Generate etl trace log file programmatically in kernel mode driver

Hi,

i want to generate etl trace log file programmatically (rather than starting and stopping the trace using tools like tracelog) in my kernel mode driver application. For this i tried using WPP trace macros WP_INIT_TRACING, WPP_CLEANUP and DoTraceMessage. To control the start/stop of trace session programmatically, i wanted to use StartTrace, ControlTrace, EnableTraceEx2 APIs. They use EVENT_TRACE_PROPERTIES structure. When i try to use EVENT_TRACE_PROPERTIES structure in my driver code, it is somehow disabled. i included the header file <evntrace.h>. when i check this header file there is a define
#if !defined(_EVNTRACE_KERNEL_MODE) || defined(WMIKM)

The structure is guarded by this macro.

and this structure is disabled(greyed out), and the reason is probably _EVNTRACE_KERNEL_MODE is defined in driver application i believe.

are the APIs StartTrace, EnableTraceEx2, ControlTrace not meant to be used in kernel mode driver ?

Why not just use the existing IFR tracelog facility? https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/using-wpp-recorder

Thanks. I read through this IFR tracing documentation. Looks quite good. One thing I could not understand is it says logs are saved in memory circular buffer. Does this mean they cannot be saved in file? Ex etl file, so that I can extract trace messages from that file

Yeah that is a limitation. The trace is only available through a debugger. MSFT ought to fix that. You could of course take a live dump and then write a debugger script to fetch the log and put it in a file. That seems utterly kludgey.