ETW Boot Time Kernel driver logging

OSR_Community_User · February 15, 2011, 7:05pm

I have a RAID Miniport driver that needs to have ETW logging at boot time. I would like to use the GlobalLogger Trace Session as an “NT Kernel Logger” session to log my device state machine at boot up. The MSDN documentations says that “some device drivers, such as disk device drivers, are not loaded at the time the Global Logger session begins”.
Would like to know if anyone has any success using Global Logger with disk drivers to log info at boot up.
Any help appreciated

Pavel_A1 · February 16, 2011, 1:04pm

So, this phrase means that the global logger stars before disk drivers, so it is available to your driver. Have you tried it? Any problems?

–pa

OSR_Community_User · February 16, 2011, 7:38pm

Pavel,
Specifically, my problem is that I can start a tracelog session for my Raid driver on the target and log to it successfully AFTER the driver is loaded on the target. However, I need to log the state machine of the driver at Boot Time. GlobalLogger seems the best way to go, but when I enable that on the target I see no ETW messages at boot time logged to GlobalLogger.
When I pass a .ctl file to tracelog -start after the driver is loaded it logs perfectly. I created a sub-key under \GlobalLogger that has the exact same GUID as in the.ctl file.
Would you have a working example on Windows 7 of exactly how to set up a Global Logger subkey. Confused by weather to enclose the subkey in brackets( { }) or not. Documentation says you need it, but I see postings on the forums that say to not use brackets.
The example in the MSDN is not working for me. If I set the “EnableKernelFlags” to 0x00033307, GlobalLogger will not start. Need an example of exactly what the subkey looks like for the provider GUID, as well as any key/value pairs that are required for the provider GUID in the registry.
Any help appreciated
Greg White

I’m not seeing any boot time
----- Original Message -----
From: “pavel a”
To: “Kernel Debugging Interest List”
Sent: Wednesday, February 16, 2011 11:06:27 AM GMT -07:00 U.S. Mountain Time (Arizona)
Subject: RE:[windbg] ETW Boot Time Kernel driver logging

So, this phrase means that the global logger stars before disk drivers, so it is available to your driver. Have you tried it? Any problems?

–pa

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer