I came home from WinHEC 2004 having heard and seen numerous sessions that
plugged WPP tracing. After telling all our kernel developers how great this
feature is, I added tracing support to a production driver to prove my
point. I used the 3790 DDK tracedrv sample as a model, and added operating
system specific WPP* initialization macros and SOURCES file changes to my
driver. While tracing works just fine under Windows Server 2003, it doesn’t
appear to work at all under Windows 2000.
As a sanity check, I used the 3790 DDK to build O/S specific versions of the
tracedrv sample driver that target both Windows Server 2003 and Windows
2000. Under both operating systems I can successfully run tracectl.exe to
start tracedrv.sys. However, under Windows 2000 the following event is
logged to the system event log every time tracedrv is started:
Type: Warning
Source: WMI
Category: None
Event ID: 12103
Description:
The registry path () passed by a kernel mode driver is invalid.
The driver device object is in the additional data.
This event is NOT logged under Windows Server 2003.
I then run tracelog.exe to capture trace data. An etl file is created under
both operating systems. When the etl file from Windows 2000 is formatted by
tracefmt.exe, the resulting text files don’t contain any trace output.
Formatting etl files generated under Windows Server 2003 do yield the
expected output in the text files.
As I understand it, the major point of the tracedrv sample is to provide an
example of adding tracing support under both Windows 2000 and Windows Server
2003. Either tracing does not work at all under Windows 2000, or the
tracedrv example doesn’t work!
Per other posts in this group, I looked at O/S specific tracing in
WINDDK\3790\src\general\toaster\func\featured2,
and noticed under Win2k, toaster invokes WPP_INIT_TRACING in StartDevice. Is
this necessary to get tracing to work under Win2k? Is tracing broken under
Win2k if a driver calls IoCreateDevice in DriverEntry followed by the
WPP_INIT_TRACING macro?
It is dangerous to leave the tracing code enabled in a Win2k production
driver? I am ready to conditionalize it all for W2k3, especially if tracing
doesn’t work under Win2k.
Thank you,
David Schwartz
Marathon Technologies Corporation