I’m currently trying to trace through a driver for some performance issues we are seeing, but I’ve run in to one issue I have not been able to get around. I’m using a mini filter driver on Vista x86 and generating the logs using the following command:
logman start MyTrace -p {GUID HERE} 0xFFFFFFFF 5 -o “C:\outputfile.etl” -ets
logman stop MyTrace -ets
This creates the etl file correct, and the first time I did this I was able to correctly view the trace in TraceView with the correct time stamps etc… After running some more tests and getting new logs (using the same command) if I now try to analyze the log files with either traceview or tracefmt My messages get output correctly, but the time stamps are really messed up. I made sure my pdb was correct, and I haven’t updated my driver either, but I’m at a loss as to what is happening. I also made sure to clear out my TMF files and tried making them both with tracepdb, and with tracefmt automatically making them but in all cases I get the screwed up time stamps. Also the time stamp doesn’t change at all. It always reports the same time.
I’m including an example below:
(I cleaned the messages and just replaced them with ----message here---- but the messages are correct in my log file)
[0]01B8.0878::00/49/2014-47:51:48.047 ----message here----
[0]01B8.0878::00/49/2014-47:51:48.047 ----message here----
[0]01B8.0878::00/49/2014-47:51:48.047 ----message here----
[0]01B8.0878::00/49/2014-47:51:48.047 ----message here----
Anyone seen anything like this?
Thanks.
-Stephen