Tracelog (Tracelog.exe) is an event tracing controller that runs in a Command Prompt window. This section describes Tracelog, explains its command syntax, and provides practical examples for its use.
|Where can I get Tracelog?|
Tracelog (Tracelog.exe) is included when you install the WDK, Visual Studio, and the Windows SDK for desktop apps. For information about downloading the kits, see Windows Hardware Downloads.
Windows Driver Kit (WDK) 8 (installation path)
Windows Driver Kit (WDK) 8.1 (installation path)
Note The Visual Studio environment variable, %WindowsSdkDir%, represents the path to the Windows kits directory where the kits are installed, for example, C:\Program Files (x86)\Windows Kits\8.1.
What you can do with Tracelog
You can use Tracelog in a Command Prompt window as an event tracing controller.
Note To control a trace session you must be a member of the Performance Log Users group or the Administrators group on the computer (Run as administrator).
Tracelog features include:
Configures and changes the properties of trace sessions
Enables and disables trace providers
Flushes trace session buffers
Lists running (real-time) trace sessions
Measures time spent in deferred procedure calls (DPCs) and interrupt service routines (ISRs)
Tracelog produces an event trace log (.etl) file that contains the trace messages generated by the provider during the trace session. The messages are stored in binary format in the file. To display the trace messages in a readable format, use TraceView or Tracefmt.
Tracelog runs on Windows 7 and later versions of Windows.
Many of the features of Tracelog are also available in TraceView, a tool included in the Windows Driver Kit (WDK) that has a graphical user interface in addition to a command-line interface.