Preparing to Use TraceView
Before you use TraceView, you need to gather information about event tracing and about the trace provider that you are tracing. This topic describes these prerequisites.
Note If you are running TraceView on versions of the Windows operating system earlier than Windows Vista , you must copy the Dbghelp.dll file to the same subdirectory as the TraceView executable file, TraceView.exe. By default, TraceView.exe is located in the tools\tracing\<Platform> subdirectory of the Windows Driver Kit (WDK), where <Platform> is either i386, amd64, or ia64. The Dbghelp.dll is installed, by default, in the \bin\x86 subdirectory.
Understand Event Tracing
Also, examine Tracedrv (Tracedrv.c), a sample driver instrumented with WPP software tracing. The Tracedrv sample is available in the Windows driver samples repository on GitHub. Build the Tracedrv driver and its engine, Tracectl (Tracectl.c), and then use the driver and engine to experiment with TraceView.
Know the Trace Provider
You should be familiar with the trace provider that you are tracing, and the types of trace messages that it generates.
TraceView displays trace event and trace messages in a human-readable format, but it does not interpret them or provide any information or context for the messages. To understand the messages and what they indicate about the provider, you must be very familiar with the operation of the provider.
Find Provider Files
To view the trace messages from a trace provider, you will need to provide one of the following locations to TraceView:
The location of the PDB symbol file for the provider
- OR -
The NT Kernel Logger Trace Session uses the system.tmf file that is included in the WDK (\tools\tracing\i386).
These files, and their use in TraceView, are described in Creating an NT Kernel Logger Trace Session. You will use this information when you create a trace session.