I use netsh trace start/convert on a provider and get some results. But most of the lines in the converted file indicate that they cannot be decoded.
Is it because MS leaves some TMF info in public symbol files but full set is only available in private PDBs.
Are ETWs closely gaurded or MS wants to give developers access.
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|Writing WDF Drivers||21 Oct 2019||OSR Seminar Space & ONLINE|
|Internals & Software Drivers||18 Nov 2019||Dulles, VA|
|Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||27 Apr 2020||OSR Seminar Space & ONLINE|