none
Instructions on tracelogging with kernel drivers RRS feed

  • Question

  • Hello everyone,

    I have declared and defined a TraceLogProvider in my kernel driver along with a bunch of TraceLogging messages.

    The instructions for viewing those TraceLogging events in WinDbg during a live debug session is not clear. I have tried to follow instructions based on these 2 pages from MSDN.

    https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/how-do-i-send-trace-messages-to-a-kernel-debugger- 

    which says I have to use 

    logman start TraceSession -ets -mode KernelFilter -bs 3

    and

    https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/capture-and-view-tracelogging-data
    which I have to use to create a WPRP file to register my Trace Provider.

    Right now, with my driver installed and working,

    logman query providers 

    does not list my driver as a trace provider. I am also not seeing any TraceLogging events in WinDbg.

    Please help!

    Regards,
    Mridul.

    Wednesday, November 28, 2018 1:01 PM

All replies

  • Hi,

    First of all, did you check that your tracing implementation inyour driver is correct ? Do you call the WPP_INIT_TRACING macro at driver start ?

    You can start to check your tracing implementation with the TraceView tool provided with WDK.

    Create a .ctl file containing your tracing GUID, generate your .tmf files with the tracepdb tool (also in WDK) and start a new log session with TraceView. You should be able to monitor your traces live.

    If it works, then you can wonder about TraceLogProvider registration. For my part, I use the tracelog tool instead of logman whitch uses the .ctl file to identify the log provider.

    Best regards

    Monday, December 3, 2018 9:11 AM
  • Hi,

    I am not trying to implement WPP. I am trying to implement the new TraceLogging API which in built on top of ETW introduced in Windows 10.

    I do get see my events if I run WPA. Since I want to be able to get events from customers in cases other than BSOD's, I don't want to use tracelog. Logman is a part of Windows installation and I would like to use that.

    Thanks for your answer.

    Monday, December 3, 2018 12:53 PM