Hello everyone,
I have declared and defined a TraceLogProvider in my kernel driver along with a bunch of TraceLogging messages. The instructions for viewing those TraceLogging events in WinDbg during a live debug session is not clear. I have tried to follow instructions based on these 2 pages from MSDN.
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/how-do-i-send-trace-messages-to-a-kernel-debugger-
which says I have to use logman start TraceSession -ets -mode KernelFilter -bs 3
and
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/capture-and-view-tracelogging-data
which I have to use to create a WPRP file to register my Trace Provider.
Right now, with my driver installed and working, logman query providers
does not list my driver as a trace provider. I am also not seeing any TraceLogging events in WinDbg.
Also, if I have to register my TraceProvider using wevtutil
, how do I do that during driver installation?
Please help!
Regards,
Mridul.
(Cross-posted on WDK forum on MSDN).
I have never viewed TraceLogging traces in WinDbg. I usually use KdPrint or WPP to view in Windbg, and use TraceLogging for recording detailed scenarios.
However, I think you should be seeing your provider, either by name, or by GUID, once your driver is running.
Make sure you called TraceLoggingRegister(g_hMyProvider);
in DriverEntry
(and TraceLoggingUnregister
appropriately)
see https://docs.microsoft.com/en-us/windows/desktop/tracelogging/tracelogging-native-quick-start
If you’ve done this, the provider self registers itself, and the first message sent, has the manifest encoded, so you don’t need wevtutil.
If it takes more than 5 minutes to enable logging then there is something
distinctly lacking in the logging facility.
Mark Roddy
I could not get the WPR recorder to work following the directions. I ended up using logman to start/stop the trace and then the WPA analyzer to view the results.
Bill Wandel
Try this WPRP file. Just replace with your GUID
<?xml version="1.0" encoding="utf-8"?>
<WindowsPerformanceRecorder Version="1.0" Author="Microsoft Corporation"
Copyright="Microsoft Corporation" Company="Microsoft Corporation">
<Profiles>
<EventCollector Id="EventCollector_DummyCollector" Name="DummyCollector">
<BufferSize Value="1024" />
<Buffers Value="256" />
</EventCollector>
<EventProvider Id="EventProvider_DummyMyProvider" Name="GUID_GOES_HERE" NonPagedMemory="true">
</EventProvider>
<Profile Id="Dummy.Verbose.File" Name="Dummy" Description="Dummy" LoggingMode="File" DetailLevel="Verbose">
<Collectors>
<EventCollectorId Value="EventCollector_MyCollector">
<EventProviders>
<EventProviderId Value="EventProvider_MyProvider">
</EventProviderId>
</EventProviders>
</EventCollectorId>
</Collectors>
</Profile>
<Profile Id="Dummy.Light.File" Name="Dummy" Description="Dummy" Base="Dummy.Verbose.File" LoggingMode="File" DetailLevel="Light" />
<Profile Id="Dummy.Verbose.Memory" Name="Dummy" Description="Dummy" Base="Dummy.Verbose.File" LoggingMode="Memory" DetailLevel="Verbose" />
<Profile Id="Dummy.Light.Memory" Name="Dummy" Description="Dummy" Base="Dummy.Verbose.File" LoggingMode="Memory" DetailLevel="Light" />
</Profiles>
</WindowsPerformanceRecorder>
The file you included is not here.
Thanks,
Bill Wandel
@Bill_Wandel said:
The file you included is not here.
Thanks,
Bill Wandel
I included the code inline
Only the first line made it through.
Thanks,
Bill
Try opening the webpage directly
I got it. I will try this later this week.
Thanks,
Bill