Start WPP tracing automatically

OSR_Community_User · September 21, 2005, 7:04am

Hi all,
I’m trying to put WPP tracing in my drivers, everything is working
according to the documentation (OSR and MS), but…

I do not want to use the utilities - tracelog and traceview in order to
start / stop / view / save trace messages, I would like the driver to
start tracing in load time and put the messages in the cyclic buffer in
memory.

This way when I get a memory dump I can go to this buffer and get the
last messages before blue screen or before the problem occurred.

Is it possible?
How do I start to trace?
How do I access the buffer in memory dump, or in current memory?

Thanks,
Yohai Merzel

*** IMPORTANT: Do not open attachments from unrecognized senders ***

******************************************************************************************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or the
sender immediately and do not disclose the contents to any one or make copies.

******************************************************************************************

************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

OSR_Community_User · September 21, 2005, 1:45pm

Yes you can write your events to a circular buffer, but the logger
session has to be started from user mode by an application using the ETW
consumer API’s, documentation on MSDN.
use StartTrace to start the trace session, EnableTrace to enable your
WPP provider to the created session.
Only in Vista will you be able to view the events from your session in
the KD using the wmitrace extension, because the ETW symbols are
exported in the kernel. Pre -Vista this is not possible, because no
symbols are exported

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yohai Merzel
Sent: Wednesday, September 21, 2005 5:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Start WPP tracing automatically

Hi all,

I’m trying to put WPP tracing in my drivers, everything is working
according to the documentation (OSR and MS), but…

I do not want to use the utilities - tracelog and traceview in order to
start / stop / view / save trace messages, I would like the driver to
start tracing in load time and put the messages in the cyclic buffer in
memory.

This way when I get a memory dump I can go to this buffer and get the
last messages before blue screen or before the problem occurred.

Is it possible?

How do I start to trace?

How do I access the buffer in memory dump, or in current memory?

Thanks,

Yohai Merzel

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
*** IMPORTANT: Do not open attachments from unrecognized senders ***

************************************************************************
******************
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system
manager or the
sender immediately and do not disclose the contents to any one or make
copies.

************************************************************************
******************

************************************************************************
************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals &
computer viruses.
************************************************************************
************

OSR_Community_User · September 22, 2005, 8:41am

Start WPP tracing automaticallyThanks for the answers.

Regarding the pre-Vista systems - I understand that I will not be able to
see the Trace buffer without writing it to a file, right?

If this is the case then the Trace is not so good.

Is there a way to have a circular log file for this trace? otherwise the
trace file might be too big to handle…

Thanks,
Yohai Merzel
******************************************************
“Jose Sua” wrote in message news:xxxxx@ntdev…
- Yes you can write your events to a circular buffer, but the logger session
has to be started from user mode by an application using the ETW consumer
API’s, documentation on MSDN.
use StartTrace to start the trace session, EnableTrace to enable your WPP
provider to the created session.

- Only in Vista will you be able to view the events from your session in the
KD using the wmitrace extension, because the ETW symbols are exported in
the kernel. Pre -Vista this is not possible, because no symbols are exported

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yohai Merzel
Sent: Wednesday, September 21, 2005 5:03 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Start WPP tracing automatically

Hi all,
I’m trying to put WPP tracing in my drivers, everything is working according
to the documentation (OSR and MS), but.
I do not want to use the utilities - tracelog and traceview in order to
start / stop / view / save trace messages, I would like the driver to start
tracing in load time and put the messages in the cyclic buffer in memory.
This way when I get a memory dump I can go to this buffer and get the last
messages before blue screen or before the problem occurred.
Is it possible?
How do I start to trace?
How do I access the buffer in memory dump, or in current memory?
Thanks,
Yohai Merzel