else
+                                                         relogger.WriteEvent(data)
+                                                         totalevents += 1
+                                                     End If
+                                                 End Function
+
+            AddHandler relogger.Dynamic.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+                                                 Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                 Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                 Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                 Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                 Dim bidx As Boolean = True
+                                                 Dim bidx2 As Boolean = True
+
+                                                 If idx < 0 Then bidx = False
+                                                 If idx2 < 0 Then bidx2 = False
+
+                                                 If bidx = True Or bidx2 = True Then
+
+                                                 Else
+                                                     relogger.WriteEvent(data)
+                                                     totalevents += 1
+                                                 End If
+                                             End Function
+
+            AddHandler relogger.Kernel.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+                                                Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                Dim bidx As Boolean = True
+                                                Dim bidx2 As Boolean = True
+
+                                                If idx < 0 Then bidx = False
+                                                If idx2 < 0 Then bidx2 = False
+
+                                                If bidx = True Or bidx2 = True Then
+
+                                                Else
+                                                    relogger.WriteEvent(data)
+                                                    totalevents += 1
+                                                End If
+                                            End Function
+
+            AddHandler relogger.Clr.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+                                             Dim uid As String = data.TaskGuid.ToString.ToLower
+                                             Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                             Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                             Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                             Dim bidx As Boolean = True
+                                             Dim bidx2 As Boolean = True
+
+                                             If idx < 0 Then bidx = False
+                                             If idx2 < 0 Then bidx2 = False
+
+                                             If bidx = True Or bidx2 = True Then
+
+                                             Else
+                                                 relogger.WriteEvent(data)
+                                                 totalevents += 1
+                                             End If
+                                         End Function
 
-                                               If relogtime = -1 Then
+            relogger.Process()
 
-                                                   Dim uid As String = data.TaskGuid.ToString.ToLower
-                                                   Dim idx As Int32 = Array.IndexOf(providers, uid)
+        End Using
 
-                                                   If idx = -1 Then
-                                                       relogger.WriteEvent(data)
-                                                       totalevents += 1
-                                                   Else
-                                                       Debug.WriteLine(data.TaskGuid.ToString)
-                                                   End If
+    End Sub
 
-                                               Else
+    Private Sub RelogProvidersAndTime()
 
-                                                   'Some events may  be written at trace rundown, might be good to keep last few seconds. More inveestigation needed.
-                                                   'If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Or (data.TimeStampRelativeMSec > (data.Source.SessionEndTimeRelativeMSec - 10000))
+        Console.WriteLine("Re-Logging trace: " + infile)
+        Console.WriteLine("Removing providers: " + providers.Length.ToString)
+        Console.WriteLine("Removing time after: " + relogtime.ToString + "ms")
 
-                                                   If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Then
+        Using relogger As New ETWReloggerTraceEventSource(infile, TraceEventSourceType.FileOnly, outfile)
+            relogger.OutputUsesCompressedFormat = compress
 
-                                                       Dim uid As String = data.TaskGuid.ToString.ToLower
-                                                       Dim idx As Int32 = Array.IndexOf(providers, uid)
+            'Some events may be written at trace rundown, might be good to keep last few seconds. More investigation needed.
+            'If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Or (data.TimeStampRelativeMSec > (data.Source.SessionEndTimeRelativeMSec - 10000))
 
-                                                       If idx = -1 Then
-                                                           relogger.WriteEvent(data)
-                                                           totalevents += 1
-                                                       Else
-                                                           Debug.WriteLine(data.TaskGuid.ToString)
-                                                       End If
+            AddHandler relogger.UnhandledEvents, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
 
-                                                   Else
-                                                       Debug.WriteLine(data.ProviderName)
-                                                   End If
+                                                     If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Then
 
-                                               End If
+                                                         Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                         Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                         Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                         Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                         Dim bidx As Boolean = True
+                                                         Dim bidx2 As Boolean = True
 
-                                           End Function
+                                                         If idx < 0 Then bidx = False
+                                                         If idx2 < 0 Then bidx2 = False
+
+                                                         If bidx = True Or bidx2 = True Then
+
+                                                         Else
+                                                             relogger.WriteEvent(data)
+                                                             totalevents += 1
+                                                         End If
+
+                                                     End If
+
+                                                 End Function
+
+            AddHandler relogger.Dynamic.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+
+                                                 If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Then
+
+                                                     Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                     Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                     Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                     Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                     Dim bidx As Boolean = True
+                                                     Dim bidx2 As Boolean = True
+
+                                                     If idx < 0 Then bidx = False
+                                                     If idx2 < 0 Then bidx2 = False
+
+                                                     If bidx = True Or bidx2 = True Then
+
+                                                     Else
+                                                         relogger.WriteEvent(data)
+                                                         totalevents += 1
+                                                     End If
+
+                                                 End If
+
+                                             End Function
+
+            AddHandler relogger.Kernel.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+
+                                                If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Then
+
+                                                    Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                    Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                    Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                    Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                    Dim bidx As Boolean = True
+                                                    Dim bidx2 As Boolean = True
+
+                                                    If idx < 0 Then bidx = False
+                                                    If idx2 < 0 Then bidx2 = False
+
+                                                    If bidx = True Or bidx2 = True Then
+
+                                                    Else
+                                                        relogger.WriteEvent(data)
+                                                        totalevents += 1
+                                                    End If
+
+                                                End If
+
+                                            End Function
+
+            AddHandler relogger.Clr.All, Function(ByVal data As Microsoft.Diagnostics.Tracing.TraceEvent)
+
+                                             If (CType(data.TimeStampRelativeMSec, Int32) < relogtime) Then
+
+                                                 Dim uid As String = data.TaskGuid.ToString.ToLower
+                                                 Dim uid2 As String = data.ProviderGuid.ToString.ToLower
+                                                 Dim idx As Int32 = Array.IndexOf(providers, uid)
+                                                 Dim idx2 As Int32 = Array.IndexOf(providers, uid2)
+                                                 Dim bidx As Boolean = True
+                                                 Dim bidx2 As Boolean = True
+
+                                                 If idx < 0 Then bidx = False
+                                                 If idx2 < 0 Then bidx2 = False
+
+                                                 If bidx = True Or bidx2 = True Then
+
+                                                 Else
+                                                     relogger.WriteEvent(data)
+                                                     totalevents += 1
+                                                 End If
+
+                                             End If
+
+                                         End Function
 
             relogger.Process()
+
         End Using
     End Sub
 

diff --git a/README.md b/README.md
@@ -2,7 +2,9 @@
 
 ## Compress, remove providers and remove events after a timeframe
 
-- *Note: If the trace file does not compress, either it is already compressed or the trace has missing buffers or events. Check for missing information by opening the trace in WPA.exe.
+- *Note: Only ETW providers that can be parsed with the TraceEvent library will be compressed or removed.
+
+- *Note: If the trace file otherwise does not compress, either it is already compressed or the trace has missing buffers or events. Check for missing information by opening the trace in WPA.exe.
 
 ![Missing Buffers and Events](etlsmasher_buff_events.png)