Modes of operation

TraceEvent() doesn't support the different modes of operation that tracelogger does; your application has to indicate when to start tracing, how long to trace for, and so on:

• To start tracing, use the _NTO_TRACE_START or _NTO_TRACE_STARTNOSTATE command:

  TraceEvent(_NTO_TRACE_START);
  TraceEvent(_NTO_TRACE_STARTNOSTATE);
  

  These commands are similar, except that _NTO_TRACE_STARTNOSTATE suppresses the initial system state information (which includes thread IDs and the names of processes).

• To stop tracing, use the _NTO_TRACE_STOP command:

  TraceEvent(_NTO_TRACE_STOP);
    
  

  You can decide whether to trace until you've gathered a certain quantity of data, trace for a certain length of time, or trace only during an operation that's of particular interest to you. After stopping the trace, you should flush the buffer by calling:

  TraceEvent(_NTO_TRACE_FLUSHBUFFER);
    
  

• To use ring mode, use the _NTO_TRACE_SETRINGMODE command:

  TraceEvent(_NTO_TRACE_SETRINGMODE);
    
  

  As described earlier in this chapter, in ring mode the kernel stores all events in a circular fashion inside the linked list without flushing them.

• To use linear mode (the default), use the _NTO_TRACE_SETLINEARMODE command:

  TraceEvent(_NTO_TRACE_SETLINEARMODE);
    
  

  When you use this mode, every filled-up buffer is captured and flushed immediately.