why can't i get wpp Trace output not written to disk before a system crash?

WINDBG
1

I added wpp to fs project(windows xp).when system crashed, I wanted to get the wpp Trace output via windbg.but I failed.
(1)
windbg version: 6.5.0003.7.
kd> .sympath
Symbol search path is: srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
kd> !load wmitrace
kd> !wmitrace.strdump
(WmiTracing)StrDump Generic
LoggerContext Array @ 0x8055AD80 [64 Elements]
Logger Id 2 @ 0x80F9E000 Named ‘’
kd> !wmitrace.logsave 2
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’
LoggerMode is 0
unable to get NT!EtwCPUSpeedInMHz
unable to get NT!EtwpBootTime
unable to get NT!EtwPerfFreq
Unable to determine buffer mechanism. Check for complete symbol availability.
Saved 0 Buffers
kd> lm
start end module name
804d8000 806ce100 nt (pdb symbols) DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb
806cf000 806ef380 hal (deferred)

(is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)
(2)
windbg version: 6.8.0004.0
kd> !load wmitrace
kd> !wmitrace.strdump
(WmiTracing)StrDump Generic
LoggerContext Array @ 0x8055AD80 [0 Elements]
kd> !wmitrace.logsave 2 c:\like.txt
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’
Failed to Find Logger

Is there somthing wrong with my methods?

2

I can’t say that I really know the answer to this problem; I personally
avoid ETW/WPP like the plauge. However, to the best of my knowledge,
ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that
the symbols which it seeks (nt!Etw…) would exist on XP.

Unfortunately, this isn’t very helpful; I guess all I am really saying
is that on this one, I would personally not beat my head against the
wall to get it working without getting confirmation from someone who has
knowledge of the implementation of the extension or has otherwise
performed this on XP, because it looks the extension is asking for
things that don’t make sense on XP.

Good luck,

mm

likeosr wrote:

I added wpp to fs project(windows xp).when system crashed, I wanted to
get the wpp Trace output via windbg.but I failed.
(1)
windbg version: 6.5.0003.7.
kd> .sympath
Symbol search path is:
srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
kd> !load wmitrace
kd> !wmitrace.strdump
(WmiTracing)StrDump Generic
LoggerContext Array @ 0x8055AD80 [64 Elements]
Logger Id 2 @ 0x80F9E000 Named ‘’
kd> !wmitracelogsave 2
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’
LoggerMode is 0
unable to get NT!EtwCPUSpeedInMHz
unable to get NT!EtwpBootTime
unable to get NT!EtwPerfFreq
Unable to determine buffer mechanism. Check for complete symbol
availability
Saved 0 Buffers
kd> lm
start end module name
804d8000 806ce100 nt (pdb symbols)
DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb
806cf000 806ef380 hal (deferred)

(is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)
(2)
windbg version: 6.8.0004.0
kd> !load wmitrace
kd> !wmitrace.strdump
(WmiTracing)StrDump Generic
LoggerContext Array @ 0x8055AD80 [0 Elements]
kd> !wmitrace.logsave 2 c:\like.txt
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’
Failed to Find Logger

Is there somthing wrong with my methods?

3

Thank you. I don’t want to use etw/wpp too. But in my fs project, tracing is very important.
I have written a trace my self. it is not stale in my file system driver.It causes sytem crash and deadlock because
my file sytem cache and ntfs.So I choose a quick solution—etw/wpp…

??2007-12-29??“Martin O’Brien” д???

I can’t say that I really know the answer to this problem; I personally
avoid ETW/WPP like the plauge. However, to the best of my knowledge,
ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that
the symbols which it seeks (nt!Etw…) would exist on XP.

Unfortunately, this isn’t very helpful; I guess all I am really saying
is that on this one, I would personally not beat my head against the
wall to get it working without getting confirmation from someone who has
knowledge of the implementation of the extension or has otherwise
performed this on XP, because it looks the extension is asking for
things that don’t make sense on XP.

Good luck,

mm

likeosr wrote:
>
>
>
> I added wpp to fs project(windows xp).when system crashed, I wanted to
> get the wpp Trace output via windbg.but I failed.
> (1)
> windbg version: 6.5.0003.7.
> kd> .sympath
> Symbol search path is:
> srvDownstreamStorehttp://msdl.microsoft.com/download/symbols
> kd> !load wmitrace
> kd> !wmitrace.strdump
> (WmiTracing)StrDump Generic
> LoggerContext Array @ 0x8055AD80 [64 Elements]
> Logger Id 2 @ 0x80F9E000 Named ‘’
> kd> !wmitracelogsave 2
> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’
> LoggerMode is 0
> unable to get NT!EtwCPUSpeedInMHz
> unable to get NT!EtwpBootTime
> unable to get NT!EtwPerfFreq
> Unable to determine buffer mechanism. Check for complete symbol
> availability
> Saved 0 Buffers
> kd> lm
> start end module name
> 804d8000 806ce100 nt (pdb symbols)
> DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb
> 806cf000 806ef380 hal (deferred)
> …
> (is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)
> (2)
> windbg version: 6.8.0004.0
> kd> !load wmitrace
> kd> !wmitrace.strdump
> (WmiTracing)StrDump Generic
> LoggerContext Array @ 0x8055AD80 [0 Elements]
> kd> !wmitrace.logsave 2 c:\like.txt
> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’
> Failed to Find Logger
>
> Is there somthing wrong with my methods?
>
>
>
>


You are currently subscribed to windbg as: likeosr@126.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

4

Hi,

Did you start the session with -kd ?

tracelog -start MyTrace -guid MyProvider.ctl -rt -kd
http://msdn2.microsoft.com/en-us/library/ms797205.aspx

http://msdn2.microsoft.com/en-us/library/ms797585.aspx

list running sessions, so that you can figure out logger id
!wmitrace.strdump
set the TMF search path
!wmitrace.searchpath
dump events
!wmitrace.logdump
Wmitrace is documented in the debugger help

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of likeosr@126.com
Sent: Saturday, December 29, 2007 2:37 AM
To: Kernel Debugging Interest List
Subject: Re:Re:[windbg] why can’t i get wpp Trace output not written to disk before a system crash?

Thank you. I don’t want to use etw/wpp too. But in my fs project, tracing is very important.
I have written a trace my self. it is not stale in my file system driver.It causes sytem crash and deadlock because
my file sytem cache and ntfs.So I choose a quick solution—etw/wpp…

$B:_(B2007-12-29$B!$(B"Martin O’Brien" $B
I can’t say that I really know the answer to this problem; I personally

avoid ETW/WPP like the plauge. However, to the best of my knowledge,

ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that

the symbols which it seeks (nt!Etw…) would exist on XP.

Unfortunately, this isn’t very helpful; I guess all I am really saying

is that on this one, I would personally not beat my head against the

wall to get it working without getting confirmation from someone who has

knowledge of the implementation of the extension or has otherwise

performed this on XP, because it looks the extension is asking for

things that don’t make sense on XP.

Good luck,

mm

likeosr wrote:

>

>

>

> I added wpp to fs project(windows xp).when system crashed, I wanted to

> get the wpp Trace output via windbg.but I failed.

> (1)

> windbg version: 6.5.0003.7.

> kd> .sympath

> Symbol search path is:

> srvDownstreamStorehttp://msdl.microsoft.com/download/symbols

> kd> !load wmitrace

> kd> !wmitrace.strdump

> (WmiTracing)StrDump Generic

> LoggerContext Array @ 0x8055AD80 [64 Elements]

> Logger Id 2 @ 0x80F9E000 Named ‘’

> kd> !wmitracelogsave 2

> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’

> LoggerMode is 0

> unable to get NT!EtwCPUSpeedInMHz

> unable to get NT!EtwpBootTime

> unable to get NT!EtwPerfFreq

> Unable to determine buffer mechanism. Check for complete symbol

> availability

> Saved 0 Buffers

> kd> lm

> start end module name

> 804d8000 806ce100 nt (pdb symbols)

> DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb

> 806cf000 806ef380 hal (deferred)

> …

> (is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)

> (2)

> windbg version: 6.8.0004.0

> kd> !load wmitrace

> kd> !wmitrace.strdump

> (WmiTracing)StrDump Generic

> LoggerContext Array @ 0x8055AD80 [0 Elements]

> kd> !wmitrace.logsave 2 c:\like.txt

> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’

> Failed to Find Logger

>

> Is there somthing wrong with my methods?

>

>

>

>



You are currently subscribed to windbg as: likeosr@126.com

To unsubscribe send a blank email to xxxxx@lists.osr.com
— You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

5

The extension did not used to work on XP, because the required symbols in XP were not exported with the public symbols.

That problem was solved about a year ago, and it should be working because the recent versions of the public symbols do have the required symbols the extension is looking for.

You can always try boot time tracing on XP, take a look at MSDN.
http://msdn2.microsoft.com/en-us/library/ms797172.aspx

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Friday, December 28, 2007 9:26 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] why can’t i get wpp Trace output not written to disk before a system crash?

I can’t say that I really know the answer to this problem; I personally
avoid ETW/WPP like the plauge. However, to the best of my knowledge,
ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that
the symbols which it seeks (nt!Etw…) would exist on XP.

Unfortunately, this isn’t very helpful; I guess all I am really saying
is that on this one, I would personally not beat my head against the
wall to get it working without getting confirmation from someone who has
knowledge of the implementation of the extension or has otherwise
performed this on XP, because it looks the extension is asking for
things that don’t make sense on XP.

Good luck,

mm

likeosr wrote:

I added wpp to fs project(windows xp).when system crashed, I wanted to
get the wpp Trace output via windbg.but I failed.
(1)
windbg version: 6.5.0003.7.
kd> .sympath
Symbol search path is:
srv*DownstreamStore*http://msdl.microsoft.com/download/symbols
kd> !load wmitrace
kd> !wmitrace.strdump
(WmiTracing)StrDump Generic
LoggerContext Array @ 0x8055AD80 [64 Elements]
Logger Id 2 @ 0x80F9E000 Named ‘’
kd> !wmitracelogsave 2
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’
LoggerMode is 0
unable to get NT!EtwCPUSpeedInMHz
unable to get NT!EtwpBootTime
unable to get NT!EtwPerfFreq
Unable to determine buffer mechanism. Check for complete symbol
availability
Saved 0 Buffers
kd> lm
start end module name
804d8000 806ce100 nt (pdb symbols)
DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb
806cf000 806ef380 hal (deferred)

(is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)
(2)
windbg version: 6.8.0004.0
kd> !load wmitrace
kd> !wmitrace.strdump
(WmiTracing)StrDump Generic
LoggerContext Array @ 0x8055AD80 [0 Elements]
kd> !wmitrace.logsave 2 c:\like.txt
WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’
Failed to Find Logger

Is there somthing wrong with my methods?

You are currently subscribed to windbg as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

6

I try many times, but failed.
I use the latest version 6.8.0004.0(windbg). It shows"LoggerContext Array @ 0x8055AD80 [0 Elements]"
and “Failed to Find Logger”. Maybe the extension did not used to work on XP. But how to resolve the problem that
windbg can’t get wpp Trace output not written to disk before a system crash ? It is important for a driver debugging.

??2008-01-01??“Jose Sua” д???

The extension did not used to work on XP, because the required symbols in XP were not exported with the public symbols.

That problem was solved about a year ago, and it should be working because the recent versions of the public symbols do have the required symbols the extension is looking for.

You can always try boot time tracing on XP, take a look at MSDN.
http://msdn2.microsoft.com/en-us/library/ms797172.aspx

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Friday, December 28, 2007 9:26 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] why can’t i get wpp Trace output not written to disk before a system crash?

I can’t say that I really know the answer to this problem; I personally
avoid ETW/WPP like the plauge. However, to the best of my knowledge,
ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that
the symbols which it seeks (nt!Etw…) would exist on XP.

Unfortunately, this isn’t very helpful; I guess all I am really saying
is that on this one, I would personally not beat my head against the
wall to get it working without getting confirmation from someone who has
knowledge of the implementation of the extension or has otherwise
performed this on XP, because it looks the extension is asking for
things that don’t make sense on XP.

Good luck,

mm

likeosr wrote:
>
>
>
> I added wpp to fs project(windows xp).when system crashed, I wanted to
> get the wpp Trace output via windbg.but I failed.
> (1)
> windbg version: 6.5.0003.7.
> kd> .sympath
> Symbol search path is:
> srvDownstreamStorehttp://msdl.microsoft.com/download/symbols
> kd> !load wmitrace
> kd> !wmitrace.strdump
> (WmiTracing)StrDump Generic
> LoggerContext Array @ 0x8055AD80 [64 Elements]
> Logger Id 2 @ 0x80F9E000 Named ‘’
> kd> !wmitracelogsave 2
> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’
> LoggerMode is 0
> unable to get NT!EtwCPUSpeedInMHz
> unable to get NT!EtwpBootTime
> unable to get NT!EtwPerfFreq
> Unable to determine buffer mechanism. Check for complete symbol
> availability
> Saved 0 Buffers
> kd> lm
> start end module name
> 804d8000 806ce100 nt (pdb symbols)
> DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb
> 806cf000 806ef380 hal (deferred)
> …
> (is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)
> (2)
> windbg version: 6.8.0004.0
> kd> !load wmitrace
> kd> !wmitrace.strdump
> (WmiTracing)StrDump Generic
> LoggerContext Array @ 0x8055AD80 [0 Elements]
> kd> !wmitrace.logsave 2 c:\like.txt
> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’
> Failed to Find Logger
>
> Is there somthing wrong with my methods?
>
>
>
>


You are currently subscribed to windbg as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com


You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

7

Make sure you have the right symbols, you can check

dt nt!_WMI_LOGGER_CONTEXT

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of likeosr@126.com
Sent: Wednesday, January 02, 2008 8:57 PM
To: Kernel Debugging Interest List
Subject: Re:RE: Re:[windbg] why can’t i get wpp Trace output not written to disk before a system crash?

I try many times, but failed.
I use the latest version 6.8.0004.0(windbg). It shows"LoggerContext Array @ 0x8055AD80 [0 Elements]"
and “Failed to Find Logger”. Maybe the extension did not used to work on XP. But how to resolve the problem that
windbg can’t get wpp Trace output not written to disk before a system crash ? It is important for a driver debugging.

$B:_(B2008-01-01$B!$(B"Jose Sua" $B
The extension did not used to work on XP, because the required symbols in XP were not exported with the public symbols.

That problem was solved about a year ago, and it should be working because the recent versions of the public symbols do have the required symbols the extension is looking for.

You can always try boot time tracing on XP, take a look at MSDN.

http://msdn2.microsoft.com/en-us/library/ms797172.aspx

-----Original Message-----

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien

Sent: Friday, December 28, 2007 9:26 PM

To: Kernel Debugging Interest List

Subject: Re:[windbg] why can’t i get wpp Trace output not written to disk before a system crash?

I can’t say that I really know the answer to this problem; I personally

avoid ETW/WPP like the plauge. However, to the best of my knowledge,

ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that

the symbols which it seeks (nt!Etw…) would exist on XP.

Unfortunately, this isn’t very helpful; I guess all I am really saying

is that on this one, I would personally not beat my head against the

wall to get it working without getting confirmation from someone who has

knowledge of the implementation of the extension or has otherwise

performed this on XP, because it looks the extension is asking for

things that don’t make sense on XP.

Good luck,

mm

likeosr wrote:

>

>

>

> I added wpp to fs project(windows xp).when system crashed, I wanted to

> get the wpp Trace output via windbg.but I failed.

> (1)

> windbg version: 6.5.0003.7.

> kd> .sympath

> Symbol search path is:

> srvDownstreamStorehttp://msdl.microsoft.com/download/symbols

> kd> !load wmitrace

> kd> !wmitrace.strdump

> (WmiTracing)StrDump Generic

> LoggerContext Array @ 0x8055AD80 [64 Elements]

> Logger Id 2 @ 0x80F9E000 Named ‘’

> kd> !wmitracelogsave 2

> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’

> LoggerMode is 0

> unable to get NT!EtwCPUSpeedInMHz

> unable to get NT!EtwpBootTime

> unable to get NT!EtwPerfFreq

> Unable to determine buffer mechanism. Check for complete symbol

> availability

> Saved 0 Buffers

> kd> lm

> start end module name

> 804d8000 806ce100 nt (pdb symbols)

> DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb

> 806cf000 806ef380 hal (deferred)

> …

> (is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)

> (2)

> windbg version: 6.8.0004.0

> kd> !load wmitrace

> kd> !wmitrace.strdump

> (WmiTracing)StrDump Generic

> LoggerContext Array @ 0x8055AD80 [0 Elements]

> kd> !wmitrace.logsave 2 c:\like.txt

> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’

> Failed to Find Logger

>

> Is there somthing wrong with my methods?

>

>

>

>



You are currently subscribed to windbg as: xxxxx@windows.microsoft.com

To unsubscribe send a blank email to xxxxx@lists.osr.com



You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’

To unsubscribe send a blank email to xxxxx@lists.osr.com
— You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

8

I think you might need to drop back and verify some basics:

  1. Make sure that anything ETW/WMI/WPP is enabled on the target

  2. What version of XP are you running:

kd> vertarget

  1. I notice that you haven’t used a fullpath for the local cache folder
    in .sympath. Enable symbol diagnostic information, force exact symbol
    matching, reload all symbols, and make sure that your symbols are correct.

.symopt+ 0x80000400
.reload -f -n
lml

Also, I can’t think of a reason why you would need to .reload nt before
this would work, but this will rule that out as well.

  1. Check for existence of the following:

dt nt!_WMI_LOGGER_CONTEXT
x nt!*Etw*

  1. Try enabling boot time logging as Jose suggested.

http://msdn2.microsoft.com/en-us/library/ms797172.aspx

  1. If you get here, the only things that I can think of to try, as Jose
    has already said that it works on XP and he would know, is to close
    WinDbg, delete your local symbol cache folder, and try again, and if you
    get really desperate, try dropping back to the previous verison of WinDbg.

Good luck,

mm

Jose Sua wrote:

Make sure you have the right symbols, you can check

dt nt!_WMI_LOGGER_CONTEXT

*From:* xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] *On Behalf Of *likeosr@126.com
*Sent:* Wednesday, January 02, 2008 8:57 PM
*To:* Kernel Debugging Interest List
*Subject:* Re:RE: Re:[windbg] why can’t i get wpp Trace output not
written to disk before a system crash?

I try many times, but failed.
I use the latest version 6.8.0004.0(windbg). It shows"LoggerContext
Array @ 0x8055AD80 [0 Elements]"

and “Failed to Find Logger”. Maybe the extension did not used to work
on XP. But how to resolve the problem that

windbg can’t get wpp Trace output not written to disk before a system
crash ? It is important for a driver debugging.

$B:_(B2008-01-01$B!$(B"Jose Sua" $B>
> The extension did not used to work on XP, because the required symbols in XP were not exported with the public symbols.
>
>
>
> That problem was solved about a year ago, and it should be working because the recent versions of the public symbols do have the required symbols the extension is looking for.
>
>
>
>
>
> You can always try boot time tracing on XP, take a look at MSDN.
>
> http://msdn2.microsoft.com/en-us/library/ms797172.aspx
>
>
>
>
>
>
>
> -----Original Message-----
>
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
>
> Sent: Friday, December 28, 2007 9:26 PM
>
> To: Kernel Debugging Interest List
>
> Subject: Re:[windbg] why can’t i get wpp Trace output not written to disk before a system crash?
>
>
>
> I can’t say that I really know the answer to this problem; I personally
>
> avoid ETW/WPP like the plauge. However, to the best of my knowledge,
>
> ETW is not supported pre-Vista/Longhorn, so it seems very unlikely that
>
> the symbols which it seeks (nt!Etw…) would exist on XP.
>
>
>
> Unfortunately, this isn’t very helpful; I guess all I am really saying
>
> is that on this one, I would personally not beat my head against the
>
> wall to get it working without getting confirmation from someone who has
>
> knowledge of the implementation of the extension or has otherwise
>
> performed this on XP, because it looks the extension is asking for
>
> things that don’t make sense on XP.
>
>
>
> Good luck,
>
>
>
> mm
>
>
>
>
>
>
>
> likeosr wrote:
>
>>
>
>>
>
>>
>
>> I added wpp to fs project(windows xp).when system crashed, I wanted to
>
>> get the wpp Trace output via windbg.but I failed.
>
>> (1)
>
>> windbg version: 6.5.0003.7.
>
>> kd> .sympath
>
>> Symbol search path is:
>
>> srvDownstreamStorehttp://msdl.microsoft.com/download/symbols
>
>> kd> !load wmitrace
>
>> kd> !wmitrace.strdump
>
>> (WmiTracing)StrDump Generic
>
>> LoggerContext Array @ 0x8055AD80 [64 Elements]
>
>> Logger Id 2 @ 0x80F9E000 Named ‘’
>
>> kd> !wmitracelogsave 2
>
>> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘LogData.elg’
>
>> LoggerMode is 0
>
>> unable to get NT!EtwCPUSpeedInMHz
>
>> unable to get NT!EtwpBootTime
>
>> unable to get NT!EtwPerfFreq
>
>> Unable to determine buffer mechanism. Check for complete symbol
>
>> availability
>
>> Saved 0 Buffers
>
>> kd> lm
>
>> start end module name
>
>> 804d8000 806ce100 nt (pdb symbols)
>
>> DownstreamStore\ntkrnlpa.pdb\BD8F451F3E754ED8A34B50560CEB08E31\ntkrnlpa.pdb
>
>> 806cf000 806ef380 hal (deferred)
>
>> …
>
>> (is there no symbol of NT!EtwCPUSpeedInMHz?where can i find it?)
>
>> (2)
>
>> windbg version: 6.8.0004.0
>
>> kd> !load wmitrace
>
>> kd> !wmitrace.strdump
>
>> (WmiTracing)StrDump Generic
>
>> LoggerContext Array @ 0x8055AD80 [0 Elements]
>
>> kd> !wmitrace.logsave 2 c:\like.txt
>
>> WMI Trace Save: Debugger Extension. LoggerId = 2, Save File = ‘c:\like.txt’
>
>> Failed to Find Logger
>
>>
>
>> Is there somthing wrong with my methods?
>
>>
>
>>
>
>>
>
>>
>
>
>
> —
>
> You are currently subscribed to windbg as: xxxxx@windows.microsoft.com
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
>
> —
>
> You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
>
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> — You are currently subscribed to windbg as: unknown lmsubst tag
> argument: ‘’ To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>