Event Tracing

Event tracing is a technique for obtaining diagnostic information about running code without the overhead of a checked build or use of a debugger. An event represents any discrete activity that is of interest, especially with respect to performance.

Each operating system provides events that can be logged using event tracing, such as disk I/O and page faults, or developers can define event types for their drivers.

Developers can implement event tracing in a driver by using the Microsoft Windows software trace preprocessor (WPP). WPP software tracing in kernel-mode drivers supplements and enhances Windows Management Instrumentation (WMI) event tracing by adding conventions and mechanisms that simplify tracing the operation of a driver. WPP event tracing is implemented by adding certain C preprocessor directives and WPP macro calls to the driver source code. During an event tracing session, WPP logs real-time binary messages that can subsequently be converted to a human-readable trace of driver operations.

General Event Tracing

	Event Tracing for Windows Provider Sample Program [Preview]
	RATTV3 - Trace Processing Tool for ISR and DPC activity
	Getting Started with Software Tracing in Windows Drivers
	How much time is your driver spending in its DPCs and ISRs?
	Tracing and Diagnosability for WDF Drivers
	How To Use Event Tracing For Windows For Performance Analysis [226 KB]
	Software Tracing [Driver Devcon; 464 KB]
	Software Tracing FAQ
	Tracing During Boot
	WPP Software Tracing

Event Tracing Tools in the WDK

	Survey of Software Tracing Tools
	Tracefmt
	Tracelog
	Tracepdb

Top of page