Event tracing is a subsystem that is deeply integrated in the
Windows operating system and is considered part of the Windows Management
Instrumentation tool set. Event tracing is super fast and provides new scope for
resolving problems and monitoring and tracking resources. The most fundamental
aspect of event tracing is an event. An event can be best described as an
activity of interest. For example, the Windows operating system’s TCP/IP stack
is instrumented with event traces that describe activities such as connect,
send, receive, and disconnect. Each event typically includes additional
information about the activity: In the case of the TCP/IP stack, more
information is provided about the connection and details of what was sent or
received. The subsystem that implements event tracing is referred to as the
event tracer and is implemented in the Windows kernel. Events are fired
(published) by an event-tracing provider, also known as an event tracing logger.
Any application that you develop can be an event-tracing provider and it can be
engaged in one or more event-tracing sessions. The event tracer temporarily
holds the events fired by a provider in non-paged system memory buffers. The
event tracer manages the buffers and if necessary, it also manages the dumping
of them to an event trace log file on disk.