search

google / UIforETW

User interface for recording and managing ETW traces
https://randomascii.wordpress.com/2015/04/14/uiforetw-windows-performance-made-easier/
Apache License 2.0
1.55k stars 201 forks source link

Error 2 saving trace buffers #126

Closed araemo closed 5 years ago

araemo commented 5 years ago

I am trying to use UIforETW for the first time, and it seems to have successfully installed the prerequisites and is able to start tracing to the in-memory buffers, but saving the buffers gives me a file not found error: Merging trace... xperf.exe -merge "C:\Users\araemo\AppData\Local\Temp\UIForETWkernel.etl" "C:\Users\araemo\AppData\Local\Temp\UIForETWuser.etl" "D:\Users\araemo\Documents\etwtraces\2018-10-13_20-01-37_araemo.etl" -compress xperf: error: D:\Users\araemo\Documents\etwtraces\2018-10-13_20-01-37_araemo.etl: The system cannot find the file specified. (0x2). Process exit code was 80070002 (2147942402) https://gist.github.com/araemo/2028b16d0498f11a7782dc4567e38c49 (Full output)

This MAY be because I relocated my my docs to my D: drive instead of my C: (smaller SSD)? I looked for all 3 etl files listed, and none of them exist.

araemo commented 5 years ago

Maybe this isn't a UIforETW issue... I ran the xperf -flush command manually, and it creates the UIForETWuser.etl, but not the UIforETWKernel.etl file (even though it lists both). So, that sounds more like xperf is the problem.

randomascii commented 5 years ago

Try tracing to file instead of tracing to in-memory circular buffers and see if that works. That's not a solution, but it is a useful workaround.

UIforETW uses %temp% to store the intermediate trace files and %etwtracedir% (if it exists) to store the final results. If your C drive is too small then the write to the ETL file in %temp% may be failing - that would be my guess.

If you check Show commands then you can see more details about what is going on.

araemo commented 5 years ago

Thanks for the reply. Now when I try to start tracing, whether I am using circular buffer tracing or tracing to file, I get this error: xperf: error: NT Kernel Logger: Cannot create a file when that file already exists. (0xb7). Error starting tracing. Try stopping tracing and then starting it again? The kernel logger is already running. Probably some other program such as procmon is using it. Process exit code was 800700b7 (2147942583)

So.. I went searching for what else could be using it, leading me to this serverfault thread.

By using ProcMon, and removing the system filter (so system events show up, since system is the process that actually writes to the trace file), and using Performance Monitor to stop the NT Kernel Logger (and watch it get immediately restarted) I was able to see which process was busiest right before System re-opened the logger.

Turns out it was the fan/pump control software for the all-in-one water cooler in my system, constantly opening the NT Kernel Logger, and in doing so, causing both the initial error I reported first, and the second error. I am now able to perform traces, though it seems I have to have my pump/fan control software off to do so.

randomascii commented 5 years ago

Thanks for the information. If you want you can also go to the UIforETW Settings dialog and check "User other kernel logger" - that might avoid the fighting over NT Kernel Logger.

araemo commented 5 years ago

Thanks! That allows me to perform a trace without exiting the pump control software. (And so others don't have to do quite the same digging I did: The software was "CAM" for NZXT liquid coolers (and other hardware).

It does seem odd that it would need a kernel logging trace to perform its function.