Driver event tracing with PDB

Hello,
I am investigating with ETW, and I want to use it do see debug messages from my driver, so I can repalce the old DbgPrint way. I have now a wrapper that processes dbgprints, and only shows the ones I want according to some flags I give.

What I want to do:
I use the WPP like in the tracedrv sample.
Untill now I have just used the DoTraceMessage, in my driver, and catch the trace events in traceview.
I was wondering if there is possible to configure the WPP in such a manner that I can view in traceview all function calls from my driver with parameters in a thread stack manner, but without me having to put the DoTraceMessage macro in all the functions I want to trace.
Bassically I don’t want to make traceview act as the wrapper I have for Dbgprint, to configure the flags I want him to show me the messages from. I want to know if it can make use of the pdb file so that it wil use debugging information and display function calls, parameters, etc…
I did not find any documentation on this issue and I do not know it this is possible.

Thank you.

I don?t believe you can use WPP for stack like view. The only use Traceview makes out of the PDB is processing the WPP annotation symbols needed for decoding, but everything else is ignored.
You would need to manually go through each function and put tracing statements.

Thanks,
Zoran Dimov

Date: Fri, 11 Jun 2010 11:07:00 -0400
From: xxxxx@gmail.com
To: xxxxx@lists.osr.com
Subject: [ntdev] Driver event tracing with PDB

Hello,
I am investigating with ETW, and I want to use it do see debug messages from my driver, so I can repalce the old DbgPrint way. I have now a wrapper that processes dbgprints, and only shows the ones I want according to some flags I give.

What I want to do:
I use the WPP like in the tracedrv sample.
Untill now I have just used the DoTraceMessage, in my driver, and catch the trace events in traceview.
I was wondering if there is possible to configure the WPP in such a manner that I can view in traceview all function calls from my driver with parameters in a thread stack manner, but without me having to put the DoTraceMessage macro in all the functions I want to trace.
Bassically I don’t want to make traceview act as the wrapper I have for Dbgprint, to configure the flags I want him to show me the messages from. I want to know if it can make use of the pdb file so that it wil use debugging information and display function calls, parameters, etc…
I did not find any documentation on this issue and I do not know it this is possible.

Thank you.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

In the past, I’ve been underwhelmed at the hassle/benefit ratio of WPP.

On the other hand, for recent OS’s, I’ve been really happy with using ETW
tracing. There is a GUI tool in I believe the platform SDK for creating the
event manifests, and it takes just a couple of calls to get things
initialized. Unlike WPP, you get structured data instead of text in each
event, which is very helpful for using programs for analysis. I believe
there is a tool, part of something called I believe it’s “Windows
Performance Toolkit” that can take a call stack snapshot on each event
(although I have personally never pursued this feature). Newer versions of
the OS are loaded with trace events you can turn on, and using ETW tracing
gives your software equivalent capability. Having a unified tracing model
allows you to understand the relationship of events in your code along with
events in the OS, a very powerful capability. There used to be a blog page
(which referenced an MSDN Magazine article, from I believe the Microsoft ETW
designer) that helps explain how to use ETW, although the docs are not too
bad.

Jan

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Zoran Dimov
Sent: Friday, June 11, 2010 12:50 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Driver event tracing with PDB

I don’t believe you can use WPP for stack like view. The only use Traceview
makes out of the PDB is processing the WPP annotation symbols needed for
decoding, but everything else is ignored.
You would need to manually go through each function and put tracing
statements.

Thanks,
Zoran Dimov

Date: Fri, 11 Jun 2010 11:07:00 -0400
From: xxxxx@gmail.com
To: xxxxx@lists.osr.com
Subject: [ntdev] Driver event tracing with PDB

Hello,
I am investigating with ETW, and I want to use it do see debug messages
from my driver, so I can repalce the old DbgPrint way. I have now a wrapper
that processes dbgprints, and only shows the ones I want according to some
flags I give.

What I want to do:
I use the WPP like in the tracedrv sample.
Untill now I have just used the DoTraceMessage, in my driver, and catch
the trace events in traceview.
I was wondering if there is possible to configure the WPP in such a manner
that I can view in traceview all function calls from my driver with
parameters in a thread stack manner, but without me having to put the
DoTraceMessage macro in all the functions I want to trace.
Bassically I don’t want to make traceview act as the wrapper I have for
Dbgprint, to configure the flags I want him to show me the messages from. I
want to know if it can make use of the pdb file so that it wil use debugging
information and display function calls, parameters, etc…
I did not find any documentation on this issue and I do not know it this
is possible.

Thank you.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Thank you guys,
What you have told me is what I have actually came up with myself.
When I first heard of ETW i thought that I had something that would help me automate my debugging, but not in the way it does, like making Classes of Events, and making event types for each class, and defining providers.
When I saw the “trace from pdb” option in traceview I thought that you could compile your sources with some extra compile parameters in a manner that now my exe/dll/sys will throw functions info as they are called, but I guess I was wrong. I have made investigations because we want in our company to automatize the debugging environment.
Jan, I have used xperf and xperfview with stack trace flag enabled too. I have also made my own application that make stack trace in real time of the running processes for the events I received but never could quite get the results I needed to make an automated debug of my own exes.
If there is something new that you have missed telling me please do.
Thank you.