search

microsoft / DTrace-on-Windows

Code for the cross platform, single source, OpenDTrace implementation
Other
477 stars 42 forks source link

Simple Begin End examples work while other examples fail #12

Open HerbM opened 3 years ago

HerbM commented 3 years ago

Summary: Simple Begin End examples work while other examples fail (see below)

Also posted through Insider Feed Back from Windows 10.

Also: Resetting _NT_SYMBOL_PATH leaves DEBUG output enabled:

      $Env:_NT_SYMBOL_PATH = 0   
      OR 
      deleting variable still leaves DEBUG output enabled.

Version and system configuration

DTrace API VERSION:

dtrace: Sun D 1.13

Windows Version

Edition Windows 10 Pro Version Dev Installed on ‎5/‎29/‎2021 OS build 21390.1000 Experience Windows 10 Feature Experience Pack 321.13302.10.3

Symbol Path

$Env:_NT_SYMBOL_PATH srvD:\Library\symbolshttps://msdl.microsoft.com/download/symbols

Get-ChildItem D:\Library\symbols

Mode LastWriteTime Length Name

d---- 5/18/2021 6:15 PM advapi32.pdb d---- 5/18/2021 6:15 PM apphelp.pdb d---- 5/24/2021 1:06 PM bcrypt.pdb d---- 5/18/2021 6:15 PM bcryptprimitives.pdb d---- 5/1/2021 9:03 AM cryptbase.pdb d---- 5/19/2021 3:33 PM Kernel.Appcore.pdb d---- 5/24/2021 1:06 PM kernel32.pdb d---- 5/24/2021 1:06 PM kernelbase.pdb d---- 5/1/2021 9:02 AM msvcrt.pdb d---- 5/18/2021 6:15 PM mswsock.pdb d---- 5/24/2021 1:06 PM ntdll.pdb d---- 5/18/2021 6:15 PM rpcrt4.pdb d---- 5/18/2021 6:15 PM sechost.pdb d---- 5/24/2021 1:06 PM ucrtbase.pdb d---- 5/24/2021 1:06 PM userenv.pdb d---- 5/19/2021 3:26 PM vcruntime140.amd64.pdb d---- 5/18/2021 6:15 PM ws2_32.pdb

Detailed results:

Simple Begin End examples work:

dtrace -n BEGIN -n END dtrace: description 'BEGIN' matched 1 probe dtrace: description 'END' matched 1 probe CPU ID FUNCTION:NAME 1 1 :BEGIN

  0      2                             :END

Example script does NOT work

type hello.d BEGIN { trace("hello, world"); exit(0); }

dtrace -s hello.d
dtrace: script 'hello.d' matched 1 probe dtrace: error on enabled probe ID 1 (ID 1: dtrace:::BEGIN): unknown fault in action #1

Examples from https://github.com/microsoft/DTrace-on-Windows Do NOT work:

Syscall summary by program for 5 seconds:

dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} " dtrace: invalid probe specifier tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} : probe description :::tick-5sec does not match any probes

Summarize timer set/cancel program for 3 seconds:

dtrace -Fn "tick-3sec { exit(0);} syscall::NtTimer:entry { @[probefunc, execname, pid] = count();}" dtrace: invalid probe specifier tick-3sec { exit(0);} syscall::NtTimer:entry { @[probefunc, execname, pid] = count();}: probe description :::tick-3sec does not match any probes

Dump System Process kernel structure: (requires symbol path to be set)

dtrace -n "BEGIN{print((struct nt`_EPROCESS ) nt`PsInitialSystemProcess);exit(0);}" dtrace: invalid probe specifier BEGIN{print((struct nt_EPROCESS ) ntPsInitialSystemProcess);exit(0);}: in action list: failed to resolve ntPsInitialSystemProcess: Unknown variable name

Tracing paths through NTFS when running notepad.exe (requires KD attach): Run below command and launch notepad.exe

dtrace -n "BEGIN{print((struct nt`_EPROCESS ) nt`PsInitialSystemProcess);exit(0);}" dtrace: invalid probe specifier BEGIN{print((struct nt_EPROCESS ) ntPsInitialSystemProcess);exit(0);}: in action list: failed to resolve ntPsInitialSystemProcess: Unknown variable name

Example with DTRACE_DEBUG enabled:

$Env:DTRACE_DEBUG = 1 dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} "

libdtrace DEBUG: failed to open C:\WINDOWS\System32\Drivers\dump_dumpstorport.sys: 00000002 libdtrace DEBUG: failed to open C:\WINDOWS\System32\drivers\dump_stornvme.sys: 00000002 libdtrace DEBUG: failed to open C:\WINDOWS\System32\Drivers\dump_dumpfve.sys: 00000002 libdtrace DEBUG: created CTF container for C (0000022C44BD5010) libdtrace DEBUG: created CTF container for D (0000022C44BF6880) libdtrace DEBUG: loaded CTF container for nt (0000022C44BF90D0) libdtrace DEBUG: loaded CTF container for hal.dll (0000022C44BFAB60) libdtrace DEBUG: loaded CTF container for kd.dll (0000022C44BFB1D0) libdtrace DEBUG: loaded CTF container for CLFS.SYS (0000022C44BFB840) libdtrace DEBUG: loaded CTF container for tm.sys (0000022C44BFBEB0) libdtrace DEBUG: loaded CTF container for PSHED.dll (0000022C44BFC520) libdtrace DEBUG: loaded CTF container for BOOTVID.dll (0000022C44BFCB90) libdtrace DEBUG: loaded CTF container for FLTMGR.SYS (0000022C44BFD200) libdtrace DEBUG: loaded CTF container for msrpc.sys (0000022C44BFD870) libdtrace DEBUG: loaded CTF container for ksecdd.sys (0000022C44BFDEE0) libdtrace DEBUG: loaded CTF container for clipsp.sys (0000022C44BFE550) libdtrace DEBUG: loaded CTF container for cmimcext.sys (0000022C44BFEBC0) libdtrace DEBUG: loaded CTF container for werkernel.sys (0000022C44C02E30) libdtrace DEBUG: loaded CTF container for ntosext.sys (0000022C44C03090) libdtrace DEBUG: loaded CTF container for CI.dll (0000022C44C032F0) libdtrace DEBUG: loaded CTF container for cng.sys (0000022C44C04FC0) libdtrace DEBUG: loaded CTF container for Wdf01000.sys (0000022C44C04D60) libdtrace DEBUG: loaded CTF container for WDFLDR.SYS (0000022C44C05220) libdtrace DEBUG: loaded CTF container for PRM.sys (0000022C44C035A0) libdtrace DEBUG: loaded CTF container for acpiex.sys (0000022C44C03F20) libdtrace DEBUG: loaded CTF container for WppRecorder.sys (0000022C44C03800) libdtrace DEBUG: loaded CTF container for mssecflt.sys (0000022C44C03A60) libdtrace DEBUG: loaded CTF container for SgrmAgent.sys (0000022C44C03CC0) libdtrace DEBUG: loaded CTF container for lxss.sys (0000022C44C04180) libdtrace DEBUG: loaded CTF container for LXCORE.SYS (0000022C44C04640) libdtrace DEBUG: loaded CTF container for ACPI.sys (0000022C44C043E0) libdtrace DEBUG: loaded CTF container for WMILIB.SYS (0000022C44C048A0) libdtrace DEBUG: loaded CTF container for msisadrv.sys (0000022C44C04B00) libdtrace DEBUG: loaded CTF container for pci.sys (0000022C44C0EB20) libdtrace DEBUG: loaded CTF container for tpm.sys (0000022C44C0DCE0) libdtrace DEBUG: loaded CTF container for intelpep.sys (0000022C44C0DF40) libdtrace DEBUG: loaded CTF container for WindowsTrustedRT.sys (0000022C44C0E1A0) libdtrace DEBUG: loaded CTF container for IntelPMT.sys (0000022C44C0E8C0) libdtrace DEBUG: loaded CTF container for WindowsTrustedRTProxy.sys (0000022C44C0EFE0) libdtrace DEBUG: loaded CTF container for pcw.sys (0000022C44C10C60) libdtrace DEBUG: loaded CTF container for vdrvroot.sys (0000022C44C0F960) libdtrace DEBUG: loaded CTF container for pdc.sys (0000022C44C0FE20) libdtrace DEBUG: loaded CTF container for CEA.sys (0000022C44C107A0) libdtrace DEBUG: loaded CTF container for partmgr.sys (0000022C44C0F240) libdtrace DEBUG: loaded CTF container for spaceport.sys (0000022C44C10A00) libdtrace DEBUG: loaded CTF container for volmgr.sys (0000022C44C0E400) libdtrace DEBUG: loaded CTF container for volmgrx.sys (0000022C44C0F4A0) libdtrace DEBUG: loaded CTF container for mountmgr.sys (0000022C44C0E660) libdtrace DEBUG: loaded CTF container for stornvme.sys (0000022C44C0FBC0) libdtrace DEBUG: loaded CTF container for storport.sys (0000022C44C10EC0) libdtrace DEBUG: loaded CTF container for iaStorAC.sys (0000022C44C10080) libdtrace DEBUG: loaded CTF container for EhStorClass.sys (0000022C44C0D820) libdtrace DEBUG: loaded CTF container for fileinfo.sys (0000022C44C102E0) libdtrace DEBUG: loaded CTF container for Wof.sys (0000022C44C10540) libdtrace DEBUG: loaded CTF container for WdFilter.sys (0000022C44C0ED80) libdtrace DEBUG: loaded CTF container for Ntfs.sys (0000022C44C0F700) libdtrace DEBUG: loaded CTF container for Fs_Rec.sys (0000022C44C0DA80) libdtrace DEBUG: loaded CTF container for ndis.sys (0000022C44C11120) libdtrace DEBUG: loaded CTF container for NETIO.SYS (0000022C44C0D5C0) libdtrace DEBUG: loaded CTF container for fse.sys (0000022C44C14CB0) libdtrace DEBUG: loaded CTF container for fwpkclnt.sys (0000022C44C14F10) libdtrace DEBUG: loaded CTF container for ksecpkg.sys (0000022C44C15890) libdtrace DEBUG: loaded CTF container for tcpip.sys (0000022C44C13290) libdtrace DEBUG: loaded CTF container for wfplwfs.sys (0000022C44C134F0) libdtrace DEBUG: loaded CTF container for VmsProxy.sys (0000022C44C13E70) libdtrace DEBUG: loaded CTF container for VmsProxyHNic.sys (0000022C44C15AF0) libdtrace DEBUG: loaded CTF container for fvevol.sys (0000022C44C15170) libdtrace DEBUG: loaded CTF container for stdcfltn.sys (0000022C44C140D0) libdtrace DEBUG: loaded CTF container for amdkmpfd.sys (0000022C44C13750) libdtrace DEBUG: loaded CTF container for volume.sys (0000022C44C14330) libdtrace DEBUG: loaded CTF container for volsnap.sys (0000022C44C153D0) libdtrace DEBUG: loaded CTF container for rdyboost.sys (0000022C44C139B0) libdtrace DEBUG: loaded CTF container for mup.sys (0000022C44C14590) libdtrace DEBUG: loaded CTF container for iorate.sys (0000022C44C15630) libdtrace DEBUG: loaded CTF container for disk.sys (0000022C44C147F0) libdtrace DEBUG: loaded CTF container for CLASSPNP.SYS (0000022C44C14A50) libdtrace DEBUG: loaded CTF container for crashdmp.sys (0000022C44C12450) libdtrace DEBUG: loaded CTF container for cdrom.sys (0000022C44C13C10) libdtrace DEBUG: loaded CTF container for filecrypt.sys (0000022C44C15D50) libdtrace DEBUG: loaded CTF container for tbs.sys (0000022C44C121F0) libdtrace DEBUG: loaded CTF container for Null.SYS (0000022C44C126B0) libdtrace DEBUG: loaded CTF container for Beep.SYS (0000022C44C12910) libdtrace DEBUG: loaded CTF container for dxgkrnl.sys (0000022C44C12B70) libdtrace DEBUG: loaded CTF container for watchdog.sys (0000022C44C12DD0) libdtrace DEBUG: loaded CTF container for BasicDisplay.sys (0000022C44C13030) libdtrace DEBUG: loaded CTF container for BasicRender.sys (0000022C44C1FDE0) libdtrace DEBUG: loaded CTF container for Npfs.SYS (0000022C44C20E80) libdtrace DEBUG: loaded CTF container for Msfs.SYS (0000022C44C20040) libdtrace DEBUG: loaded CTF container for CimFS.SYS (0000022C44C210E0) libdtrace DEBUG: loaded CTF container for tdx.sys (0000022C44C21F20) libdtrace DEBUG: loaded CTF container for TDI.SYS (0000022C44C1ED40) libdtrace DEBUG: loaded CTF container for netbt.sys (0000022C44C1F200) libdtrace DEBUG: loaded CTF container for afunix.sys (0000022C44C1EAE0) libdtrace DEBUG: loaded CTF container for afd.sys (0000022C44C21340) libdtrace DEBUG: loaded CTF container for nordlwf.sys (0000022C44C1EFA0) libdtrace DEBUG: loaded CTF container for npcap.sys (0000022C44C20500) libdtrace DEBUG: loaded CTF container for VBoxNetLwf.sys (0000022C44C202A0) libdtrace DEBUG: loaded CTF container for vwififlt.sys (0000022C44C22180) libdtrace DEBUG: loaded CTF container for vfpext.sys (0000022C44C1E620) libdtrace DEBUG: loaded CTF container for pacer.sys (0000022C44C215A0) libdtrace DEBUG: loaded CTF container for ndiscap.sys (0000022C44C209C0) libdtrace DEBUG: loaded CTF container for hvsifltr.sys (0000022C44C20760) libdtrace DEBUG: loaded CTF container for netbios.sys (0000022C44C20C20) libdtrace DEBUG: loaded CTF container for serial.sys (0000022C44C1E880) libdtrace DEBUG: loaded CTF container for Vid.sys (0000022C44C1F6C0) libdtrace DEBUG: loaded CTF container for winhvr.sys (0000022C44C1F920) libdtrace DEBUG: loaded CTF container for rdbss.sys (0000022C44C21800) libdtrace DEBUG: loaded CTF container for csc.sys (0000022C44C21A60) libdtrace DEBUG: loaded CTF container for vbdenum.sys (0000022C44C21CC0) libdtrace DEBUG: loaded CTF container for VBoxUSBMon.sys (0000022C44C1F460) libdtrace DEBUG: loaded CTF container for VBoxDrv.sys (0000022C44C1FB80) libdtrace DEBUG: loaded CTF container for nsiproxy.sys (0000022C44C2C3B0) libdtrace DEBUG: loaded CTF container for npsvctrig.sys (0000022C44C2B570) libdtrace DEBUG: loaded CTF container for mssmbios.sys (0000022C44C2C610) libdtrace DEBUG: loaded CTF container for gpuenergydrv.sys (0000022C44C2BEF0) libdtrace DEBUG: loaded CTF container for DTrace.sys (0000022C44C2DDD0) libdtrace DEBUG: loaded CTF container for dfsc.sys (0000022C44C2CAD0) libdtrace DEBUG: loaded CTF container for fastfat.SYS (0000022C44C2E750) libdtrace DEBUG: loaded CTF container for bam.sys (0000022C44C2D1F0) libdtrace DEBUG: loaded CTF container for ahcache.sys (0000022C44C2D450) libdtrace DEBUG: loaded CTF container for vmbusr.sys (0000022C44C2C870) libdtrace DEBUG: loaded CTF container for hvsocket.sys (0000022C44C2AE50) libdtrace DEBUG: loaded CTF container for vmbkmclr.sys (0000022C44C2DB70) libdtrace DEBUG: loaded CTF container for hvservice.sys (0000022C44C2E9B0) libdtrace DEBUG: loaded CTF container for vmswitch.sys (0000022C44C2D910) libdtrace DEBUG: loaded CTF container for tapnordvpn.sys (0000022C44C2CD30) libdtrace DEBUG: loaded CTF container for CompositeBus.sys (0000022C44C2CF90) libdtrace DEBUG: loaded CTF container for serscan.sys (0000022C44C2C150) libdtrace DEBUG: loaded CTF container for ksthunk.sys (0000022C44C2D6B0) libdtrace DEBUG: loaded CTF container for ks.sys (0000022C44C2E030) libdtrace DEBUG: loaded CTF container for kdnic.sys (0000022C44C2E290) libdtrace DEBUG: loaded CTF container for vkrnlintvsp.sys (0000022C44C2E4F0) libdtrace DEBUG: loaded CTF container for umbus.sys (0000022C44C2B0B0) libdtrace DEBUG: loaded CTF container for CAD.sys (0000022C44C2B7D0) libdtrace DEBUG: loaded CTF container for nvlddmkm.sys (0000022C44C2B310) libdtrace DEBUG: loaded CTF container for igdkmd64.sys (0000022C44C2BA30) libdtrace DEBUG: loaded CTF container for USBXHCI.SYS (0000022C44C2BC90) libdtrace DEBUG: loaded CTF container for ucx01000.sys (0000022C44C3A3D0) libdtrace DEBUG: loaded CTF container for TeeDriverW10x64.sys (0000022C44C3B210) libdtrace DEBUG: loaded CTF container for serenum.sys (0000022C44C397F0) libdtrace DEBUG: loaded CTF container for Netwtw06.sys (0000022C44C3AAF0) libdtrace DEBUG: loaded CTF container for wdiwifi.sys (0000022C44C38290) libdtrace DEBUG: loaded CTF container for vwifibus.sys (0000022C44C3B470) libdtrace DEBUG: loaded CTF container for RtsPer.sys (0000022C44C39CB0) libdtrace DEBUG: loaded CTF container for ICCWDT.sys (0000022C44C3AFB0) libdtrace DEBUG: loaded CTF container for dptf_acpi.sys (0000022C44C39F10) libdtrace DEBUG: loaded CTF container for i8042prt.sys (0000022C44C384F0) libdtrace DEBUG: loaded CTF container for kbdclass.sys (0000022C44C3B6D0) libdtrace DEBUG: loaded CTF container for Apfiltr.sys (0000022C44C3A890) libdtrace DEBUG: loaded CTF container for mouclass.sys (0000022C44C3B930) libdtrace DEBUG: loaded CTF container for parport.sys (0000022C44C3BB90) libdtrace DEBUG: loaded CTF container for HDAudBus.sys (0000022C44C39A50) libdtrace DEBUG: loaded CTF container for portcls.sys (0000022C44C38C10) libdtrace DEBUG: loaded CTF container for drmk.sys (0000022C44C3BDF0) libdtrace DEBUG: loaded CTF container for Smb_driver_Intel.sys (0000022C44C38E70) libdtrace DEBUG: loaded CTF container for e1d68x64.sys (0000022C44C39330) libdtrace DEBUG: loaded CTF container for ST_Accel.sys (0000022C44C38750) libdtrace DEBUG: loaded CTF container for wmiacpi.sys (0000022C44C3A170) libdtrace DEBUG: loaded CTF container for intelppm.sys (0000022C44C390D0) libdtrace DEBUG: loaded CTF container for acpipagr.sys (0000022C44C389B0) libdtrace DEBUG: loaded CTF container for CmBatt.sys (0000022C44C39590) libdtrace DEBUG: loaded CTF container for BATTC.SYS (0000022C44C3A630) libdtrace DEBUG: loaded CTF container for DellRctl.sys (0000022C44C3AD50) libdtrace DEBUG: loaded CTF container for DellRbtn.sys (0000022C44C45E80) libdtrace DEBUG: loaded CTF container for mshidkmdf.sys (0000022C44C44DE0) libdtrace DEBUG: loaded CTF container for HIDCLASS.SYS (0000022C44C46CC0) libdtrace DEBUG: loaded CTF container for HIDPARSE.SYS (0000022C44C48220) libdtrace DEBUG: loaded CTF container for UEFI.sys (0000022C44C460E0) libdtrace DEBUG: loaded CTF container for vpcivsp.sys (0000022C44C473E0) libdtrace DEBUG: loaded CTF container for storvsp.sys (0000022C44C452A0) libdtrace DEBUG: loaded CTF container for NdisVirtualBus.sys (0000022C44C46340) libdtrace DEBUG: loaded CTF container for swenum.sys (0000022C44C45040) libdtrace DEBUG: loaded CTF container for dddriver64Dcsa.sys (0000022C44C47FC0) libdtrace DEBUG: loaded CTF container for rdpbus.sys (0000022C44C44B80) libdtrace DEBUG: loaded CTF container for UsbHub3.sys (0000022C44C45500) libdtrace DEBUG: loaded CTF container for USBD.SYS (0000022C44C446C0) libdtrace DEBUG: loaded CTF container for USBSTOR.SYS (0000022C44C44920) libdtrace DEBUG: loaded CTF container for usbccgp.sys (0000022C44C46F20) libdtrace DEBUG: loaded CTF container for RTDVHD64.sys (0000022C44C46800) libdtrace DEBUG: loaded CTF container for IntcDAud.sys (0000022C44C478A0) libdtrace DEBUG: loaded CTF container for wdcsam64.sys (0000022C44C45760) libdtrace DEBUG: loaded CTF container for swmbbser05.sys (0000022C44C47180) libdtrace DEBUG: loaded CTF container for modem.sys (0000022C44C465A0) libdtrace DEBUG: loaded CTF container for cxwmbclass.sys (0000022C44C47B00) libdtrace DEBUG: loaded CTF container for NetAdapterCx.sys (0000022C44C47D60) libdtrace DEBUG: loaded CTF container for MbbCx.sys (0000022C44C459C0) libdtrace DEBUG: loaded CTF container for ibtusb.sys (0000022C44C46A60) libdtrace DEBUG: loaded CTF container for BTHUSB.sys (0000022C44C45C20) libdtrace DEBUG: loaded CTF container for BTHport.sys (0000022C44C47640) libdtrace DEBUG: loaded CTF container for cvusbdrv.sys (0000022C44C54190) libdtrace DEBUG: loaded CTF container for bcmnfcusb.sys (0000022C44C50AF0) libdtrace DEBUG: loaded CTF container for usbvideo.sys (0000022C44C53350) libdtrace DEBUG: loaded CTF container for rfcomm.sys (0000022C44C530F0) libdtrace DEBUG: loaded CTF container for BthEnum.sys (0000022C44C522B0) libdtrace DEBUG: loaded CTF container for bthpan.sys (0000022C44C535B0) libdtrace DEBUG: loaded CTF container for Microsoft.Bluetooth.Legacy.LEEnumerator.sys (0000022C44C50D50) libdtrace DEBUG: loaded CTF container for BthA2dp.sys (0000022C44C53CD0) libdtrace DEBUG: loaded CTF container for btampm.sys (0000022C44C53F30) libdtrace DEBUG: loaded CTF container for Microsoft.Bluetooth.AvrcpTransport.sys (0000022C44C51B90) libdtrace DEBUG: loaded CTF container for bthhfenum.sys (0000022C44C543F0) libdtrace DEBUG: loaded CTF container for BthHfAud.sys (0000022C44C52770) libdtrace DEBUG: loaded CTF container for win32k.sys (0000022C44C52510) libdtrace DEBUG: loaded CTF container for win32kbase.sys (0000022C44C51470) libdtrace DEBUG: loaded CTF container for win32kfull.sys (0000022C44C529D0) libdtrace DEBUG: loaded CTF container for dxgmms2.sys (0000022C44C52C30) libdtrace DEBUG: loaded CTF container for monitor.sys (0000022C44C52E90) libdtrace DEBUG: loaded CTF container for dptf_cpu.sys (0000022C44C54650) libdtrace DEBUG: loaded CTF container for esif_lf.sys (0000022C44C53810) libdtrace DEBUG: loaded CTF container for WUDFRd.sys (0000022C44C51DF0) libdtrace DEBUG: loaded CTF container for cdd.dll (0000022C44C53A70) libdtrace DEBUG: loaded CTF container for WinUSB.SYS (0000022C44C50FB0) libdtrace DEBUG: loaded CTF container for scfilter.sys (0000022C44C51210) libdtrace DEBUG: loaded CTF container for rdpvideominiport.sys (0000022C44C516D0) libdtrace DEBUG: loaded CTF container for mmcss.sys (0000022C44C51930) libdtrace DEBUG: loaded CTF container for luafv.sys (0000022C44C52050) libdtrace DEBUG: loaded CTF container for wcifs.sys (0000022C44C566D0) libdtrace DEBUG: loaded CTF container for cldflt.sys (0000022C44C57C30) libdtrace DEBUG: loaded CTF container for storqosflt.sys (0000022C44C55170) libdtrace DEBUG: loaded CTF container for bindflt.sys (0000022C44C55630) libdtrace DEBUG: loaded CTF container for mpsdrv.sys (0000022C44C580F0) libdtrace DEBUG: loaded CTF container for lltdio.sys (0000022C44C57510) libdtrace DEBUG: loaded CTF container for bridge.sys (0000022C44C58350) libdtrace DEBUG: loaded CTF container for mslldp.sys (0000022C44C55890) libdtrace DEBUG: loaded CTF container for rspndr.sys (0000022C44C57770) libdtrace DEBUG: loaded CTF container for wanarp.sys (0000022C44C56930) libdtrace DEBUG: loaded CTF container for ndisuio.sys (0000022C44C56B90) libdtrace DEBUG: loaded CTF container for nwifi.sys (0000022C44C55FB0) libdtrace DEBUG: loaded CTF container for umpass.sys (0000022C44C55D50) libdtrace DEBUG: loaded CTF container for WpdUpFltr.sys (0000022C44C579D0) libdtrace DEBUG: loaded CTF container for rdpdr.sys (0000022C44C572B0) libdtrace DEBUG: loaded CTF container for bowser.sys (0000022C44C56210) libdtrace DEBUG: loaded CTF container for msquic.sys (0000022C44C56DF0) libdtrace DEBUG: loaded CTF container for mrxsmb.sys (0000022C44C553D0) libdtrace DEBUG: loaded CTF container for mrxsmb20.sys (0000022C44C57050) libdtrace DEBUG: loaded CTF container for condrv.sys (0000022C44C57E90) libdtrace DEBUG: loaded CTF container for tsusbhub.sys (0000022C44C55AF0) libdtrace DEBUG: loaded CTF container for wbfcvusbdrv.sys (0000022C44C585B0) libdtrace DEBUG: loaded CTF container for IndirectKmd.sys (0000022C44C56470) libdtrace DEBUG: loaded CTF container for HTTP.sys (0000022C44C58810) libdtrace DEBUG: loaded CTF container for srvnet.sys (0000022C44C58A70) libdtrace DEBUG: loaded CTF container for hvsocketcontrol.sys (0000022C44C54F10) libdtrace DEBUG: loaded CTF container for ctxusbmon.sys (0000022C44C651E0) libdtrace DEBUG: loaded CTF container for srv2.sys (0000022C44C683C0) libdtrace DEBUG: loaded CTF container for mqac.sys (0000022C44C656A0) libdtrace DEBUG: loaded CTF container for NdisImPlatform.sys (0000022C44C669A0) libdtrace DEBUG: loaded CTF container for peauth.sys (0000022C44C68620) libdtrace DEBUG: loaded CTF container for Ndu.sys (0000022C44C64140) libdtrace DEBUG: loaded CTF container for tcpipreg.sys (0000022C44C68880) libdtrace DEBUG: loaded CTF container for rassstp.sys (0000022C44C63EE0) libdtrace DEBUG: loaded CTF container for NDProxy.sys (0000022C44C664E0) libdtrace DEBUG: loaded CTF container for AgileVpn.sys (0000022C44C64860) libdtrace DEBUG: loaded CTF container for rasl2tp.sys (0000022C44C66C00) libdtrace DEBUG: loaded CTF container for raspptp.sys (0000022C44C696C0) libdtrace DEBUG: loaded CTF container for raspppoe.sys (0000022C44C67A40) libdtrace DEBUG: loaded CTF container for vwifimp.sys (0000022C44C67CA0) libdtrace DEBUG: loaded CTF container for ndistapi.sys (0000022C44C63560) libdtrace DEBUG: loaded CTF container for ndiswan.sys (0000022C44C68160) libdtrace DEBUG: loaded CTF container for asyncmac.sys (0000022C44C64AC0) libdtrace DEBUG: loaded CTF container for WSDPrint.sys (0000022C44C64600) libdtrace DEBUG: loaded CTF container for WSDScan.sys (0000022C44C62720) libdtrace DEBUG: loaded CTF container for WdNisDrv.sys (0000022C44C65440) libdtrace DEBUG: loaded CTF container for winnat.sys (0000022C44C643A0) libdtrace DEBUG: loaded CTF container for vhdparser.sys (0000022C44C64F80) libdtrace DEBUG: loaded CTF container for FsDepends.sys (0000022C44C68AE0) libdtrace DEBUG: loaded CTF container for vhdmp.sys (0000022C44C65DC0) libdtrace DEBUG: loaded CTF container for ALSysIO64.sys (0000022C44C66740) libdtrace DEBUG: loaded CTF container for MpKslDrv.sys (0000022C44C62E40) libdtrace DEBUG: loaded CTF container for p9rdr.sys (0000022C44C637C0) libdtrace DEBUG: loaded printf conversion %a libdtrace DEBUG: loaded printf conversion %A libdtrace DEBUG: loaded printf conversion %c libdtrace DEBUG: loaded printf conversion %C libdtrace DEBUG: loaded printf conversion %d libdtrace DEBUG: loaded printf conversion %e libdtrace DEBUG: loaded printf conversion %E libdtrace DEBUG: loaded printf conversion %f libdtrace DEBUG: loaded printf conversion %g libdtrace DEBUG: loaded printf conversion %G libdtrace DEBUG: loaded printf conversion %hd libdtrace DEBUG: loaded printf conversion %hi libdtrace DEBUG: loaded printf conversion %ho libdtrace DEBUG: loaded printf conversion %hu libdtrace DEBUG: loaded printf conversion %hx libdtrace DEBUG: loaded printf conversion %hX libdtrace DEBUG: loaded printf conversion %i libdtrace DEBUG: loaded printf conversion %I libdtrace DEBUG: loaded printf conversion %k libdtrace DEBUG: loaded printf conversion %lc libdtrace DEBUG: loaded printf conversion %ld libdtrace DEBUG: loaded printf conversion %li libdtrace DEBUG: loaded printf conversion %lo libdtrace DEBUG: loaded printf conversion %lu libdtrace DEBUG: loaded printf conversion %ls libdtrace DEBUG: loaded printf conversion %lx libdtrace DEBUG: loaded printf conversion %lX libdtrace DEBUG: loaded printf conversion %lld libdtrace DEBUG: loaded printf conversion %lli libdtrace DEBUG: loaded printf conversion %llo libdtrace DEBUG: loaded printf conversion %llu libdtrace DEBUG: loaded printf conversion %llx libdtrace DEBUG: loaded printf conversion %llX libdtrace DEBUG: loaded printf conversion %Le libdtrace DEBUG: loaded printf conversion %LE libdtrace DEBUG: loaded printf conversion %Lf libdtrace DEBUG: loaded printf conversion %Lg libdtrace DEBUG: loaded printf conversion %LG libdtrace DEBUG: loaded printf conversion %o libdtrace DEBUG: loaded printf conversion %p libdtrace DEBUG: loaded printf conversion %P libdtrace DEBUG: loaded printf conversion %s libdtrace DEBUG: loaded printf conversion %S libdtrace DEBUG: loaded printf conversion %T libdtrace DEBUG: loaded printf conversion %u libdtrace DEBUG: loaded printf conversion %wc libdtrace DEBUG: loaded printf conversion %ws libdtrace DEBUG: loaded printf conversion %x libdtrace DEBUG: loaded printf conversion %X libdtrace DEBUG: loaded printf conversion %Y libdtrace DEBUG: loaded printf conversion %% libdtrace DEBUG: populating global idhash from 00007FFA82D190B0 libdtrace DEBUG: symbol server failed to open control device, 00000002 libdtrace DEBUG: Execution policy: 'Bypass' from scope 'LocalMachine' dtrace: invalid probe specifier tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} : probe description :::tick-5sec does not match any probes libdtrace DEBUG: dt_buf_destroy(section headers): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(string table): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(loadable data): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(unloadable data): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(probe data): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(probe args): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(probe offs): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(probe is-enabled offs): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(probe rels): size=512 resizes=0 libdtrace DEBUG: dt_buf_destroy(xlate members): size=512 resizes=0

Also fails: DTraceToolkit version 0.99, 30-Sep-2007 https://github.com/opendtrace/toolkit

Similar results to running Hello.d but some of these errors may be due to Windows vs. Solaris

C:\ProgramData\Microsoft\Diagnosis\FeedbackArchive

nico-abram commented 3 years ago

hello.d seems to work fine for me: imagen

winver for me: imagen

dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} " also worked: imagen

The ntPsInitialSystemProcess samples don't seem to work. I don't have KD attach but do have symbol path set

PS D:\dev\DTrace-on-Windows\build\x64\Debug\cmd> dtrace -n "BEGIN{print((struct nt_EPROCESS *) ntPsInitialSystemProcess);exit(0);}"
dtrace: invalid probe specifier BEGIN{print((struct nt_EPROCESS *) ntPsInitialSystemProcess);exit(0);}: in action list: failed to resolve ntPsInitialSystemProcess: Unknown variable name
PS D:\dev\DTrace-on-Windows\build\x64\Debug\cmd> $ENV:_NT_SYMBOL_PATH
srv*D:\symbols*https://msdl.microsoft.com/download/symbols
HerbM commented 3 years ago

hello.d seems to work fine for me: imagen

winver for me:

Mine is now at flight .120 (Preview 11)

DIdn't use it for a while (didn't see your message). Good news is that many reboots and new flights have NOT disabled it, bcdedit shows TRUE even though I haven't renabled it in a while.

bcdedit /enum | findstr /i dtrace

dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();} " also worked:

(hello.d still fails and) This also failed for me with "invalid probe specifier tick-5sec"

> dtrace -Fn "tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();}"
dtrace: invalid probe specifier tick-5sec { exit(0);} syscall:::entry{ @num[pid,execname] = count();}: probe description :::tick-5sec does not match any probes

Is there anyone to ask for help or something to read for troubleshooting advice...?

Thanks.

CodeMaxx commented 1 year ago

@nico-abram @HerbM I know it's been a while, but are you still facing this issue? I updated many of the samples recently.