Survey of Software Tracing Tools
The following software tracing tools are included in either the Windows Driver Kit (WDK) or the Windows operating system.
Enabling WPP tracing in a trace producer
TraceWPP (TraceWPP.exe) is a command-line tool that runs the Windows software trace preprocessor (WPP) on the source files of trace providers, such as a kernel-mode driver or user-mode application.
TraceWPP provides an alternative to setting the WPP options when you build your driver or application using the WDK and Visual Studio. This tool processes trace macros in a source file and creates a header file to enable WPP tracing.
TraceWPP is located in the bin\<Platform> directory of the WDK.
Controlling trace sessions (trace controllers)
TraceView (TraceView.exe) is a GUI-based trace controller and trace consumer, and is designed especially for the real-time display of trace messages. It enables, configures, starts, updates, and stops trace session. This tool also formats, filters, and displays trace messages from real-time trace sessions and trace logs.
TraceView is located in the tools\<Platform> subdirectory of the WDK, where <Platform> is either x86 or x64.
Tracelog (Tracelog.exe) is a command-line trace controller that enables, configures, starts, updates, and stops real-time and log sessions. Tracelog supports user-mode and kernel-mode trace sessions, as well as NT Kernel Logger trace sessions and the Global Logger (boot) trace session. This tool also supports tracing to measure time spent in deferred procedure calls (DPCs) and interrupt service routines (ISRs).
Tracelog is located in the tools\<Platform> subdirectory of the WDK, where <Platform> is either x86 or x64.
Logman (Logman.exe) is a fully functional, GUI-based trace controller that is designed especially to control the logging of performance counters and event traces.
Logman is included in Windows XP and later versions of Windows. For more information about how to use this tool, see the Logman topic on the TechNet website.
Creating TMF files
Tracefmt can also create TMF files from PDB symbol files.
Tracepdb and Tracefmt are located in the tools\tracing\<Platform> subdirectory of the WDK, where <Platform> is either x86 or x64.
Formatting and displaying trace messages (trace consumers)
Tracefmt is a command-line trace consumer that formats trace messages (TraceMessage) from real-time trace sessions or trace logs, and writes them to files or displays them in the Command Prompt window.
Tracerpt (Tracerpt.exe) is a command-line trace consumer that formats trace events (TraceEvent) and performance counters and writes them to CSV or XML files. It also analyzes the events and generates summary reports.
Tracerpt is included in Windows XP and later versions of Windows. For more information about how to use this tool, see Tracerpt topic on the TechNet website.
TraceView, a GUI tool, that is a trace controller and a trace consumer, also formats and displays trace messages (TraceMessage) from real-time trace sessions or trace logs. It displays the trace messages in a tabular form, making them easier to filter and browse.
Viewing trace events in a debugger
Debugging Tools for Windows includes !wmitrace, a specialized debugger extension that displays the trace messages in the trace session buffers before they are written to log files or delivered for display.
Analyzing DPC and ISR execution times
- On Windows XP with Service Pack 2 (SP2) and later, you can use Tracelog to log deferred procedure call (DPC) and interrupt service routine (ISR) events in the NT Kernel Logger trace session and then use Tracerpt to create summary reports from the logs. For more information about how to use this tool, including an example, see Tracelog.