Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Enable wpp trace in crash dump

muralimurali Member Posts: 8
Hi,

I have integrated wpp trace along with inflight trace recorder in my kernel mode driver, so that in case of crash, the minidump can contain trace messages.

I use default macro DoTraceMessage().( As given in the documentation).

To test this, i purposefully introduced crash in my driver and produced minidump to see if I can see trace messages.

Now how do I know that, trace information is actually stored in crash minidump?

Does WinDbg provide any commands to display trace when i load the dump?

Comments

  • muralimurali Member Posts: 8
    edited October 2023

    Thanks for the hint.

    I tried this command with one of the provided driver sample (TraceDrv). I created crash dump (by purposefully introducing crash) to see if i can see the tracelogs (without starting and stopping tracelog commands).

    Here is my windbg output

    kd> !rcdrkd.rcdrcrashdump {d58c126f-b309-11d1-969e-0000f875a5bc}
    Trace searchpath is:

    Retrieving crashdump recorder logs...
    Could not find necessary interfaces.
    This debug command is designed to run on crash dumps, not running systems.
    kd> !rcdrkd.rcdrlogdump tracedrv.sys
    Trace searchpath is:

    Error: couldn't retreive autolog header.
    Driver is not built with autologger support
    Trace format prefix is: %7!u!: %!FUNC! -
    Trying to extract TMF information from - c:\windows-driver-samples-main\windows-driver-samples-main\general\tracing\tracedriver\tracedrv\x64\debug\tracedrv.pdb

    I purposefully did not start trace session before running the application (since this is my actual use case).

    Actually my original driver application is used by one of the external customer, and they are seeing a crash in driver.
    I need to troubleshoot the problem by asking customers to enable crash dump and sending me the dump.
    I cannot ask them to start/stop trace session before running driver .

    Is there any way that these WPP trace logs will be part of crash dump, without starting/stopping trace session with tracelog command ?

    i found something line AutoLogging
    https://learn.microsoft.com/en-us/windows/win32/etw/configuring-and-starting-an-autologger-session

    Will this atutologging help ? basically i want to produce trace messages in my driver at specific points in the code.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online