I have declared and defined a TraceLogProvider in my kernel driver along with a bunch of TraceLogging messages. The instructions for viewing those TraceLogging events in WinDbg during a live debug session is not clear. I have tried to follow instructions based on these 2 pages from MSDN.
which says I have to use
logman start TraceSession -ets -mode KernelFilter -bs 3
which I have to use to create a WPRP file to register my Trace Provider.
Right now, with my driver installed and working,
logman query providers does not list my driver as a trace provider. I am also not seeing any TraceLogging events in WinDbg.
Also, if I have to register my TraceProvider using
wevtutil, how do I do that during driver installation?
(Cross-posted on WDK forum on MSDN).
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Developing Minifilters||29 July 2019||OSR Seminar Space|
|Writing WDF Drivers||23 Sept 2019||OSR Seminar Space|
|Kernel Debugging||21 Oct 2019||OSR Seminar Space|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|