locked
Gflag show loader snap output format RRS feed

  • Question

  • Can someone let me know the output format of gflag show loader snaps option. I got the following output and trying to understand if there is a timestamp in it.

    0bb4:1650 @ 1118983861 - LdrGetProcedureAddressEx - INFO: Locating procedure "??0EvRstTask@@QEAA@_KHPEAX_N@Z" by name

    0bb4:1650 @ 1118983892 - LdrGetProcedureAddressEx - INFO: Locating procedure "?optionIdToName@EvTask@@UEAAPEAD_K_N@Z" by name
    0bb4:1650 @ 1118983923 - LdrGetProcedureAddressEx - INFO: Locating procedure "??_DEvRstTask@@QEAAXXZ" by name

    :

    0bb4:1650 @ 1119466793 - LdrpLoadDll - INFO: Loading DLL "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll" from path "C:\Windows\Microsoft.NET\Framework64\v2.0.50727;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn
    0bb4:1650 @ 1119466793 - LdrpSearchPath - INFO: Searching path "C:\Windows\Microsoft.NET\Framework64\v2.0.50727;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\1
    0bb4:1650 @ 1119466793 - LdrpResolveFullName - INFO: Resolving the full name of DLL "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll"
    0bb4:1650 @ 1119466793 - LdrpResolveFullName - INFO: DLL name "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll" was resolved to "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll"

    Thursday, September 26, 2013 6:48 PM

All replies

  • If I recall correctly format is:
    ProcID:ThreadID @ 'milliseconds since system-start' - ...

    For a time-stamp you may try
    .echotimestamps

    Fri Sep 27 08:09:44.610 2013 (GMT+2): 0c28:0ef4 @ 11112044 - LdrpRunInitializeRoutines - INFO: Calling init routine 7649E80B for DLL "C:\Windows\system32\RPCRT4.dll"
    Fri Sep 27 08:09:44.610 2013 (GMT+2): 0c28:0ef4 @ 11112044 - LdrpRunInitializeRoutines - INFO: Calling init routine 77420CC1 for DLL "C:\Windows\system32\ADVAPI32.dll"
    

    Vista32/No warranty
    with kind regards

    Friday, September 27, 2013 7:11 AM
  • Thanks that helped.

    .echotimestamps

    Friday, September 27, 2013 2:00 PM