For now, we define and use a single variable event which reuses
the messages relayed via WnbdLog.
To install and remove the custom events we need to use the utility:
wevtutil
To start a trace session one can use:
tracelog -start WNBDEventdrv -guid #FFACC4E7-C115-4FE2-9D3C-80FAE73BAB91 -f WNBDEventdrv.etl
To stop:
tracelog -stop WNBDEventdrv
To display the trace use:
tracerpt WNBDEventdrv.etl
WNBD error and warning messages are automatically displayed inside the default SYSTEM channel.
Add ETW support for the kernelspace.
For now, we define and use a single variable event which reuses the messages relayed via WnbdLog.
To install and remove the custom events we need to use the utility:
wevtutilTo start a trace session one can use: tracelog -start WNBDEventdrv -guid #FFACC4E7-C115-4FE2-9D3C-80FAE73BAB91 -f WNBDEventdrv.etl To stop: tracelog -stop WNBDEventdrv To display the trace use: tracerpt WNBDEventdrv.etl
WNBD error and warning messages are automatically displayed inside the default
SYSTEMchannel.