WPP tracing (ETW) and Win2k

Hello. I’m in the process WPP tracing to my drivers, and I just wanted to
know if Win2k WPP tracing is solid enough for a production driver (I’m using
the server 2003 DDK, not sure if I should sure server 2003 DDK SP1 1218 for
production drivers…any takers on that?)?

Also, I’m using WPP tracing with C++. Any warnings, guidelines? I am using
extern “c” to include my WPP files. I have managed to test tracing, and it
works so far, but if there are any pitfalls for C++ and WPP I’d appreciate
any pointers.

Looking over the archives, there seems to be a good deal of grief with WPP
and WPP with Win2k in particular. I seem to have it working so far,
however, though I have not attempted Win2k tracing yet.

To sum up:
a) Can WPP be used for production Win2k drivers?
b) Apart from extern “c” includes, any guidelines on WPP and C++? Before a
debate ignites on this, some of my drivers are audio drivers, and I must use
C++.
c) In using WPP, is it advantageous to use the server 2003 SP1 build 1218
DDK over the 2003 DDK?

thanks for any help,

Philip Lukidis

“Philip Lukidis” wrote in message
news:xxxxx@ntdev…
> Hello. I’m in the process WPP tracing to my drivers, and I just wanted to
> know if Win2k WPP tracing is solid enough for a production driver (I’m
using
> the server 2003 DDK, not sure if I should sure server 2003 DDK SP1 1218
for
> production drivers…any takers on that?)?
>
> Also, I’m using WPP tracing with C++. Any warnings, guidelines? I am
using
> extern “c” to include my WPP files. I have managed to test tracing, and
it
> works so far, but if there are any pitfalls for C++ and WPP I’d appreciate
> any pointers.
>
> Looking over the archives, there seems to be a good deal of grief with WPP
> and WPP with Win2k in particular. I seem to have it working so far,
> however, though I have not attempted Win2k tracing yet.
>
> To sum up:
> a) Can WPP be used for production Win2k drivers?
> b) Apart from extern “c” includes, any guidelines on WPP and C++? Before
a
> debate ignites on this, some of my drivers are audio drivers, and I must
use
> C++.
> c) In using WPP, is it advantageous to use the server 2003 SP1 build 1218
> DDK over the 2003 DDK?
>
> thanks for any help,
>
> Philip Lukidis
>
>
>
Oh, and it does not help my confidence that while the DDK says “WPP software
tracing is supported on Microsoft® Windows® XP and later.”, the toaster FDO
featured2 example implements it in Win2k as well and WinXP and onwards. Is
it officially supported in Win2k or not? If not officially supported on
Win2k, I dare not incorporate it into the Win2k binaries. Or is that
overreacting?

thanks,

Philip Lukidis

-yes WPP can be used for Win2K production drivers and its supported, its
based on Event Tracing for Windows.

• No difference SP1 1218 DDK and 2003 DDK

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip Lukidis
Sent: Monday, September 13, 2004 7:13 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WPP tracing (ETW) and Win2k

Hello. I’m in the process WPP tracing to my drivers, and I just wanted
to know if Win2k WPP tracing is solid enough for a production driver
(I’m using the server 2003 DDK, not sure if I should sure server 2003
DDK SP1 1218 for production drivers…any takers on that?)?

Also, I’m using WPP tracing with C++. Any warnings, guidelines? I am
using extern “c” to include my WPP files. I have managed to test
tracing, and it works so far, but if there are any pitfalls for C++ and
WPP I’d appreciate any pointers.

Looking over the archives, there seems to be a good deal of grief with
WPP and WPP with Win2k in particular. I seem to have it working so far,
however, though I have not attempted Win2k tracing yet.

To sum up:
a) Can WPP be used for production Win2k drivers?
b) Apart from extern “c” includes, any guidelines on WPP and C++?
Before a debate ignites on this, some of my drivers are audio drivers,
and I must use
C++.
c) In using WPP, is it advantageous to use the server 2003 SP1 build
1218 DDK over the 2003 DDK?

thanks for any help,

Philip Lukidis

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Is there a way to create one binary that can trace both on win-xp and win-2k
?
According to the Toaster example two binaries should be generated…

Thanks
Shahar

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jose Sua
Sent: Monday, September 13, 2004 11:34 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WPP tracing (ETW) and Win2k

-yes WPP can be used for Win2K production drivers and its supported, its
based on Event Tracing for Windows.

• No difference SP1 1218 DDK and 2003 DDK

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip Lukidis
Sent: Monday, September 13, 2004 7:13 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WPP tracing (ETW) and Win2k

Hello. I’m in the process WPP tracing to my drivers, and I just wanted
to know if Win2k WPP tracing is solid enough for a production driver
(I’m using the server 2003 DDK, not sure if I should sure server 2003
DDK SP1 1218 for production drivers…any takers on that?)?

Also, I’m using WPP tracing with C++. Any warnings, guidelines? I am
using extern “c” to include my WPP files. I have managed to test
tracing, and it works so far, but if there are any pitfalls for C++ and
WPP I’d appreciate any pointers.

Looking over the archives, there seems to be a good deal of grief with
WPP and WPP with Win2k in particular. I seem to have it working so far,
however, though I have not attempted Win2k tracing yet.

To sum up:
a) Can WPP be used for production Win2k drivers?
b) Apart from extern “c” includes, any guidelines on WPP and C++?
Before a debate ignites on this, some of my drivers are audio drivers,
and I must use
C++.
c) In using WPP, is it advantageous to use the server 2003 SP1 build
1218 DDK over the 2003 DDK?

thanks for any help,

Philip Lukidis

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Right but the Win-2K binary can run in all platforms

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Shahar Talmi
Sent: Tuesday, September 14, 2004 1:12 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WPP tracing (ETW) and Win2k

Is there a way to create one binary that can trace both on win-xp and
win-2k ?
According to the Toaster example two binaries should be generated…

Thanks
Shahar

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jose Sua
Sent: Monday, September 13, 2004 11:34 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WPP tracing (ETW) and Win2k

-yes WPP can be used for Win2K production drivers and its supported, its
based on Event Tracing for Windows.

• No difference SP1 1218 DDK and 2003 DDK

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip Lukidis
Sent: Monday, September 13, 2004 7:13 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WPP tracing (ETW) and Win2k

Hello. I’m in the process WPP tracing to my drivers, and I just wanted
to know if Win2k WPP tracing is solid enough for a production driver
(I’m using the server 2003 DDK, not sure if I should sure server 2003
DDK SP1 1218 for production drivers…any takers on that?)?

Also, I’m using WPP tracing with C++. Any warnings, guidelines? I am
using extern “c” to include my WPP files. I have managed to test
tracing, and it works so far, but if there are any pitfalls for C++ and
WPP I’d appreciate any pointers.

Looking over the archives, there seems to be a good deal of grief with
WPP and WPP with Win2k in particular. I seem to have it working so far,
however, though I have not attempted Win2k tracing yet.

To sum up:
a) Can WPP be used for production Win2k drivers?
b) Apart from extern “c” includes, any guidelines on WPP and C++?
Before a debate ignites on this, some of my drivers are audio drivers,
and I must use
C++.
c) In using WPP, is it advantageous to use the server 2003 SP1 build
1218 DDK over the 2003 DDK?

thanks for any help,

Philip Lukidis

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

“Jose Sua” wrote in message
news:xxxxx@ntdev…
-yes WPP can be used for Win2K production drivers and its supported, its
based on Event Tracing for Windows.
- No difference SP1 1218 DDK and 2003 DDK
[snip]

Thanks for your feedback. Thanks also to Scott from OSR who provided tips
in another thread.

Philip Lukidis

Some Win2k WPP questions. What happens if…

a) a WPP trace is called in a Win2k binary before WMI
registration/WPP_INIT_TRACING? WMI registration occurs at start_device
time, and for Win2k I call WPP_INIT_TRACING thereafter if WMI registration
succeeded. Is the trace merely “lost”?
b) a WPP trace is called after or “during” WMI registration/WPP_CLEANUP.

Am I responsible for preventing these episodes, or is it quite irrelevant?

thanks,

Philip Lukidis

Yes, it’s lost. If it comes in during cleanup, cleanup will block until
the wmi request has been completed. If it comes in after cleanup, it is
lost.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip Lukidis
Sent: Wednesday, September 15, 2004 2:26 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WPP tracing (ETW) and Win2k

Some Win2k WPP questions. What happens if…

a) a WPP trace is called in a Win2k binary before WMI
registration/WPP_INIT_TRACING? WMI registration occurs at start_device
time, and for Win2k I call WPP_INIT_TRACING thereafter if WMI
registration
succeeded. Is the trace merely “lost”?
b) a WPP trace is called after or “during” WMI registration/WPP_CLEANUP.

Am I responsible for preventing these episodes, or is it quite
irrelevant?

thanks,

Philip Lukidis

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Thanks, I appreciate your having cleared that up.

thanks,

Philip Lukidis

“Doron Holan” wrote in message
news:xxxxx@ntdev…
Yes, it’s lost. If it comes in during cleanup, cleanup will block until
the wmi request has been completed. If it comes in after cleanup, it is
lost.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Philip Lukidis
Sent: Wednesday, September 15, 2004 2:26 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WPP tracing (ETW) and Win2k

Some Win2k WPP questions. What happens if…

a) a WPP trace is called in a Win2k binary before WMI
registration/WPP_INIT_TRACING? WMI registration occurs at start_device
time, and for Win2k I call WPP_INIT_TRACING thereafter if WMI
registration
succeeded. Is the trace merely “lost”?
b) a WPP trace is called after or “during” WMI registration/WPP_CLEANUP.

Am I responsible for preventing these episodes, or is it quite
irrelevant?

thanks,

Philip Lukidis

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hmm, I have an additional question on this WPP tracing for Win2k (SP4). I
observed that I have no traces on Win2k at all. So I stepped into
WppInitKm, which called IoWMIRegistrationControl. I got an error of
0x40000000, which is STATUS_OBJECT_NAME_EXISTS. I had previously registered
with WMI myself, as the toaster does (and as I do on WinXP SP2 with no
issues). Does anyone have a clue what may be the problem?

thanks,

Philip Lukidis

“Philip Lukidis” wrote in message
news:xxxxx@ntdev…
> Hmm, I have an additional question on this WPP tracing for Win2k (SP4). I
> observed that I have no traces on Win2k at all. So I stepped into
> WppInitKm, which called IoWMIRegistrationControl. I got an error of
> 0x40000000, which is STATUS_OBJECT_NAME_EXISTS. I had previously
registered
> with WMI myself, as the toaster does (and as I do on WinXP SP2 with no
> issues). Does anyone have a clue what may be the problem?
>
> thanks,
>
> Philip Lukidis
>
>
>

Hmm, with the checked kernel/HAL on Win2k SP4, I get the following dbgprint:
“WMI: Device Object 81c3b030 attempting to register twice”. I never had
this problem on WinXP (well, perhaps I should say that tracing worked, I
should try again with the checked kernel/HAL on WinXP SP2). Is this simply
not allowed with Win2k? I can’t believe so, as the toaster sample registers
with WMI as well, just before calling WPP_INIT_TRACING (which registers as
well, with the passed DEVICE_OBJECT).

Worse, I get a “Bug Check 0xCC: PAGE_FAULT_IN_FREED_SPECIAL_POOL” when
verifying my driver (though never on the free build of Win2k SP4!). Stack
trace as follows:

1: kd> kb 100
ChildEBP RetAddr Args to Child
f7392704 804397da 00000003 c02ec42c 00000001
nt!NtNotifyChangeDirectoryFile+0x18e
f7392a90 80493c40 00000001 bb10b016 00000001 nt!MmSetKernelDumpRange+0x42
f7392ae0 804c34b3 00000001 bb10b016 00000000 nt!NtQueryDefaultLocale+0x10e
f7392af8 80539237 badb0d00 01dc503a 00000000
nt!IopDeleteLockedDeviceNode+0x305
01d35eea 00000000 00000000 00000000 00000000 nt!WmipSwitchBuffer
(nt+0x139237)

Anyone have any ideas? I can try and not register for WMI for Win2k at all,
but that just hides the issue, which admittedly I have no idea about yet.

Philip Lukidis

> “WMI: Device Object 81c3b030 attempting to register twice”. I never had

Try

!devobj 81c3b030

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Calling IoWMIRegistrationControl on the very same device object in WXP would
get STATUS_OBJECT_NAME_EXISTS as well. Only one IRP_MN_REGINFO will be sent
to the driver. At least, this is observed in wxpsp1 IIRC.

I used to use the similar approach as the toaster driver did in my unified
W2K driver but the tracing doesn't seemed to work in WXP due to that reason.
Finally, I gave up and use a dedicated device object for ETW in my unified
driver. Of course, properly creating/deleting the object is necessary. My
unified tracing works on w2k/wxp/2003/lh.

HTH,
Calvin

Calvin Guan Software Engineer
ATI Technologies Inc. www.ati.com

-----Original Message-----
From: Philip Lukidis [mailto:xxxxx@hotmail.com]
Sent: September 16, 2004 12:13 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WPP tracing (ETW) and Win2k

"Philip Lukidis" wrote in message
news:xxxxx@ntdev...
> Hmm, I have an additional question on this WPP tracing for Win2k (SP4). I
> observed that I have no traces on Win2k at all. So I stepped into
> WppInitKm, which called IoWMIRegistrationControl. I got an error of
> 0x40000000, which is STATUS_OBJECT_NAME_EXISTS. I had previously
registered
> with WMI myself, as the toaster does (and as I do on WinXP SP2 with no
> issues). Does anyone have a clue what may be the problem?
>
> thanks,
>
> Philip Lukidis
>
>
>

Hmm, with the checked kernel/HAL on Win2k SP4, I get the following dbgprint:
"WMI: Device Object 81c3b030 attempting to register twice". I never had
this problem on WinXP (well, perhaps I should say that tracing worked, I
should try again with the checked kernel/HAL on WinXP SP2). Is this simply
not allowed with Win2k? I can't believe so, as the toaster sample registers
with WMI as well, just before calling WPP_INIT_TRACING (which registers as
well, with the passed DEVICE_OBJECT).

Worse, I get a "Bug Check 0xCC: PAGE_FAULT_IN_FREED_SPECIAL_POOL" when
verifying my driver (though never on the free build of Win2k SP4!). Stack
trace as follows:

1: kd> kb 100
ChildEBP RetAddr Args to Child
f7392704 804397da 00000003 c02ec42c 00000001
nt!NtNotifyChangeDirectoryFile+0x18e
f7392a90 80493c40 00000001 bb10b016 00000001 nt!MmSetKernelDumpRange+0x42
f7392ae0 804c34b3 00000001 bb10b016 00000000 nt!NtQueryDefaultLocale+0x10e
f7392af8 80539237 badb0d00 01dc503a 00000000
nt!IopDeleteLockedDeviceNode+0x305
01d35eea 00000000 00000000 00000000 00000000 nt!WmipSwitchBuffer
(nt+0x139237)

Anyone have any ideas? I can try and not register for WMI for Win2k at all,
but that just hides the issue, which admittedly I have no idea about yet.

Philip Lukidis

---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@ati.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

RE: [ntdev] WPP tracing (ETW) and Win2kThanks very much for your reply. Somehow I got tracing to work in WinXP SP2 without any “observed issues”. Tracing worked, and the simple WMI registration appeared to have worked, because I saw the simple class I registered in root\WMI with wbemtest.exe.

I did not step into WppInitKm then, which should have called IoWMIRegistrationControl. And since that was WinXP, WPP_INIT_TRACING occurred before my own WMI registration. Granted, it was SP2.

I guess I’m now faced with not registering for WMI myself, or creating additional DEVICE_OBJECTs as you suggested.

thanks very much for your help,

Philip Lukidis
“Calvin Guan” wrote in message news:xxxxx@ntdev…
Calling IoWMIRegistrationControl on the very same device object in WXP would get STATUS_OBJECT_NAME_EXISTS as well. Only one IRP_MN_REGINFO will be sent to the driver. At least, this is observed in wxpsp1 IIRC.

I used to use the similar approach as the toaster driver did in my unified W2K driver but the tracing doesn’t seemed to work in WXP due to that reason. Finally, I gave up and use a dedicated device object for ETW in my unified driver. Of course, properly creating/deleting the object is necessary. My unified tracing works on w2k/wxp/2003/lh.

HTH,
Calvin
-
Calvin Guan Software Engineer
ATI Technologies Inc. www.ati.com

-----Original Message-----
From: Philip Lukidis [mailto:xxxxx@hotmail.com]
Sent: September 16, 2004 12:13 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WPP tracing (ETW) and Win2k

“Philip Lukidis” wrote in message
news:xxxxx@ntdev…
> Hmm, I have an additional question on this WPP tracing for Win2k (SP4). I
> observed that I have no traces on Win2k at all. So I stepped into
> WppInitKm, which called IoWMIRegistrationControl. I got an error of
> 0x40000000, which is STATUS_OBJECT_NAME_EXISTS. I had previously
registered
> with WMI myself, as the toaster does (and as I do on WinXP SP2 with no
> issues). Does anyone have a clue what may be the problem?
>
> thanks,
>
> Philip Lukidis
>
>
>

Hmm, with the checked kernel/HAL on Win2k SP4, I get the following dbgprint:
“WMI: Device Object 81c3b030 attempting to register twice”. I never had
this problem on WinXP (well, perhaps I should say that tracing worked, I
should try again with the checked kernel/HAL on WinXP SP2). Is this simply
not allowed with Win2k? I can’t believe so, as the toaster sample registers
with WMI as well, just before calling WPP_INIT_TRACING (which registers as
well, with the passed DEVICE_OBJECT).

Worse, I get a “Bug Check 0xCC: PAGE_FAULT_IN_FREED_SPECIAL_POOL” when
verifying my driver (though never on the free build of Win2k SP4!). Stack
trace as follows:

1: kd> kb 100
ChildEBP RetAddr Args to Child
f7392704 804397da 00000003 c02ec42c 00000001
nt!NtNotifyChangeDirectoryFile+0x18e
f7392a90 80493c40 00000001 bb10b016 00000001 nt!MmSetKernelDumpRange+0x42
f7392ae0 804c34b3 00000001 bb10b016 00000000 nt!NtQueryDefaultLocale+0x10e
f7392af8 80539237 badb0d00 01dc503a 00000000
nt!IopDeleteLockedDeviceNode+0x305
01d35eea 00000000 00000000 00000000 00000000 nt!WmipSwitchBuffer
(nt+0x139237)

Anyone have any ideas? I can try and not register for WMI for Win2k at all,
but that just hides the issue, which admittedly I have no idea about yet.

Philip Lukidis

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@ati.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I did not see anything untoward in the report. It appears that I have to
create another DEVICE_OBJECT to solve this, as was suggested by Mr. Guam in
this thread.

thanks,

Philip Lukidis

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
> > “WMI: Device Object 81c3b030 attempting to register twice”. I never had
>
> Try
>
> !devobj 81c3b030
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
>

The DDK page is incorrect. I’ll fix it for the next release. So sorry for
any incovenience.

– June Blender
– DDK Tools
xxxxx@microsoft.com

“Philip Lukidis” wrote in message
news:xxxxx@ntdev…
> “Philip Lukidis” wrote in message
> news:xxxxx@ntdev…
>> Hello. I’m in the process WPP tracing to my drivers, and I just wanted
>> to
>> know if Win2k WPP tracing is solid enough for a production driver (I’m
> using
>> the server 2003 DDK, not sure if I should sure server 2003 DDK SP1 1218
> for
>> production drivers…any takers on that?)?
>>
>> Also, I’m using WPP tracing with C++. Any warnings, guidelines? I am
> using
>> extern “c” to include my WPP files. I have managed to test tracing, and
> it
>> works so far, but if there are any pitfalls for C++ and WPP I’d
>> appreciate
>> any pointers.
>>
>> Looking over the archives, there seems to be a good deal of grief with
>> WPP
>> and WPP with Win2k in particular. I seem to have it working so far,
>> however, though I have not attempted Win2k tracing yet.
>>
>> To sum up:
>> a) Can WPP be used for production Win2k drivers?
>> b) Apart from extern “c” includes, any guidelines on WPP and C++? Before
> a
>> debate ignites on this, some of my drivers are audio drivers, and I must
> use
>> C++.
>> c) In using WPP, is it advantageous to use the server 2003 SP1 build 1218
>> DDK over the 2003 DDK?
>>
>> thanks for any help,
>>
>> Philip Lukidis
>>
>>
>>
> Oh, and it does not help my confidence that while the DDK says “WPP
> software
> tracing is supported on Microsoft® Windows® XP and later.”, the toaster
> FDO
> featured2 example implements it in Win2k as well and WinXP and onwards.
> Is
> it officially supported in Win2k or not? If not officially supported on
> Win2k, I dare not incorporate it into the Win2k binaries. Or is that
> overreacting?
>
> thanks,
>
> Philip Lukidis
>
>
>

“June Blender (MSFT)” wrote in message
news:xxxxx@ntdev…
> The DDK page is incorrect. I’ll fix it for the next release. So sorry for
> any incovenience.
>
> – June Blender
> – DDK Tools
> xxxxx@microsoft.com
>
>
[snip]

No inconvenience at all, especially with such a responsive community of
developers and MS staff. Thanks for the reply and information.

kind regards,

Philip Lukidis

Hopefully you will search back through the extensive discussions we had here
on this list concerning WPP, how to use it, and especially the wealth of
undocumented or poorly documented features. If much of the non-noise content
of those discussions were organized and put into the ddk WPP would be a lot
easier for developers to get a handle on and routinely put into their
products.

=====================
Mark Roddy

-----Original Message-----
From: June Blender (MSFT) [mailto:xxxxx@microsoft.com]
Sent: Thursday, September 16, 2004 3:17 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WPP tracing (ETW) and Win2k

The DDK page is incorrect. I’ll fix it for the next release. So sorry for
any incovenience.

– June Blender
– DDK Tools
xxxxx@microsoft.com

“Philip Lukidis” wrote in message
news:xxxxx@ntdev…
> “Philip Lukidis” wrote in message
> news:xxxxx@ntdev…
>> Hello. I’m in the process WPP tracing to my drivers, and I just
>> wanted to know if Win2k WPP tracing is solid enough for a production
>> driver (I’m
> using
>> the server 2003 DDK, not sure if I should sure server 2003 DDK SP1
>> 1218
> for
>> production drivers…any takers on that?)?
>>
>> Also, I’m using WPP tracing with C++. Any warnings, guidelines? I
>> am
> using
>> extern “c” to include my WPP files. I have managed to test tracing,
>> and
> it
>> works so far, but if there are any pitfalls for C++ and WPP I’d
>> appreciate any pointers.
>>
>> Looking over the archives, there seems to be a good deal of grief
>> with WPP and WPP with Win2k in particular. I seem to have it working
>> so far, however, though I have not attempted Win2k tracing yet.
>>
>> To sum up:
>> a) Can WPP be used for production Win2k drivers?
>> b) Apart from extern “c” includes, any guidelines on WPP and C++?
>> Before
> a
>> debate ignites on this, some of my drivers are audio drivers, and I
>> must
> use
>> C++.
>> c) In using WPP, is it advantageous to use the server 2003 SP1 build
>> 1218 DDK over the 2003 DDK?
>>
>> thanks for any help,
>>
>> Philip Lukidis
>>
>>
>>
> Oh, and it does not help my confidence that while the DDK says “WPP
> software tracing is supported on Microsoft(r) Windows(r) XP and later.”,
> the toaster FDO
> featured2 example implements it in Win2k as well and WinXP and onwards.
> Is
> it officially supported in Win2k or not? If not officially supported
> on Win2k, I dare not incorporate it into the Win2k binaries. Or is
> that overreacting?
>
> thanks,
>
> Philip Lukidis
>
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stratus.com To
unsubscribe send a blank email to xxxxx@lists.osr.com

“Roddy, Mark” wrote in message news:xxxxx@ntdev…
> Hopefully you will search back through the extensive discussions we had
here
> on this list concerning WPP, how to use it, and especially the wealth of
> undocumented or poorly documented features. If much of the non-noise
content
> of those discussions were organized and put into the ddk WPP would be a
lot
> easier for developers to get a handle on and routinely put into their
> products.
>
>
>
> =====================
> Mark Roddy
>
Yes, I’ve found quite a bit to sort through. The amount of grief and
gnashing of teeth in those posts is phenomenal, considering what is being
attempted (tracing). But then WPP is new, and quite different for Win2k.

thanks,

Philip Lukidis

RE: [ntdev] WPP tracing (ETW) and Win2kThanks very much for your suggestion. Using your idea, I finally got basic tracing to work on Win2k. I got tracelog and tracefmt to work. Tracelog 2.0.14 works with my .ctl and .TMF files. But traceview 2.0.14 does not want to work with my PDB. It says “cannot find PDB file”. Weird.

I did the following for registration and system_control handling for Win2k, should anyone be interested (this applies to my WPP non PnP device_object, created for now at start_device time).

Some relevant structures:
WMIGUIDREGINFO:
m_WMIGUIDRegInfo[0].Guid = &WPP_TRACE_CONTROL_NULL_GUID;
m_WMIGUIDRegInfo[0].InstanceCount = 1;
m_WMIGUIDRegInfo[0].Flags = 0;

WMILIB_CONTEXT:
m_WMIContext.GuidCount = 1;
m_WMIContext.GuidList = m_WMIGUIDRegInfo;
m_WMIContext.QueryWmiRegInfo = QueryRegInfo;
m_WMIContext.QueryWmiDataBlock = NULL;
m_WMIContext.SetWmiDataBlock = NULL;
m_WMIContext.SetWmiDataItem = NULL;
m_WMIContext.ExecuteWmiMethod = NULL;
m_WMIContext.WmiFunctionControl = NULL;

I register as such (QueryRegInfo routine):
reference for non PnP object: http://www.osronline.com/lists_archive/ntdev/thread9173.html

*flags = WMIREG_FLAG_INSTANCE_BASENAME;
*regpath = RegistryPath();

*pdo = NULL;

#define INSTANCENAME L"Sample"
ULONG size;
size = sizeof(INSTANCENAME) ;

instname->Buffer = (PWSTR)ExAllocatePoolWithTag (PagedPool,
size,
(ULONG) ‘CSAM’);

if(instname->Buffer)
{
instname->Length = size;
instname->MaximumLength = size;

RtlCopyMemory(instname->Buffer, INSTANCENAME, size);
}
else
{
instname->Length = 0;
instname->MaximumLength = 0;

status = STATUS_INSUFFICIENT_RESOURCES;
}

My SYSTEM_CONTROL routine of my WPP non PnP device_object :

SYSCTL_IRP_DISPOSITION disposition;
status = WmiSystemControl(&m_WMIContext,
pWPPDevObj),
Irp,
&disposition);

if ((disposition != IrpProcessed) &&
(pWPPDevObj ==
(PDEVICE_OBJECT)stack->Parameters.WMI.ProviderId))
{
ULONG returnSize=0;

KdPrint((“Calling WPP_TRACE_CONTROL\n”));

status = WPP_TRACE_CONTROL(stack->MinorFunction,
stack->Parameters.WMI.Buffer,
stack->Parameters.WMI.BufferSize,
returnSize);
}

switch (disposition)
{ // finish handling IRP

case IrpProcessed:
break;

case IrpNotCompleted:
IoCompleteRequest(Irp, IO_NO_INCREMENT);
break;

default:
// we don’t have a lower device…
IoCompleteRequest(Irp, IO_NO_INCREMENT);
break;
}

return status;

Finnally works on 2k SP4, I’ll try it on WinXP SP1/2. Since the extra device_object code does not exist for WinXP, I may have double registration issues (but WPP_INIT_TRACING for WinXP uses a DRIVER_OBJECT so maybe not!).

thanks,

Philip Lukidis
“Calvin Guan” wrote in message news:xxxxx@ntdev…
Calling IoWMIRegistrationControl on the very same device object in WXP would get STATUS_OBJECT_NAME_EXISTS as well. Only one IRP_MN_REGINFO will be sent to the driver. At least, this is observed in wxpsp1 IIRC.

I used to use the similar approach as the toaster driver did in my unified W2K driver but the tracing doesn’t seemed to work in WXP due to that reason. Finally, I gave up and use a dedicated device object for ETW in my unified driver. Of course, properly creating/deleting the object is necessary. My unified tracing works on w2k/wxp/2003/lh.

HTH,
Calvin
-
Calvin Guan Software Engineer
ATI Technologies Inc. www.ati.com

-----Original Message-----
From: Philip Lukidis [mailto:xxxxx@hotmail.com]
Sent: September 16, 2004 12:13 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WPP tracing (ETW) and Win2k

“Philip Lukidis” wrote in message
news:xxxxx@ntdev…
> Hmm, I have an additional question on this WPP tracing for Win2k (SP4). I
> observed that I have no traces on Win2k at all. So I stepped into
> WppInitKm, which called IoWMIRegistrationControl. I got an error of
> 0x40000000, which is STATUS_OBJECT_NAME_EXISTS. I had previously
registered
> with WMI myself, as the toaster does (and as I do on WinXP SP2 with no
> issues). Does anyone have a clue what may be the problem?
>
> thanks,
>
> Philip Lukidis
>
>
>

Hmm, with the checked kernel/HAL on Win2k SP4, I get the following dbgprint:
“WMI: Device Object 81c3b030 attempting to register twice”. I never had
this problem on WinXP (well, perhaps I should say that tracing worked, I
should try again with the checked kernel/HAL on WinXP SP2). Is this simply
not allowed with Win2k? I can’t believe so, as the toaster sample registers
with WMI as well, just before calling WPP_INIT_TRACING (which registers as
well, with the passed DEVICE_OBJECT).

Worse, I get a “Bug Check 0xCC: PAGE_FAULT_IN_FREED_SPECIAL_POOL” when
verifying my driver (though never on the free build of Win2k SP4!). Stack
trace as follows:

1: kd> kb 100
ChildEBP RetAddr Args to Child
f7392704 804397da 00000003 c02ec42c 00000001
nt!NtNotifyChangeDirectoryFile+0x18e
f7392a90 80493c40 00000001 bb10b016 00000001 nt!MmSetKernelDumpRange+0x42
f7392ae0 804c34b3 00000001 bb10b016 00000000 nt!NtQueryDefaultLocale+0x10e
f7392af8 80539237 badb0d00 01dc503a 00000000
nt!IopDeleteLockedDeviceNode+0x305
01d35eea 00000000 00000000 00000000 00000000 nt!WmipSwitchBuffer
(nt+0x139237)

Anyone have any ideas? I can try and not register for WMI for Win2k at all,
but that just hides the issue, which admittedly I have no idea about yet.

Philip Lukidis

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@ati.com
To unsubscribe send a blank email to xxxxx@lists.osr.com