I am playing with Event Trace for Windows, ETW, to trace down some kernel events like files, disk IO and network. ( https://msdn.microsoft.com/fr-fr/librar ... s.85).aspx )
No problem to get realtime events from userland but I try to achieve reboot persistency and trace events in a global or autologger when userland is running off or not yet up. Badly I see no trace I want to get in my global logger and when i try to set an auto logger it get a 0x57 status.
Anyone here tried to achieve that kind of thing?