Kernel Mode Driver Performance Tracing (ETW) doesn't display much information RRS feed

  • Question

  • Hi,

    We are developing an NDIS driver for our custom built network card and were experiencing some performance issues at the windows driver. More or less easily we got WPP running, but also recognized, that this tool or tracing method is not powerful enough. So we turned to ETW.

    This post was very helping to point us in the right direction.

    After reading a lot of msdn-articles, some sort of deeper understanding of the process appeared, and we were confident this would work. Altough we made some progress (after getting into a lot of traps) we are now able to somehow see some events of the driver in the tool "Windows Performance Analyzer", but it does not differentiate any of the parameters/trace flags/message guids. leaving us with less clue what is happening than before.

    Are we missing anything on how to link the debugging information with the trace from the driver?

    What we currently use and do:

     - an instrumentation manifest .xml file which automatically generates .h and .rc file(s) with mc.exe
     - an NDIS 5.1 kernel mode driver with ETW enabled, built as checked x64 for win7 with a .pdb file.
     - check if .pdb is matching the driver: symchk ourdriver.sys /s c:\blah\amd64
     - (then of course install the driver too)
     - start logging with: xperf -on LOADER+PROG_THREAD+DPC+INTERRUPT -maxbuffers 1024
     - doing some tests which should call some of the trace functions
     - stopping with xperf -d ourtrace.etl
     - checking the logfile with: xperf -i ourtrace.etl -a tracestats
     - looking at the .etl file with "Windows Performance Analyzer" including loaded symbols (also ourdriver.pdb)

    (Also some modifications of the parameters, different flags, etc...)

    We also tried some different approaches to get .etl files or viewing the results, but this is the method who brought us at least a visible result. (like tracelog, logman, Windows Performance Recorder, wevtutil, traceview, ...)

    So we are kind of stuck here... Anything we might have missed? Is another tool combination of better use?

    Monday, March 25, 2013 1:57 PM

All replies

  • Personally, even though Xperf is a great tool I find myself using kernrate when I am trying to profile my driver.  I prefer to have the fixed log, rather than the nice GUI, since I want to compare runs. 

    The first question you need to answer is what are you trying to collect in the way of data.

    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Monday, March 25, 2013 4:31 PM
  • Hi Donald,

    thank you for your quick reply.

    Basically what we are trying to do is: find out when some specific functions are called plus the according parameters and some other data from a network packet. 

    So it's not about the general CPU usage i think. Probably it's a problem with interrupts, the DPC's or the hardware access.

    So i don't think, kernrate is the right tool for that. or am i wrong?

    Monday, March 25, 2013 5:02 PM
  • I think you want to be using WPP tracing and Traceview or Tracelog then.  Add the WPP tracing statements you need to the beginning and end of the functions and see what the results are.

    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Monday, March 25, 2013 5:05 PM