none
Capturing USB Trace RRS feed

  • Question

  • I am trying to capture a USB trace on win 8.1 using logman trace commandlline utility on win 8.1 64 bit OS based on the info at https://msdn.microsoft.com/en-us/library/windows/hardware/jj151573(v=vs.85).aspx

    But the below command ( the second command in the link )issues an errror "Data Collector Set was not found".

    logman update trace -n usbtrace -p Microsoft-Windows-USB-USBXHCI (Default,PartialDataBusTrace)
    I found similar errors but couldnt find a solution to it. What is this about the Data Collector Set? How can I enable this set and get the usb trace.

    Monday, June 29, 2015 11:33 AM

Answers

  • It worked just fine for me on Win10. Did you change the path to the output file (line 1, the -o parameter) to be a directory that exists and that you have write access to?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog


    Monday, June 29, 2015 11:40 PM
    Moderator

All replies

  • It worked just fine for me on Win10. Did you change the path to the output file (line 1, the -o parameter) to be a directory that exists and that you have write access to?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog


    Monday, June 29, 2015 11:40 PM
    Moderator
  • Thank you, Brian. I changed the folder path as you suggested and that worked. In my case I am trying to capture the  usb trace of a virtual usb device that I am trying to plug to my KMDF bus driver via USB Composite Device(usbccgp.sys). Using the commands as specified n the msdn link , I am not able to capture my device, though I am getting traces of other devices. I think I need to capture the trace of usbccgp.sys. Is there anyway I can do this using logman?
    Tuesday, June 30, 2015 11:13 AM
  • Unfortunately, it doesn't appear that USBCCGP has manifest-based tracing. You can see what is available using: logman query providers. With over 1000 providers it is a little hard to find what you're looking for. To find the USB providers, from a PowerShell prompt, try:

    $a=logman query providers
    $a | select-string usb

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, June 30, 2015 4:33 PM
    Moderator
  • Thanks Brian. I tried the commands. It doenst list usbccgp. Thanks anyway!
    Sunday, July 5, 2015 7:28 PM