Skip to content

Remove the use of Windows PowerShell ETW provider id and update PSDiagnostics module to work for PowerShell 7 #25590

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
daxian-dbw merged 3 commits into from
Oct 1, 2025
Merged

Remove the use of Windows PowerShell ETW provider id and update PSDiagnostics module to work for PowerShell 7 #25590

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
980166c
Remove the use of Windows PowerShell ETW provider id and update PSDia…
daxian-dbw May 21, 2025
be3bd60
Attempt to fix tests
daxian-dbw May 21, 2025
d587daf
Use the machine-scope value for the env var 'windir'
daxian-dbw Oct 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions src/Modules/Windows/PSDiagnostics/PSDiagnostics.psm1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,21 +4,22 @@
<#
PowerShell Diagnostics Module
This module contains a set of wrapper scripts that
enable a user to use ETW tracing in Windows
PowerShell.
enable a user to use ETW tracing in PowerShell 7.
#>

$script:Logman="$env:windir\system32\logman.exe"
$script:wsmanlogfile = "$env:windir\system32\wsmtraces.log"
$script:wsmprovfile = "$env:windir\system32\wsmtraceproviders.txt"
$script:windir = [System.Environment]::GetEnvironmentVariable("windir", [System.EnvironmentVariableTarget]::Machine)

$script:Logman = "${script:windir}\system32\logman.exe"
$script:wsmanlogfile = "${script:windir}\system32\wsmtraces.log"
$script:wsmprovfile = "${script:windir}\system32\wsmtraceproviders.txt"
$script:wsmsession = "wsmlog"
$script:pssession = "PSTrace"
$script:psprovidername="Microsoft-Windows-PowerShell"
$script:psprovidername = "PowerShellCore"
$script:wsmprovidername = "Microsoft-Windows-WinRM"
$script:oplog = "/Operational"
$script:analyticlog="/Analytic"
$script:debuglog="/Debug"
$script:wevtutil="$env:windir\system32\wevtutil.exe"
$script:analyticlog = "/Analytic"
$script:debuglog = "/Debug"
$script:wevtutil = "${script:windir}\system32\wevtutil.exe"
$script:slparam = "sl"
$script:glparam = "gl"

Expand Down Expand Up @@ -169,16 +170,15 @@ function Enable-PSWSManCombinedTrace

$provfile = [io.path]::GetTempFilename()

$traceFileName = [string][Guid]::NewGuid()
if ($DoNotOverwriteExistingTrace) {
$fileName = [string][guid]::newguid()
$logfile = $PSHOME + "\\Traces\\PSTrace_$fileName.etl"
} else {
$logfile = $PSHOME + "\\Traces\\PSTrace.etl"
}

"Microsoft-Windows-PowerShell 0 5" | Out-File $provfile -Encoding ascii
"Microsoft-Windows-WinRM 0 5" | Out-File $provfile -Encoding ascii -Append
"$script:psprovidername 0 5" | Out-File $provfile -Encoding ascii
"$script:wsmprovidername 0 5" | Out-File $provfile -Encoding ascii -Append

if (!(Test-Path $PSHOME\Traces))
{
Expand All @@ -192,7 +192,7 @@ function Enable-PSWSManCombinedTrace

Start-Trace -SessionName $script:pssession -OutputFilePath $logfile -ProviderFilePath $provfile -ETS

Remove-Item $provfile -Force -ea 0
Remove-Item $provfile -Force -ErrorAction SilentlyContinue
}

function Disable-PSWSManCombinedTrace
Expand Down
1 change: 0 additions & 1 deletion src/System.Management.Automation/utils/tracing/EtwActivity.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
using System.Collections.Generic;
using System.Diagnostics.Eventing;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Diagnostics.CodeAnalysis;

namespace System.Management.Automation.Tracing
Expand Down
2 changes: 1 addition & 1 deletion src/System.Management.Automation/utils/tracing/Tracing.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ namespace System.Management.Automation.Tracing
/// <summary>
/// Tracer.
/// </summary>
public sealed partial class Tracer : System.Management.Automation.Tracing.EtwActivity
public sealed partial class Tracer : EtwActivity
{
/// <summary>
/// DebugMessage.
Expand Down
14 changes: 1 addition & 13 deletions src/System.Management.Automation/utils/tracing/TracingGen.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ namespace System.Management.Automation.Tracing
/// <summary>
/// Tracer.
/// </summary>
public sealed partial class Tracer : System.Management.Automation.Tracing.EtwActivity
public sealed partial class Tracer : EtwActivity
{
/// <summary>
/// Critical level.
Expand All @@ -37,7 +37,6 @@ public sealed partial class Tracer : System.Management.Automation.Tracing.EtwAct
/// </summary>
public const long KeywordAll = 0xFFFFFFFF;

private static readonly Guid providerId = Guid.Parse("a0c1853b-5c40-4b15-8766-3cf1c58f985a");
Copy link
Copy Markdown
Collaborator

@jborean93 jborean93 May 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason why this doesn't use the PowerShellCore Provider ID f90714a8-5509-434a-bf6d-b1624c8a19a2 rather than just removing it?

Copy link
Copy Markdown
Collaborator

@iSazonov iSazonov May 22, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is already there. It is inherited from EwtActivity.ProviderId (that is PSEtwLogProvider.ProviderGuid).
The (whole) code looks a bit confusing, though.

Copy link
Copy Markdown
Member Author

@daxian-dbw daxian-dbw May 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like an oversight when introducing the PowerShellCore provider initially in #5144.

The Tracer class is used in *-PSSessionConfiguration commands to write ETW logs like Endpoint registered/unregistered/modified/enabled/disabled. Today, those events are writting to the Windows PowerShell provider. The class is only used in ContainerParentJob.

private static readonly EventDescriptor WriteTransferEventEvent;
private static readonly EventDescriptor DebugMessageEvent;
private static readonly EventDescriptor M3PAbortingWorkflowExecutionEvent;
Expand Down Expand Up @@ -218,17 +217,6 @@ static Tracer()
/// </summary>
public Tracer() : base() { }

/// <summary>
/// Provider Guid.
/// </summary>
protected override Guid ProviderId
{
get
{
return providerId;
}
}

/// <summary>
/// Transfer Event.
/// </summary>
Expand Down
32 changes: 16 additions & 16 deletions test/powershell/Modules/PSDiagnostics/PSDiagnostics.Tests.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ Describe "PSDiagnostics cmdlets tests." -Tag "CI", "RequireAdminOnWindows" {
$PSDefaultParameterValues["it:skip"] = $true
}
else{
$LogSettingBak = Get-LogProperties -Name Microsoft-Windows-PowerShell/$LogType
$LogSettingBak = Get-LogProperties -Name PowerShellCore/$LogType
}
}
AfterAll {
Expand All @@ -20,37 +20,37 @@ Describe "PSDiagnostics cmdlets tests." -Tag "CI", "RequireAdminOnWindows" {
}

Context "Test for Enable-PSTrace and Disable-PSTrace cmdlets." {
It "Should enable $LogType logs for Microsoft-Windows-PowerShell." {
[XML]$CurrentSetting = & wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
It "Should enable $LogType logs for PowerShellCore." {
[XML]$CurrentSetting = & wevtutil gl PowerShellCore/$LogType /f:xml
if($CurrentSetting.Channel.Enabled -eq 'true'){
& wevtutil sl Microsoft-Windows-PowerShell/$LogType /e:false /q
& wevtutil sl PowerShellCore/$LogType /e:false /q
}

Enable-PSTrace -Force

[XML]$ExpectedOutput = & wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
[XML]$ExpectedOutput = & wevtutil gl PowerShellCore/$LogType /f:xml

$ExpectedOutput.Channel.enabled | Should -BeExactly 'true'
}

It "Should disable $LogType logs for Microsoft-Windows-PowerShell." {
[XML]$CurrentState = & wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
It "Should disable $LogType logs for PowerShellCore." {
[XML]$CurrentState = & wevtutil gl PowerShellCore/$LogType /f:xml
if($CurrentState.channel.enabled -eq 'false'){
& wevtutil sl Microsoft-Windows-PowerShell/$LogType /e:true /q
& wevtutil sl PowerShellCore/$LogType /e:true /q
}
Disable-PSTrace

[XML]$ExpectedOutput = & wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
[XML]$ExpectedOutput = & wevtutil gl PowerShellCore/$LogType /f:xml

$ExpectedOutput.Channel.enabled | Should -Be 'false'
}
}

Context "Test for Get-LogProperties cmdlet." {
It "Should return properties of $LogType logs for 'Microsoft-Windows-PowerShell'." {
[XML]$ExpectedOutput = wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
It "Should return properties of $LogType logs for 'PowerShellCore'." {
[XML]$ExpectedOutput = wevtutil gl PowerShellCore/$LogType /f:xml

$LogProperty = Get-LogProperties -Name Microsoft-Windows-PowerShell/$LogType
$LogProperty = Get-LogProperties -Name PowerShellCore/$LogType

$LogProperty.Name | Should -Be $ExpectedOutput.channel.Name
$LogProperty.Enabled | Should -Be $ExpectedOutput.channel.Enabled
Expand All @@ -67,7 +67,7 @@ Describe "PSDiagnostics cmdlets tests." -Tag "CI", "RequireAdminOnWindows" {
Context "Test for Set-LogProperties cmdlet." {
BeforeAll {
if ($IsWindows) {
[XML]$WevtUtilBefore = wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
[XML]$WevtUtilBefore = wevtutil gl PowerShellCore/$LogType /f:xml
$LogPropertyToSet = [Microsoft.PowerShell.Diagnostics.LogDetails]::new($WevtUtilBefore.channel.Name,
[bool]::Parse($WevtUtilBefore.channel.Enabled),
$LogType,
Expand All @@ -78,12 +78,12 @@ Describe "PSDiagnostics cmdlets tests." -Tag "CI", "RequireAdminOnWindows" {
}
}

It "Should invert AutoBackup setting of $LogType logs for 'Microsoft-Windows-PowerShell'." {
It "Should invert AutoBackup setting of $LogType logs for 'PowerShellCore'." {
$LogPropertyToSet.AutoBackup = -not $LogPropertyToSet.AutoBackup
Set-LogProperties -LogDetails $LogPropertyToSet -Force

[XML]$ExpectedOutput = & wevtutil gl Microsoft-Windows-PowerShell/$LogType /f:xml
(Get-LogProperties -Name Microsoft-Windows-PowerShell/$LogType).AutoBackup | Should -Be ([bool]::Parse($ExpectedOutput.Channel.Logging.AutoBackup))
[XML]$ExpectedOutput = & wevtutil gl PowerShellCore/$LogType /f:xml
(Get-LogProperties -Name PowerShellCore/$LogType).AutoBackup | Should -Be ([bool]::Parse($ExpectedOutput.Channel.Logging.AutoBackup))
}

It "Should throw exception for invalid LogName." {
Expand Down
Loading