Logging binary data using WPP

NTDEV
1

Hi all,

My NDIS Miniport driver gets binary data from the firmware running on NIC which I want to log using WPP. In user mode an application will actually parse this binary data. I know that I can log a len/buffer pair by defining a complex type (DEFINE_CPLX_TYPE) and using WPP_LOGPAIR macro. I will assign unique GUID and start a separate trace session for this binary data provider so that all binary data will be logged into a separate file.

But the problem is that the final output file created by tracefmt.exe contains hexdump and not the plain binary data. I want to avoid extracting the binary data from this hexdump in my application. So how to ensure that logging a len/buffer pair from driver will result in plain/raw binary data and not the hexdump?

Thanks,
Aniketa

2

Get the platform SDK and look at the TraceDmp sample. This is a sample
that does work similar to tracefmt and processes the log files. You should
be able to leverage the code to read the log for your events.


Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

wrote in message news:xxxxx@ntdev…
>
> Hi all,
>
> My NDIS Miniport driver gets binary data from the firmware running on NIC
> which I want to log using WPP. In user mode an application will actually
> parse this binary data. I know that I can log a len/buffer pair by
> defining a complex type (DEFINE_CPLX_TYPE) and using WPP_LOGPAIR macro. I
> will assign unique GUID and start a separate trace session for this
> binary data provider so that all binary data will be logged into a
> separate file.
>
> But the problem is that the final output file created by tracefmt.exe
> contains hexdump and not the plain binary data. I want to avoid
> extracting the binary data from this hexdump in my application. So how to
> ensure that logging a len/buffer pair from driver will result in
> plain/raw binary data and not the hexdump?
>
> Thanks,
> Aniketa
>
>

3

So it looks like I have to have my own version of tracefmt.exe which acts normally for trace messages by driver but differently for len/buffer pair (firmware messages). Is there no other way to tell the tracefmt.exe either as a command line argument or using WPP macros from driver to act differently? The idea of coming up with an alternate to tracefmt.exe looks like an overkill to me…

Thanks,
Aniketa

4

First, sorry about it not being a “real” reply wrt threading the
answers. Outlook auto-encodes and cannot be told not to. Thus, if the
source uses specific encodings (which ones, I don’t know), replies from
Outlook 2007 are rejected. PITA, but it’s what we have to live with. >>

Please look at the Vista WDK’s CDROM.SYS sample code, specifically
trace.h, where it defines the method to log a binary blob:

// define the ‘xstr’ structure for logging buffer and length pairs

// and the ‘log_xstr’ function which returns it to create one in-place.

// this enables logging of complex data types.

typedef struct xstr { char * _buf; short _len; } xstr_t;

__inline xstr_t log_xstr( size_t length, void * p) {

if (length >= MAXSHORT) {

xstr_t xs = {(char*)p,MAXSHORT};

return xs;

} else {

xstr_t xs = {(char*)p,(SHORT)length};

return xs;

}

}

// define the macro required for a hexdump

// use as:

// DoTrace(( “%!HEXDUMP!\n”, log_xstr(buffersize,(char *)buffer) ));

//

#define WPP_LOGHEXDUMP(x) WPP_LOGPAIR(2, &((x)._len))
WPP_LOGPAIR((x)._len, (x)._buf)

This gets dumped as a hex blob (similar to 'db

' in the
debugger) which sounds like what you want.

Henry Gabryjelski

Senior Software Development Engineer

US - Windows Device Experience

Microsoft Corporation

-----Original Message-----

From: xxxxx@rediffmail.com [mailto:xxxxx@rediffmail.com]

Sent: Monday, July 23, 2007 10:26 PM

Subject: RE: Logging binary data using WPP

So it looks like I have to have my own version of tracefmt.exe which
acts normally for trace messages by driver but differently for
len/buffer pair (firmware messages). Is there no other way to tell the
tracefmt.exe either as a command line argument or using WPP macros from
driver to act differently? The idea of coming up with an alternate to
tracefmt.exe looks like an overkill to me...

Thanks,

Aniketa