Condividi tramite


How to run an ETW trace through a reboot.

In Windows Vista and Server 2008, you can use the AutoLogger feature to trace a component during the boot process (or through a reboot) by adding a registry value as described in the following MSDN article and rebooting the system: https://msdn.microsoft.com/en-us/library/aa363687(VS.85).aspx

Pre-Vista (or in Vista / 2008 if you're feeling retro), you can use the Global Logger trace session to trace a component during the boot process (or through a reboot).  Simply name your trace session GlobalLogger (e.g. "logman.exe create trace GlobalLogger [parameters]" or "tracelog.exe -start GlobalLogger [parameters]"), and reboot the system.  The ETW trace will begin once the system reboots.  Stop the event trace session to flush all trace buffers to the log file.  This is easier to set up than AutoLogger, but only one GlobalLogger session can exist on the system at a time (versus multiple with AutoLogger): https://msdn.microsoft.com/en-us/library/ms797605.aspx

Comments