ETW discussion

Forum for discussion about user-mode development.

ETW discussion

Postby Orkblutt » Thu May 18, 2017 10:26 am

Hi all,

I am playing with Event Trace for Windows, ETW, to trace down some kernel events like files, disk IO and network. ( https://msdn.microsoft.com/fr-fr/librar ... 03(v=vs.85).aspx )
No problem to get realtime events from userland but I try to achieve reboot persistency and trace events in a global or autologger when userland is running off or not yet up. Badly I see no trace I want to get in my global logger and when i try to set an auto logger it get a 0x57 status.

Anyone here tried to achieve that kind of thing?

Orkblutt
Orkblutt
 
Posts: 12
Joined: Fri Jul 30, 2010 2:35 pm
Reputation point: 0

Return to User-Mode Development

Who is online

Users browsing this forum: No registered users and 3 guests