ETW discussion

Forum for discussion about user-mode development.
Post Reply
Orkblutt
Posts: 12
Joined: Fri Jul 30, 2010 2:35 pm

ETW discussion

Post by Orkblutt » Thu May 18, 2017 10:26 am

Hi all,

I am playing with Event Trace for Windows, ETW, to trace down some kernel events like files, disk IO and network. ( https://msdn.microsoft.com/fr-fr/librar ... s.85).aspx )
No problem to get realtime events from userland but I try to achieve reboot persistency and trace events in a global or autologger when userland is running off or not yet up. Badly I see no trace I want to get in my global logger and when i try to set an auto logger it get a 0x57 status.

Anyone here tried to achieve that kind of thing?

Orkblutt

Post Reply