none
How can I get valid timestamps from !wdflogdump? RRS feed

  • Question

  • Hi All,

       Every time I run !wdflogdump <drivername> -f in windbg to dump the framework logs, the output always has the same timestamp of "10/21/2003-12:21:20.015".  Is there a way to get the real time of each log event?

    I've tried this both with my own drivers and with the USBXHCI.sys Microsoft driver to confirm it wasn't something in my driver that i wasn't configuring.

    Here is an example of the output i'm getting:

    0: kd> !wdflogdump usbxhci -f
    Trace searchpath is: c:\TMF
    Environment variable TRACE_FORMAT_PREFIX=%4!s! [%9!d!]%8!04X!.%3!04X! [%!LEVEL! %!FLAGS!]
    Trace format prefix is: %4!s! [%9!d!]%8!04X!.%3!04X! [%!LEVEL! %!FLAGS!]
    Trying to extract TMF information from - c:\symbols\Wdf01000.pdb\BBFAAF05FB9E4C71900015FF4A30AA8C1\Wdf01000.pdb
    Gather log: Please wait, this may take a moment (reading 4024 bytes).
    % read so far ... 10, 20, 30, 40, 50, 60, 70, 80, 90, 100
    There are 77 log entries
    --- start of log ---
    10/21/2003-12:21:20.015 [0]0000.0000 [TRACE_LEVEL_INFORMATION TRACINGPNPPOWERSTATES]WDFDEVICE 0x00001FFED5DD2718 !devobj 0xFFFFE0011D2B0D10 entering power idle state FxIdleInDxDisabled from FxIdleInDx
    10/21/2003-12:21:20.015 [0]0000.0000 [TRACE_LEVEL_INFORMATION TRACINGPNPPOWERSTATES]WDFDEVICE 0x00001FFED5DD2718 !devobj 0xFFFFE0011D2B0D10 entering power idle state FxIdleInDx from FxIdleInDxDisabled

    ...

    Thanks,

    Eric

    Tuesday, March 8, 2016 10:22 PM

Answers

  • Unfortunately this cannot be done because the framework log entries are not time stamped. I'll follow up so the debugger extension command generates a warning if the trace format prefix is configured to display that information. Thanks.

    • Marked as answer by sarman_1998 Wednesday, March 9, 2016 7:34 AM
    Wednesday, March 9, 2016 5:57 AM

All replies

  • Unfortunately this cannot be done because the framework log entries are not time stamped. I'll follow up so the debugger extension command generates a warning if the trace format prefix is configured to display that information. Thanks.

    • Marked as answer by sarman_1998 Wednesday, March 9, 2016 7:34 AM
    Wednesday, March 9, 2016 5:57 AM
  • Thanks Shyamal,

    It would be nice if there were time stamps in a future version but at least now I know it wasn't something I was doing wrong of a flag somewhere I needed to turn on.

    Eric

    Wednesday, March 9, 2016 7:37 AM