Parse Stack Traces

May 21, 2013 at 6:16 AM
Hi,

Tx is a really nice library with the latest and greatest things like RX and ETL combined in one cohesive solution. From the samples I could see that I can decode any ETW event with this library. For performance analysis call stacks are essential. Unfortunately there seems no support built in into this library to decode call stacks along with pdbs.
Am I wrong or is there a possibility to get decoded events with call stacks parsed out just like the Windows Performance Analyzer. Its GUI is fantastic but it does lack automation capabilities to do more sophisticated grouping and filtering based on certain time ranges. That does sound like a job for Tx. Are there any plans to support that or is there an easy way to accomplish this task?

Yours,
Alois Kraus
Coordinator
May 29, 2013 at 2:19 AM
Thank you Alois,

There is one piece you can use, but I don't have complete solution.

Here is how to get your hands on the raw event data:
http://tx.codeplex.com/SourceControl/latest#Samples/Introduction/EtwRaw/Program.cs

Then, from the properties ExtendedDataCount and ExtendedData you can get the stacks in binary form as described here:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363760(v=vs.85).aspx

The next step is COM interop with the Dia SDK
http://msdn.microsoft.com/en-us/library/eee38t3h(v=vs.80).aspx

At this point, things diverge depending whether you need kernel or user mode stacks.
It will be best if I can look at example (small :) ) etl file

You can send this to me at georgis@microsoft.com
At the layer of EtwNativeEvent Tx does not use manifests yet, so I just need example EventId that has a stack

Georgi
May 29, 2013 at 10:27 PM
Thank you Georgi,

I have looked around how to read data wih IDiaSource and stumbled upon the TraceEvent library. This looks very usable. Do you have any plans to integrate this library or the approach with Tx to get call stacks?

Yours,
Alois Kraus
Coordinator
Jul 8, 2013 at 5:15 AM
Hi Alois,
We are having discussions with the people implementing TraceEvent, but there is no solid plan yet.

At that point if you use TraceEvent, you might need to also pick the Tx implementation of virtual time:
http://tx.codeplex.com/wikipage?title=TimeSource

Georgi