How to Log to the Global Logger Session
Use the following procedure to configure a driver to log to the Global Logger trace session:
Add the following definition to the driver code. Insert the definition between the WPP_CONTROL_GUIDS macro definition and the include statement for the trace message header file.
#define WPP_GLOBALLOGGERUse Tracelog to configure a Global Logger trace session. The simplest command is as follows:
tracelog -start GlobalLoggerFor complete instructions, including parameters for configuring the Global Logger trace session, see Tracelog Command Syntax and Global Logger Trace Session.
For an example, see Example 13: Creating a Global Logger Session.
This command creates and configures the trace session, but the session does not start until you restart the system (step 5).
Under the HKLM\System\CurrentControlSet\Control\WMI\GlobalLogger subkey, add a subkey named for the control GUID of the trace provider. In Windows Vista and later versions of Windows, the control GUID must be enclosed in braces ( {} ).
The tracelog -start GlobalLogger command adds the GlobalLogger subkey to the registry. The ControlGUID subkey establishes the driver as a trace provider for the Global Logger trace session.
For example, to configure the Tracedrv sample driver to log to the Global Logger trace session on a computer running Windows XP, add a subkey named for the Tracedrv control GUID, d58c126f-b309-11d1-969e-0000f875a5bc: HKLM\SYSTEM\CurrentControlSet\Control\WMI\GlobalLogger\d58c126f-b309-11d1-969e-0000f875a5bc.
TraceDrv, a sample driver that was designed for software tracing, is available in the Windows driver samples repository on GitHub.
To configure the trace provider, add the following registry entries to the ControlGUID subkey. These entries are optional and their values are defined by the driver.
Entry name Data type Description Flags
REG_DWORD
Specifies the trace flags for the provider.
The meaning of the flags is defined independently by each trace provider. Typically, flags represent increasingly detailed reporting levels.
Level
REG_DWORD
Specifies the trace level for the provider.
The meaning of the Level value is defined independently by each trace provider. Typically, the trace level represents the severity of the event (information, warning, or error).
Note that the name of the Flags entry is plural and the name of the Level entry is singular.
- Restart the system. This starts the Global Logger trace session.
After your testing is complete, delete the ControlGUID subkey or set the value of the Start entry in the GlobalLogger subkey to 0. If you do not, the Global Logger session runs, and the driver logs to it, every time you restart the system.
Comments
When WPP_GLOBALLOGGER is present, WPP adds code that reads the registry and determines whether the Global Logger session is running and whether the driver is enabled for tracing to the Global Logger session. This code takes the place of the enable notification that the driver would receive from a standard trace session.
Also, because the Global Logger session does not provide callback notification, Windows assumes that a callback has occurred, and proceeds accordingly.
The WPP definitions generate only a small amount of code, so there is no need to remove them from the code after testing.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for