Viewing TraceEvent Messages in WindDbg

ajitabhs · August 25, 2023, 11:22pm

Hi Guys,
I am trying to debug my driver which has trace messages and the driver is installed on a remote system to which I do not have access. It is a driver which has all the TraceEvents. I do have all the TMH files. I have a debugger connection to the machine and I can put break points etc. I am trying to see the TraceEvent messages in WinDbg. I am trying to do this:-

https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/example-16--viewing-trace-messages-in-a-debugger

The problem is that with the latest SDKs I cannot find Traceprt.dll. Now sure what I am missing. I installed the latest debugging tools for windows and still not there.
What am I missing here?

Thanks
Aj

Scott_Noone_OSR · August 26, 2023, 8:43pm

I just confirmed this works for me and I didn’t need that DLL. Steps:

Copy tracelog.exe to the target system
Create a guid.etl file with the GUID, flags, and level. I made mine look like this (i.e. just try to turn everything on):
{79C04C13-1234-4DE7-911C-53F90811B72C};0xFFFFFFFF;255
Enable the trace:
tracelog -start MyTrace -guid guid.ctl -rt -kd
Then the messages started coming out in the debugger without any further action

ajitabhs · August 29, 2023, 10:05pm

Thank you Sir!! It works!!