Is it possible to capture an Event Trace generated by a call to
DoTraceMessage in a kernel driver through the WMI Trace API?
Wouldn’t this be a good way to pass information from kernel to user mode
and not simply a substitute to DbgPrint? (under the right circumstances)
I’m able to capture my drivers DoTraceMessage’s through tracelog, and
the setup to do so looks awfully similar to that of the NT Kernel
Logger.
Thanks in advance,
-Matt
“Matthew Giedt” wrote in message news:xxxxx@ntdev…
>Is it possible to capture an Event Trace generated by a call to
DoTraceMessage in a kernel driver through the WMI Trace API?
Yes. Absolutely.
> Wouldn’t this be a good way to pass information from kernel to user mode
and not simply a substitute to DbgPrint? (under the
> right circumstances)
>
Well… what KIND of information are you thinking of::
Statistics/control information – Wouldn’t that be what WMI does?
Data – Wouldn’t that be read/write?
Device Control information – Wouldn’t that be an IOCTL?
If you’re talking LOGGING information, then… sure! It’s a GREAT way to
get log data back… that’s what it’s designed for.
So, you can write your own logging program to accompany your driver, and
have your customers run it to record certain levels of debugging information
(that can either be displayed to them, or sent back to your company for
diagnosis). This is a perfect use for ETW.
Peter
OSR
Yes, I’d like to simply capture logger-type info from a filesystem
filter driver.
While I don’t think my problems are pertinent to this list, please
simply verify that I’ve got the right idea as it works OK on WinXP but
not Win2k.
------------------ KERNEL DRIVER ----------------
!if !defined(DDK_TARGET_OS) || “$(DDK_TARGET_OS)”==“Win2K”
C_DEFINES = $(C_DEFINES) -DWINDOWS2K_BUILD
RUN_WPP= $(SOURCES) -km -gen:{km-w2k.tpl}*.tmh
!else
RUN_WPP= $(SOURCES) -km
!endif
#if defined( WINDOWS2K_BUILD )
WPP_SYSTEMCONTROL ( DriverObject );
WPP_INIT_TRACING ( DeviceObject, RegistryPath );
#else
WPP_INIT_TRACING ( DriverObject, RegistryPath );
#endif // WINDOWS2K_BUILD
And then up in user-code land, the only real difference from logging the
NT Kernel is you have to call EnableTrace() with the right GUID and
flags.
This works in WinXP with (interestingly) either an XP-Build driver or a
Win2k-Build driver (except all the guids and process and thread info is
0) but I cannot receive a Trace Event from my driver on Win2k.
Thanks,
-Matt
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Peter Viscarola
Sent: Saturday, June 14, 2003 4:18 PM
To: NT Developers Interest List
Subject: [ntdev] Re: Rolling your own tracelog
“Matthew Giedt” wrote in message
news:xxxxx@ntdev…
>Is it possible to capture an Event Trace generated by a call to
DoTraceMessage in a kernel driver through the WMI Trace API?
Yes. Absolutely.
> Wouldn’t this be a good way to pass information from kernel to user
mode
and not simply a substitute to DbgPrint? (under the
> right circumstances)
>
Well… what KIND of information are you thinking of::
Statistics/control information – Wouldn’t that be what WMI does?
Data – Wouldn’t that be read/write?
Device Control information – Wouldn’t that be an IOCTL?
If you’re talking LOGGING information, then… sure! It’s a GREAT way
to
get log data back… that’s what it’s designed for.
So, you can write your own logging program to accompany your driver, and
have your customers run it to record certain levels of debugging
information
(that can either be displayed to them, or sent back to your company for
diagnosis). This is a perfect use for ETW.
Peter
OSR
—
You are currently subscribed to ntdev as: xxxxx@appliedrt.com
To unsubscribe send a blank email to xxxxx@lists.osr.com