How do I send trace messages to a kernel debugger?
You can use several methods to redirect trace messages to a kernel-mode debugger. A few are discussed here.
You can redirect trace messages to KD or to Windbg, whichever is attached. The debugger must be attached through a COM port with a debug (null modem) cable or through the 1394 ("firewire") port with a IEEE 1394 cable. You cannot redirect trace messages to other kernel debuggers, such as NTSD.
To display trace messages in a debugger, wmitrace.dll and traceprt.dll must be in the debugger's search path on the host computer. These DLLs are included in Debugging Tools for Windows Also, to enable the debugger to find the trace message format (.tmf) files for the trace messages, the TMF files must be in the debugger's search path on the host computer. To set the debugger's search path, use the !wmitrace.searchpath specialized debugger extension or set the value of the %TRACE_FORMAT_SEARCH_PATH% environment variable.
For more information, search for !wmitrace in Debugging Tools for Windows.
Logman
Use the following Logman command to redirect trace messages to a kernel-mode debugger:
logman start TraceSession -ets -mode KernelFilter -bs 3
The -ets parameter starts an event trace session that is not controlled by the Performance Logs and Alerts service. The -mode parameter activates advanced options, including the KernelFilter option.
The -bs parameter sets the buffer size for the trace session to 3 KB, the maximum buffer size for the debugger. If you omit this parameter, the debugger session will not operate properly.
Logman is included in Windows XP and later versions of Windows.
Tracelog
Use the following Tracelog command redirect trace messages to a kernel-mode debugger:
tracelog -start MyTrace -guid MyProvider.ctl -rt -kd
The -guid parameter specifies the trace provider. The -rt parameter specifies a real-time trace session. The -kd parameter redirects the trace messages to the kernel debugger and sets the maximum buffer size to 3 KB, the maximum for the debugger.
For an example, see Example 16: Viewing Trace Messages in a Debugger.
Tracelog is located in the tools\tracing\<Platform> subdirectory of the WDK, where <Platform> is either i386, amd64, or ia64.
TraceView
TraceView has a graphical user interface.
You can redirect trace messages to a kernel debugger when creating a trace session. On the Log Session Options page, click Advanced Log Session Options, click the Log Session Parameter Options tab, and then change the value of the Windbg option to TRUE. You cannot change this option while the trace session is running.
TraceView is located in the tools\tracing\<Platform> subdirectory of the WDK, where <Platform> is either i386, amd64, or ia64.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for